[skeptre]

I came across an interesting post recently, http://www.cert.pl/news/7662/langswitch_lang/en

I could just find one sample from the list mentioned in the post (Attached the found sample)
6c0a2b3c59ef0cc1df5a74347c646460 acs.exe -- Only got this
0af108f988b4d7ba00a041c4b5147d37 explore.exe
09ea238ec02f1c61b0af4d9596a0e90e svhcost.exe
c8efcb9657e1b16ba8a926558479e152 taskmgr.exe
303182dd4b3d32bc523153793e5d771f AcroRd.exe

Requesting other samples if anyone found it. I will share the finding from my side for the same.
Thank you !

[Horgh]

http://www.kernelmode.info/forum/viewto ... =16&t=3008

[skeptre]

Thank you :)
Anyone got their hands on the original .pdf.scr file that acts as the dropper ?
the acs.exe file does send get request for a file1.pdf to a domain but looks like it is down