Contributor: Hiroshi Shinotsuka
Malware authors are always seeking new ways to hone their craft. As cybercriminals are facing a multitude of preventative technologies from Symantec and users are becoming more security conscious, it is becoming increasingly difficult for the bad guys to win.
Recently, during research, we came across an oddly named sample, Word13.exe. Upon first glance, it appears to be a digitally signed file from Adobe.
Figure 1. Word13.exe file signed by Adobe
Figure 2. Fake digital signature properties