Anyone with experience- Find out what this malicious code does?

[jonthedit]

Hi, please only run this in a virtual machine if you do run it.
It appears to do nothing, but it is a part of the .SCR comeback (A bot on steam sent one to me today)

https://blog.malwarebytes.org/fraud-scam/2014/11/rogue-scr-file-links-circulating-in-steam-chat/

Can anyone pull it apart and find out what it does exactly?


Malwarebytes Detects it as a "Trojan.FakeMS"

Link to Malicious Code inside spoiler.
Use at your own risk.

Spoiler

**Warning[Raw img51851.scr]**
https://mega.co.nz/#!gBI0WaSR!mJhzEf7b8VHK_144KFC5mh8TkknzLgWV9HLunbADpkg

 

[Retr0Capez]

Seems like a phise or a keylogger.

 

[Joe88]

http://www.reddit.com/r/SteamGameSw..._scr_files_are_executable_like_exes_they_are/

https://blog.malwarebytes.org/onlin...-and-what-you-can-do-to-protect-your-account/

Once executed, the following tasks are performed:

• Retrieves the current session ID of the Steam user
• Gains access to the user’s inventory / backpack
• Saves items onto an “offer list” for selling
• Displays the image below in order to make the user believe that what they actually opened is indeed an image file and not an actual application

 

[jonthedit]

http://www.reddit.com/r/SteamGameSw..._scr_files_are_executable_like_exes_they_are/

https://blog.malwarebytes.org/onlin...-and-what-you-can-do-to-protect-your-account/

None of that happened, hence why I posted this for anyone to test.

 

[Joe88]

did you have malewarebytes running at the time ?

 

[jonthedit]

did you have malewarebytes running at the time ?

Nope. Nothing happened, though I killed the process in tasklist, was disappointed.
Most malware are smarter/mask themselves.
I posted it to see if anyone was willing to see if it works properly/is a new version