@SimonMKWii please stop talking, you look so foolish right now
or don't, it's funny to watch you do this to yourself
or don't, it's funny to watch you do this to yourself
- Thread starter Tonydaexpert
- Start date
- Views 145,209
- Replies 353
- Likes 17
- Status
Funny, I did that and I don't see anything, it just try to decompress the resources. (as I can see)
I keep saying the obfuscation is used to keep online cheaters away, and you try so hard to keep people away from this simple save editor, sad.
--------------------- MERGED ---------------------------
tbh you should be banned from GBAtemp, your lies are so oblivious.
What? I don't think I've said anything about you that's contextually relevant here.
So, @ZoNtendo, when you said "but I remember SciresM talking about you and it wasn't for good stuff", what were you referring to.
it's fairly obvious you're just grasping at straws rn, and given your track record you're not exactly a reliable source
i think they're probably referring to your comment in his hacdn thread, but i'm not entirely certain
It's literally one of the first things you see in the program's RAM objects.
It's clear you didn't even attempt to debug it, you'll see it nearly instantly.
that's too, now this thread is garbage
--------------------- MERGED ---------------------------
everyone when a drama start about you, like with your titlekey website...
But whatever
honestly it's not worth my time to check for myself, especially if you're the one producing "evidence" that consists of about 20 pixels of a rat icon and a string of java code in image format.
i'll keep using this tool, thanks
OK, it's your choice, but don't come running to me if something bad happens.
I'm not seeing anything in particular either, the provided instruction to reproduce appears to be incredibly vague. I'm also not seeing many files left behind (a config file and a log file) and no processes appear to be left running either which is something one might expect from a RAT.
Yeah, I did notice that, it seems a bit odd, usually a Java process would be running in the background, I'm going to investigate further.
Are there any dropped binaries? Have you tried running it in Sandboxie to see? Keep in mind that .NET malware likes to inject itself into the .NET console in order to break out of sandboxing and to seem inconspicuous. Just because nothing is apparent in your process list doesn't mean that the malicious party isn't using some shitty ring3 kit (supplied by a crappy crypter) to bypass first glances. I'm checking this out too. I'll report back if I find anything interesting.
Simon, please stop. You're defaming the authors of this software.
The only network activity this program has is to check Github for new releases.
This program is .NET-only.
Please provide evidence of your claims.
The only network activity this program has is to check Github for new releases.
This program is .NET-only.
Please provide evidence of your claims.
Well, he did find the jRAT icon in the binary. He's either trying entirely too hard, or the author is a skidmark that uses shitty, free RATs. If a jRAT binary is found, we'll have the IP/DNS it connects to as well as SMTP settings and the password used for the backconnect because jRAT stores this shit in plaintext. This said, I'm doing my own analysis so I don't come off as biased.
Make a RAM dump of the app with Process Manager, go to the folder of the dump, download the jrat icon he posted, and try to search the icon with an hex editor.
I didn't find anything.
I don't use Windows. Sorry to disappoint. You'll get my analysis when it's ready.
@SimonMKWii take notes tbh. this guy's approach is much better than "here's a png of a rat embedded in the program(?) and an image of some java i found in a hex editor once". dunno if you're trying to say that's in the program itself, but i certainly haven't found any sort of java from the ram dump i did. environment variables with my java path, yes. harmless javascript, sure. anything like what you posted, nah.
do your research before trying to start a witch hunt for attention or whatever.
also the method you used to we can reproduce what you're saying would be helpful.
Last edited by TheHomesk1llet,
- Status
Similar threads
