I was able to snag this piece of malware from a user at work a few months back (yes, I know, it’s been a while). It was delivered via email in the typical form of a zipped executable. As with many companies, we utilize scanning-to-email and scanning-to-folder operations on our printers to reduce paper usage so I wasn’t very surprised to see SCAN_389_07172013_319 as the email title.
Luckily, many of our users have taken my presentations and education sessions on email security fairly seriously and have gained a keen-eye for suspicious emails that manage to land in their inbox. (See, user education does work!)
In the little spare time I have, I decided it would be worth while to do a little analysis of my own on this. It never hurts to get your hands dirty with a little malware analysis every now and then, so lets jump right into it! Continue reading