Sanesecurity ClamAV blog: zero hour malware, phishing and scams: Gulf Trade Co. Ltd Mrs Haisha Abdul. Profoma Invoice

Monday 23 March 2015

Gulf Trade Co. Ltd Mrs Haisha Abdul. Profoma Invoice

Gulf Trade Co. Ltd Mrs Haisha Abdul. Profoma Invoice

Headers:

Subject: RE:PI FOR NEW ORDER
From: export@gmail.com

Message body:

Dear Sir,

Please see attached for your reference.

The proforma ivoice for new order to effect payment ASAP.
If you have any question or correction, please let me know.

Regards,
Mrs Haisha Abdul.
Sales Person,
Gulf Trade Co. Ltd
Al-Rai, Street No.22, Thailand
Tel : 1803803
Tel Fax : +(666) 24770292
Skype: annimohd6@gmail.com

There's a Rar file attached to the email:

Profoma Invoice.rar

Inside the Rar file is an exe file:

Profoma Invoice.exe

Sha256 Hashes:

cf32a6ee5f309d06590623f0a098833cbd48692bc131442088594f2fef6c00c2 [1]

Malware Anti-Virus Reports:

VirusTotal Report [1] (hits 16/51 Virus Scanners)
Malwr Report [1]

Malware Summary:

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)

Executed a process and injected code into it, probably while unpacking

Installs itself for autorun at Windows startup

Cheers,

Steve
Sanesecurity.com

Sanesecurity ClamAV blog: zero hour malware, phishing and scams

Amazon3

Pages

Amazon

Monday 23 March 2015

Gulf Trade Co. Ltd Mrs Haisha Abdul. Profoma Invoice

No comments: