Jump to content
kNigHt

Aveti chef de analizat un fisier?

By kNigHt, in Off-topic

Recommended Posts

kNigHt Newbie

kNigHt

Posted
Posted

Am primit mesajul asta pe Steam:

BookerDoit: Hi man,i want trade with you.
My offer in screen:vk.cc/3vSUBs
Check this, and message me if you want.thx

[root@x] ~/temp 
$ wget http://vk.cc/3vSUBs -O dubios
--2015-02-27 09:13:51--  http://vk.cc/3vSUBs
Resolving vk.cc (vk.cc)... 95.213.4.230, 95.213.4.231, 95.213.4.232
Connecting to vk.cc (vk.cc)|95.213.4.230|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://goo.gl/L5YY7p [following]
--2015-02-27 09:13:51--  http://goo.gl/L5YY7p
Resolving goo.gl (goo.gl)... 216.58.209.206, 2a00:1450:400d:807::200e
Connecting to goo.gl (goo.gl)|216.58.209.206|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://drive.google.com/uc?export=download&id=0B0dLlCIuGBcucTkyb1Z2Z05IVEk [following]
--2015-02-27 09:13:51--  https://drive.google.com/uc?export=download&id=0B0dLlCIuGBcucTkyb1Z2Z05IVEk
Resolving drive.google.com (drive.google.com)... 216.58.209.206, 2a00:1450:400d:807::200e
Connecting to drive.google.com (drive.google.com)|216.58.209.206|:443... connected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: https://doc-0o-08-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/h41sk43kd5qcl4e5ue6n6jbruno0oomv/1425016800000/07539905863404628466/*/0B0dLlCIuGBcucTkyb1Z2Z05IVEk?e=download [following]
Warning: wildcards not supported in HTTP.
--2015-02-27 09:13:52--  https://doc-0o-08-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/h41sk43kd5qcl4e5ue6n6jbruno0oomv/1425016800000/07539905863404628466/*/0B0dLlCIuGBcucTkyb1Z2Z05IVEk?e=download
Resolving doc-0o-08-docs.googleusercontent.com (doc-0o-08-docs.googleusercontent.com)... 216.58.209.193, 2a00:1450:400d:807::2001
Connecting to doc-0o-08-docs.googleusercontent.com (doc-0o-08-docs.googleusercontent.com)|216.58.209.193|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 911360 (890K) [application/x-dosexec]
Saving to: ‘dubios’

dubios                        100%[=================================================>] 890.00K  --.-KB/s   in 0.1s   

2015-02-27 09:13:52 (7.52 MB/s) - ‘dubios’ saved [911360/911360]


[root@x] ~/temp 
$ file dubios
dubios: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Download "dubios":

http://www30.zippyshare.com/v/gj6MrMo8/file.html

Link to comment
Share on other sites
robyyxx2 Newbie

robyyxx2

Posted
Posted (edited)

Este o aplicatie .Net care din pacate a fost obfuscata cu https://confuser.codeplex.com/ si este mult de lucru sa poti vedea ce face programul (cica e anti debugger).

Screenshot_from_2015_02_27_13_29_16.png

avand in vedere ca este bine criptat, mai mult ca sigur este un virus.

Pune un VM si executa acolo.

Edit: Compileaza proiectul asta https://github.com/UbbeLoL/ConfuserDeobfuscator cu visual basic (cu 12 ar trebuii sa functioneze) si ai program pentru deobfuscat programul "dubios" apoi descarca https://www.jetbrains.com/decompiler/ ca sa sa poti decompila si sa vezi sursa.

Edited by robyyxx2
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...