Gold [Scan Report & Debloated download]: Unique Proxy Scraper v0.1 (shared by Betski)

miso · 06-07-2020, 02:49 PM

Thanks to @HailHydra, this woudn't have been revealed without him notifiying me about Betski's software posts

When loading the executable, it will unpack in a folder (%appdata%), here are the files extracted by the application
[Image: FANSePY.png]

Loader.cmd is where the malware gets downloaded, via this command
[Image: aroKKmm.png]

The file that gets downloaded (Sys.exe) is luckily using the .NET Framework, which im really good at, so i've unpacked it via dnspy, and heres what i've found inside it:
[Image: pwii9we.png]

Virustotal Scan [27/73] (Sys.exe)

The application steals browser informations, credit cards, gets your location, checks if it is in a vm, sandboxed or not (i don't know if it tries to exit out of the vm/sandbox)

+

Loader.exe got created the same day as the thread was released, the application was made back in 2018, the cmd file was made the 11th of May
[Image: Glz8euVnToSK86N1Lczgrg.png]

This proves that @Betski had already shared malwares on the forum, which is against the rules, therefore should be banned

You can download the app without Betski's malware, it still however has a lot of detections

Files in zip (3):

Code:
[Debloated] - Unique Proxy Scrapper v1.zip

|- SkinSoft.VisualStyler.dll | 1.03mb

|- Unique.Proxy.Scraper.v0.1.exe | 399kb

|- xNet.dll | 116kb

Virustotal Scan [29/63]
Download (mega.nz)

@mothered
@Oni

pwnGlobal · 06-07-2020, 06:31 PM

Nice work, My French Friend.

mothered · 06-08-2020, 06:27 AM

(06-07-2020, 02:49 PM)miso Wrote: This proves that @Betski had already shared malwares on the forum

Appreciate your continual support with the analytical reports.

Due to @"Betski" not being the developer of the tools (thus obtained from a given source) and the fact that he's provided online virus scan reports, the Infected files may be unbeknownst to him, so I'm waiting for a reply In his defense. I'm not suggesting either/neither, but rather Intending to collect Information from every angle prior to making a decision on the matter.

miso · 06-23-2020, 06:50 PM

(06-08-2020, 06:27 AM)mothered Wrote:
(06-07-2020, 02:49 PM)miso Wrote: This proves that @Betski had already shared malwares on the forum
Appreciate your continual support with the analytical reports.

Due to @"Betski" not being the developer of the tools (thus obtained from a given source) and the fact that he's provided online virus scan reports, the Infected files may be unbeknownst to him, so I'm waiting for a reply In his defense. I'm not suggesting either/neither, but rather Intending to collect Information from every angle prior to making a decision on the matter.

He still hasn't replied yet and just doesn't seem to be really active, maybe just remove the download links of his thread or swap the link with mine

mothered · 06-23-2020, 09:19 PM

(06-23-2020, 06:50 PM)miso Wrote:
(06-08-2020, 06:27 AM)mothered Wrote:
(06-07-2020, 02:49 PM)miso Wrote: This proves that @Betski had already shared malwares on the forum
Appreciate your continual support with the analytical reports.

Due to @"Betski" not being the developer of the tools (thus obtained from a given source) and the fact that he's provided online virus scan reports, the Infected files may be unbeknownst to him, so I'm waiting for a reply In his defense. I'm not suggesting either/neither, but rather Intending to collect Information from every angle prior to making a decision on the matter.
He still hasn't replied yet and just doesn't seem to be really active, maybe just remove the download links of his thread or swap the link with mine

I'll wait a little longer prior to making a decision on the matter.

miso · 06-23-2020, 09:32 PM

(06-23-2020, 09:19 PM)mothered Wrote:
(06-23-2020, 06:50 PM)miso Wrote:
(06-08-2020, 06:27 AM)mothered Wrote: Appreciate your continual support with the analytical reports.

Due to @"Betski" not being the developer of the tools (thus obtained from a given source) and the fact that he's provided online virus scan reports, the Infected files may be unbeknownst to him, so I'm waiting for a reply In his defense. I'm not suggesting either/neither, but rather Intending to collect Information from every angle prior to making a decision on the matter.
He still hasn't replied yet and just doesn't seem to be really active, maybe just remove the download links of his thread or swap the link with mine
I'll wait a little longer prior to making a decision on the matter.

it is still virus sharing, the safest option here is to remove the link until he replies

mothered · 06-23-2020, 09:38 PM

(06-23-2020, 09:32 PM)miso Wrote:
(06-23-2020, 09:19 PM)mothered Wrote:
(06-23-2020, 06:50 PM)miso Wrote: He still hasn't replied yet and just doesn't seem to be really active, maybe just remove the download links of his thread or swap the link with mine
I'll wait a little longer prior to making a decision on the matter.
it is still virus sharing, the safest option here is to remove the link until he replies

In your opinion and analysis, Is It conclusive that It's Infected, without any doubt whatsoever?

miso · 06-23-2020, 11:55 PM

(06-23-2020, 09:38 PM)mothered Wrote:
(06-23-2020, 09:32 PM)miso Wrote:
(06-23-2020, 09:19 PM)mothered Wrote: I'll wait a little longer prior to making a decision on the matter.
it is still virus sharing, the safest option here is to remove the link until he replies
In your opinion and analysis, Is It conclusive that It's Infected, without any doubt whatsoever?

I showed evidences that the file is infected, if you want to unpack it for yourself, the threads starts by how i've proceeded to unpack the downloaded malware and showed that it indeed was a malware, then i've just use dnspy to see the malware's code since it is in C#

PS: you can also see the "Last Modified" dates of the files, the .cmd has been added a few hours/days before the thread has been made, it might not be him, but i've also prove that on the other Scan Report of one of the applications he shared that the cmd has been last modified hours before the thread was created

mothered · 06-24-2020, 08:45 AM

(06-23-2020, 11:55 PM)miso Wrote: I showed evidences that the file is infected, if you want to unpack it for yourself, the threads starts by how i've proceeded to unpack the downloaded malware and showed that it indeed was a malware, then i've just use dnspy to see the malware's code since it is in C#

I've simply asked whether the file Is Infected, of which you've now conclusively confirmed It.

The link has been removed from the thread.

miso · 06-24-2020, 03:11 PM

(06-24-2020, 08:45 AM)mothered Wrote:
(06-23-2020, 11:55 PM)miso Wrote: I showed evidences that the file is infected, if you want to unpack it for yourself, the threads starts by how i've proceeded to unpack the downloaded malware and showed that it indeed was a malware, then i've just use dnspy to see the malware's code since it is in C#
I've simply asked whether the file Is Infected, of which you've now conclusively confirmed It.

The link has been removed from the thread.

thank you for finally taking the link down, ill try keeping my scan as accurate as possible