Here is another example of an exploit page. This exploit searches for a vilnerability and then injects the malware to the computer. In this case, there are multiple files in use here. All the files are listed below with details. As with previous posts, we captured video of the exploit in action. The files are available our repository under /pnuemo-malware/1005-exploit.zip.
The first page starts the search for an vulnerability to exploit and once found, loads the binary from the next URL. It will look for vulnerabilities in Adobe Acrobat, Outlook Express, and Quicktime to name a few. The exploit page has multiple pages of obfuscated code that is too much to post. You can download the code here (.txt).
BE ADVISED: This websites may still be live. Proceed at your own risk.
hxxp://195.242.161.63/z/index.php -> hxxp://195.242.161.63/z/load.php?ssv=
doc.pdf
Result: 8/36 (22.23%)
MD5: 2b477c02cef58a4d965b149311f495f2
VirusTotal
default.exe
Result: 14/36 (38.89%)
MD5: df5fbc8fb5ab1e9a69c72508250cb451
VirusTotal
ThreatExpert Analysis
I’m sorry for asking this but, how can I access your repository ?
Thx
Did my first message failed ?
Anyway I’m still sorry if my question is stupid but how can I access your repository ?
Please read the FAQ for information on how to gain access to the repository.
http://malwaredatabase.net/blog/index.php/faq/