Analysis by: rolandde
 PLATFORM:

Windows 2000, Windows, XP, Windows Server 2003

 OVERALL RISK RATING:
 REPORTED INFECTION:
 SYSTEM IMPACT RATING:
 INFORMATION EXPOSURE:

  • Threat Type: Cracking Application

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This cracking application may be manually installed by a user.

  TECHNICAL DETAILS

File Size: 931,420 bytes
File Type: EXE
Initial Samples Received Date: 29 Nov 2011

Arrival Details

This cracking application may be manually installed by a user.

Installation

This cracking application drops the following files:

  • %Program Files%\UZC\UZC.EXE
  • %Start Menu%\Programs\Ultimate ZIP Cracker\Ultimate ZIP Cracker release notes.html
  • %Start Menu%\Programs\Ultimate ZIP Cracker\Ultimate ZIP Cracker.lnk

(Note: %Program Files% is the default Program Files folder, usually C:\Program Files.. %Start Menu% is the current user's Start Menu folder, which is usually C:\Windows\Profiles\{user name}\Start Menu on Windows 98 and ME, C:\WINNT\Profiles\{user name}\Start Menu on Windows NT and C:\Windows\Start Menu or C:\Documents and Settings\{User name}\Start Menu on Windows 2000, XP, and Server 2003.)

It creates the following folders:

  • %Start Menu%\Programs\Ultimate ZIP Cracker
  • %Program Files%\UZC

(Note: %Start Menu% is the current user's Start Menu folder, which is usually C:\Windows\Profiles\{user name}\Start Menu on Windows 98 and ME, C:\WINNT\Profiles\{user name}\Start Menu on Windows NT and C:\Windows\Start Menu or C:\Documents and Settings\{User name}\Start Menu on Windows 2000, XP, and Server 2003.. %Program Files% is the default Program Files folder, usually C:\Program Files.)

Other System Modifications

This cracking application adds the following registry keys:

HKEY_CURRENT_USER\Software\vdg

HKEY_CURRENT_USER\Software\vdg\
UZC

HKEY_CURRENT_USER\Software\vdg\
UZC\MRU List

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Ultimate ZIP Cracker

It adds the following registry entries as part of its installation routine:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Ultimate ZIP Cracker
DisplayName = "Ultimate ZIP Cracker"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Ultimate ZIP Cracker
UninstallString = "%Program Files%\UZC\UZC.EXE /uninstall"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Ultimate ZIP Cracker
Path = "%\Program Files%\UZC"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Ultimate ZIP Cracker
File1 = "%\Program Files%\UZC\UZC.EXE"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Ultimate ZIP Cracker
File2 = "%Start Menu%\Programs\Ultimate ZIP Cracker\Ultimate ZIP Cracker.lnk"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Ultimate ZIP Cracker
File3 = "%Start Menu%\Programs\Ultimate ZIP Cracker\Ultimate ZIP Cracker release notes.html"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Ultimate ZIP Cracker
Folder = "%Start Menu%\Programs\Ultimate ZIP Cracker"

NOTES:
It is a setup file that installs a password cracking application.