[Scan Report & Debloated download]: Unique Proxy Scraper v0.1 (shared by Betski)

Thanks to @HailHydra, this woudn't have been revealed without him notifiying me about Betski's software posts

When loading the executable, it will unpack in a folder (%appdata%), here are the files extracted by the application


Loader.cmd is where the malware gets downloaded, via this command


The file that gets downloaded (Sys.exe) is luckily using the .NET Framework, which im really good at, so i've unpacked it via dnspy, and heres what i've found inside it:

[To see links please register here]

The application steals browser informations, credit cards, gets your location, checks if it is in a vm, sandboxed or not (i don't know if it tries to exit out of the vm/sandbox)

+

Loader.exe got created the same day as the thread was released, the application was made back in 2018, the cmd file was made the 11th of May

This proves that @Betski had already shared malwares on the forum, which is against the rules, therefore should be banned

You can download the app without Betski's malware, it still however has a lot of detections

Files in zip (3):

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.

[To see links please register here]

[To see links please register here]

@mothered
@Oni

Nice work, My French Friend.

(06-07-2020, 02:49 PM)miso Wrote:

[To see links please register here]

This proves that @Betski had already shared malwares on the forum

Appreciate your continual support with the analytical reports.

Due to @"Betski" not being the developer of the tools (thus obtained from a given source) and the fact that he's provided online virus scan reports, the Infected files may be unbeknownst to him, so I'm waiting for a reply In his defense. I'm not suggesting either/neither, but rather Intending to collect Information from every angle prior to making a decision on the matter.

(06-08-2020, 06:27 AM)mothered Wrote:

[To see links please register here]

(06-07-2020, 02:49 PM)miso Wrote:

[To see links please register here]

This proves that @Betski had already shared malwares on the forum

Appreciate your continual support with the analytical reports.

Due to @"Betski" not being the developer of the tools (thus obtained from a given source) and the fact that he's provided online virus scan reports, the Infected files may be unbeknownst to him, so I'm waiting for a reply In his defense. I'm not suggesting either/neither, but rather Intending to collect Information from every angle prior to making a decision on the matter.

He still hasn't replied yet and just doesn't seem to be really active, maybe just remove the download links of his thread or swap the link with mine

(06-23-2020, 06:50 PM)miso Wrote:

[To see links please register here]

(06-08-2020, 06:27 AM)mothered Wrote:

[To see links please register here]

(06-07-2020, 02:49 PM)miso Wrote:

[To see links please register here]

This proves that @Betski had already shared malwares on the forum

Appreciate your continual support with the analytical reports.

Due to @"Betski" not being the developer of the tools (thus obtained from a given source) and the fact that he's provided online virus scan reports, the Infected files may be unbeknownst to him, so I'm waiting for a reply In his defense. I'm not suggesting either/neither, but rather Intending to collect Information from every angle prior to making a decision on the matter.

He still hasn't replied yet and just doesn't seem to be really active, maybe just remove the download links of his thread or swap the link with mine

I'll wait a little longer prior to making a decision on the matter.

(06-23-2020, 09:32 PM)miso Wrote:

[To see links please register here]

(06-23-2020, 09:19 PM)mothered Wrote:

[To see links please register here]

(06-23-2020, 06:50 PM)miso Wrote:

[To see links please register here]

He still hasn't replied yet and just doesn't seem to be really active, maybe just remove the download links of his thread or swap the link with mine

I'll wait a little longer prior to making a decision on the matter.

it is still virus sharing, the safest option here is to remove the link until he replies

In your opinion and analysis, Is It conclusive that It's Infected, without any doubt whatsoever?

(06-23-2020, 09:19 PM)mothered Wrote:

[To see links please register here]

(06-23-2020, 06:50 PM)miso Wrote:

[To see links please register here]

(06-08-2020, 06:27 AM)mothered Wrote:

[To see links please register here]

Appreciate your continual support with the analytical reports.

Due to @"Betski" not being the developer of the tools (thus obtained from a given source) and the fact that he's provided online virus scan reports, the Infected files may be unbeknownst to him, so I'm waiting for a reply In his defense. I'm not suggesting either/neither, but rather Intending to collect Information from every angle prior to making a decision on the matter.

He still hasn't replied yet and just doesn't seem to be really active, maybe just remove the download links of his thread or swap the link with mine

I'll wait a little longer prior to making a decision on the matter.

it is still virus sharing, the safest option here is to remove the link until he replies

(06-23-2020, 09:38 PM)mothered Wrote:

[To see links please register here]

(06-23-2020, 09:32 PM)miso Wrote:

[To see links please register here]

(06-23-2020, 09:19 PM)mothered Wrote:

[To see links please register here]

I'll wait a little longer prior to making a decision on the matter.

it is still virus sharing, the safest option here is to remove the link until he replies

In your opinion and analysis, Is It conclusive that It's Infected, without any doubt whatsoever?

I showed evidences that the file is infected, if you want to unpack it for yourself, the threads starts by how i've proceeded to unpack the downloaded malware and showed that it indeed was a malware, then i've just use dnspy to see the malware's code since it is in C#

PS: you can also see the "Last Modified" dates of the files, the .cmd has been added a few hours/days before the thread has been made, it might not be him, but i've also prove that on the other Scan Report of one of the applications he shared that the cmd has been last modified hours before the thread was created

(06-23-2020, 11:55 PM)miso Wrote:

[To see links please register here]

I showed evidences that the file is infected, if you want to unpack it for yourself, the threads starts by how i've proceeded to unpack the downloaded malware and showed that it indeed was a malware, then i've just use dnspy to see the malware's code since it is in C#

I've simply asked whether the file Is Infected, of which you've now conclusively confirmed It.

The link has been removed from

[To see links please register here]

.

(06-24-2020, 08:45 AM)mothered Wrote:

[To see links please register here]

(06-23-2020, 11:55 PM)miso Wrote:

[To see links please register here]

I showed evidences that the file is infected, if you want to unpack it for yourself, the threads starts by how i've proceeded to unpack the downloaded malware and showed that it indeed was a malware, then i've just use dnspy to see the malware's code since it is in C#

I've simply asked whether the file Is Infected, of which you've now conclusively confirmed It.

The link has been removed from

[To see links please register here]

.

thank you for finally taking the link down, ill try keeping my scan as accurate as possible