New trojan variant of the “Homicide Suspect” malware PDF bulletin


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Homicide Suspect”.

This email is send from the spoofed address “”ALERT@nyc.gov” <ALERT@c216.218.25-58.clta.globetrotter.net>” and has the following body:

Bulletin Headline: HOMICIDE SUSPECT
Sending Agency: New York City Police
Sending Location: US – NY – New York Police
Bulletin Case#: 14-93922
Bulletin Author: BARILLAS #8343
Sending User #: 78092
APBnet Version: 025917

The bulletin is a pdf attachment to this email.
The Adobe Reader (from Adobe.com) will display and print the bulletin best.

You can Not reply to the bulletin by clicking on the Reply button in your email software.

The attached ZIP file has the name Homicide-case#221.zip and contains the 20 kB large file Homicide-case#221.scr.

The trojan is known as Win32/Trojan.Multi.daf.

At the time of writing, 1 of the 51 AV engines did detect the trojan at Virus Total.

Use the Virus Total permalink for more detailed information.
SHA256: 53385aaa732828f406b81a8f225847f6334f92dc14cc70dc375f739f5281136f.

One thought on “New trojan variant of the “Homicide Suspect” malware PDF bulletin

Comments are closed.