Malware Detected

Question

Malware Detected

asherwolfstein opened this issue 2 years ago · comments

Two of the PDF's (filenames start with Proof Of Concept... sorry my malware detection program only gave me that) have Windows malware embedded into them.

Trent Nelson · Answer 1 · Sat Mar 26 2022 04:16:34 GMT+0800 (China Standard Time)

Ah, probably these two:

% ls | grep '^Proof'
Proof of Concept or GTFO - v13 (October 18th, 2016).pdf
Proof of Concept or GTFO - v17 (30th December, 2017).pdf

Checksums:

% sha256sum 'Proof of Concept or GTFO - v13 (October 18th, 2016).pdf'
c881c67557af52864654791a2a494f329a2fa397236bf0e961508f0769b0a3f5  Proof of Concept or GTFO - v13 (October 18th, 2016).pdf
% sha256sum 'Proof of Concept or GTFO - v17 (30th December, 2017).pdf'
40b8985521e671b59c305d2f5512f31b95f1e8c59b9c05ad2ca6413a99d59c97  Proof of Concept or GTFO - v17 (30th December, 2017).pdf

I just cloned https://github.com/angea/pocorgtfo, the primary source of these articles. The checksums match, so I suspect this is a false positive.

% sha256sum pocorgtfo13.pdf
c881c67557af52864654791a2a494f329a2fa397236bf0e961508f0769b0a3f5  pocorgtfo13.pdf
% sha256sum pocorgtfo17.pdf
40b8985521e671b59c305d2f5512f31b95f1e8c59b9c05ad2ca6413a99d59c97  pocorgtfo17.pdf