Today we received a mail which pretended as if it has come from FedEx as below.
As seen from the image, the attachment is actually an UPX packed executable file which looks like an invoice document.
After execution of the binary, it dropped copy of itself and also created registry key as shown below.
[Image 2]
The file and registry key names are created as if they are genuine ones.
In addition we also noticed that it tried connecting to suspicious links.
Finally the Rogueware named System Restore got installed.
We suggest all users to stay away from such emails.
If you are infected with such Rogueware, we recommend you to scan the system using below tool.
Remove System Restore Rogueware
Leave a reply
