Threat behavior
Exploit:Win32/Pdfjsc.ML is the detection for malicious Portable Document Format (PDF) files that attempt to exploit certain vulnerabilities in Adobe Acrobat and Reader using a particular trick to obfuscate, hide, and subsequently run, malicious JavaScript and shellcode. They may connect to remote websites.
Installation
Exploit:Win32/Pdfjsc.ML usually arrives on the computer when the user visits a webpage that contains a malicious PDF file or opens an email message containing the PDF file as an attachment.
Exploit:Win32/Pdfjsc.ML determines what version of Adobe Acrobat or Reader is currently running in the computer so as to use the appropriate exploit code.
Exploit:Win32/Pdfjsc.ML has been observed to exploit the following vulnerabilities:
Payload
Connects to various websites
Exploit:Win32/Pdfjsc.ML may connect to a remote website for various purposes. One sample was observed to contact the following website:
Analysis by Rex Plantado
Prevention