hxxp://zusojbktvo.cn/md/t.html
gives us a blank page at plain sight.
However, upon careful inspection we are presented with the following:
Which translates to the following shellcode:
Analyzing the shellcode basically leads us to the malware downloading
hxxp://pxciiruurw.cn/new/load.exe
which is saved and executed as:
c:\ 0xf9.exe
Microsoft already released a patch to resolve this vulnerability MS08-078
No comments:
Post a Comment