Headers:
From: "Air Canada" {tickets@aircanada.com}
Subject: Order # 79010838 - Completed
Message body:
Dear client,
Your online order has been successfully completed and your credit card has been charged.
FLIGHT NUMBER CX89014CA
DATE & TIME / MARCH 6rd , 14:15
DEPARTURE / Toronto
TOTAL PRICE / 450 CAD
The seat number and additional information regarding the flight can be found on the attached e-ticket.
Thank you for choosing Air Canada
Attached is a Word Document containing macros
Sha256 Hash:
e-ticket_79010838.doc
be34ee5a30cef8269efda392939e753e71eae513e8eb714c90c685a4677a5375 [1]
Malware Information:
VirusTotal Report [1] (hits 2/57 Virus Scanners)
Decoded Macro [Pastebin] [1]
URLLSK = "91.220.131.73/ca/file"STAA = "savepic.su/5229109"STAB = "savepic.su/5220917"
Cheers,
Steve
Sanesecurity.com
5 comments:
So what exactly does this particular "W97M/Downloader.adx" do?
So what does this "W97M/Downloader.adx" do exactly?
Ok, so I got this email 6 hours ago and stupidly opened it, since it looked like my upcoming trip to Toronto. I scanned with Avast and it says I'm clean, but am I really? What file(s) should I be looking for to delete from my system?
OK. so I stupidly opened the attachment when I got this email, since it looked like my travel info for my upcoming trip to Toronto. I deleted the file as soon as it opened, then ran Avast AV software and it says I'm clean, but am I really? What file(s) should I be searching for to delete from my PC? Any help would be appreciated!
If you opened it the document with macros enables, its worth using Eset etc. from the online scans tab, http://sanesecurity.blogspot.co.uk/p/online-scanners.html
Post a Comment