[R136a1]

Hi there,

This will be a quick analysis of a Downloader I recently came across (thanks to Artem for providing the sample!). What makes this malware special is the uncommon programming language which it uses to accomplish its tasks (actually a scripting language). The malware itself is very rudimentary, only the actual Downloader (spawns a shellcode) is a bit more advanced. Unfortunately the server isn't responding to the requests from the Downloader, so it is unclear what final purpose this malware has. I think the scripting languages and the shellcode were chosen to evade AV (heuristic) detections. The detection rates of the Dropper are still very low (6/46), even 2 years after its creation:

https://www.virustotal.com/file/5cc4dde ... /analysis/

Blogpost:
http://thegoldenmessenger.blogspot.de/2 ... oader.html

Malware attached.