Exp/20121889-A

Category: Viruses and Spyware Protection available since:14 Jun 2012 18:31:26 (GMT)
Type: Malicious behavior Last Updated:12 Jul 2012 15:46:49 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Exp/20121889-A detects samples attempting to exploit a vulnerability in Microsoft XML Core Services which could allow Remote Code Execution (CVE-2012-1889). Please see the following security advisories for more information:

  • http://technet.microsoft.com/en-us/security/advisory/2719615
  • http://www.sophos.com/en-us/threat-center/threat-analyses/vulnerabilities/VET-000352.aspx
Examples of Exp/20121889-A include:

Example 1

File Information

Size
5.7K
SHA-1
03e3b78230e8574a0c13b7ecb3ba9b591f57e009
MD5
df531cff54c3e16b9ef3d4c8c8aab449
CRC-32
f543aa29
File type
Hypertext Markup Language
First seen
2012-07-05

Runtime Analysis

HTTP Requests
  • http://www.nkorea.or.kr/main/images/hpy.cab
DNS Requests
  • www.nkorea.or.kr

Example 2

File Information

Size
119
SHA-1
03ea9c44f4563287ca5bbab80842044cebc6a1b8
MD5
cd7d29b5b866f5def17139350dcf4f48
CRC-32
bceec600
File type
JavaScript
First seen
2012-06-14

Example 3

File Information

Size
36K
SHA-1
64588870923b6687e3a2776ff5efc088942b4c0f
MD5
6a297dca4b5361aca55fc88abb3525fd
CRC-32
607744cb
File type
Hypertext Markup Language
First seen
2012-06-21

Runtime Analysis

IP Connections
  • 192.168.56.101:4445

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information