Brief description of a signed Adware/PUP Downloader

To publish articles more frequently and thus making this Blog a bit more interesting, I decided to drop my intention to only write "in-depth" analyses about "special" malware. From today, I start to also release information about my "every day" discoveries, which in the past always ended up in the trash (and there was a lot of them :-)). Of course, these "every day" Blogposts can not be that technical and detailed as a complete malware analysis, but I hope it's interesting anyway.

To start with, this Blogpost is something like a warming phase to my upcoming article about a cross-platform (x86/x64) "Adware" family with some interesting techniques.

So let's go...

The downloader comes in two different sizes (376.9 KB, 381.5 KB) and with a lot of instances (see list of hashes at the end). Two samples of each size can be downloaded here:

Sample - 376.9 KB
VT Report: https://www.virustotal.com/en/file/12f5186551b9df98b7f994b69cebddc379141703204e313fe92497923bd1cca4/analysis/
Download (PW: infected): https://www.dropbox.com/s/djnja6c7fs5g9nu/Signed_AdwarePUP_Downloader_376-9.zip

Sample - 381.5 KB
VT Report: https://www.virustotal.com/en/file/0979c745740bf09e1ad53fd5e15b0753a6be6493cadbad9b94781e013b440155/analysis/
Download (PW: infected): https://www.dropbox.com/s/caul2lpb7y4apa2/Signed_AdwarePUP_Downloader_381-5.zip

Share:

Read more