Hi Steven Winderlich,

Seen that in the Quttera scan results and launched it in jsunpack and there I did not see anything alarming:
http://jsunpack.jeek.org/?report=d41df40646718a2d976d31588ecc68c9fbfac7df
Uses an iframe shim to mask system controls for IE 5.5 and higher up.
Whenever malware is involved with this overLIB/mini.js well it could be BKDR_CIDOX.CH involved →
http://about-threats.trendmicro.com/malware.aspx?language=au&name=BKDR_CIDOX.CH
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

polonus