Nomen Posted March 7, 2017 Posted March 7, 2017 (edited) I'm decrypting the wikileaks Vault-7 file released last night, and I'm seeing a bunch of MS .MSU files inside this 500 mb archive. I'm not sure what this means or why they're there. These are somehow related to the CIA and their ability to hack various platforms, phones, and OS's. Edited March 7, 2017 by Nomen
Nomen Posted March 7, 2017 Author Posted March 7, 2017 These are the files: IE10-Windows6.1-KB3032359-x64.msu IE9-Windows6.1-KB3032359-x64.msu Windows6.1-KB3000483-x64.msu Windows6.1-KB3004361-x64.msu Windows6.1-KB3013455-x64.msu Windows6.1-KB3019215-x64.msu Windows6.1-KB3019978-x64.msu Windows6.1-KB3020387-x64.msu Windows6.1-KB3020388-x64.msu Windows6.1-KB3020393-x64.msu Windows6.1-KB3021674-x64.msu Windows6.1-KB3022777-x64.msu Windows6.1-KB3023562-x64.msu Windows6.1-KB3029944-x64.msu Windows6.1-KB3030377-x64.msu Windows6.1-KB3031432-x64.msu Windows6.1-KB3032323-x64.msu Windows6.1-KB3032359-x64.msu Windows6.1-KB3033889-x64.msu Windows6.1-KB3034344-x64.msu Windows6.1-KB3035017-x64.msu Windows6.1-KB3035126-x64.msu Windows6.1-KB3035131-x64.msu Windows6.1-KB3035132-x64.msu Windows6.1-KB3036493-x64.msu Windows6.1-KB3039066-x64.msu Windows6.1-KB3046049-x64.msu (wasn't sure if I should post this thread to the win-7 forum or here, since I think a lot of the same people would be interested in this no matter where it's posted)
Nomen Posted March 8, 2017 Author Posted March 8, 2017 I've uploaded maybe 6 or 7 of these .msu files to VT and all but one of them tested positive for W32.Virus.Jeefo.Gen as detected by "Webroot" AV program. All other AV programs detected nothing.
Tripredacus Posted March 8, 2017 Posted March 8, 2017 None of the MSU/KB files have the hash value in the file name? I wonder if you could find other versions of the MSU file to compare the contents against. Also you should also have VT test those other ones as well, even known "good" one from the update catalog. It may just be a quirk of detection, like how some AV programs will detect anything packed with UPX as being a virus. 1
Nomen Posted March 11, 2017 Author Posted March 11, 2017 Over the past day or two I've downloaded all these same .MSU files from MS and they do compare (byte-for-byte) with the files in the wikileaks vault-7 archive. I don't know if there's a master document that's part of this archive that explains the layout of the archive, what certain files are, their relevance or meaning, etc. The significance of why those particular MSU files are there remains unknown.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now