Kim Jong-il PDF Malware | 9b+

Kim Jong-il PDF Malware

by admin • December 20, 2011 • Uncategorized

Update: See also http://blog.trendmicro.com/kim-jong-il-malicious-spam-found/comment-page-1/#c…

This is just meant to be a quick post and not a full analysis. After checking PDF X-RAY this morning I came across a file that contained a good amount of well-organized JavaScript that seemed to target several versions of Adobe Reader.

https://www.pdfxray.com/interact/b9183507150e32cace16c1dd68f2dc67/

I set my test system back to Adobe Reader 9.4.0 and ran the file. After exploiting reader, a clean file was dropped with content about the recent death of Kim Jong-il.

Dynamic dump along with the files can be downloaded here. (password infected)

Tags: kim jong, malware

About admin
Latest Tweets
"@daveaitel zing"
over a year ago
"Profiling for the win. http://t.co/lFT50JqpXa"
over a year ago
"If you are going to own a system, make sure your malware is going to last more than 24 hours before crashing due to a memory leak. #cne"
over a year ago
"@binjo I was lazy this time. :p you want it?"
over a year ago
"@tombkeeper dialog box lives on my friend. ;) https://t.co/yR7VmfJCBa http://t.co/Y8gxntFUUZ"
over a year ago
follow @9bplus on twitter
Recent Posts
Recent Comments
- ekse on Toying With MS11-050
- Brandon Dixon on Toying With MS11-050
- binjo on Toying With MS11-050
- Brandon Dixon on Kim Jong-il PDF Malware
- anonymous on Kim Jong-il PDF Malware
Tags
adobe analysis api brucon code command+and+control conference CVE-2011-2462 CVE-2012-0754 database development exploit heavy+pint ideas javascript json malicious malobjclass malpdfobj malware mongodb operators pdf pdf+x-ray pdfid project proof-of-concept prototypes python release research results reversing samples scoring slides statistics swf targeted thoughts tools travels updates virustotal xmpp