Home / malware

PDF

Exploit:Win32/Pdfjsc.ADF

First posted on 15 March 2020.
Source: Microsoft

Aliases :

Exploit:Win32/Pdfjsc.ADF is also known as JS/Pdfka.HD, Exploit.JS.Pdfka.ger, Pdfka.BJ, EXP/Pdfka.EO.1, Exploit.PDF-JS.GV, Exploit.PDF.2990, JS/Exploit.Pdfka.PSC trojan, Troj/PDFJs-AAS, TROJ_PIDIEF.NTB.

Explanation :

Exploit:Win32/Pdfjsc.ADF is the detection for specially-crafted PDF files that target software vulnerabilities in Adobe Acrobat and Adobe Reader. The vulnerabilities, discussed in CVE-2010-0188, allow this malware to download and run arbitrary files.

Installation

Exploit:Win32/Pdfjsc.ADF may be encountered when visiting a compromised webpage that hosts the file, and has been observed to be distributed via the "Blackhole exploit pack". The PDF file contains a malicious JavaScript that exploits a vulnerability, discussed in CVE-2010-0188.

Payload

Downloads arbitrary files

If Exploit:Win32/Pdfjsc.ADF successfully exploits a vulnerable computer, it executes shellcode to download and install other malware. It is known to try to download files from the following servers:

cooker.bsaidu.com bootstrap-js.net oildrillinginvestment.net pirate.1000houses.biz

At the time of this writing, the URLs requested by the exploit were unavailable for analysis.

Analysis by Sergey Chernyshev

Last update 15 March 2020

 

TOP