Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 

Sign in to follow this  
Nomen

MSU kb files in wikileaks vault-7

Recommended Posts

Nomen    15

I'm decrypting the wikileaks Vault-7 file released last night, and I'm seeing a bunch of MS .MSU files inside this 500 mb archive.  I'm not sure what this means or why they're there.  These are somehow related to the CIA and their ability to hack various platforms, phones, and OS's.



 

Edited by Nomen

Share this post


Link to post
Share on other sites
Nomen    15

These are the files:

IE10-Windows6.1-KB3032359-x64.msu
IE9-Windows6.1-KB3032359-x64.msu
Windows6.1-KB3000483-x64.msu
Windows6.1-KB3004361-x64.msu
Windows6.1-KB3013455-x64.msu
Windows6.1-KB3019215-x64.msu
Windows6.1-KB3019978-x64.msu
Windows6.1-KB3020387-x64.msu
Windows6.1-KB3020388-x64.msu
Windows6.1-KB3020393-x64.msu
Windows6.1-KB3021674-x64.msu
Windows6.1-KB3022777-x64.msu
Windows6.1-KB3023562-x64.msu
Windows6.1-KB3029944-x64.msu
Windows6.1-KB3030377-x64.msu
Windows6.1-KB3031432-x64.msu
Windows6.1-KB3032323-x64.msu
Windows6.1-KB3032359-x64.msu
Windows6.1-KB3033889-x64.msu
Windows6.1-KB3034344-x64.msu
Windows6.1-KB3035017-x64.msu
Windows6.1-KB3035126-x64.msu
Windows6.1-KB3035131-x64.msu
Windows6.1-KB3035132-x64.msu
Windows6.1-KB3036493-x64.msu
Windows6.1-KB3039066-x64.msu
Windows6.1-KB3046049-x64.msu

(wasn't sure if I should post this thread to the win-7 forum or here, since I think a lot of the same people would be interested in this no matter where it's posted)

 

Share this post


Link to post
Share on other sites
Nomen    15

I've uploaded maybe 6 or 7 of these .msu files to VT and all but one of them tested positive for W32.Virus.Jeefo.Gen as detected by "Webroot" AV program.  All other AV programs detected nothing.
 

Share this post


Link to post
Share on other sites
Tripredacus    285

None of the MSU/KB files have the hash value in the file name? I wonder if you could find other versions of the MSU file to compare the contents against. Also you should also have VT test those other ones as well, even known "good" one from the update catalog. It may just be a quirk of detection, like how some AV programs will detect anything packed with UPX as being a virus.

  • Upvote 1

Share this post


Link to post
Share on other sites
Nomen    15

Over the past day or two I've downloaded all these same .MSU files from MS and they do compare (byte-for-byte) with the files in the wikileaks vault-7 archive.   I don't know if there's a master document that's part of this archive that explains the layout of the archive, what certain files are, their relevance or meaning, etc.   The significance of why those particular MSU files are there remains unknown.


 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×