Fake “Windows XP Recovery” tool.

We have analyzed below malicious email. As usual it pretends to be from DHL Inc.

As we can see this email has a zip file attachment which contains a malware.
On extraction of this zip file user gets an executable file which has icon like a pdf file.

If this file gets executed it runs a script file from url “https://9X.6X.9.15/f/g.php”
and downloads the fake tool file from the url “https://6X.9X.116.16/pusk3.exe”

After downloaded file is executed on the affected machine and it works as a fake “Windows XP Recovery” tool.
It hides all the items which are present on the users desktop. It displays frequently a fake “Hard Drive Failure”
error message. The fake tool is as shown below:

Quickheal detects the malware file as “TrojanDownloader.Dapato.dt” so users are already protected.
We recommend users not to open such attachments from the unknown emails.

Pravesh Shinde

Pravesh Shinde


No Comments, Be The First!

Your email address will not be published.

CAPTCHA Image