This week, reader Ahmed Elahaer submitted a malicious HTA file. He was able to deobfuscate the VBscript inside the HTA file, but had difficulties with the obfuscated PowerShell script launched by the VBscript.
Article Link: https://isc.sans.edu/diary/rss/24726