Microsoft Malware Protection Center

Threat Research & Response Blog

Browse by Tags

  • Blog Post: Explore the CVE-2010-3654 matryoshka

    We recently discovered a sample that is trying to exploit the 0-day Adobe vulnerability tracked by CVE-2010-3654 . This sample is being distributed as a PDF file, and it has a lot of complicated steps before the final payload is executed. Analyzing this sample is like working your way through a matryoshka...
  • Blog Post: Dead code walking

    Recently I had a moment to review a group of PDF exploit files. Many exploits use various tricks to obfuscate embedded JavaScript. I thought I could de-obfuscate the samples by throwing them into a sandbox environment and enjoying the beautified source code, but these samples required a different method...