A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #18769  by Kafeine
 Sat Mar 30, 2013 2:08 pm
Blaze wrote:CVE-2012-1723
Other one is unknown
Bart, looking at your file this looks like from Sweet Orange.
So chance are high that it's CVE-2013-0431 with Serialization.
Cf:
Code: Select all
   String str = "co00m.su000n.j000mx.mbe00anser00ver.MB00eanInst0ant00iat0or";
 #18774  by secObs
 Sat Mar 30, 2013 11:03 pm
Kafeine wrote:
Blaze wrote:CVE-2012-1723
Other one is unknown
Bart, looking at your file this looks like from Sweet Orange.
So chance are high that it's CVE-2013-0431 with Serialization.
Cf:
Code: Select all
   String str = "co00m.su000n.j000mx.mbe00anser00ver.MB00eanInst0ant00iat0or";
Yes, it's CVE-2013-0431.

CVE-2013-0431 uses a vulnerability of the Introspector class.

Image

In attach:
- CVE-2013-0422 from Fiesta and Redkit
- CVE-2013-0431 from BlackHole and Sweet Orange
Attachments
pass: infected
(50.83 KiB) Downloaded 90 times
  • 1
  • 3
  • 4
  • 5
  • 6
  • 7