Skip navigation.
Home

LinkedIn "Meeting Docs"

|

MD5: 7227d2c555262145700be91ae991d91e

I just received this malware via LinkedIn. Upon quick inspection at CWSandbox (Sunbelt Software) this looks connected to padreim.ru, the file:
appears to exploit C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
hides itself in C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\TEMP\ as well as $tmp/doc~.dat
runs as C:\WINDOWS\system32\svrwsc.exe and numerous other service names

Just starting my analysis but wanted to get this out.

Sunbelt Software CWSandbox report
http://www.sunbeltsecurity.com/cwsandboxreport.aspx?id=73306018&cs=7EB44195CE93B70BDD431D51DA773EDB

Virus Total Report
http://www.virustotal.com/file-scan/report.html?id=3eaf012380777e3b0944bb571ab676b6a79789a81236ccc6f70b2a00ea954af0-1285706380

origin link

hi, can u give us the originated link?

No link, email.

The document was distributed by email not via a URL.