Anyone with experience- Find out what this malicious code does?

Discussion in 'Computer Programming, Emulation, and Game Modding' started by jonthedit, Apr 12, 2015.

  1. jonthedit
    OP

    jonthedit GBAtemp Advanced Maniac

    Member
    1,691
    438
    May 30, 2011
    Bangladesh
    Hi, please only run this in a virtual machine if you do run it.
    It appears to do nothing, but it is a part of the .SCR comeback (A bot on steam sent one to me today)

    https://blog.malwarebytes.org/fraud-scam/2014/11/rogue-scr-file-links-circulating-in-steam-chat/

    Can anyone pull it apart and find out what it does exactly?


    Malwarebytes Detects it as a "Trojan.FakeMS"

    Link to Malicious Code inside spoiler.
    Use at your own risk.
    Warning: Spoilers inside!
     
  2. Retr0Capez

    Retr0Capez GBATemp's Official Evil Genius

    Member
    426
    304
    Feb 4, 2015
    United States
    In my vision of the perfect world ruled by me
    Seems like a phise or a keylogger.
     
  3. Joe88

    Joe88 [λ]

    Member
    11,646
    2,927
    Jan 6, 2008
    United States
    NYC
    http://www.reddit.com/r/SteamGameSw..._scr_files_are_executable_like_exes_they_are/

    https://blog.malwarebytes.org/onlin...-and-what-you-can-do-to-protect-your-account/

     
  4. jonthedit
    OP

    jonthedit GBAtemp Advanced Maniac

    Member
    1,691
    438
    May 30, 2011
    Bangladesh
  5. Joe88

    Joe88 [λ]

    Member
    11,646
    2,927
    Jan 6, 2008
    United States
    NYC
    did you have malewarebytes running at the time ?
     
  6. jonthedit
    OP

    jonthedit GBAtemp Advanced Maniac

    Member
    1,691
    438
    May 30, 2011
    Bangladesh
    Nope. Nothing happened, though I killed the process in tasklist, was disappointed.
    Most malware are smarter/mask themselves.
    I posted it to see if anyone was willing to see if it works properly/is a new version