Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Just seeing those strings I think it'll try zo download and execute some payload and spam your computer with ads + sound
-
Found a lot of other files on the server. Tried to gain access to the server, but don't have the knowledge.
Maybe someone can have fun and keep me updated with what methods used.
http://169.239.129.25/content -
CatMDV10517yAll i saw is a lot of semen 😂
But in all seriousness, i also kind of agree with @hypervtechnics. The OMEGA string looks like its carefully disected code to stop anti-virus from going off probably, that if you read in reverse, makes more sense. -
CatMDV10517y@iKameo probably done to stop AV from firing off. AVs get real trippy if the word "cmd" is all together in one word, especially a script
-
@hypervtechnics im not at the computer right now, this is the link to the script @hypervtechnics" style="color: #54556e;">http://169.239.129.25/content/...
-
Brolls31557yYeah. Just looks like noise and display stuff.
It does also look at one of the special folders (documents, music, movies etc) so it could well be trying to do something to the contents of those.
I’d recommend spinning up a VM and running it just to see what mischief it gets up to. -
So it sets up a stream object (ADO), but I don’t quite get if it is for backdoor access or just to fetch something. Judging by the script writing, it may be some kind of ukranian / russian adware / malware.
Found this https://pastebin.com/V1iWeh1E
Maybe related (look for pipitr6) -
bioDan61697yThis is not obfuscation.
This is deliberately nasty looking code.
At the beginning i thought the hacker was maybe trying to bypass some sanitazation process, because after-all im unsure what environment runs this code.
But later on i saw plain arithmetic stupidities and got convinced it was deliberately written this way.
Also funny how he forgot to remove his debugging and logs comments 😂
Related Rants
Will add better photos in the comments!
A client of mine received an spoofed email from their domain. It was a
script with visual basic source code.
Maybe someone here can explain what the script does?
Client didn't opened the file!
rant
hack?
email
whut?
vb
spoofed