The embedded file is a Zip archive, containing a fake PDF (the icon is a PDF, but it’s really a .exe file).
I’ve submitted it to my antivirus, which doesn’t see it as malicious, and VirusTotal says there are very few antivirus detecting it now.
Since it seems the compilation time was 1h ago, I guess it’s really new.
There are already some analysis and comments :
I’ve checked it quickly :
– doesn’t not seem packed, all imports and segments are ok.
– when run in a VM, self-deletes itself after installing the payload.
I’ve already submitted it to my antivirus vendor and some malware analysts friends. Let’s stay tuned…