Anyone with experience- Find out what this malicious code does?

jonthedit

Well-Known Member
OP
Member
Joined
May 30, 2011
Messages
1,682
Trophies
0
XP
979
Country
Bangladesh
Hi, please only run this in a virtual machine if you do run it.
It appears to do nothing, but it is a part of the .SCR comeback (A bot on steam sent one to me today)

https://blog.malwarebytes.org/fraud-scam/2014/11/rogue-scr-file-links-circulating-in-steam-chat/

Can anyone pull it apart and find out what it does exactly?


Malwarebytes Detects it as a "Trojan.FakeMS"

Link to Malicious Code inside spoiler.
Use at your own risk.
 

Joe88

[λ]
Global Moderator
Joined
Jan 6, 2008
Messages
12,695
Trophies
1
Age
34
XP
6,741
Country
United States
http://www.reddit.com/r/SteamGameSw..._scr_files_are_executable_like_exes_they_are/

https://blog.malwarebytes.org/onlin...-and-what-you-can-do-to-protect-your-account/

Once executed, the following tasks are performed:
  • Retrieves the current session ID of the Steam user
  • Gains access to the user’s inventory / backpack
  • Saves items onto an “offer list” for selling
  • Displays the image below in order to make the user believe that what they actually opened is indeed an image file and not an actual application
 

jonthedit

Well-Known Member
OP
Member
Joined
May 30, 2011
Messages
1,682
Trophies
0
XP
979
Country
Bangladesh
did you have malewarebytes running at the time ?

Nope. Nothing happened, though I killed the process in tasklist, was disappointed.
Most malware are smarter/mask themselves.
I posted it to see if anyone was willing to see if it works properly/is a new version
 
General chit-chat
Help Users
  • No one is chatting at the moment.
    cearp @ cearp: I'm nodding