While going through the daily routine of analysing various malware and samples, one particular item caught my eye.
The item contains an email with the subject line which (when translated) reads,”Seasons Greetings!” and embedded within the email was a ZIP attachment containing an executable.
With my suspicions being aroused, I proceeded to analyse the executable.
Is it a new mass-mailer that will send your grandma all of your porn on your hard drive? Or a fake screen saver that when viewed puts you to sleep and when you wake up, you found that you’re in a bathtub of ice-cubes - minus your kidneys (of course)?
However, within a few moments of analysis in my trusty IDA disassembler, my heart sank. It dawned on me that the application was nothing except…. sigh…. someone’s idea of fun.
To give you a better idea of what it is, I ran the executable from our internal test machine and grabbed a screenshot of it: