‘Twas The Night Before Christmas

While going through the daily routine of analysing various malware and samples, one particular item caught my eye.

The item contains an email with the subject line which (when translated) reads,”Seasons Greetings!” and embedded within the email was a ZIP attachment containing an executable.

With my suspicions being aroused, I proceeded to analyse the executable.

Is it a new mass-mailer that will send your grandma all of your porn on your hard drive? Or a fake screen saver that when viewed puts you to sleep and when you wake up, you found that you’re in a bathtub of ice-cubes – minus your kidneys (of course)?

However, within a few moments of analysis in my trusty IDA disassembler, my heart sank. It dawned on me that the application was nothing except…. sigh…. someone’s idea of fun.

To give you a better idea of what it is, I ran the executable from our internal test machine and grabbed a screenshot of it:

The application displays a picture of a Christmas tree (pity my screenshot doesn’t do it much justice) with flashing globes on your desktop. It includes functionality to link to an external non-malicious URI to an atomic clock which will countdown the number of days before Christmas and display it on your System Tray. The application also allows you to create multiple instances of itself (which I have done so in the image above) and has the ability to set the Christmas tree image to different levels of transparency. It allows you to set the registry key so that it can run itself upon the next startup if you so desire (you also have the option to unset it).

I guess this is one of those examples that we do see from time to time, where people might be mislead into thinking it’s malware but it’s just harmless fun.

While the Scrooge in me is tempted to classify this as a Potentially Unwanted Application (PUA), I thought the better of it less it spoils someone’s Christmas fun. I mean what could be more fun than creating multiple Christmas Trees (with flashing bulbs) on your desktop (okay, so maybe there *are* more fun things to do but that’s besides the point)? 🙂

Merry Christmas, everyone!