Recent content by MrGuiW

Kaspersky made a more detailed analysis about the previous malware that i was reporting (I'm glad if the info i posted was useful): https://securelist.com/argamal-rat-distributed-with-hentai-games/119999/ (different variation of the malware, looks recent) The most recent github history of this...

Also, the ryuu and reeffress version features the extra 0 bytes .dlls: The other JP version i downloaded doesn't have this at the end, does someone knows why they added it?

Btw, i found some posts from a korean website discussing this user "Reeffress" (konegg, requires login): https://kone.gg/s/somisoft/a61GsWRilmKFfZYj2c2j0b?p=1&q=Reeffress https://kone.gg/s/somisoft/btMO8AnvfWJef94hBS2j0b?p=1&q=Reeffress Here are some screenshots (used google translate, some...

just confirming, this torrent upload from "Reeffress" has this engine.bin file:

He posted more info:

My post after his: Could be malware or a very aggressive DRM (scanning for reverse enginnering tools).

The user 'SlidingSubject' posted this on f95 about RJ01617050 ryuugames mediafire link: https://www.virustotal.com/gui/file/830f3d6a5aa4aa355235e855d5de47daff7fee03566e1832a985641df0c4f2ec/detection

New info, the same malware comes from a spanish guy that was infecting RenPy games/mod galleries on f95, i will quote 'colobancuz' analysis on the previous version of the malware: Infected files: Previous RenPy malware analysis (F95): This file (zaesdl) also contains the same C2 url from...

I've updated my post with new info (check for Update New info) + ways to check if you're infected with this RPGM malware, it's worth checking out, will update if i find more information.

Also, these software pages were hacked yesterday, containing a RAT malware (April 9-10) Gamers use CPU-Z pretty much, so be careful, hacked versions were: CPU-Z 2.19 HWMonitor 1.63

So, is this a strange DRM or is there a hidden malware in it?

Also, here are the list of 326 pixeldrain links + game names i've found at the suspicious website, i've censored the links, only left the 2 letters at the start and end (admins feel free to edit if it's too unsafe): I recommend doing a search with CTRL + F at the links and searching for game...

Quick update: i'm still analysing the second part of the infection, but found some interesting info: FIRST PART PART 1.9 (decrypted zaesd.jpg): creates a Teams/TM folder containing a .log file.. Apparently it has a ignore filter for chinese language systems? (I think maybe its because of...

Update: I found in the Game.exe where it runs the Scene2.ogg (sideloads as .dll): https://www.virustotal.com/gui/file/34715108991666034d8cc5b1e8a6715570de9d501f9be379ca62d65ae3244f17 https://hybrid-analysis.com/sample/34715108991666034d8cc5b1e8a6715570de9d501f9be379ca62d65ae3244f17...

Another linked website in the source code: The list of games it has is also clickable, i couldn't click any because it is full of ads, but checking the source code reveals a huge list of pixeldrain links with the games (most probably infected) The worst part? it has 300+ possibly infected...