fake Google Drive shared documents notification

Today’s first malspam example is an  email pretending to be a Google drive shared documents notification with the subject of  Documents  coming from UAE Exchange <res@fairviewres.co.uk>   with a link in the email body to download a zip which contains a very large encrypted / encoded/ obfuscated VBS file. I have absolutely no idea what this file does. None of the online sandboxes could tell me anything really useful. I have absolutely no idea how to decode / decrypt or de-obfuscate it. All I can find out is that it contacts shkis.publicvm.com on IP 141.255.155.6 but didn’t appear to respond for me or Continue reading →

Source