W32/Rustock.F, a quite unknown Rustock.C dropper
Some days ago a friend of mine posted me a suspicious malware, unfortunately I couldn’t look at it before yesterday night because I was out for work.
By submitting the file to virustotal.com I could see that only the 39,02% of the av recognizes it as a malware (some popular antivirus like Kaspersky or Symantec, for example, don’t recognize it), Microsoft calls it “TrojanDropper:Win32/Rustock.F” while for Panda it is “Trj/Rustock.L”.
As resulting from the analysis this is really a dropper for the famous malware Rustock.C.
A lot of papers has been written on Rustock.C so I will analyze only this dropper in order to make you know that this is a malware even if your antivirus does not signal it as a bad application.
The file I’m talking about is called “is7771.exe”.
In the article I will explain the behaviour of the dropper in details, take a look at it here: