As seen from the image, the attachment is actually a UPX packed executable file which looks like an invoice document.
After execution of the binary, it dropped a copy of itself and also created a registry key as shown below.
The file and registry key names are created as if they are genuine.
In addition we also noticed that it tried connecting to several suspicious links.
Finally, a rogueware named System Restore got installed.
We suggest that all users ignore such emails and do not respond to them.
If you are infected with such rogueware, we recommend that you scan your system using the tool below.
Remove System Restore Rogueware
No Comments, Be The First!