{
	"id": "7df835b5-e5db-4ee2-872f-1e1c37a3d578",
	"created_at": "2026-04-06T00:12:36.140438Z",
	"updated_at": "2026-04-10T03:24:29.17763Z",
	"deleted_at": null,
	"sha1_hash": "f8b5f9afd4c2cde3a9ddf201341fd8ad8ed67bcf",
	"title": "Definition of double extension",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 29006,
	"plain_text": "Definition of double extension\r\nArchived: 2026-04-05 12:35:55 UTC\r\nA way to trick users into opening a virus. Many people have learned that text files (.TXT) and image files (.GIF,\r\n.JPG, etc.) are safe to launch because they are data and not executable software. They have learned to be leery of\r\n.EXE, .VBS and other extensions that are executed immediately. Thus, virus writers try to trick more people using\r\ndouble extensions, so \"I LOVE YOU.TXT.vbs\" is really not a .TXT file, but a .vbs file, a Visual Basic Script that\r\nis executed immediately.\r\nYou Need to See the Extension\r\nSome mail programs may actually remove the .vbs at the end of the name, leaving users completely helpless to\r\nmake a determination even if they knew what to look for. This mentality is pervasive. Out of the box, Windows\r\ndefaults to hiding file extensions in all displays, which is beyond absurdity considering the importance of this file\r\nidentifier in everyday operations. See dangerous extensions and Love bug.\r\nSource: https://www.pcmag.com/encyclopedia/term/double-extension\r\nhttps://www.pcmag.com/encyclopedia/term/double-extension\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://www.pcmag.com/encyclopedia/term/double-extension"
	],
	"report_names": [
		"double-extension"
	],
	"threat_actors": [
		{
			"id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d",
			"created_at": "2022-10-25T16:07:24.139848Z",
			"updated_at": "2026-04-10T02:00:04.878798Z",
			"deleted_at": null,
			"main_name": "Safe",
			"aliases": [],
			"source_name": "ETDA:Safe",
			"tools": [
				"DebugView",
				"LZ77",
				"OpenDoc",
				"SafeDisk",
				"TypeConfig",
				"UPXShell",
				"UsbDoc",
				"UsbExe"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434356,
	"ts_updated_at": 1775791469,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f8b5f9afd4c2cde3a9ddf201341fd8ad8ed67bcf.pdf",
		"text": "https://archive.orkl.eu/f8b5f9afd4c2cde3a9ddf201341fd8ad8ed67bcf.txt",
		"img": "https://archive.orkl.eu/f8b5f9afd4c2cde3a9ddf201341fd8ad8ed67bcf.jpg"
	}
}