A Korean shopping mall incident involved a suspected APT malware sample named “OurFamily.abcd.scr” that was reportedly distributed as an email attachment and disguised as a Windows screensaver file. When executed, the SCR dropper created msoia.exe under a Microsoft Office-looking path, copied itself as ielowutil.exe under an Internet Explorer compatibility path, and used autostart-style execution arguments. The ielowutil.exe component supported ten commands, mainly for collecting and sending infected PC information such as documents, media, and process data to attacker-controlled servers, with one command used to download an additional module. The malware attempted connections to servers located in Honduras, Taiwan, and New Zealand and loaded a downloaded iehmmapi.dll module, making the intrusion significant because follow-on modules could expand impact beyond the initial information-stealing behavior.