[SANS ISC] Malicious script dropping an executable signed by Avast?

I published the following diary on isc.sans.org: “Malicious script dropping an executable signed by Avast?“.

Yesterday, I found an interesting sample that I started to analyze… It reached my spam trap attached to an email in Portuguese with the subject: “Venho por meio desta solicitar orçamento dos produtos” (“I hereby request the products budget”). There was one attached ZIP archive: PanilhaOrcamento.zip… [Read more]

[The post [SANS ISC] Malicious script dropping an executable signed by Avast? has been first published on /dev/random]

Article Link: https://blog.rootshell.be/2017/08/23/sans-isc-malicious-script-dropping-executable-signed-avast/