[Blaze]

http://eromang.zataz.com/2012/09/16/zer ... -over-yet/

https://www.net-security.org/secworld.php?id=13614

[Waves97]

In " Malware Request " is sample of this :)


by niebezpiecznik.pl

[360Tencent]

http://labs.alienvault.com/labs/index.p ... r-zeroday/

http://urlquery.net/report.php?id=184218

111.exe(unpacked)

https://www.virustotal.com/file/a6086c1 ... /analysis/

according to the comments below, right decoded 111.exe

Note; Moh2010.swf in the malware request thread is about 9kb( it comes from nod32de.com),the previous version is about 13kb,see pic from http://eromang.zataz.com/2012/09/16/zer ... -over-yet/

Moh2010-0day-20120914-300x215.png (43.13 KiB) Viewed 740 times

[N3mes1s]

http://contagiodump.blogspot.it/2012/09 ... -0day.html

Code: Select all

111.exe          baabd0b871095138269cf2c53b517927
111.exe_out 7173d9b331275b8be69a4e698c9ec68f
Decoded SWF  e7ced808b16692f57229a2e21c476be8
exploit.html  4f1dfed17cf7d1a1d9f61e1ad2c03624
Moh2010.swf  eb62e0051ad4ab3f626d148472dfa891
Protect.html  f4537fe00e40b5bc01d9826dc3e0c2e8

https://www.virustotal.com/file/2a2e2ef ... /analysis/
https://www.virustotal.com/file/a6086c1 ... /analysis/
https://www.virustotal.com/file/dd41efa ... /analysis/
https://www.virustotal.com/file/9d66323 ... /analysis/
https://www.virustotal.com/file/70f6a2c ... /analysis/
https://www.virustotal.com/file/a5a04f6 ... /analysis/
https://www.virustotal.com/file/70f6a2c ... 348057714/

Thanks to mila.

[360Tencent]

https://blog.avast.com/2012/09/21/new-m ... continued/

[EP_X0FF]

It's been patched.

http://technet.microsoft.com/en-us/secu ... n/ms12-063