This is a strange & slightly more difficult than usual to analyse malware, mainly because the bad actor appears to have made a total mess of the distribution. I do not know if this will actually run on a proper computer, it obviously doesn’t like a sandbox / VM . The email was received with a .dat extension, which is what Outlook or the mail server often changes unknown extensions to. This dat file is actually a zip file. It does extract to a .pif and a jpg image file of an invoice. The pif is not a windows shortcut … Continue reading →