Irregular Expressions

Aug 21 2012   12:35AM GMT

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

I picked up another similar listener to the Groupon one the other day. This again is an attached ZIP file with an exe inside.

It says its from depending on your font the i will look like a L.

The exe looks like it has been reused but I don’t see any mention of it’s original file name. The original name appears to have been stickiestfilm.exe md5 42bbb627d3bcc12745e8a6fbd4b2c825.

It also appears to have been used in several other campaigns according to it’s technical data.

So far the only behavior I have seen is that it opens a command shell on local port 8000 TCP and awaits incoming connections. I did not see it send any out bound packets of yet.

Next is some source analysis.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: