Irregular Expressions

May 24 2011   10:02PM GMT

Zues packing list

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

So what was in the Zues rar?

7z.exe – Looks clean, nothing reported on it.

bt.exe – Listed as suspicious but nothing specific by any vendor.

upx.exe – Nothing reported.

FASM.exe – Listed as suspicious but nothing specific by any vendor.

php.exe – Nothing reported.

zip.exe – Nothing reported.

zsb.exe – Reported as Trojan-Spy:W32/Zbot, everything reports this as the main exe for the Zeus botnet.

zsbcs.exe – Backdoor, Backdoor.Generic.653241

Lots of PHP, cpp, xml, a few txt and a GeoIP lookup csv.

If you do not know what that one is, it’s a list of IP’s ranges with the assigned country code.  This list can be purchased online and is frequently updated with changes.

More to come.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: