-  [WT]  [PS]  [Home] [Manage]
[ VIP ] [ b / fl ] [ a / ani / co / fit / gfx / halp / kitchen / lit / me / pr / sci / sf / tg / toys / vg / w / wp / x / zom ] [ cake / d / di / elit / futa / gif / h / men / n / nsfwwp / pco / s / sm / ss / unf / v ]
[Return]
Posting mode: Reply
Name
Email
Subject   (reply to 5777)
Message
File
Password  (for post and file deletion)
  • Supported file types are: GIF, JPG, PNG, TXT
  • Maximum file size allowed is 5120 KB.
  • Images greater than 200x200 pixels will be thumbnailed.
  • Currently 422 unique user posts. View catalog

  • Blotter updated: 2009-07-22 Show/Hide Show All
File CrazyMulti3.txt - (485.50KB )
5777 No. 5777
Alright, so, like a dumbass, I downloaded a program that I now think might contain a keylogger. I got it from crazymulti(dot)tk.
I know it's a VB program, and I've taken a look at it with some free (read: evaluation version) VB disassemblers. Unfortunately, I've been unable to find anything that confirms my suspicions.
Does anyone want to take a look, or at least point me in the direction of a free, fully-functional, non-trial version of a VB disassembler?
>> No. 5779
First off, your file upload fails. I had to download the program from the site.
Escond: I do not have access to a VB disassembler, but I uploaded it to virustotal, and here's the result...
http://www.virustotal.com/analisis/a6ab97793e35dd5c489d3773a751d653a8baa1379a576fb84bc07fccd9a7f09f-1257365620

tl;dr: 30 out of 41 antivirus programs think that it's bad.
Also take this into account: The instructions in the attached text file smells rotten long way. It's also very suspicious that the file has a description field of Realtek Azalia Audio - Event Monitor. I bet you have an unkillable process called Alcxmntr.exe in your task list - and a sound card that doesn't come from Realtek.

This is your typical malware. If you clicked it, enjoy your aids.
>> No. 5780
I didn't bother disassembling it. Looks like VB.Net and for some reason it references System.Web.Services.Protocols.SoapHttpClientProtocol

I don't know what the program is supposed to do, so I can't say anything other than that I think it looks suspecious

Delete post []
Password  
Report post
Reason  

[ VIP ] [ b / fl ] [ a / ani / co / fit / gfx / halp / kitchen / lit / me / pr / sci / sf / tg / toys / vg / w / wp / x / zom ] [ cake / d / di / elit / futa / gif / h / men / n / nsfwwp / pco / s / sm / ss / unf / v ]

- kusaba x 0.9 + SVN + Took 0.08s -