Home / malware
First posted on 15 March 2020.
Exploit:Win32/Pdfjsc.ADF is also known as JS/Pdfka.HD, Exploit.JS.Pdfka.ger, Pdfka.BJ, EXP/Pdfka.EO.1, Exploit.PDF-JS.GV, Exploit.PDF.2990, JS/Exploit.Pdfka.PSC trojan, Troj/PDFJs-AAS, TROJ_PIDIEF.NTB.
Exploit:Win32/Pdfjsc.ADF is the detection for specially-crafted PDF files that target software vulnerabilities in Adobe Acrobat and Adobe Reader. The vulnerabilities, discussed in CVE-2010-0188, allow this malware to download and run arbitrary files.
Downloads arbitrary files
If Exploit:Win32/Pdfjsc.ADF successfully exploits a vulnerable computer, it executes shellcode to download and install other malware. It is known to try to download files from the following servers:
cooker.bsaidu.com bootstrap-js.net oildrillinginvestment.net pirate.1000houses.biz
At the time of this writing, the URLs requested by the exploit were unavailable for analysis.
Analysis by Sergey Chernyshev
Last update 15 March 2020