Today (despite our DDoSer “friend”) we’re going to analyze a new sample (md5: 2e7ea8b3d9cda626cdd8d6557952245d) that currently is 4/41 on virustotal. Just two words on the packer: it checks if a file named systemroot\system32\drivers\vmscsi.sys exists ( the SCSI driver of VMWare) and if so exits, ExpandEnvironmentStringsA is used to retrieve the path, followed by a call [...]