What We Do
- Your Needs
  Security Goals
  INDUSTRIES & SECTORS
  COMPANY SIZE
  PRODUCT FEATURES
  CASE STUDIES
  - Education
  - Financial
  - Government
  - Healthcare
  - Technology
  - Other
- Why Sophos
  Company Overview
  Our People
  INNOVATIVE TECHNOLOGY
  ALERT SERVICES
- Products
  Product Features
  Product Families
  - Unified (formerly Astaro)
  - Endpoint
  - Network
  - Encryption
  - Web
  - Email
  - Mobile
  Complete Security
  - All-in-One Security Suites
  PRODUCTS BY NAME
  - Products A-Z
  Free Tools
  Next Steps
  RESOURCES
Getting Answers
- Support
  FIND AN ANSWER
  Support by Product
  - > View all
  Maintain your Product
  Hire an Expert
  WHAT'S POPULAR
- Threat Center
  THREAT ANALYSIS
  THREAT STATISTICS
  WHAT'S POPULAR
  Threat Definitions
  - A-Z of Threats
  THREAT MONITORING
What's Happening
- Security News/Trends
  SECURITY HUBS
  LIBRARY
  Whats Popular
  WHAT'S NEW
  Community
  - Naked Security
  - Connect with Us
  IT SECURITY TRAINING
  ANATOMY OF AN ATTACK
- Partners
  RESELLER PARTNERS
  - Overview
  - Why Partner with Sophos?
  Managed Service Providers
  - Overview
  SYSTEM INTEGRATORS
  - Overview
  OEM and Technology
  WHAT'S POPULAR

Troj/PDFEx-GD

Category:	Viruses and Spyware	Protection available since:	30 Apr 2012 06:03:16 (GMT)
Type:	Trojan	Last Updated:	30 Apr 2013 06:23:02 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/PDFEx-GD include:

Example 1

File Information

Size: 8.9K
SHA-1: 7921b4b1445e14b6557207589d9137c136ed297d
MD5: d105debd55dca0edf4d6bf5490d156d7
CRC-32: 92d48990
File type: Adobe Portable Document Format (PDF)
First seen: 2012-08-10

Other vendor detection

Kaspersky: HEUR:Exploit.Script.Generic

Runtime Analysis

Dropped Files

c:\Documents and Settings\test user\Local Settings\Temp\AcrA6CB.tmp
Size
358
SHA-1
138d8421c4bceb931c023a1872eeb2e036ee8790
MD5
d18b5eb00fefc19c216fe2531de94df6
CRC-32
030ba4b4
File type
Adobe Portable Document Format (PDF)
First seen
2012-08-13

Processes Created

c:\program files\adobe\reader 8.0\reader\acrord32.exe

DNS Requests

chaffeurjobs.info

Example 2

File Information

Size: 27K
SHA-1: ac20b5c1ebb98f710ea9efb85f455f63eb032953
MD5: 7c3dd111a6a208365b47f6962efe0445
CRC-32: 726af75a
File type: application/pdf
First seen: 2011-08-15

Runtime Analysis

Dropped Files

c:\Documents and Settings\test user\Local Settings\Temp\AcrB875.tmp
Size
358
SHA-1
5bd539602771d188f9ce0b94cea4818a9a8220c5
MD5
bb6765b0a5d47fea29d41ccfe4f1c3e1
CRC-32
b0533496
File type
application/pdf
First seen
2011-08-24

Processes Created

c:\program files\adobe\reader 8.0\reader\acrord32.exe

HTTP Requests

http://clickhos.bz.cm/kntrn334e/load.php

DNS Requests

clickhos.bz.cm

Example 3

File Information

Size: 15K
SHA-1: bf20f883374aff2739c9fa666f2bf7cb97a3b5be
MD5: 3fdbb1dd822ff97ad003ac153c3fbfe0
CRC-32: 66b51856
File type: Adobe Portable Document Format (PDF)
First seen: 2012-07-27

Runtime Analysis

Dropped Files

c:\Documents and Settings\test user\Local Settings\Temp\wpbt0.dll
Size
380K
SHA-1
23d662582b94900d84926d3e36c5e4a8744b5aa0
MD5
5d1e7ea86bee432ec1e5b3ad9ac43cfa
CRC-32
9836ccc6
File type
Windows executable
First seen
2012-07-27

Registry Keys Created

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
6F638C0824EF411D000003137B07D287
C:\Documents and Settings\All Users\Application Data\6F638C0824EF411D000003137B07D287\6F638C0824EF411D000003137B07D287.exe

Processes Created

c:\docume~1\support\locals~1\temp\wpbt0.dll
c:\program files\adobe\reader 8.0\reader\acrord32.exe
c:\windows\system32\regsvr32.exe

HTTP Requests

http://112.121.178.189/api/urls/
http://shiro.veta.su/w.php

IP Connections

112.121.178.189:80

DNS Requests

shiro.veta.su

Try Sophos products for free
Download now