David Gerard wrote:
As I noted, in this case the link actually went to a
download page,
not directly to the .exe. He still got five people to download it.
Having people download it is not harmful per se.
How many of them were for reviewing it?
I read the talk page and have the impulse of downloading it to see what
it really was, since they link to two different analysis, supposedly of
the linked file, but with different hashes.
David Gerard, how did you get the link to threatexpert.com? The behavior
of 01cd53443e3e7a7453a85a58191558c7 is one from malware, but the
submission being on 21 July 2009 makes me doubt that it really is that
the file.
VirusTotal analysis show the result as clean, but if it was an
inoffensive PoC written on the IT department, why did they use a packer?