Trojan attached in fake emails regarding license key from Adobe


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the following subjects:

Download your adobe software
Download your license key
Thank you for your order
Your order is processed

This email is send from the spoofed address “Adobe Software <soft@adobes.com>”, “Adobe Software <support@adobes.com>”, “Adobe <software@adobes.com>”, “Adobe Software <your_order@adobes.com>” or similar and has the following body:

Hello.

Thank you for buying Director 11.5 software.
Your Adobe License key is in attached document below.

Adobe Systems Incorporated.

Hello.

Thank you for buying Creative Suite 6 Master Collection software.
Your Adobe License key is in attached document below.

Adobe Systems Incorporated.

Order Notification.

Thank you for buying Adobe Connect software.
Your Adobe License key is in attached document below.

Adobe Systems Incorporated.

The attached ZIP file has the name License_Key_OR8957.zip and contains the 209 kB large file License_Key_Document_Adobe_Systems_Incorporated.exe.

The trojan is known as Win32:Malware-gen, W32/Trojan.BDDH-7155, W32/Trojan3.GVP, Trojan-Downloader.Win32.Dofoil.rqh or Artemis!30AAE526F5C4.

At the time of writing, 11 of the 45 AV engines did detect the trojan at Virus Total.

Use the Virus Total permalink and Malwr permalink for more detailed information.
SHA256: a6cb6905775a7c4995222b3d91e7513a405d0cd183b7106dd713e720b2a4762a.

13 thoughts on “Trojan attached in fake emails regarding license key from Adobe

  1. I just received the following message from Adobe :

    Hello.
    Thank you for buying Acrobat X Pro software.
    Your Adobe License key is in attached document below.
    Adobe Systems Incorporated.

    The zip-file attached was License_key_OR5450.z

Comments are closed.