Header Ads

PhishCentral is a resource for all security researchers with a focus on phishing and spam related malware. All information provided at this site is to be used only for research and learning. If you want samples of the malware reported on this site for further analysis and research, send your requests to samples@phishcentral.com

MalSpam: PDF with embedded DOCM | Invoice Theme

This phishing campaign involved a PDF attachment (invoice or something similar) that, on execution, will drop a docm file, whichi in turn will be the downloader. In the sample I analysed for this post, the PDF turned out to be corrupt but the flow can still be seen.

Yahoo did a good job of flagging the attachment as malicious, other providers might not be able to do so.
Here's the downloaded PDF:

The start of the file:

The PDF has the code for the embedded docm:

I'll try to get another sample and see if I can get the doc off it and execute it for the complete analysis of this campaign. 

No comments:

Powered by Blogger.