I have a terrible headache with the trojan payload provided by exploit kit,
the infected download url is here:
(↑just checked, still up..may God curse the lazy tax money eater involved to a frog for not shut this ASAP..)
Just in case overall sample is here
with all exploit data.
And the binary is attached in this message.
Virus Total report is here
I saw this sample from 0 detection ratio until now becoming 15 or more.
Most of the infection work I figured it well, like I wrote here
But there's no networking happens.. yet I have a strong hunch this is a PWS for sure,
Honestly, I am not so sure to state this as Cridex since none of the Cridex I know work like this, but, since I can't find other threat for PWS kindly forgive me to post this case here for a start.
After restarting the explorer the binary itself always quit and never came to be resident in memory in my test case, PS: the log of the file process & registry process is here
I mean what's the real purpose of this infection?
Any help to solve this mistery will be highly appreciated, and thank you in advance.
You do not have the required permissions to view the files attached to this post.