Another day, another scr malware spam (May 8, 2014)

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

First submission was an hour ago.

The absolutely spectacular detection rate by the AV industry is:  5/52

AntiVir   TR/Crypt.XPACK.Gen2
Bkav      HW32.Pedka.asoa
CMC       Trojan.Win32.Krap.1!O
Sophos    Mal/Generic-S
VBA32     BScope.Trojan-Dropper.Injector

PS:  I'm not seeing Avira showing up at VT.  Curious.

The file can be downloaded from here:

Anubis report:

DNS Queries:       DNS_TYPE_A

HTTP Conversations:       
From ANUBIS:1028 to - []
Request: GET /images/banners/0805USmp.rar
Response: 200 "OK"

0805USmp.rar can be downloaded from here:

That file was first (and perhaps only once) analyzed by VT 1 hour 20
minutes ago.  0/52 detection rate:


Received:     from ([])
Date:         Thu, 8 May 2014 09:03:08 -0600
User-Agent:   Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101
Subject:      INCOMING FAX REPORT : Remote ID: 363-634-mung


Date/Time: Thu, 8 May 2014 09:99:45 GMT
Speed: 4161bps
Connection time: 03:09
Pages: 5
Resolution: Normal
Remote ID: 849-645-mung
Line number: 6
Description: Internal report


Site Timeline