Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Virus Guy
March 16, 2016, 3:27 pm
rate this thread
4 out of 5
4 out of 5
Return path was my own email address (so on first glance it looked like
I sent myself an email).
Subject was simply "Document1". No message body. Attachment was
Unzips to a 6kb .js file with a random-looking file-name (or perhaps
Virus total scan result:
Detection rate: 9/56
Here's who got it right:
Everyone else (including malwarebytes and kaspersky) get a big FAIL.
malwr analysis is here:
downloads malware from here:
winjoytechnologies.com is currently 188.8.131.52
I'm also seeing references to
184.108.40.206/main.php (IP owned by OHV france)
VT scan of the above .exe file is pathetic:
detection rate 2/57:
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 [F]
malwr scan is here:
Scan isin't finished - I don't know what it will show.
- » Malwarebytes screwed by Forum software vendor Invision Power
- — Next thread in » Anti-Virus Software
- » (Locky) Ransomware author's bravado shot down by release of decryption keys
- — Previous thread in » Anti-Virus Software