Monday, 27 April 2015

Scanned Image from a Xerox WorkCentre

Xerox WorkCentre Scanned Image from a Xerox WorkCentre with a malware zip attached...

Headers:
From: "Xerox WorkCentre" {Xerox.994@
Subject: Scanned Image from a Xerox WorkCentre
Message body:
Please open the attached document. It was scanned and sent to you using a Xerox WorkCentre Pro.

Sent by: newburydata.co.uk
Number of Images: 9
Attachment File Type: ZIP [PDF]
File Name: Scan001_4052168_041.zip

WorkCentre Pro Location: Machine location not set
Device Name: newburydata.co.uk

Attached file is scanned image in PDF format.
Adobe(R)Reader(R) can be downloaded from the following URL: http://www.adobe.com/

Attached to the message is a Zip file:
Scan001_4052168_041.zip
Inside the Zip file is a Windows Executable file:
Scan001_812901_041.exe
Sha256 Hashes:
f5ce6a2eff32a2cac6979d9ad996b10148d2430f10438ed8b8f6a6132f41e9c8 [1]
Anti virus reports:
VirusTotal Report: [1] (Detection 3/57)

Cheers,
Steve
Sanesecurity.com

No comments: