GpUpdates.exe

Description

(Epic Turla) The droppers are misidentified as packed by Armadillo but in reality they’re built using now defunct Chilkat software, ‘Zip2Secure’ to create self-extracting executables. The packing alone has led the droppers to be detected under generic AV detections but the subcomponents have low-to-no detections at this time.

The Zip2Secure configuration entrusts the distribution of the files contained therein to ‘Distribute.exe’, which places the files and silently registers the subcomponents with regsvr32.exe.

Names

Name
GpUpdates.exe

Type

Dropper

Information

https://www.epicturla.com/blog/the-lost-nazar

Other Information

Uuid

2d1ee7a1-0d40-43c8-a24a-d1d903daaeb6

Last Card Change

2020-04-24

Threat Intelligence Garden

Explorer

GpUpdates.exe

GpUpdates.exe

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks