Fandom

Malware Wiki

Worm:Win32/Exploit-PDF.a

1,319pages on
this wiki
Add New Page
Comments0 Share

Exploit-PDF.a is a detection for a specially crafted PDF file that exploits the Adobe Acrobat Mailto Unspecified PDF File Security Vulnerability to execute malicious code on a computer. More information regarding this vulnerability can be found at the Adobe site: CVE-2007-5020

Indication of InfectionEdit

The following list of malicious attachment have been observed in the wild: BILL.PDF INVOICE.PDF STATEMET.PDF YOUR_BILL.PDF

Methods of InfectionEdit

On opening the PDF attachment, code is silently run to perform the following actions. Windows built-in firewall is disabled via the netsh command. Downloads and executes a password stealer from http://81.95.146.[Removed]/ldr.exe This password stealer trojan is detected as Spy-Agent.bg

AliasesEdit

EXP/CVE-5020.A (Avira), EXPL_PIDIEF.B (Trend Micro), Exploit-PDF.a, Exploit.Win32.AdobeReader.b (Kaspersky), PDF/Exploit.Shell.A (ESET), Trojan.Pidief.A (Symantec)

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.