Office maldoc + .lnk, (Sat, Jul 15th)

Reader nik submitted a malicious document. It width:867px” />

It width:852px” />

And then we can use Woanware width:829px” />

Unfortunately, the .lnk file does not contain interesting metadata. But we can see that it uses PowerShell to download an executable from Dropbox.

Didier Stevens
Microsoft MVP Consumer Security

(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.

No comments yet.

Leave a Reply

Please leave these two fields as-is:

Protected by Invisible Defender. Showed 403 to 955,279 bad guys.