New malware received : Dossier_1848785.exe

140110-malwareI’ve just received a new malware in one of my spam mailboxes.


The embedded file is a Zip archive, containing a fake PDF (the icon is a PDF, but it’s really a .exe file).

I’ve submitted it to my antivirus, which doesn’t see it as malicious, and VirusTotal says there are very few antivirus detecting it now.


Since it seems the compilation time was 1h ago, I guess it’s really new.

There are already some analysis and comments :

I’ve checked it quickly :

– doesn’t not seem packed, all imports and segments are ok.

– when run in a VM, self-deletes itself after installing the payload.

I’ve already submitted it to my antivirus vendor and some malware analysts friends. Let’s stay tuned…


No Comments »

Bruno Kerouanton on janvier 10th 2014 in IT Security

Trackback URI | Comments RSS

Laisser un commentaire