CHM

CHM (Microsoft Compiled HTML Help) is the extension used by Windows help files and other files such as e-books. Cybercriminals have been known to abuse vulnerabilities in CHM files to execute arbitrary code. Successful exploitation requires the user is tricked into opening or decompiling a malicious CHM file, which may be used to execute malicious routines the same way a malicious EXE file would.

In 2015, threat actors used a zipped CHM file to display a MERS-related webpage from a popular Japanese information site. The CHM file was coded to drop the backdoor file ZXShell, which is commonly used in targeted attacks.

Links:
http://blog.trendmicro.com/trendlabs-security-intelligence/microsoft-windows-22itssdll22-heap-corruption-vulnerability/

http://blog.trendmicro.com/trendlabs-security-intelligence/mers-news-used-in-targeted-attack-against-japanese-media-company/