W32/Maz.Dropper
Analysis
- Threat is encoded in VBScript
- Threat uses VBScript instructions to write a file
to the local system as "c:\mware.exe" and
then executes it
- The constructed file "c:\mware.exe" is
32bit and has a UPX compressed file size of 4096 bytes
and is known as W32/Maz - this executable then downloads
another Trojan from a preconfigured web address and
executes it
- This threat may have been mass-mailed as spam from
a hacker or group of hackers
- The downloader threat contains these strings -
Hello, world Inor