Jump to content

Virus in Documente Word email

Recommended Posts


Asa cum e si postat aici https://rstforums.com/forum/104606-posibil-virus.rst#post650900, o prietena de-a mea a primit exact acelasi mail.

Chestia e ca nu stiu daca o sa mearga cu malwarebytes sa dau remove.

Scan pe malwr - https://malwr.com/analysis/MjNhNmYwN2IzOTU1NDE1ZmEwOGU4NmUyZGQ5ZTZjMDA/

E putin cam urgent. se ocupa de o gramada de chestii + plati online si n-ar fi ok. Daca are cineva o recomandare de ceva removal tool, ar fi ok. Maine o sa am acces la pc-ul ei.

Link to comment
Share on other sites

1. Deschideti fisierul cu Notepad++

2. Cautati un base64

3. Decodati-l si vedeti daca incepe cu "ActiveMime"

4. Daca da, eliminati primii 50 de bytes

5. Salvati si ar trebui sa aveti un fisier OLE

6. Folositi OLEdump (al lui Didier Stevens) cu plugin-urile sale si obtineti URL-ul de unde descarca sau payload-ul (exe)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...