Hey guys im stumped. I can do fine with decoding javascript in a pdf, obfuscated javascript, filterdecode/flatedecode inside a pdf, but my knowledge of flash is very limited.
I sent this file to wepawet which doesn't give me any clues. I used swftools to convert from pdf to swf, then resubmited the .swf to wepawet and no help.
I used SWFdecompiler, swfdump.exe, nemo 440. I think maybe the closest i got to figuring this out was doing a swfdump and getting hex dumps of the flash parts, but it seems xor'd. I tried using the usual strings (http, exe,dll, etc) and i am stumped. Im not sure what to do. This file is 5/40 on virustotal.
The common names is "Trojan.SWF.HeapSpray.B". which confirms the flash. I noticed several sections of the document repeated over and over, so that might possibly be the heap spray part?
http://www.virustotal.com/analisis/ce5c0f7bbb3486b6fdea173e396ed94b03ab678110fab5bf1d36fb6765406ebc-1256854922password is "infected"
Topic: Need help with Flash in PDF file (attachment included) (Read 5028 times)