Troj/PDFJs-ME

Category:	Viruses and Spyware	Protection available since:	08 Sep 2010 04:44:07 (GMT)
Type:	Trojan	Last Updated:	09 Sep 2010 10:53:51 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/PDFJs-ME is a malicious PDF that attempts to exploit a zero-day vulnerability in Adobe Reader (CVE-2010-2883).

More information about this vulnerability is available here: http://www.sophos.com/support/knowledgebase/article/112006.html

If Adobe Reader is successfully exploited, further malware is downloaded (this is detected as Troj/Agent-OOH).

File Information

Size: 746K
SHA-1: 18272cf888d8779d466901864537b732f842c351
MD5: 9c5cd8f4a5988acae6c2e2dce563446a
CRC-32: c49e933b
File type: application/pdf
First seen: 2010-09-08

Runtime Analysis

Dropped Files

C:\Documents and Settings\support\Application Data\golf clinic.pdf
Size
75K
SHA-1
5c7ef47c2e7a72439373961ddf7fce7bfdd1f351
MD5
6af93ed231aea3b00769fc8283943e75
CRC-32
ce046b78
File type
application/pdf
First seen
2010-09-09
C:\bin\iso88591
Size
64K
SHA-1
7463474ea67cfe6d654cd585184e7bfbb4224214
MD5
dc479ad3028344fe7ead8bc76496334f
CRC-32
75a3c3ee
File type
application/octet-stream
First seen
2010-09-09
C:\Documents and Settings\support\Local Settings\Temp\Acr382E.tmp
Size
358
SHA-1
2820703ccc183c04e21948a33349d80a447e096c
MD5
e10818869d813734281b64f571e85790
CRC-32
74c3e43c
File type
application/pdf
First seen
2010-09-09

Processes Created

c:\program files\adobe\reader 8.0\reader\acrord32.exe
c:\windows\system32\cmd.exe

HTTP Requests

http://academyhouse.us/from/wincrng.exe

DNS Requests

academyhouse.us

Further information

There is more information about Troj/PDFJs-ME on the blog article APSA10-02: BOPs and the Adobe 0-day.

Try Sophos products for free
Download now