One of our clients informed us they recently suffered an employee data breach. As a startup company, they had a constrained budget allocated for security and employee training. I visited them and spoke with the relevant stakeholders. I also collected some suspicious emails and a USB drive an employee found on their premises. While I am analyzing the suspicious emails, can you check the contents on the USB drive?
Q) What file is the autorun.inf running?
Q) Does the pdf file pass Virustotal scan? (No malicious results returned)
Q) Does the file have the correct magic number?
Q) What OS type can the file exploit? (Linux, MacOS, Windows, etc)
Q) A Windows executable is mentioned in the pdf file, what is it?
Q) How many suspicious /OpenAction elements does the file have?