New malware received : Dossier_1848785.exe

140110-malwareI’ve just received a new malware in one of my spam mailboxes.

140110-email1

The embedded file is a Zip archive, containing a fake PDF (the icon is a PDF, but it’s really a .exe file).

I’ve submitted it to my antivirus, which doesn’t see it as malicious, and VirusTotal says there are very few antivirus detecting it now.

140110-virustotal

Since it seems the compilation time was 1h ago, I guess it’s really new.

There are already some analysis and comments :

I’ve checked it quickly :

– doesn’t not seem packed, all imports and segments are ok.

– when run in a VM, self-deletes itself after installing the payload.

I’ve already submitted it to my antivirus vendor and some malware analysts friends. Let’s stay tuned…

 

No Comments »

Bruno Kerouanton on janvier 10th 2014 in IT Security

Trackback URI | Comments RSS

Laisser un commentaire