Anyone with experience- Find out what this malicious code does?

J

jonthedit

Well-Known Member
OP
Member
Level 7
Joined
May 30, 2011
Messages
1,682
Trophies
0
XP
1,010
Country
Bangladesh
Hi, please only run this in a virtual machine if you do run it.
It appears to do nothing, but it is a part of the .SCR comeback (A bot on steam sent one to me today)

https://blog.malwarebytes.org/fraud-scam/2014/11/rogue-scr-file-links-circulating-in-steam-chat/

Can anyone pull it apart and find out what it does exactly?


Malwarebytes Detects it as a "Trojan.FakeMS"

Link to Malicious Code inside spoiler.
Use at your own risk.
**Warning[Raw img51851.scr]**
https://mega.co.nz/#!gBI0WaSR!mJhzEf7b8VHK_144KFC5mh8TkknzLgWV9HLunbADpkg
 
Joe88

Joe88

[λ]
Global Moderator
Level 18
Joined
Jan 6, 2008
Messages
12,736
Trophies
2
Age
36
XP
7,438
Country
United States
http://www.reddit.com/r/SteamGameSw..._scr_files_are_executable_like_exes_they_are/

https://blog.malwarebytes.org/onlin...-and-what-you-can-do-to-protect-your-account/

Once executed, the following tasks are performed:
  • Retrieves the current session ID of the Steam user
  • Gains access to the user’s inventory / backpack
  • Saves items onto an “offer list” for selling
  • Displays the image below in order to make the user believe that what they actually opened is indeed an image file and not an actual application
Click to expand...
 
J

jonthedit

Well-Known Member
OP
Member
Level 7
Joined
May 30, 2011
Messages
1,682
Trophies
0
XP
1,010
Country
Bangladesh
Joe88 said:
did you have malewarebytes running at the time ?
Click to expand...

Nope. Nothing happened, though I killed the process in tasklist, was disappointed.
Most malware are smarter/mask themselves.
I posted it to see if anyone was willing to see if it works properly/is a new version
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Eiyuden Chronicle Hundred Heroes SAVE FILE

Still no Windows 11 minimum requirements HELP

What is something that You regret buying and it haunts you to this day?

Misc  So I have a bunch of empty DVD-R discs. What should I do with them?

VirtualBox - "Failed to create Medium Storage"

Can I use my laptop to convert wifi to WEP?

Do I have any free options to merge these two partitions?

Gaming  San Andreas co-op mode history?

General chit-chat
Help Users
  • BakerMan
    I rather enjoy a life of taking it easy. I haven't reached that life yet though.
  • Xdqwerty
    what are you looking at?
  • Psionic Roshambo @ Psionic Roshambo:
    https://www.youtube.com/watch?v=UjFtJPehxRU
     +1
  • AncientBoi @ AncientBoi:
    :O i3? o........................................k
  • AncientBoi @ AncientBoi:
    Both of mine are i5's lol
  • AncientBoi @ AncientBoi:
    All right! Who stole my right sock? :angry:
  • SylverReZ @ SylverReZ:
    @RedColoredStars, Lol
     +1
  • RedColoredStars @ RedColoredStars:
    At least someone other than myself thought it was funny :rofl:
     +2
  • BakerMan @ BakerMan:
    DNDBD (DND×DBD) IS A REAL THING
  • Xdqwerty @ Xdqwerty:
    I didnt have school today
  • Xdqwerty @ Xdqwerty:
    Cuz it's some kind of holiday related to the town I live in
  • Xdqwerty @ Xdqwerty:
    Am I [R WORD]?
  • Xdqwerty @ Xdqwerty:
    https://youtu.be/M0QMD9Ja8VI?si=oCc50NRR7JttfVtH
  • SylverReZ @ SylverReZ:
    @Xdqwerty, People who create revival services for the Wii end up in disaster, same goes for Pretendo lol.
     +1
  • Xdqwerty @ Xdqwerty:
    @SylverReZ, atleast wiimmfii went fine although people only use it for Mario kart Wii
  • SylverReZ @ SylverReZ:
    At least if they ban you for cheating, get another Wii. They're cheap as chips.
     +1
  • SylverReZ @ SylverReZ:
    Remember when RiiShop was a thing?
  • BakerMan @ BakerMan:
    not really
  • SylverReZ @ SylverReZ:
    It got shutdown because somebody "accidentally" leaked the database for the amount of people using the beta.
  • SylverReZ @ SylverReZ:
    RiiShop is the laziest way of downloading Wii games. Did somebody not think of this through?
  • BakerMan @ BakerMan:
    although i ended up accidentally changing my nand with no way of going back bc i didn't know you needed a gamecube controller to restore it (i have a wii minus/1.1, which doesn't have gamecube controller support)
  • SylverReZ @ SylverReZ:
    @BakerMan, I think you're talking about the recovery mode that the SaveMii used, and also was to restore softbricked systems.
  • SylverReZ @ SylverReZ:
    If your NAND was hardbricked, then just buy another Wii. Or go with the dirty NAND flasher method.
  • BakerMan @ BakerMan:
    and if i find the sd card i have my NAND backed up on, i can not only restore the NAND if i solder the right part in, but i can also put my NAND on dolphin, then i can play dolphin online, like PMEX Remix or MKWii Riibalanced
  • Xdqwerty @ Xdqwerty:
    Brb
  • SylverReZ @ SylverReZ:
    @BakerMan, Oh yeah, that was a thing too. Dolphin does support Wiimmfi.
  • BakerMan @ BakerMan:
    yeah you just need to put your NAND backup with wiimmfi on it
    BakerMan @ BakerMan: yeah you just need to put your NAND backup with wiimmfi on it