Technical Details

This exploit program uses vulnerabilities in Adobe Reader and in Adobe Acrobat. It is a PDF document containing Java Script scenarios. It is 3727 bytes in size.


The malicious PDF document contains a compressed data stream, which unpacks when the document is opened and consists of obfuscated Java Script scenarios. Once the script is decrypted, the exploit program uses a vulnerability, which arises when calling the util.printd(), Doc.media.newPlayer (CVE-2009-4324) methods and downloads a file from the Internet from the following link:


The downloaded file is saved in the current user's temporary files directory "%Temp%" as

The downloaded file is then launched for execution.

Removal Instructions

If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:

  1. Delete the original exploit file (its location will depend on how the program originally penetrated the infected computer).
  2. Delete the following file:

  3. Empty the Temporary Internet Files directory, which may contain infected files (see How to delete infected files from Temporary Internet Files folder?).
  4. Install the following update:
  5. Perform a full scan of the computer using Kaspersky Anti-Virus with up-to-date antivirus databases (download a trial version).

MD5: 18A021E8EC3686DBCE781FE35AF88A9F
SHA1: 81C41B5E0DF05E1773A267F6AF473878290A10BE