Sanesecurity ClamAV blog: zero hour malware, phishing and scams: Re:Informacje o płatności malware

Monday, 26 January 2015

Re:Informacje o płatności malware

Re:Informacje o płatności subject malware in the form of a html email, with an attached ZIP file...

Headers:

Subject: Re:Informacje o płatności

Message body:

>Zamówienie zostało zarejestrowane pod numerem
>
>POL8821223

Attached to the email is a ZIP file:

NR_POL8668436_xls.zip

On the Windows machine, Inside the zip, is Windows executable (Note the dual extension)

NR_POL1329021_xls.exe

Md5 Hashes:

51016a2f21b4734d3fb02654b7a370aa

Malware Information:

VirusTotal Report [1] (hits 3/57 Virus Scanners)

Malwr Report [1]

Summary:

Executed a process and injected code into it, probably while unpacking
Installs itself for autorun at Windows startup

Hybrid Analysis Report [1]

Cheers,

Steve
Sanesecurity.com

Sanesecurity ClamAV blog: zero hour malware, phishing and scams

Amazon3

Pages

Amazon

Monday, 26 January 2015

Re:Informacje o płatności malware

No comments: