JS/Exploit.Pdfka [Threat Name] go to Threat

JS/Exploit.Pdfka.QCV [Threat Variant Name]

Category trojan
Size 828744 B
Detection created Feb 14, 2013
Detection database version 8011
Aliases Exploit.JS.Pdfka.giw (Kaspersky)
  Exploit:Win32/SandyEva (Microsoft)
  JS/Obfuscated (AVG)
Short description

JS/Exploit.Pdfka.QCV is a detection for specially crafted .pdf files, which exploit the CVE-2013-0640, CVE-2013-0641 vulnerability.

Installation

The trojan does not create any copies of itself.

Other information

JS/Exploit.Pdfka.QCV is a detection for specially crafted .pdf files, which exploit the CVE-2013-0640, CVE-2013-0641 vulnerability.


When the .pdf document file is opened the program code of infiltration is executed automatically.


The trojan drops one of the following files in the %temp% folder:

  • D.T (Win32/SandyEva.A)

The file is then executed.

Please enable Javascript to ensure correct displaying of this content and refresh this page.