Level 0: http: //yournameshop.cn:8080/index.php
Level 1: http: //yournameshop.cn:8080/cache/readme.pdf
(Trojan)Level 2: http: //gianttoplocate.cn:8080/landig.php?id=1
Level 1: http: //yournameshop.cn:8080/cache/flash.swf
Index.php
Publish Post
Decode index.php
From the script, it attempt to download malicious PDF to manipulate util.print() and malicious flash SWF once the Adobe not to latest patch. At last, it will download Trojan file from gianttoplocate website.
The trojan was submitted to Virustotal for analysis.
Disclaimer:
Whatever url links that posted above contain malicious files/trojan/virus that could harm your systems and information be stolen;Usage:URL links that posted only used for IT security officers, researchers and personal collection only. Any farmful actions totally prohibited. Used it with your own risks and wisely. Whatever risks, and consequences is totally out from to this web owner responsibility.
0 comments:
Post a Comment