Malware distrubution on RapidShare: surprise.exe
December 14, 2010 15 Comments
MX Lab, http://www.mxlab.eu, intercepts email that distribute malware on the RapidShare file sharing platform.
The email is send from a rendom choosen spoofed address and has the following short body:
The malware file is 384 kB large and is named surprise.exe.
The trojan is known as Win32:Trojan-gen (Avast), Gen:Variant.FakeAlert.47 (F-Secure), Mal/FakeAV-EE (Sophos).
A new windows will be shown on the desktop of the computer:
The following files will be created:
The following processes are created:
The following Windows registry key will be created:
At the time of writing, only 16 of the 43 AV engines did detect the trojan at Virus Total.
Virus Total permlink and MD5: b9cffe050e66da4e383752997eba3acd.