Subscribe to RSS feeds


Jul21
by Ivan Macalintal (Advanced Threats Researcher)

Amidst the raucous PPT 0day that’s been happening around lately, we now just have received reports of a malware that comes as Microsoft PowerPoint file attached in emails that may have been spammed in a possible targeted attack.


The Powerpoint file comes as an attachment with a filename using Chinese characters, and when translated, can mean “2006 China Army Organization Regulation”. See the snapshot below.


The malware has a filesize of 8,704 bytes and will connect to a site registered in the China region, and download an index.exe file. As of this time, the site is probably down.


The downloader shellcode can be seen in the file by XORing with 0xEE. We are still analyzing the file to see if any codes match in any way with the 0day POCs for PPT posted recently. If not, this could be considered a new 0day.


More information about this malware: TROJ_MDLOAD.A.



This entry was posted on Friday, July 21st, 2006 at 10:22 am and is filed under Uncategorized . Responses are closed, but you can trackback from your own site.



Comments are closed.


New TROJ_DLOADER Samples
Malware Search Through Google


 
TrendWatch Hijack This Security Tips for Consumers
Free Online Virus Scan Rootkit Buster Submit Suspicious Files
Global Malware Map RUBotted? Trend Micro
Glossary of Threat Terms

 
© Copyright 2008 Trend Micro Inc. All rights reserved. Legal Notice