Quote:(04-14-2020, 03:48 AM)mothered Wrote: [To see links please register here]
I'll quote @"miso".
He's RE'd a lot of programs, so hopefully he'll do the same with this.
thanks for mentioning me
When installing, it will open a fake youtube-like webpage
extracting the installer shows a bunch of file that just have a bunch of repeated word, the only exception is with the only .exe file, which cannot be launched (file cannot be loaded in windows and ExePeInfo says it is corrupted)
I think the detections are just from the installer loading a scammy url, however, i've loaded the installer into a sandbox, when installed on a vm for example, the files my have different data except that i really doubt it)
btw it never loads, clicking anywhere on that page makes it fullscreen, waiting a bit will redirect you into other scammy sites
tools used:
HxD, InnoExtractor, ExePeInfo, Sandboxie