Jump to content
Zagor

Password protected (777) email attachment

Recommended Posts

Hello,

my colleague got a password protected attachment from a customer email, she opened it (the content is a .doc file) but nothing happened. Then she sent it to me saying: "I cannot read this zip file", and I opened it too, with same result. Only after I realized that the email was probably a fake one ! 😞

After that I performed a full scan with Eset (Endpoint 5.0), but it didn't find anything. I tried to directly scan the ZIP file, but it is password protected so Eset can't analyze it. How can I check whether I got a malware ? If it might be useful I can upload the suspicious ZIP file.

Thanks and bye.

Edited by Zagor
added info

Share this post


Link to post
Share on other sites

Hi, I have an update: I checked my computer with Nod32 and other 3 antivirus software, but all of them didn't find anything.

Can I reassure myself about my PC being clean ? Is it possible that the suspicius file actually didn't take any action ? I attach the scan of the suspiciuos file performed on the www.virustotal.com web site.

Thanks for any hint/suggestion.

Z.570348772_ScreenHunter_76Sep_3011_31.thumb.png.951e83cf7abb182100be2beddc6c9d98.png

Share this post


Link to post
Share on other sites

Hi all, did nobody really face this situation ? Are all of those malware identified by virustotal dangerous or not ? Might there be a hidden ransomware with delayed activation ?

Thanks and bye,

  Z.

Share this post


Link to post
Share on other sites

Since the doc file is not detected only by ESET but also by other AVs, it's unlikely to be clean. However, after scanning the file with ESET the malicious macro should have been sanitized and the file should be no longer detected by us (some other AVs may still detect it though).

Share this post


Link to post
Share on other sites

Thanks Marcos,

when I opened the doc the first time no popup warning was displayed by Nod32, is it possible that something has been installed at that time ? After having realized this, I performed full scan with Nod32, Spybot s&d, Zemana, Malwarebytes and HitmanPro, but they didn't find anything serious. Can I consider my PC clean or I should perform a deeper analysis (and in case how) ?

Thanks again, Z.

Edited by Zagor

Share this post


Link to post
Share on other sites

It's impossible to tell what could have happened when you ran the file. The thing is the payload on servers may change in time, there may be no payload at times, connections to the server may fail, the downloaded payload may be undetected, etc. If running a full disk scan doesn't reveal any threat on the machine, I'd consider it clean.

Share this post


Link to post
Share on other sites

Hi Marcos, I have an update, I discovered that my case was an attempt of the FTCODE ransomware. Following the description given here I searched for all the features, but I found nothing, neither any file was encrypted, so I think it definitely didn't activate for some reasons. Do you agree ?

Bye, Z.

Share this post


Link to post
Share on other sites

Better also to stay away from suspicious files especially Attachments that you don't expect them to come.

Share this post


Link to post
Share on other sites

You initially posted in September but that "FTCODE" ransowmare is relatively new, hence I think it was something different and the downloader was supposed to download a different malware.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...