RE: Over 32 million PCs comprised due to pirated games 06-11-2021, 02:36 PM
#4
I believe the FTU group to be the origin of the virus, or at least the leading distributor of the trojan. Non-malicious link: https://ftuapps.dev/ - hosts some big Windows programs with embedded or binded RAT servers.
Actually, I found it. Do NOT download and do NOT run the following unless you're testing it in a secure environment. It contains a false positive for the key-gen but the installer is malware.
Infected folder name: ....\Adobe Photoshop 2021 v22.3.1.122 (x64) Patched (I will give the final folder name not the file to avoid getting myself a ban.)
VT: https://www.virustotal.com/gui/file/4460.../community
Behavior of the malware: https://www.virustotal.com/gui/file/4460...%20Josebox
Easily can tell it is a packed binary by looking at entropy level:
![[Image: pestudio.png]](https://i.ibb.co/hMDDS6p/pestudio.png)
Actually, I found it. Do NOT download and do NOT run the following unless you're testing it in a secure environment. It contains a false positive for the key-gen but the installer is malware.
Infected folder name: ....\Adobe Photoshop 2021 v22.3.1.122 (x64) Patched (I will give the final folder name not the file to avoid getting myself a ban.)
VT: https://www.virustotal.com/gui/file/4460.../community
Behavior of the malware: https://www.virustotal.com/gui/file/4460...%20Josebox
Easily can tell it is a packed binary by looking at entropy level:
(This post was last modified: 06-11-2021, 03:44 PM by ConcernedCitizen.
Edit Reason: pestudio
)
ed25519/0x21AB6B6A6CB2C337
C87D87466FD205945CF10A3821AB6B6A6CB2C337
C87D87466FD205945CF10A3821AB6B6A6CB2C337
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)