Exploit-PDF.a is a detection for a specially crafted PDF file that exploits the Adobe Acrobat Mailto Unspecified PDF File Security Vulnerability to execute malicious code on a computer. More information regarding this vulnerability can be found at the Adobe site: CVE-2007-5020

Indication of Infection

The following list of malicious attachment have been observed in the wild: BILL.PDF INVOICE.PDF STATEMET.PDF YOUR_BILL.PDF

Methods of Infection

On opening the PDF attachment, code is silently run to perform the following actions. Windows built-in firewall is disabled via the netsh command. Downloads and executes a password stealer from http://81.95.146.[Removed]/ldr.exe This password stealer trojan is detected as


EXP/CVE-5020.A (Avira), EXPL_PIDIEF.B (Trend Micro), Exploit-PDF.a, Exploit.Win32.AdobeReader.b (Kaspersky), PDF/Exploit.Shell.A (ESET), Trojan.Pidief.A (Symantec)

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.