Search results for query: *

Kaspersky made a more detailed analysis about the previous malware that i was reporting (I'm glad if the info i posted was useful): https://securelist.com/argamal-rat-distributed-with-hentai-games/119999/ (different variation of the malware, looks recent) The most recent github history of this...

Also, the ryuu and reeffress version features the extra 0 bytes .dlls: The other JP version i downloaded doesn't have this at the end, does someone knows why they added it?

Btw, i found some posts from a korean website discussing this user "Reeffress" (konegg, requires login): https://kone.gg/s/somisoft/a61GsWRilmKFfZYj2c2j0b?p=1&q=Reeffress https://kone.gg/s/somisoft/btMO8AnvfWJef94hBS2j0b?p=1&q=Reeffress Here are some screenshots (used google translate, some...

just confirming, this torrent upload from "Reeffress" has this engine.bin file:

He posted more info:

My post after his: Could be malware or a very aggressive DRM (scanning for reverse enginnering tools).

The user 'SlidingSubject' posted this on f95 about RJ01617050 ryuugames mediafire link: https://www.virustotal.com/gui/file/830f3d6a5aa4aa355235e855d5de47daff7fee03566e1832a985641df0c4f2ec/detection

New info, the same malware comes from a spanish guy that was infecting RenPy games/mod galleries on f95, i will quote 'colobancuz' analysis on the previous version of the malware: Infected files: Previous RenPy malware analysis (F95): This file (zaesdl) also contains the same C2 url from...

I've updated my post with new info (check for Update New info) + ways to check if you're infected with this RPGM malware, it's worth checking out, will update if i find more information.

Also, these software pages were hacked yesterday, containing a RAT malware (April 9-10) Gamers use CPU-Z pretty much, so be careful, hacked versions were: CPU-Z 2.19 HWMonitor 1.63

So, is this a strange DRM or is there a hidden malware in it?

Also, here are the list of 326 pixeldrain links + game names i've found at the suspicious website, i've censored the links, only left the 2 letters at the start and end (admins feel free to edit if it's too unsafe): I recommend doing a search with CTRL + F at the links and searching for game...

Quick update: i'm still analysing the second part of the infection, but found some interesting info: FIRST PART PART 1.9 (decrypted zaesd.jpg): creates a Teams/TM folder containing a .log file.. Apparently it has a ignore filter for chinese language systems? (I think maybe its because of...

Update: I found in the Game.exe where it runs the Scene2.ogg (sideloads as .dll): https://www.virustotal.com/gui/file/34715108991666034d8cc5b1e8a6715570de9d501f9be379ca62d65ae3244f17 https://hybrid-analysis.com/sample/34715108991666034d8cc5b1e8a6715570de9d501f9be379ca62d65ae3244f17...

Another linked website in the source code: The list of games it has is also clickable, i couldn't click any because it is full of ads, but checking the source code reveals a huge list of pixeldrain links with the games (most probably infected) The worst part? it has 300+ possibly infected...

The encryption used was Base64-encoded UTF-16LE, after decoding we got this: Some variables of the code are in spanish, like subcarpetas (subfolders) and letras (letters), in this code theres a part of it which is also encrypted, if we decrypt it with the same method as before, we get this...

My post on f95: HUGE UPDATE: With the help of AI and some reverse engineering tools, i've managed to reverse engineer the malware inside the .ogg file and decode it, i've analysed the first part of the malware, theres a second part involving a downloaded infected .jpg file from a website which...

I've made a huge discovery while reverse engineering the malware files with the help of AI + tools, my post on f95, i will also post here shortly.

I sent some samples in hybrid-analysis and it looks like it got flagged as malicious by the falcon sandbox:

Unfortunately i don't have more details aside from virustotal scans, i do still have the infected files preserved for future scans/analysis (only the fake .oggs, the game.exe was deleted by windows defender). (I also don't have much knowledge for virus behavior analysis, i just searched for the...