ThreatExpert Report: Exploit-CVE2012-1723.h, Exploit.Java.CVE-2012

Submission Summary:

Submission details:

Submission received: 22 October 2012, 11:49:29
Processing time: 11 min 7 sec
Submitted sample:

File MD5: 0xD9EB5553EAC1DF9BF1560FA5D8C8E4F6
File SHA-1: 0xD439511662A3E8700E9070E1D494D9069C78B01B
Filesize: 40,563 bytes
Alias:

Exploit-CVE2012-1723.h [McAfee]
Exploit.Java.CVE-2012 [Ikarus]

Technical Details:

File System Modifications

The following files were created in the system:

Filename(s)

File Size

File Hash

Alias

%Temp%\dsrrgcthapsuutd\asqmjvwvwjlspgkacpwv.class

10,652 bytes

MD5: 0x68A43E1AFD918E56B1A9D43705B610D0
SHA-1: 0xC40BC2B3B0003D54A2D021EA59B621684D1AFC4A

(not available)

%Temp%\dsrrgcthapsuutd\cfmdwngldqau.class

7,735 bytes

MD5: 0x779FAF717D4C34C8326EFD20AAEE8DA8
SHA-1: 0x7995C2C6A377403C8BFC78C6241567FD82E2D002

Exploit.Java.CVE-2012 [Ikarus]

%Temp%\dsrrgcthapsuutd\ghqqyb.class

1,859 bytes

MD5: 0x2472C2CE8D9B082E4D0A28575428B8FE
SHA-1: 0x83D9742DF46CE8BD642C393CC4410F5FE283F54A

Exploit.Java.CVE-2012 [Ikarus]

%Temp%\dsrrgcthapsuutd\gneqkhcytdnftmwcefmv.class

1,117 bytes

MD5: 0xDEDD3F0C51020FF3B411D1CB91366946
SHA-1: 0xDB59C26682A2B450064A2FC4AA67D92B6E83E91B

(not available)

%Temp%\dsrrgcthapsuutd\gydhcntmdttpgjcbvbcte.class

1,682 bytes

MD5: 0x043988216BC139EEA5638443216B9EAD
SHA-1: 0xF8CAD2C33FCD2FD034D721C789554392F90FB5A4

Exploit.Java.CVE-2012 [Ikarus]

%Temp%\dsrrgcthapsuutd\jvujevucdwmn.class

2,676 bytes

MD5: 0x267820B05E6CEC5F16CCD26BB45B1D8A
SHA-1: 0x697BBCC1FC7A0BFACC4C9EA7626194B3B37DA6F4

(not available)

%Temp%\dsrrgcthapsuutd\jwgehhsrepcdaj.class

13,676 bytes

MD5: 0x399F8DD0385DE45BA233EF00D37189D9
SHA-1: 0x43B18499181E41FD8EB787F1D340020DD940D5EB

Exploit.Java.CVE-2012 [Ikarus]

%Temp%\dsrrgcthapsuutd\myqwgstpqjfq.class

13,131 bytes

MD5: 0x42D2C671A19A1081DFCB1169E29302FA
SHA-1: 0xE8F3D653611B82B2C5E922DB495A5475B1A15DBF

(not available)

%Temp%\dsrrgcthapsuutd\plhfyyeyfupjwav.class

8,712 bytes

MD5: 0x5F55ECC1F6AC098E57CA8A15D7699563
SHA-1: 0xCF53134CCD48A1C7278D9EAC1FAF6A5AA1FD0FCE

(not available)

%Temp%\dsrrgcthapsuutd\snbyqpqmuwpdfvqtptutffp.class

3,907 bytes

MD5: 0xE08BB0E0942BDCA864FA6B28C897B65D
SHA-1: 0x5BD264CFBE0B8B2FED0F151593A989D48ECC38AC

(not available)

%Temp%\META-INF\MANIFEST.MF

71 bytes

MD5: 0x77314483F485C85C4A654301E15CEE82
SHA-1: 0xB354DD3B17B78338D0ACC9B0D0C08F79C4F40E99

(not available)

[file and pathname of the sample #1]

40,563 bytes

MD5: 0xD9EB5553EAC1DF9BF1560FA5D8C8E4F6
SHA-1: 0xD439511662A3E8700E9070E1D494D9069C78B01B

Exploit-CVE2012-1723.h [McAfee]
Exploit.Java.CVE-2012 [Ikarus]

Note:

%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

The following directories were created:

%Temp%\dsrrgcthapsuutd
%Temp%\META-INF

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.