Skip navigation.

LinkedIn "Meeting Docs"


MD5: 7227d2c555262145700be91ae991d91e

I just received this malware via LinkedIn. Upon quick inspection at CWSandbox (Sunbelt Software) this looks connected to, the file:
appears to exploit C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
hides itself in C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\TEMP\ as well as $tmp/doc~.dat
runs as C:\WINDOWS\system32\svrwsc.exe and numerous other service names

Just starting my analysis but wanted to get this out.

Sunbelt Software CWSandbox report

Virus Total Report

origin link

hi, can u give us the originated link?

No link, email.

The document was distributed by email not via a URL.