Insights and Research

Malware Using GoogleCode for Distribution

Malware Using GoogleCode for Distribution
Malware hosting sites rarely stay up for too long.  After the first few instances are seen by security vendors, they are added to denylists which, in turn, are fed into other denylists throughout the industry.  Malware writers are now turning to commercial file hosting sites to peddle their warez.  If these legitimate file hosts are not scanning the content they are hosting, it may force network administrators to block the service altogether.  The kicker is that this time we see that GoogleCode seems to have swallowed the bad pill.

The first file in question is hosted at: hxxps://

You may also recognize it by a few other names as seen here(21/45):

We also have reports of this file being downloaded via Dropbox, but it appears to have been taken down at the time of research

This incident sets a precedent that no file hosting service is beyond reproach.  Blind trust of specific domains should not be tolerated from an organizational or personal perspective.  So set those security privileges to kill and keep one eye open for shady files coming from even a seemingly trusted location.

Other files from this location that were also flagged as malicious as noted below:
fc79708c4b5a7ac7ffc666c65af3d402 - 9/46
4372fa69e33307b8998447e3a79ed13a - 7/46
d9040e39cc4b9e2ce19dcb2fa26e2d36 - 17/46
93650214ef3c5e0f7fc657150fe4f670 - 13/46
9a85728e541c1dd34ec8ecca02f3ba92 - 6/46
f7dd919004cb65f89ae87f0360222f05 - 17/46
79bfcaf15acbb4f6e00df9f5e9e97078 - 4/45
6f197c2542933bb1a94916312f2075f7 - 5/45
a6a054ff40e24fe1e67230a4dec282cd - 21/46
9e49f709cd6df526cb261969a1239ef1 - 16/46
7d7b1329d25731c779fcd3ba41003cea - 9/46
86680f427e4c139f4112f506d8b2a770 - 21/46
3fd508edba21cb1c9f69e316828d8847 - 16/45
a1a66e2aadb4b4e231513f9e49166c72 - 16/46
3f8cd82f528fd7bd7635639583e4da09 - 22/46
5abbdd8b0f60e4ad80cd328d80fde7b9 - 12/46
3b1d052884949231f8a8ab927dffc0de - 5/46
e553a555c20a6a9caab15471fc147a4c - 8/46
38f148e53f44394911c6d876c6288407 - 5/46
3715ff5da288cfbb548b424722b664d6 - 6/46
04c3adff92b188dcfc0b944a457f3d74 - 5/46
4372fa69e33307b8998447e3a79ed13a - 7/46
fa694888e878efc6afb4e4781b007154 - 5/45
d256a34f4d9be8a74033c7bede40b2aa - 16/46
a842fcda221aaddd2fa21f77abaf91ce - 8/46
b4ee1ea0494f0800635e8d8398bc7779 - 22/46
7548f78f7e626403dd503421d1e6e42d - 6/46
d276561d27e2a343e2ace1fbbf9474e3 -  5/46
f951cfcfe8f293c2fa551297222fb37a - 13/46
9da48c984b71e26887b3c58f7a5c5d05 - 5/46
8fcb14b676fa0ecacbee92b702ce59b4 - 16/46
09e82c7811d1e155e6825a4aa98455bb - 8/46
3c76a70ffb42a9c2071b05bb0a430b5e - 5/46


Stay up to date with the latest digital transformation tips and news.

By submitting the form, you are agreeing to our privacy policy.