Wednesday, 4 February 2015

Ogloszenie o udzieleniu zamowienia 2015-02 Malware

Ogloszenie o udzieleniu zamowienia 2015-02 Malware
 
Headers:
Subject: Ogloszenie o udzieleniu zamowienia 2015-02
Message body:
Pozdrawiam

There's a Zip file attached to the email:

Ogloszenie_o_udzieleniu_zamowienia.zip

Inside the Zip file is a PIF file (Note: the double extension trick: dangerous executable:
Ogloszenie_o_udzieleniu_zamowienia.doc.pif
See how the above file looks in Windows Explorer, made to look like a .doc file but isn't:


Md5 Hashes:
 db6372c69a190d5e09341d7b4989b1e2  [1]

Malware Information:

VirusTotal Report [1] (hits 2/56 Virus Scanners)

Malwr Report [1]

Summary:
  • Executed a process and injected code into it, probably while unpacking
  • Installs itself for autorun at Windows startup

Hybrid Analysis Report [1]

Cheers,

Steve
Sanesecurity.com

No comments: