Another day - another new .scr malware sample (May 7 - 2014)

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

First seen by VT less than an hour before my submission:

Detection ratio:  3/52

McAfee-GW-Edition     Heuristic.LooksLike.Win32.SuspiciousPE.J!81
TrendMicro            PAK_Generic.001
TrendMicro-HouseCall  PAK_Generic.001

Download link:

Anubis analysis:

DNS Queries:       DNS_TYPE_A       YES       udp  

HTTP Conversations:        
From ANUBIS:1028 to - []
Request: GET /downloads/Targ-0705USmw.enc
Response: 200 "OK"

Targ-0705USmw.enc can be downloaded from:

VT has not apparently seen that file prior to my submission:

Detection rate - 0/52


from ([])
Date:        Wed, 7 May 2014 20:18:39 +0700
From:       "Leo Meadows from"
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:
            Gecko/20101103 Thunderbird/3.1.6
Subject:    FW: Important account documents

Reference: C91
Case number: (munged)  
Please scan attached document and fax it to +1 (888) 589-5280.  
Please note that the Terms and Conditions available below are the Bank's
most recently issued versions. Please bear in mind that earlier versions
of these Terms and Conditions may apply to your products, depending on
when you signed up to the relevant product or when you were last advised
of any changes to your Terms and Conditions. If you have any questions
regarding which version of the Terms and Conditions apply to your
products, please contact your Relationship Manager.  
Yours faithfully

Leo Meadows
Senior Manager
Bank of America Commercial Banking  
Leo.Meadows @
Calls may be monitored or recorded in case we need to check we have
carried out your instructions correctly and to help improve our quality
of service.  

2014 Bank of America Corporation. All rights reserved. CashPro is a
registered trademark of Bank of America Corporation.  

Site Timeline