Sanesecurity ClamAV blog: zero hour malware, phishing and scams: Tracey Smith AquAid Card Receipt Word doc malware

Wednesday, 25 February 2015

Tracey Smith AquAid Card Receipt Word doc malware

Tracey Smith AquAid Card Receipt macro downloader.... just an update on the malware that the macro downloads.

Download location:

jacekhondel.w.interia.pl/js/bin.exe

Downloaded bin.exe information...

Md5 Hash: 244729de906a7f31af9827e2f04c4972 [1]
VirusTotal Report: [1] scores 3/57 Detections
Malwr Report [1]

Summary:

Starts servers listening on 0.0.0.0:80

Performs some HTTP requests

The binary likely contains encrypted or compressed data.

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)

Creates a slightly modified copy of itself

Installs itself for autorun at Windows startup

Hybrid Analysis Report [1]

Cheers,

Steve
Sanesecurity.com

Sanesecurity ClamAV blog: zero hour malware, phishing and scams

Amazon3

Pages

Amazon

Wednesday, 25 February 2015

Tracey Smith AquAid Card Receipt Word doc malware

No comments: