David Gerard wrote:
As I noted, in this case the link actually went to a download page, not directly to the .exe. He still got five people to download it.
Having people download it is not harmful per se. How many of them were for reviewing it?
I read the talk page and have the impulse of downloading it to see what it really was, since they link to two different analysis, supposedly of the linked file, but with different hashes.
David Gerard, how did you get the link to threatexpert.com? The behavior of 01cd53443e3e7a7453a85a58191558c7 is one from malware, but the submission being on 21 July 2009 makes me doubt that it really is that the file.
VirusTotal analysis show the result as clean, but if it was an inoffensive PoC written on the IT department, why did they use a packer?