Someone uploaded. Thank you for sharing.
Document language code is Arabic, which is kind of interesting.
Research: Microsoft An interesting case of Mac OSX malware
Download (pass infected)
File: speech.doc
Size: 158854
MD5: F4CBFE4F2DDF3F599984CF6D01C1B781
The text of the decoy (clean doc) message
Shanghai Best Oray Information S&T Co., Ltd.
Shanghai Best Oray Information S&T Co., Ltd. (yezi@oray.com )
1st Floor of No. 15 Jian Gong Road Tianhe District
guangzhou
,510665
China
Tel. +86.2061073384
Fax. +86.20
Virustotal
SHA256: 6a70e797617bb8958bfbe94a42374447e3859c6b4ef1e108d43a30b5db74480b
SHA1: 445959611bc2480357057664bb597c803a349386
MD5: f4cbfe4f2ddf3f599984cf6d01c1b781
File size: 155.1 KB ( 158854 bytes )
File name: speech.doc
File type: MS Word Document
Detection ratio: 27 / 42
Analysis date: 2012-05-04 02:00:26 UTC ( 48 minutes ago )
AhnLab-V3 Dropper/Ms09-027 20120503
AntiVir EXP/CVE-2009-0563.A 20120504
Antiy-AVL Exploit/MSWord.CVE-2009-0563 20120504
Avast MacOS:DocDrop-A [Expl] 20120504
BitDefender Exploit.CVE-2009-0563.Gen 20120504
ClamAV OSX.Word.Malware 20120504
Comodo UnclassifiedMalware 20120503
DrWeb Exploit.MS09-027.1 20120504
Emsisoft Exploit.MS04.CVE-2004-0210-2009-0563.A!IK 20120504
eTrust-Vet OSX/MS09-027!exploit 20120503
F-Secure Exploit:OSX/MS09027.A 20120504
Fortinet W97M/CVE_2009_0563.A!exploit 20120504
GData Exploit.CVE-2009-0563.Gen 20120504
Ikarus Exploit.MS04.CVE-2004-0210-2009-0563.A 20120504
Kaspersky Exploit.MSWord.CVE-2009-0563.a 20120504
McAfee Exploit-MSWord.m 20120503
McAfee-GW-Edition Heuristic.BehavesLike.Exploit.W97.CodeExec.O 20120503
Microsoft Exploit:MacOS_X/MS09-027.A 20120503
NOD32 OSX/Exploit.MSWord.CVE-2009-0563.A 20120504
nProtect Exploit.CVE-2009-0563.Gen 20120503
PCTools Trojan.Mdropper 20120504
Sophos Troj/DocOSXDr-A 20120504
SUPERAntiSpyware - 20120411
Symantec Trojan.Mdropper 20120504
TrendMicro TROJ_MDROPR.LB 20120503
TrendMicro-HouseCall - 20120504
VIPRE Trojan.Msword.Mdropper.a (v) 20120503
VirusBuster Exploit.CVE-2009-0563.Gen 20120503
You have not signed in. Only registered users can leave comments, sign in and have a voice!
Sign in Join the community
No votes
More votes
An error occurred
ssdeep
1536:KgyNLrsGpdccCBOdK4TaC5V7dMorYjTBGI:ONPsGpe4TaCf7c
TrID
Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
ExifTool
SharedDoc................: No
Author...................: captain
HyperlinksChanged........: No
LinksUpToDate............: No
LastModifiedBy...........: captain
HeadingPairs.............: Title, 1
Template.................: Normal.dotm
CharCountWithSpaces......: 0
CreateDate...............: 2010:08:22 10:37:00
CompObjUserType..........: Microsoft Office Word 97-2003 Document
ModifyDate...............: 2010:08:22 10:37:00
TitleOfParts.............:
Company..................:
Characters...............: 0
ScaleCrop................: No
CodePage.................: Windows Arabic
RevisionNumber...........: 2
MIMEType.................: application/msword
Words....................: 0
FileType.................: DOC
Lines....................: 1
AppVersion...............: 12.0
Security.................: None
Software.................: Microsoft Office Word
TotalEditTime............: 0
Pages....................: 1
CompObjUserTypeLen.......: 39
Paragraphs...............: 1
1. speech.doc
2. 1.do
3. 1.doc
4. file-3831515_
5. 6a70e797617bb8958bfbe94a42374447e3859c6b4ef1e108d43a30b5db74
Document language code is Arabic, which is kind of interesting.
Research: Microsoft An interesting case of Mac OSX malware
Download (pass infected)File: speech.doc
Size: 158854
MD5: F4CBFE4F2DDF3F599984CF6D01C1B781
The text of the decoy (clean doc) message
xicp.netYour Excellency
The United Nations Commission for Human Rights
The United Nations Commission for Human Rights Office
Geneva, Switzerland.
Dated: 9th March 2012.
Your Excellency,
The Tibetans throughout the Globe will co-mmemorate the 53rd Anniversary of the Tibetan National Uprising Day in Lhasa, Tibet in 1959, against the Peoples Republic of China. During these 53 long years of struggle, thousands of innocent Tibetans were tortured, imprisoned and killed by the Chinese government,without a fair trial. Tibet
s rich resources are plundered and the environment destroyed with deforestation, elimination of its rare species of wildife and diverting and damming of Tibet
s holy rivers which are source of lifeline for many Asian countries.
Since 2008, massive crackdowns and indoctrination of Tibetan monks and nuns were imposed by the Chinese Government. Due to heavy handedness of the Chinese authorities, and the unbearable condition of the Tibetans under their most repressive rule, the Tibetans from all parts of Tibet, especiall y Ngaba and Karzi regions unitedly protested, demanding the return of Tibet
s spiritual leader H.Holiness the Dalai Lama and freedom for Tibet. Instead of addressing the problems being faced by the Tibetans under the Chinese repressive rule in Tibet, the Chinese authorities sought to use forceful methods by firing on unarmed Tibetan protestors, beating and injuring them. Since 16th March 2011, over 24 Tibetan
s have self-immolated, calling for return of Tibet
s spiritual leader H.Holiness the Dalai Lama and freedom for Tibet. In short, Tibet is cut off from outside world, with ban on the entry of foreign media personnel and tourists.
We therefore, appeal to your Excellency and the representatives of the United Nations member countries to take immediate action on the following demands:-
1) Insist the Peoples Republic of China to immediately call back all Chinese Security personnel from Ngaba and Karzi regions of Tibet.
2) All the monks and nuns must be allowed to return unconditionally to their respective monasteries
3) Insist the Chinese authorities to release all the political prisoners, especially the young Panchen Lama, Gedun Choekyi Nyima and Tulku Tenzin Delek
4) Allow foreign diplomats and independent media unfettered access to all the Tibetan areas for observation
Stop all forms of percecution in Tibet and adhere to Global Human Rights norms.
Your Excellency, we Tibetans inside Tibet and in other parts of the world, appeal and look forward eagerly to genuine political support from the United Nations like any other weaker nations who are facing tremendous aggression from more powerful nations in the world.
As you are aware, we Tibetans, under the leadership of His Holiness the Dalai Lama, the non-violent and compassionate leader who follows non-violent even to last resort, continue to follow His steps to gain Freedom for the Tibetans.
Thanking you,
With due respect and hope,
TENZIN WANGMO PHURBU LHAMO
President President
RTWA Bylakuppe, Karnataka State RTWA Kollegal, Karnataka State
Shanghai Best Oray Information S&T Co., Ltd.
Shanghai Best Oray Information S&T Co., Ltd. (yezi@oray.com )
1st Floor of No. 15 Jian Gong Road Tianhe District
guangzhou
,510665
China
Tel. +86.2061073384
Fax. +86.20
Virustotal
SHA256: 6a70e797617bb8958bfbe94a42374447e3859c6b4ef1e108d43a30b5db74480b
SHA1: 445959611bc2480357057664bb597c803a349386
MD5: f4cbfe4f2ddf3f599984cf6d01c1b781
File size: 155.1 KB ( 158854 bytes )
File name: speech.doc
File type: MS Word Document
Detection ratio: 27 / 42
Analysis date: 2012-05-04 02:00:26 UTC ( 48 minutes ago )
AhnLab-V3 Dropper/Ms09-027 20120503
AntiVir EXP/CVE-2009-0563.A 20120504
Antiy-AVL Exploit/MSWord.CVE-2009-0563 20120504
Avast MacOS:DocDrop-A [Expl] 20120504
BitDefender Exploit.CVE-2009-0563.Gen 20120504
ClamAV OSX.Word.Malware 20120504
Comodo UnclassifiedMalware 20120503
DrWeb Exploit.MS09-027.1 20120504
Emsisoft Exploit.MS04.CVE-2004-0210-2009-0563.A!IK 20120504
eTrust-Vet OSX/MS09-027!exploit 20120503
F-Secure Exploit:OSX/MS09027.A 20120504
Fortinet W97M/CVE_2009_0563.A!exploit 20120504
GData Exploit.CVE-2009-0563.Gen 20120504
Ikarus Exploit.MS04.CVE-2004-0210-2009-0563.A 20120504
Kaspersky Exploit.MSWord.CVE-2009-0563.a 20120504
McAfee Exploit-MSWord.m 20120503
McAfee-GW-Edition Heuristic.BehavesLike.Exploit.W97.CodeExec.O 20120503
Microsoft Exploit:MacOS_X/MS09-027.A 20120503
NOD32 OSX/Exploit.MSWord.CVE-2009-0563.A 20120504
nProtect Exploit.CVE-2009-0563.Gen 20120503
PCTools Trojan.Mdropper 20120504
Sophos Troj/DocOSXDr-A 20120504
SUPERAntiSpyware - 20120411
Symantec Trojan.Mdropper 20120504
TrendMicro TROJ_MDROPR.LB 20120503
TrendMicro-HouseCall - 20120504
VIPRE Trojan.Msword.Mdropper.a (v) 20120503
VirusBuster Exploit.CVE-2009-0563.Gen 20120503
You have not signed in. Only registered users can leave comments, sign in and have a voice!
Sign in Join the community
No votes
More votes
An error occurred
ssdeep
1536:KgyNLrsGpdccCBOdK4TaC5V7dMorYjTBGI:ONPsGpe4TaCf7c
TrID
Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
ExifTool
SharedDoc................: No
Author...................: captain
HyperlinksChanged........: No
LinksUpToDate............: No
LastModifiedBy...........: captain
HeadingPairs.............: Title, 1
Template.................: Normal.dotm
CharCountWithSpaces......: 0
CreateDate...............: 2010:08:22 10:37:00
CompObjUserType..........: Microsoft Office Word 97-2003 Document
ModifyDate...............: 2010:08:22 10:37:00
TitleOfParts.............:
Company..................:
Characters...............: 0
ScaleCrop................: No
CodePage.................: Windows Arabic
RevisionNumber...........: 2
MIMEType.................: application/msword
Words....................: 0
FileType.................: DOC
Lines....................: 1
AppVersion...............: 12.0
Security.................: None
Software.................: Microsoft Office Word
TotalEditTime............: 0
Pages....................: 1
CompObjUserTypeLen.......: 39
Paragraphs...............: 1
1. speech.doc
2. 1.do
3. 1.doc
4. file-3831515_
5. 6a70e797617bb8958bfbe94a42374447e3859c6b4ef1e108d43a30b5db74
