Thursday, 15 January 2015

faktura malware

faktura subject malware in the form of a html email, with an attached ZIP file...

Headers:
From: {adwokat.zabrze@interia.eu}
Subject: Re:faktura
Message body:

Witam

Przesyłam w załączeniu fakturę. Proszę doliczyć do najbliższej opłaty.
Attached to the email is a ZIP file:
DOC150114-faktura.doc.zip

On the Windows machine, Inside the zip, is Windows executable (Note the dual extension)
DOC150114-faktura.doc.exe

Md5 Hashes:
3bcfe0c5364fa07f09ae44306da8dd82

Malware Information:

VirusTotal Report [1]
(hits 8/57 Virus Scanners)

Malwr Report [1]

Summary:


File has been identified by at least one AntiVirus on VirusTotal as malicious
Executed a process and injected code into it, probably while unpacking
Installs itself for autorun at Windows startup


Cheers,

Steve
Sanesecurity.com

No comments: