Author Topic: How to reach escript.api in Malicious pdf file (Read 4548 times)

kristofer_nolen · May 25, 2010, 05:38:13 pm

Hello,

I am very keen to know how to reach escript.api which is responsible for executing malicious java scripts embedded with malicious PDF files.

I came to know this through a blog which is http://traversecode.com/2010/03/08/from-pdfexploit-to-zeustrojan-subject-steals-bank-credentials/

Its a good one however the author did not explain how to reach escript.api through ollydbg as his explanation is very simple on this.

Any help on this would be much appreciated.

Thanks in advance
Kris

ratsoul · May 25, 2010, 06:15:29 pm

Hi Kris,

escript.api is located here: <Adobe Dir>\Reader\plug_ins\ .

Regards,
- ratsoul

shivtheone · June 10, 2010, 05:40:09 pm

Hey Kris,

I am the Author of this Blog (www.traversecode.com). To reach escript.api, load adobe.exe in Olly Debugger and then open malicious pdf file using adobe which is loaded inside the Olly. Now click 'E' in Olly which shows you the currently loaded modules. Here you can find escript.api. Double click on that and place breakpoint on the calls for further analysis.

Regards,
Shiv

kristofer_nolen · June 18, 2010, 02:16:34 am

Thanks Shiva!!!!!

Author Topic: How to reach escript.api in Malicious pdf file (Read 4548 times)

kristofer_nolen

How to reach escript.api in Malicious pdf file

ratsoul

Re: How to reach escript.api in Malicious pdf file

shivtheone

Re: How to reach escript.api in Malicious pdf file

kristofer_nolen

Re: How to reach escript.api in Malicious pdf file