Sanesecurity ClamAV blog: zero hour malware, phishing and scams: Ogloszenie o udzieleniu zamowienia 2015-02 Malware

Wednesday, 4 February 2015

Ogloszenie o udzieleniu zamowienia 2015-02 Malware

Ogloszenie o udzieleniu zamowienia 2015-02 Malware

Headers:

Subject: Ogloszenie o udzieleniu zamowienia 2015-02

Message body:

Pozdrawiam

There's a Zip file attached to the email:

Ogloszenie_o_udzieleniu_zamowienia.zip

Inside the Zip file is a PIF file (Note: the double extension trick: dangerous executable:

Ogloszenie_o_udzieleniu_zamowienia.doc.pif

See how the above file looks in Windows Explorer, made to look like a .doc file but isn't:

Md5 Hashes:

db6372c69a190d5e09341d7b4989b1e2 [1]

Malware Information:

VirusTotal Report [1] (hits 2/56 Virus Scanners)

Malwr Report [1]

Summary:

Executed a process and injected code into it, probably while unpacking

Installs itself for autorun at Windows startup

Hybrid Analysis Report [1]

Cheers,

Steve
Sanesecurity.com

Sanesecurity ClamAV blog: zero hour malware, phishing and scams

Amazon3

Pages

Amazon

Wednesday, 4 February 2015

Ogloszenie o udzieleniu zamowienia 2015-02 Malware

No comments: