Search results for query: *

Kaspersky made a more detailed analysis about the previous malware that i was reporting (I'm glad if the info i posted was useful): https://securelist.com/argamal-rat-distributed-with-hentai-games/119999/ (different variation of the malware, looks recent) The most recent github history of this...

Also, the ryuu and reeffress version features the extra 0 bytes .dlls: The other JP version i downloaded doesn't have this at the end, does someone knows why they added it?

Btw, i found some posts from a korean website discussing this user "Reeffress" (konegg, requires login): https://kone.gg/s/somisoft/a61GsWRilmKFfZYj2c2j0b?p=1&q=Reeffress https://kone.gg/s/somisoft/btMO8AnvfWJef94hBS2j0b?p=1&q=Reeffress Here are some screenshots (used google translate, some...

just confirming, this torrent upload from "Reeffress" has this engine.bin file:

He posted more info:

My post after his: Could be malware or a very aggressive DRM (scanning for reverse enginnering tools).

The user 'SlidingSubject' posted this on f95 about RJ01617050 ryuugames mediafire link: https://www.virustotal.com/gui/file/830f3d6a5aa4aa355235e855d5de47daff7fee03566e1832a985641df0c4f2ec/detection

New info, the same malware comes from a spanish guy that was infecting RenPy games/mod galleries on f95, i will quote 'colobancuz' analysis on the previous version of the malware: Infected files: Previous RenPy malware analysis (F95): This file (zaesdl) also contains the same C2 url from...

I've updated my post with new info (check for Update New info) + ways to check if you're infected with this RPGM malware, it's worth checking out, will update if i find more information.

Also, these software pages were hacked yesterday, containing a RAT malware (April 9-10) Gamers use CPU-Z pretty much, so be careful, hacked versions were: CPU-Z 2.19 HWMonitor 1.63

So, is this a strange DRM or is there a hidden malware in it?

Also, here are the list of 326 pixeldrain links + game names i've found at the suspicious website, i've censored the links, only left the 2 letters at the start and end (admins feel free to edit if it's too unsafe): I recommend doing a search with CTRL + F at the links and searching for game...

...contain a .log file. If you have this folder then you are most likely infected, also check your network connections, if it has some connection to: a*****.freeddns.o-- (censored for safety) TLDR: It is a multi-function RAT that includes backdoor + keylogger behavior. I will continue my...

Update: I found in the Game.exe where it runs the Scene2.ogg (sideloads as .dll): https://www.virustotal.com/gui/file/34715108991666034d8cc5b1e8a6715570de9d501f9be379ca62d65ae3244f17 https://hybrid-analysis.com/sample/34715108991666034d8cc5b1e8a6715570de9d501f9be379ca62d65ae3244f17...

Another linked website in the source code: The list of games it has is also clickable, i couldn't click any because it is full of ads, but checking the source code reveals a huge list of pixeldrain links with the games (most probably infected) The worst part? it has 300+ possibly infected...

...involves it downloading a infected .jpg file (zaesd.jpg) which i renamed as .bin for safety purposes, the website it downloads from (mgz.great-s***.n** censored for safety) visually looks like a very weird porn/porn game website, containing background porn images, a ton of popups and ads...

...of the malware, theres a second part involving a downloaded infected .jpg file from a website which i will post later if i manage to decode it. *update: i will post more screenshots showing the details. PART 1 (Game.exe and Scene2.ogg): I will use several AI promps which will help to...

I've made a huge discovery while reverse engineering the malware files with the help of AI + tools, my post on f95, i will also post here shortly.

I sent some samples in hybrid-analysis and it looks like it got flagged as malicious by the falcon sandbox:

Unfortunately i don't have more details aside from virustotal scans, i do still have the infected files preserved for future scans/analysis (only the fake .oggs, the game.exe was deleted by windows defender). (I also don't have much knowledge for virus behavior analysis, i just searched for the...