Ranter
Join devRant
Do all the things like
				++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
				Sign Up
			Pipeless API
 
				From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
				Learn More
			Comments
		
- 
				
				Just seeing those strings I think it'll try zo download and execute some payload and spam your computer with ads + sound
- 
				
				Found a lot of other files on the server. Tried to gain access to the server, but don't have the knowledge.
 
 Maybe someone can have fun and keep me updated with what methods used.
 
 http://169.239.129.25/content
- 
				
				 CatMDV10378yAll i saw is a lot of semen 😂 CatMDV10378yAll i saw is a lot of semen 😂
 
 But in all seriousness, i also kind of agree with @hypervtechnics. The OMEGA string looks like its carefully disected code to stop anti-virus from going off probably, that if you read in reverse, makes more sense.
- 
				
				 CatMDV10378y@iKameo probably done to stop AV from firing off. AVs get real trippy if the word "cmd" is all together in one word, especially a script CatMDV10378y@iKameo probably done to stop AV from firing off. AVs get real trippy if the word "cmd" is all together in one word, especially a script
- 
				
				@hypervtechnics im not at the computer right now, this is the link to the script @hypervtechnics" style="color: #54556e;">http://169.239.129.25/content/...
- 
				
				 Brolls30638yYeah. Just looks like noise and display stuff. Brolls30638yYeah. Just looks like noise and display stuff.
 
 It does also look at one of the special folders (documents, music, movies etc) so it could well be trying to do something to the contents of those.
 
 I’d recommend spinning up a VM and running it just to see what mischief it gets up to.
- 
				
				So it sets up a stream object (ADO), but I don’t quite get if it is for backdoor access or just to fetch something. Judging by the script writing, it may be some kind of ukranian / russian adware / malware.
 
 Found this https://pastebin.com/V1iWeh1E
 
 Maybe related (look for pipitr6)
- 
				
				 bioDan55358yThis is not obfuscation. bioDan55358yThis is not obfuscation.
 This is deliberately nasty looking code.
 At the beginning i thought the hacker was maybe trying to bypass some sanitazation process, because after-all im unsure what environment runs this code.
 
 But later on i saw plain arithmetic stupidities and got convinced it was deliberately written this way.
 
 Also funny how he forgot to remove his debugging and logs comments 😂
Related Rants













 It changed my life, really. 😁
It changed my life, really. 😁
 Email clients, please DO NOT TRIM THE TITLE !
Email clients, please DO NOT TRIM THE TITLE !
 Nice mailing service you got there...
Nice mailing service you got there...
Will add better photos in the comments!
A client of mine received an spoofed email from their domain. It was a
script with visual basic source code.
Maybe someone here can explain what the script does?
Client didn't opened the file!
rant
hack?
email
whut?
vb
spoofed