This document includes EXE file with PE structure, which can infect user's PC on executing.
Therefore, general users need to be careful on executing file on downloaded DOCX files.
2. Spreading path and symptoms of infection
Downloaded DOCX file is named "satna.docx". Besides, its file name can be changed and spread with various techniques.
Following figure is downloadable malicious DOCX file.
You can see this message written in English and Arabic.
Furthermore, it induces to click notepad icon.
Double clicking will execute EXE file(PE structured) with this warning page.
We extracted this EXE file with drag and drop and inspected its internal structure.
To click execute button, it will create malicious file disguised TXT file on following path.
Generated svchosts.exe file will be registered in certain registry value and re-infect on booting.
3. How to prevent
To use PC safely from security threats of these malicious attachments, we recommend following "Security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Anti-Virus/Spyware for detecting such as malicious file stated above and runs responding system against various security threats.