Irregular Expressions

May 24 2011   10:02PM GMT

Zues packing list

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

So what was in the Zues rar?

7z.exe – Looks clean, nothing reported on it.

bt.exe – Listed as suspicious but nothing specific by any vendor.

upx.exe – Nothing reported.

FASM.exe – Listed as suspicious but nothing specific by any vendor.

php.exe – Nothing reported.

zip.exe – Nothing reported.

zsb.exe – Reported as Trojan-Spy:W32/Zbot, everything reports this as the main exe for the Zeus botnet.

zsbcs.exe – Backdoor, Backdoor.Generic.653241

Lots of PHP, cpp, xml, a few txt and a GeoIP lookup csv.

If you do not know what that one is, it’s a list of IP’s ranges with the assigned country code.  This list can be purchased online and is frequently updated with changes.

More to come.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: