New malware received : Dossier_1848785.exe

140110-malwareI’ve just received a new malware in one of my spam mailboxes.


The embedded file is a Zip archive, containing a fake PDF (the icon is a PDF, but it’s really a .exe file).

I’ve submitted it to my antivirus, which doesn’t see it as malicious, and VirusTotal says there are very few antivirus detecting it now.


Since it seems the compilation time was 1h ago, I guess it’s really new.

There are already some analysis and comments :

I’ve checked it quickly :

– doesn’t not seem packed, all imports and segments are ok.

– when run in a VM, self-deletes itself after installing the payload.

I’ve already submitted it to my antivirus vendor and some malware analysts friends. Let’s stay tuned…


Ce contenu a été publié dans IT Security. Vous pouvez le mettre en favoris avec ce permalien.

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *