Sus/PDFEx-EU

Category: Suspicious Behavior and Files Protection available since:25 Aug 2011 15:29:43 (GMT)
Type: Suspicious file Last Updated:24 Dec 2012 10:00:15 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Sus/PDFEx-EU exploits CVE-2011-0611.

Examples of Sus/PDFEx-EU include:

Example 1

File Information

Size
136K
SHA-1
43ee32e6aaf08001ad5ecfe51a1a33f3b7f8f5fe
MD5
47341aac5607301951bccd17d3cdcd50
CRC-32
499b6bf4
File type
Adobe Portable Document Format
First seen
2011-06-02

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\AcrC42.tmp
    Size
    358
    SHA-1
    8ec893043f99bd678c1db034a18ce7a1ff947b72
    MD5
    39fc61f9deb6b215a26854eeb28b2520
    CRC-32
    7dd53dd8
    File type
    application/pdf
    First seen
    2011-08-26
Processes Created
  • c:\program files\adobe\reader 8.0\reader\acrord32.exe

Example 2

File Information

Size
208K
SHA-1
e937b1375d55ca8dc0dcbc6b83d0787c5c1b9edf
MD5
63fd3673bade0d6cee52508852400e3c
CRC-32
17dcf45b
File type
application/pdf
First seen
2011-08-24

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\AcrCEFA.tmp
    Size
    358
    SHA-1
    91c4bcf9c9bfaddd886fbbdd9cc9984e1dc57d2c
    MD5
    61d25a4dfd6afbcfa1dfd928d6745d7c
    CRC-32
    03128399
    File type
    application/pdf
    First seen
    2011-08-26
  • c:\Documents and Settings\test user\Local Settings\Temp\Winword.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\Acr954D.tmp
    Size
    358
    SHA-1
    1976aabd396c10f9c83322cc9e1c7031688cdca7
    MD5
    e34a816d58505c2d8aa6fe2d0afa2d28
    CRC-32
    303a5d89
    File type
    application/pdf
    First seen
    2011-08-26
  • c:\Documents and Settings\test user\Local Settings\Temp\Adobe.pdf
    Size
    18K
    SHA-1
    d571663ccfa95306696f0fa9ce946fdb75eb6647
    MD5
    88d41dce94e0849087298d78c0e3430e
    CRC-32
    2077f247
    File type
    application/pdf
    First seen
    2011-08-26
Processes Created
  • c:\docume~1\support\locals~1\temp\winword.exe
  • c:\program files\adobe\reader 8.0\reader\acrord32.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\ping.exe

Example 3

File Information

Size
159K
SHA-1
27ec442992bd61990d8bb2011db9673cccd17639
MD5
8c09494be2a65d2c0e0b6ced44643bac
CRC-32
cc4f9011
File type
Adobe Portable Document Format (PDF)
First seen
2011-07-14

Other vendor detection

Kaspersky
Exploit.JS.Pdfka.eqs

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\Winword.exe
    Size
    8.0K
    SHA-1
    5ebd867d339dccf68b564013d0cddcf602259e72
    MD5
    fe20e5bb2cf5108c19209b03fb08f259
    CRC-32
    0498edf2
    File type
    application/x-ms-dos-executable
    First seen
    2011-07-15
  • c:\Documents and Settings\test user\Local Settings\Temp\Adobe.pdf
    Size
    73K
    SHA-1
    0167dc868e79964690ffe6b1a7c97e24a0fe472f
    MD5
    2a28b174194a814167a8b6a33749b0d3
    CRC-32
    c5bababb
    File type
    application/pdf
    First seen
    2011-07-15
  • c:\Documents and Settings\test user\Local Settings\Temp\Acr92EB.tmp
    Size
    358
    SHA-1
    a105f1df58bda93a7a3b716bf53d5435f8214fd0
    MD5
    f7faeb4eb6a0e53c25584652ef0119da
    CRC-32
    3ab5812d
    File type
    application/pdf
    First seen
    2011-08-26
Processes Created
  • c:\program files\adobe\reader 8.0\reader\acrord32.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\ping.exe

download Try Sophos products for free
Download now