help a noob please, what is this trojan trying to do on my computer? thank you
help a noob please, what is this trojan trying to do on my computer? thank you

first of all sorry about my bad English. I downloaded a bad file , upon clicking on it, nothing happened and then the file auto-delete. I knew it was fishy and my anti-virus did not detect a single thing! so I open the task manager and I see this running in background :

https://preview.redd.it/xdtgy4evmhw61.png?width=662&format=png&auto=webp&s=1a4e1fd9ddacabdd355f991893f1fb094cc2194d

I click right click on it and click “Open file location” , it was siting in “..AppDataLocalGraphics Codec Stacks ver8.69” this folder was empty (even with “View Hidden Items” on) . I try to walk back to ‘Local’ and again the ‘Graphics Codec Stacks ver8.69’ folder was not there(hidden) so I power shell and do this :

nothing

then this :

https://preview.redd.it/6hbiv4kxbiw61.png?width=793&format=png&auto=webp&s=b57bb488ba3957909cef7d24543795c309d130e6

‚Äč

https://preview.redd.it/eyy3uvq1nhw61.png?width=449&format=png&auto=webp&s=274d5c41d1bcc9513a23b22475dc302fbf13e87f

I used shutil module from python to copy that folder to desktop (I run a scan on it by antivirus and still nothing) then I downloaded jetbrains dotpeek to “decompile” it , it was written in C# and the code was completely random , like all I see are irrelevant math equations. the code is completely obfuscated . like this :

using Microsoft;

using syeasrasrfasr;

using System;

using System.Windows.Forms;

namespace Microsofts

{

internal class Program

{

[STAThread]

private static void Main()

{

u003CModuleu003E.RunAction = 0;

int int32_1 = Convert.ToInt32(-2.0 - 2.0);

if ((Convert.ToInt32(5.86214091642749E+17 / 541393614.5) ^Convert.ToInt32(679511851.643738 - Math.Log(339755916.0))) ==Convert.ToInt32(872759619.0 + Math.Truncate(872759618.5)))

{

u003CModuleu003E.RunAction = Convert.ToInt32(1.45969769413186 +Math.Cos(1.0));

int num = sizeof (float);

int32_1 += num;

}

I kept a copy of the decompiled folder of the trojan, if anybody can or want to read this , I can send it to you , I’m really curious about what is this doing on my computer and how they can manage to make it completely indictable by antivirus software. thank you

submitted by /u/100k51
[link] [comments]

By admin