joke0 wrote: >In-Reply-To: <BE8F2DE1.1B07C%gandalf@xxxxxxxxxxx> > >Hi, > >Gandalf The White: > > >>Someone want to take the time to decode? >> >> > >Not so easy, but done. > >The decrypted result of this hta leads to an intermediate javascript code (not provided here). Once this one is decrypted too, we get the HTA, pasted below. > >Explanations on what the code does are welcome ;-) > > > Hi, it installs a browser helper object that loads this psde.exe file from the russian server, right? Unfortunately, the file isn´t available yet (because the domain isn´t connected), has anyone this file? Is it a known trojan horse? Hermann
begin:vcard fn:Hermann Arens n:Arens;Hermann email;internet:hermi@xxxxxxxxxxxx x-mozilla-html:FALSE url:http://www.userexit.de version:2.1 end:vcard
