Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


PFV-Metasploit


Aliases:


PFV-Metasploit

Malware
Trojan
W32

Summary

PFV-Metasploit files are WMF documents containing exploit for Windows WMF SetAbortProc flaw.



Disinfection & Removal

Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details

PFV-Metasploit files are generated by the metasploit framework. These are highly variable WMF documents containing exploit for Windows WMF SetAbortProc flaw. Some charasteristics of the files are:

  • Random size, up to maximum frame size of underlying networkRandom amount of random WMF records in the beginning and in the end of documentHighly polymorphic shellcode in between the random records

The shellcode itself is highly configurable by the metasploit framework, its functionality includes running any file on the infected machine, updloading and executing additional components and running the metasploit shell ("meterpreter").





Description Created: Jarkko Turkulainen, January 1, 2006
Technical Details: Jarkko Turkulainen, January 1, 2006



Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Scan and clean your PC




F-Secure Online Scanner will scan and clean your PC in just a few minutes for free

Disinfect your PC




F-Secure Anti-Virus will disinfect your PC and remove all harmful files