Monday, 15 December 2014

doc macro malware: IFS Applications

Looks like another document containing macro malware has begin to be spammed out...

Date: Mon, 15 Dec 2014 04:45:32 -0300
From: IFS Applications
Subject: DOC-file for report is ready

The DOC-file for report Payment Advice is ready and is attached in this mail.

Payment Advice_593016.doc


VirusTotal Reports no Anti-Virus software picking it up :(

Sanesecurity ClamAV signatures are blocking this one though using...

Sanesecurity.Malware.24646.DocHeur.UNOFFICIAL FOUND (phish.ndb)
Sanesecurity.Rogue.0hr.20141215-0816.UNOFFICIAL FOUND (rogue.hdb)

Current Malwr report here shows malware contacting host

Decoded macro here (Pastebin)



No comments: