Results 1 to 6 of 6

Thread: if WinRAR is in NullsoftInstaller, then...

  1. #1
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,479
    Blog Entries
    1

    if WinRAR is in NullsoftInstaller, then...

    if WinRAR is in NullsoftInstaller, then... should be malware
    ehm, malware hunt is so easy..
    torrent:
    magnet:?xt=urn:btih:PA7GLNF6CKG2YK7RM6BB7GOENR2AWQOD

  2. #2
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,479
    Blog Entries
    1
    extract from Resource.

    passw:
    malware
    Attached Files Attached Files

  3. #3
    Quote Originally Posted by evaluator View Post
    extract from Resource.

    passw:
    malware
    not detected on Avira,might be interesting
    esther


    Reverse the code,Reverse Your Minds First

  4. #4
    Howdy,

    Comodo and Clamwin dont have a problem with it BUT,
    Why is it trying to visit this IP 64.79.79.227 ?

    Woodmann
    Learn Or Die.

  5. #5
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,079
    Blog Entries
    5
    Man, this thing's full of all kinds of shite. If you were to trace through it you'd see the strings decrypting and there's a reference to megabyet.net, which is a free web hosting site, IP 64.79.79.227. Looks for /patch2/update.php, 2NKstep1-auto and a bunch of other crap.

    Not too interesting by itself I think, but might be if allowed to download the rest of its payload. There's a DeviceIoControl call that might expose an interesting driver somewhere in the mix...

  6. #6
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,479
    Blog Entries
    1
    nah, it collects info about your PC.
    DevicedIOControl used for get HD-serial.. NetCard...

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •