Sanesecurity ClamAV blog: zero hour malware, phishing and scams: Scanned Image from a Xerox WorkCentre

Monday, 27 April 2015

Scanned Image from a Xerox WorkCentre

Xerox WorkCentre Scanned Image from a Xerox WorkCentre with a malware zip attached...

Headers:

From: "Xerox WorkCentre" {Xerox.994@
Subject: Scanned Image from a Xerox WorkCentre

Message body:

Please open the attached document. It was scanned and sent to you using a Xerox WorkCentre Pro.

Sent by: newburydata.co.uk
Number of Images: 9
Attachment File Type: ZIP [PDF]
File Name: Scan001_4052168_041.zip

WorkCentre Pro Location: Machine location not set
Device Name: newburydata.co.uk

Attached file is scanned image in PDF format.
Adobe(R)Reader(R) can be downloaded from the following URL: http://www.adobe.com/

Attached to the message is a Zip file:

Scan001_4052168_041.zip

Inside the Zip file is a Windows Executable file:

Scan001_812901_041.exe

Sha256 Hashes:

f5ce6a2eff32a2cac6979d9ad996b10148d2430f10438ed8b8f6a6132f41e9c8 [1]

Anti virus reports:

VirusTotal Report: [1] (Detection 3/57)

Cheers,
Steve
Sanesecurity.com

Sanesecurity ClamAV blog: zero hour malware, phishing and scams

Amazon3

Pages

Amazon

Monday, 27 April 2015

Scanned Image from a Xerox WorkCentre

No comments: