Emal “Your document” contains trojan Trojan-Spy.Zbot

MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Your document”, send from spoofed addresses and has the following ver short body:

To view your document, please open attachment.

The attached ZIP file has the name document_8608003.pdf.zip and contains the 196 kB large file c3.exe.

The trojan is known as Trojan-Spy.Zbot, W32/Risk.QSAW-8224, Luhe.Fiha.A or PE:Malware.FakePDF@CV!1.9C3A.

At the time of writing, 5 of the 54 AV engines did detect the trojan at Virus Total.

Use the Virus Total permalink for more detailed information.
SHA256: b7e768d540e63e06139dc2dd194dda47b3a2712cb27b1d173127a7801ac88e88

One thought on “Emal “Your document” contains trojan Trojan-Spy.Zbot

Comments are closed.