Date: Sun, 18 May 2014 20:54:20 -0700 [05/18/14 23:54:20 EDT]
Subject: Re TT PAYMENT COPY
please confirm the attachment payment Copy and get back to me?
Attached is an archive file TT PAYMENT COPY.zip which in turn contains another archive file TT PAYMENT COPY.rar (which relies on the victim having a program to uncompress the RAR file). Once that is done, a malicious executable PaySlip.exe is created. This file has a VirusTotal detection rate of 27/53. Automated analysis tools (such as this one) don't reveal what is happening, but you can guarantee it is nothing good.
No comments:
Post a Comment