The attached phishing email installed a file that was detected by a malware scanner as Trojan.Winlock but Bitdefender didn't find anything.
Filename: HOEMIN.EXE
It was accompanied by the following registry entry:
Key: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: {D5A71B59-E5A9-AD41-8ADA-E432BBB9C72F}
Value: %USERPROFILE%\AppData\Roaming\Ruikn\hoemin.exe
The file was downloaded through the attached phishing email that links to alabdani.com/d1c5kE0K/index.html and opens a Java applet which prompts the user to download a fake Adobe Flash Player updater. This fake download installs the infected HOEMIN.EXE file.
/applications/core/interface/file/attachment.php?id=10599" data-fileid="10599" rel="">ATT00001.htm
