[Notes] New Malicious InPage document

Last few days, i’ve been tweaking several of my crappy codes. One of the codes were actually crawling and finding malicious .inp files.

One interesting file that caught my eye is the following file since the URL is still alive.

It didn’t take more than 5mins and we can find the embedded executable within it.

I’ve attached the file in case anyone else didn’t get to download it in time.
7ef9b59cb57193fb62039602596723189fcdb5986590ca4e55edb1d0034f2faf.zip
The password to the zip file is infected29A

Being the curious me….i’ve done my n00b dilligence checks on VT
https://www.virustotal.com/#/domain/pikrpro.eu

It seems like there is another interesting link.

So i immediately downloaded it

Another quick peek and we can see that this is an RTF exploit file and also containing an embedded executable.

eea8cc1d819e44fbd5715d746597afac1e47647bcedce4f748cba17306ea2043.zip
The password to the zip file is infected29A

Maybe these will be interesting to someone out there.

Have Phun
Jacob Soo