And your obligatory MS12-060 malware Christmas Card:
Christmas Card For You.doc
Dropper imphash: 18ddf28a71089acdbab5038f58044c0a
C2 IP: 188.8.131.52:443
Possibly related domains: boshman09.com (resolves to same IP 184.108.40.206)
date = "December 22, 2014"
desc = "Christmas Card for you malware"
ref = "https://www.malwaretracker.com/docsearch.php?hash=0dbe90b1dca29e2daf28ff789b3d43d3"
MD5 = "0dbe90b1dca29e2daf28ff789b3d43d3"
author = "@mwtracker www.malwaretracker.com"
$s1 = "\\kis(by XC)\\MYDLL\\Release\\MYDLL.pdb"
all of them
You can view our automated Cryptam report on this sample as well as the extracted dropper's strings in Cryptam.