We’ve just received new samples of a Trojan downloader recently
(MD5 hash: c45802f78f5355e50b954cf797335784)
and a pattern is currently in the works to detect them.

Initial analysis shows that this Trojan connects to a predefined URL and downloads a malicious file. It may be received as an email attachment with the filename
DC001.JPG_______________________________JPG.EXE.

The filename and icon are constructed to trick users into opening it, under the assumption that it is an JPEG picture file.

This new sample is detected as TROJ_DLOADER.DHX. Its detection is available since CPR 3.574.02.