Discovering new archiving methods... via malware / 2016-10-03 - Koos van den Hout

2016-10-03 5 months ago
In the incoming spam this morning:
See attached Bill Of Laden.

[-- Attachment #2: Shipping_Documents.ace --]
I had never heard of .ace files, but I miss some developments. So I asked:
$ file Shipping_Documents.ace
Shipping_Documents.ace: ACE archive data version 20, from Win/32, version 20 to extract, contains AV-String (unregistered), solid
So it is an archiving format, better described at ACE (compression file format) - Wikipedia. There is an unace for linux, and this gave me:
RFQ#0929919882.exe: PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
c04e10a084657473828a03a97c82f0a9  RFQ#0929919882.exe
Which is obviously not shipping documents but an executable. Looking at the file showed some dangerous function names.

Tags: , ,

, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred.

PGP key 2C66 3B5D F0D7 C263 local copy PGP key 2C66 3B5D F0D7 C263 via keyservers pgp key statistics for 0x2C663B5DF0D7C263 Koos van den Hout
RSS
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews, Weather maps
This page generated in 0.009947 seconds.