FedEx Scam spreading Rogueware

Today we received a mail which pretends to have come from FedEx and it looks as shown below.

As seen from the image, the attachment is actually a UPX packed executable file which looks like an invoice document.

After execution of the binary, it dropped a copy of itself and also created a registry key as shown below.

The file and registry key names are created as if they are genuine.

In addition we also noticed that it tried connecting to several suspicious links.

Finally, a rogueware named System Restore got installed.

We suggest that all users ignore such emails and do not respond to them.

If you are infected with such rogueware, we recommend that you scan your system using the tool below.
Remove System Restore Rogueware

Vishal Dodke

Vishal Dodke

No Comments, Be The First!

Your email address will not be published.