A Happy Thanksgiving from Rebhip?

A day before Thanksgiving, as I was doing my work, I came across a sample (SHA1:b9b52db22d35c50081054d4ece39f520ae3ef9fe) from a customer submission, with the usual “ecard.exe” filename. It has an image icon but with an .EXE extension; a clear sign of malicious intent. As I further investigated the sample, it displayed the following greeting:   Note: the…

1