Im not have the file to upload online have the link for virustotal. Upload the link of virustotal ?
Thanks for answer the question. (sorry my english is bad)
I was hoping you had the original file that you uploaded to VirusTotal. No matter, I might be able to reach out and grab it from them.
<snip>
I feel that is fortunate, as a link to live/suspect malware in the forums could well result in alerts in the forums.
The other point is that with a link to live/suspect malware, there is no control over who downloads it or what they might do with it.
We've done this before David. There are many ways of ensuring that User's are not put at risk; something I neglected to mention in my hastily written reply. (Such as password protecting the archive).
However, you must recognize that a text file (which, is exactly what this is) poses no risk to users, unless they're stupid enough to open it, and try to find links to open.
Magic ASCII text
That's taken form the VT Report, where magic refers to "Magic Byte". You would need the actual executable from Emotet to make use of that file. (Emotet is commonly spread through DOCX files, using a vulnerability/exploit in how Word handles Macro's. The macro runs powershell, which decides a base64 encoded command and executes it. That command could reach out to a C2 server and download additional malware, or it may drop one itself.)