Sanesecurity ClamAV blog: zero hour malware, phishing and scams: presses de provence (impression directe sarl) Malware

Wednesday, 4 February 2015

presses de provence (impression directe sarl) Malware

presses de provence impression directe sarl Malware:

Headers:

From: "Lonnie Colflesh" {reckons@eshowe.org}
Subject: presses de provence (impression directe sarl)

Message body:

Hi,

======================================================
PRESSES DE PROVENCE IMPRESSION DIRECTE SARL
20 Bis Avenue Des 2 Routes 84000 Avignon
Avignon
FRANCE
+33 490 38 36 75

There's a Zip file attached to the email:

sales@domain.co.uk.zip

Inside that Zip, is another Zip file:

presses_de_provence_impression_directe_sarl.zip

Inside that Zip file is an Scr file (Note: dangerous executable):

presses_de_provence_impression_directe_sarl.scr

Md5 Hashes:

91eb6b3e264ef8b93ba2a5097ae91ecc [1]

Malware Information:

VirusTotal Report [1] (hits 4/55 Virus Scanners)

Malwr Report [1]

Hybrid Analysis Report [1]

Cheers,

Steve
Sanesecurity.com

1 comment:

Unknown said...: Hi Steve , a similar one here
http://myonlinesecurity.co.uk/l-e-lughese-attrezzature-per-lelettromeccanica-fake-word-malware/
so it is likely that we will see numerous different versions of this; 4 February 2015 at 15:38

Sanesecurity ClamAV blog: zero hour malware, phishing and scams

Amazon3

Pages

Amazon

Wednesday, 4 February 2015

presses de provence (impression directe sarl) Malware

1 comment: