Posts: 0
Threads: 0
Joined: Mar 2018
Reputation:
0
Level: inf [ ]
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
Points: 50
|
Thanks to @HailHydra, this woudn't have been revealed without him notifiying me about Betski's software posts
When loading the executable, it will unpack in a folder (%appdata%), here are the files extracted by the application
Loader.cmd is where the malware gets downloaded, via this command
The file that gets downloaded (Sys.exe) is luckily using the .NET Framework, which im really good at, so i've unpacked it via dnspy, and heres what i've found inside it:
[To see links please register here]
The application steals browser informations, credit cards, gets your location, checks if it is in a vm, sandboxed or not (i don't know if it tries to exit out of the vm/sandbox)
+
Loader.exe got created the same day as the thread was released, the application was made back in 2018, the cmd file was made the 11th of May
This proves that @Betski had already shared malwares on the forum, which is against the rules, therefore should be banned
You can download the app without Betski's malware, it still however has a lot of detections
Files in zip (3):
Hidden Content
You must [To see links please register here] or [To see links please register here] to view this content.
[To see links please register here]
[To see links please register here]
@mothered
@Oni
|
Posts: 0
Threads: 0
Joined: Sep 2022
Reputation:
0
Level: inf [ ]
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
Points: 50
|
Nice work, My French Friend.
|
Posts: 0
Threads: 0
Joined: Sep 2018
Reputation:
0
Level: inf [ ]
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
Points: 50
|
Quote:(06-07-2020, 02:49 PM)miso Wrote: [To see links please register here] This proves that @Betski had already shared malwares on the forum
Appreciate your continual support with the analytical reports.
Due to @"Betski" not being the developer of the tools (thus obtained from a given source) and the fact that he's provided online virus scan reports, the Infected files may be unbeknownst to him, so I'm waiting for a reply In his defense. I'm not suggesting either/neither, but rather Intending to collect Information from every angle prior to making a decision on the matter.
|
Posts: 0
Threads: 0
Joined: Aug 2022
Reputation:
0
Level: inf [ ]
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
Points: 50
|
Quote:(06-08-2020, 06:27 AM)mothered Wrote: [To see links please register here]
Quote: (06-07-2020, 02:49 PM)miso Wrote: [To see links please register here] This proves that @Betski had already shared malwares on the forum
Appreciate your continual support with the analytical reports.
Due to @"Betski" not being the developer of the tools (thus obtained from a given source) and the fact that he's provided online virus scan reports, the Infected files may be unbeknownst to him, so I'm waiting for a reply In his defense. I'm not suggesting either/neither, but rather Intending to collect Information from every angle prior to making a decision on the matter.
He still hasn't replied yet and just doesn't seem to be really active, maybe just remove the download links of his thread or swap the link with mine
|
Posts: 0
Threads: 0
Joined: Jun 2018
Reputation:
0
Level: inf [ ]
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
Points: 50
|
Quote:(06-23-2020, 06:50 PM)miso Wrote: [To see links please register here]
Quote: (06-08-2020, 06:27 AM)mothered Wrote: [To see links please register here]
Quote: (06-07-2020, 02:49 PM)miso Wrote: [To see links please register here] This proves that @Betski had already shared malwares on the forum
Appreciate your continual support with the analytical reports.
Due to @"Betski" not being the developer of the tools (thus obtained from a given source) and the fact that he's provided online virus scan reports, the Infected files may be unbeknownst to him, so I'm waiting for a reply In his defense. I'm not suggesting either/neither, but rather Intending to collect Information from every angle prior to making a decision on the matter.
He still hasn't replied yet and just doesn't seem to be really active, maybe just remove the download links of his thread or swap the link with mine
I'll wait a little longer prior to making a decision on the matter.
|
Posts: 0
Threads: 0
Joined: Sep 2020
Reputation:
0
Level: inf [ ]
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
Points: 50
|
Quote:(06-23-2020, 09:32 PM)miso Wrote: [To see links please register here]
Quote: (06-23-2020, 09:19 PM)mothered Wrote: [To see links please register here]
Quote: (06-23-2020, 06:50 PM)miso Wrote: [To see links please register here] He still hasn't replied yet and just doesn't seem to be really active, maybe just remove the download links of his thread or swap the link with mine
I'll wait a little longer prior to making a decision on the matter.
it is still virus sharing, the safest option here is to remove the link until he replies
In your opinion and analysis, Is It conclusive that It's Infected, without any doubt whatsoever?
|
Posts: 0
Threads: 0
Joined: Aug 2022
Reputation:
0
Level: inf [ ]
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
Points: 50
|
Quote:(06-23-2020, 09:19 PM)mothered Wrote: [To see links please register here]
Quote: (06-23-2020, 06:50 PM)miso Wrote: [To see links please register here]
Quote: (06-08-2020, 06:27 AM)mothered Wrote: [To see links please register here] Appreciate your continual support with the analytical reports.
Due to @"Betski" not being the developer of the tools (thus obtained from a given source) and the fact that he's provided online virus scan reports, the Infected files may be unbeknownst to him, so I'm waiting for a reply In his defense. I'm not suggesting either/neither, but rather Intending to collect Information from every angle prior to making a decision on the matter.
He still hasn't replied yet and just doesn't seem to be really active, maybe just remove the download links of his thread or swap the link with mine
I'll wait a little longer prior to making a decision on the matter.
it is still virus sharing, the safest option here is to remove the link until he replies
|
Posts: 0
Threads: 0
Joined: Sep 2018
Reputation:
0
Level: inf [ ]
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
Points: 50
|
Quote:(06-23-2020, 09:38 PM)mothered Wrote: [To see links please register here]
Quote: (06-23-2020, 09:32 PM)miso Wrote: [To see links please register here]
Quote: (06-23-2020, 09:19 PM)mothered Wrote: [To see links please register here] I'll wait a little longer prior to making a decision on the matter.
it is still virus sharing, the safest option here is to remove the link until he replies
In your opinion and analysis, Is It conclusive that It's Infected, without any doubt whatsoever?
I showed evidences that the file is infected, if you want to unpack it for yourself, the threads starts by how i've proceeded to unpack the downloaded malware and showed that it indeed was a malware, then i've just use dnspy to see the malware's code since it is in C#
PS: you can also see the "Last Modified" dates of the files, the .cmd has been added a few hours/days before the thread has been made, it might not be him, but i've also prove that on the other Scan Report of one of the applications he shared that the cmd has been last modified hours before the thread was created
|
Posts: 0
Threads: 0
Joined: Nov 2016
Reputation:
0
Level: inf [ ]
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
Points: 50
|
Quote:(06-23-2020, 11:55 PM)miso Wrote: [To see links please register here] I showed evidences that the file is infected, if you want to unpack it for yourself, the threads starts by how i've proceeded to unpack the downloaded malware and showed that it indeed was a malware, then i've just use dnspy to see the malware's code since it is in C#
I've simply asked whether the file Is Infected, of which you've now conclusively confirmed It.
The link has been removed from [To see links please register here] .
|
Posts: 0
Threads: 0
Joined: Sep 2022
Reputation:
0
Level: inf [ ]
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
Points: 50
|
Quote:(06-24-2020, 08:45 AM)mothered Wrote: [To see links please register here]
Quote: (06-23-2020, 11:55 PM)miso Wrote: [To see links please register here] I showed evidences that the file is infected, if you want to unpack it for yourself, the threads starts by how i've proceeded to unpack the downloaded malware and showed that it indeed was a malware, then i've just use dnspy to see the malware's code since it is in C#
I've simply asked whether the file Is Infected, of which you've now conclusively confirmed It.
The link has been removed from [To see links please register here] .
thank you for finally taking the link down, ill try keeping my scan as accurate as possible
|
|