Sanesecurity ClamAV blog: zero hour malware, phishing and scams: Me new photo ;) and hola mi foto :) malware

Friday, 16 January 2015

Me new photo ;) malware in the form of a html email with a zip attachment:

Headers:

From: "Juliya" {cauterizes580@netdealzbetter.com>
Subject: Me new photo ;) }

Message body1:

Me new photo ;)

Message body2:

hola mi foto :)

The auto-downloaded Zip file is:

my_photo.zip

On the Windows machine, Inside the zip, is Windows executable:

my_photo_48378957348957489375893475893.exe

Md5 Hashes:

1e65c5db4c5112bf9b5ebc7e5286567e

Malware Information:

VirusTotal Report [1] (hits 2/57 Virus Scanners)

Hybrid-Analysis Report [1]

Cheers,

Steve
Sanesecurity.com

Sanesecurity ClamAV blog: zero hour malware, phishing and scams