I published the following diary on isc.sans.org: “Malicious AutoIT script delivered in a self-extracting RAR file“. Here is another sample that hit my curiosity. As usual, the infection vector was an email which delivered some HTML code in an attached file called “PO_5634_780.docx.html†(SHA1:d2158494e1b9e0bd85e56e431cbbbba465064f5a). It has a very low VT
