Serv-Ware Credit Application.pdf

Serv-Ware Credit Application.pdf attachment being spammed containing a zip file
These emails aren't from these companies at all , they are just being used to make the email look more genuine, ie. from a real company.

Note

It's also worth remembering that the company itself  may not have any knowledge of this email and it's link(s) or attachment as it won't have come from their servers and IT systems but from an external bot net. It's not advised to ring them as there won't really be anything they can do to help you.

Message Header:

From: {clint@servware.com}
Subject: Emailing: Serv-Ware Credit Application.pdf.

Message Body:

-- Thanks, Clint Winstead Manager Serv-Ware Products clint@servware.com phone: 800.768.5953 fax    : 800.976.1299 www.servware.com

 Attachment:

Serv-WareCreditApplication.zip

Inside the Zip is a Windows Executable:

Serv-WareCreditApplication.exe

Sha256 Hashes:

d48507819dd4a42b1f751cc0f60884513389f1be25b34f642e0276cdabbbece9  [1]

Malware Macro document information:

VirusTotal Report [1] (hits 8/57 Virus Scanners) Summary: Modifies/Creates these files locally:  C:\DOCUME~1\~1\LOCALS~1\Temp\utilview.exe (successful) c:\autoexec.bat (successful) viagra.pdf (successful) Malwr Report [1] Summary: File has been identified by at least one AntiVirus on VirusTotal as malicious Performs some HTTP requests Looks up the external IP address Steals private information from local Internet browsers Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) Creates an Alternate Data Stream (ADS) Installs itself for autorun at Windows startup Hybrid Analysis Report [1] [Detailed Report]

Cheers,

Steve

Sanesecurity.com