[SANS ISC] Malicious AutoIT script delivered in a self-extracting RAR file

I published the following diary on isc.sans.org: “Malicious AutoIT script delivered in a self-extracting RAR file“.

Here is another sample that hit my curiosity. As usual, the infection vector was an email which delivered some HTML code in an attached file called “PO_5634_780.docx.html” (SHA1:d2158494e1b9e0bd85e56e431cbbbba465064f5a). It has a very low VT score (3/56) and contains a simple escaped Javascript code… [Read more]