Email “inovice_AUG_9693495.pdf” contains malicious PDF file


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “inovice_AUG_9693495.pdf”.

This email is send from the spoofed addresses and has the following short body:

This email contains an invoice file attachment

Attached is a 16 kB what appears to be a blank PDF file with the file name inovice_AUG_9693495.pdf but in fact contains a potential risk when opened.

Note that the numbers in the subject and filenames vary.

The threath is known as  Exploit/CVE-2013-2729, HEUR:Exploit.PDF.Generic, Artemis!89839FA52903 or NORMAL:Hack.Exploit.MalPDF.a!1609222.

At the time of writing, 6 of the 50 AV engines did detect the trojan at Virus Total.

Use the Virus Total permalink for more detailed information.
SHA256: 10f0734ccfefc2db770f2aa1fc4d9e86a81c759a56d4387a146b1c2ad81494a8

One thought on “Email “inovice_AUG_9693495.pdf” contains malicious PDF file

Comments are closed.