879 questions
0
votes
0
answers
5
views
Zammad google callback redirecting to another website (bet8k)
I have an instalation of Zammad 5.2.x made with docker compose and actualy when we try to add an account in channels-google, after the consent screen finishes it goes to an outside url instead of back ...
- 3,054
-2
votes
0
answers
21
views
atop and eval in Google url - malware or not? [closed]
I am having a strange payment method in my stores checkout (Card Payments Stripe) which I have not setup nor installed. I am suspecting some sort of malware. I checked the code and one piece in ...
- 277
0
votes
1
answer
129
views
RewriteRule ^en/blooket-login/ jquery/external/blooket-login.php [NC,L]
The Rewrite rule is automatically creating in the htaccess file. even I have make the permission to 444, after sometime it changes to 777 automatically. I found some unwanted code pages in jquery/...
- 11
2
votes
1
answer
84
views
Maven compiler plugin is malware? [closed]
I was working 1 year with dependency maven-compiler-plugin.
Tried to pull project from git on new pc and before maven update repo i got warning that maven-compiler-plugin is malicious.
I use org....
- 49
0
votes
0
answers
67
views
Accessing /wp-admin results in 302 HTTP Forwarding to a different site
Accessing abc.com/wp-admin gets me automatically a 302 Redirect to a total different website (on the same WHM Server), the RAW Header Response looks like this.
Could not detect any malware nor ...
- 11
0
votes
0
answers
40
views
Problem Injecting DLL into Vipasana Ransomware
I wanted to hook RegQueryValue and WriteFile functions called by Vipasana ransomware using a dll injected by VirtualAlloxEx, WriteProcessMemory and then CreateRemoteThread. I have applied error ...
- 1
0
votes
1
answer
34
views
Non-upgradeability due to infinite execution time (if any)?
I read somewhere that canister upgrades can be (e.g. maliciously) prevented by another canister called by it by not returning from the call.
But how come that a call could not return? It is limited by ...
- 5,780
0
votes
0
answers
70
views
How do I fix consistently reverting to hacked index.php and .htaccess files?
The index.php and .htaccess files on my site patrickkingart.com keep reverting to hacked versions that are making the front end of my site inaccessible. I can still access the WordPress dashboard.
I ...
- 11
1
vote
1
answer
220
views
Decrypt RC4 with Python knowing the key
I come here with a little problem (sorry for my english this is not my mothertongue).
I have a little malware project at school, globally I have a keylogger which create a file and then encrypt the ...
- 15
0
votes
0
answers
19
views
how to create my svm to detect mobile malware using python language
I want to create svm machine to detect mobile malware how can I start? what do I need to start the project?
I have the dataset but I do not know how to start the Svm? I and new with this topic.
to ...
-1
votes
1
answer
121
views
unknown urls in my Google Analytics performance dashboard
I have a hobby wordpress website with around 4 pages and 4 posts in total. Google notified me that my website has "malware". The link that I was notified was this:
I checked my Google ...
- 355
0
votes
0
answers
18
views
Where can I find detailed information on the operation of virtual machine protectors?
I need documents for a degree thesis about the functioning of virtual machine protectors, more specifically about VMProtect and the protection process through virtualization and/or mutation
I have ...
0
votes
0
answers
110
views
Constantly getting redirected to login and home pages
As of recently I am constantly being redirected to the login and home pages on various sites.
The redirects happen as follows: I am browsing the site, clicking on a couple things, and here and there ...
0
votes
0
answers
105
views
Experiencing an error while trying to compile an exe with the help of pyaudio
Been trying to run pysilon on github to test out its capabilities on my machine and come across this error:
× Building wheel for pyaudio (pyproject.toml) did not run successfully.
│ exit code: 1
...
0
votes
0
answers
107
views
Can i get infected if I open a malware binary file in Python like this? open(file_path, 'rb').read()
I need to calculate the hash and send a file via HTTP of a binary that have malware. To do that I need to use this two functions:
hashlib.md5(open(file_path, 'rb').read()).hexdigest()
file = {'file': (...
- 1
0
votes
0
answers
28
views
How can we conclude a process is malicious based on procmon output
I am trying to build a custom malware sandbox(not using readymade approaches like cuckoo or others) I have captured the activities and operations generated by the process, now in the next phase i ...
0
votes
1
answer
873
views
Backdoor:PHP/Webshell.O virus detected in an uploaded image file. Should I be worried? How can I prevent it?
I have a site which allows users to upload images. One uploaded file was recently detected by antivirus software (uploads aren't scanned, this was a system wide scan after)
Upon upload, I check the ...
- 2,039
0
votes
0
answers
50
views
Invalid YaraSharp library in C#
When i run the code below that error appears.
using YaraSharp;
YSInstance YSInstance = new YSInstance();
System.BadImageFormatException: 'Could not load file or assembly
'YaraSharp, Version=1.3.0.0, ...
0
votes
0
answers
33
views
REing shellcode
I'm a bit new to reverse engineering, and I am trying to decode shellcode for a class report. I have a pdf malware sample of encoded shellcode that I got from a javascript unescape and I am not ...
- 11
-4
votes
1
answer
52
views
Does encrypting a virus / malware renders it inactive? [closed]
Phrased differently, can an encrypted malware still act ? Not encrypted by design, but after the fact.
And can it still be detected by an antivirus when in encrypted form ? (Given it is in decrypted ...
- 463
0
votes
1
answer
4k
views
Remove Malware wp-cleansong [closed]
Good morning, I suddenly found administrator users on my wordpress site and a plugin called wp-cleansong that I never installed. The site redirects when I browse. How can I solve it?
0
votes
0
answers
143
views
How do I decode malicious PHP code to find out what it does?
I am dealing with Malware that keeps recreating files and is really hard to get rid of. Here is some code I think might be relevant..
The problem mainly affected WordPress Sites, I updated all the PHP ...
0
votes
0
answers
82
views
Is deleting all partitions on USB is safe?
I have an infected USB flash drive. So I used gparted live to safely remove all partitions and created an NTFS one before inserting in windows. But I'm really worries if any malware in raw data can ...
0
votes
0
answers
67
views
PyInstalled my app and now Windows Defender thinks its a trojan? wth [duplicate]
Aright so just recently I've created an app called Wmapper that allows users to keymap throughout windows. It has 2 directorys that have exe files in thema and those work perfectly and are not ...
- 21
-1
votes
1
answer
149
views
Can Android Studio be setup as an environment for malware analysis?
As the topic suggests, how exactly can we use android emulators like Android studio to create a sandbox-like environment(or can we?) (in this context: detection of malicious files). I've heard of ...
0
votes
0
answers
235
views
Raw Shellcode Injection (Quasar Rat)
I am new to malware development and I am trying to create a program to inject raw shellcode into memory and embedding it in the Resource section of the PE.
Using Donut by Wover (https://github.com/...
- 1
0
votes
0
answers
159
views
XOR encryption in payloads
So i was working on a simple payload encryption using xor project
here is the code
#include <Windows.h>
#include <stdio.h>
#include "resource.h"
VOID XorByOneKey(IN PBYTE ...
- 133
0
votes
0
answers
48
views
Tensorflow .pb file extension blocked by policy - risk of ransomware?
I am working with Tensorflow models for object recognition. The models are to be saved with the .pb file extension (https://www.tensorflow.org/guide/saved_model#the_savedmodel_format_on_disk).
...
- 135
0
votes
1
answer
96
views
What does this PowerShell script do? Is it malware? It auto-runs itself on my computer
I found this script by tracing the command-line parameters of the process via procexp. It is located at C:\Windows\System32\8208c741-a361-4e21-83e2-6d7f9a3b5b89.ps1 and somehow runs itself ...
- 1
-8
votes
1
answer
311
views
Java String Deobfuscation
I'm new to Java and was hoping someone could help me explain an issue. I am following this blog post that covers the reverse-engineering of a malicious Android APK file.
In the decompiled Java code, ...
0
votes
1
answer
272
views
LIBCMT.lib(exe_winmain.obj) : error LNK2019: Unresolved WinMain external symbol referenced in function "int __cdecl __scrt_common_main_seh(void)"
So i want to compile a program that basically is a WINDOWS program with SUBSYSTEM:WINDOWS and everything seems right but is giving me the error:
FULL ERROR HERE ->
LIBCMT.lib(exe_winmain.obj) : ...
2
votes
0
answers
24
views
Is package-lock.json guaranteeing a specific version in npm?
This is regarding supply chain attacks.
Is it possible for the creator of an npm package to change published packages in retrospect?
For example, [email protected] is trusted right now, and pinned in my ...
- 106
2
votes
1
answer
99
views
Is it possible to automatically redirect the download of a file to a container in case the file contain a malware?
I was wondering if there is an existing tool that can automatically redirect the download of a file to a container ? Or if there is an existing open-source project about it.
For more context, I wanted ...
- 21
1
vote
1
answer
103
views
Unable to uninstall the Nucleon EDR Agent [closed]
I have installed Nucleon EDR to protect my endpoint. After completing my testing, I want to temporarily uninstall the EDR Nucleon Agent. However, I am unable to do so, and I also cannot access the ...
- 7
2
votes
0
answers
460
views
Suspicious files found on server in WordPress project ('wp-admin/user') [closed]
This morning I've come across some suspicious files on my server within the WordPress wp-admin/user directory:
File comment-zk9YV7.php
<?php
if(move_uploaded_file($_FILES["Wpfl"]["...
0
votes
1
answer
194
views
Wordpress website intermittently tries to redirect to a scam website lan05(dot)biz [closed]
I know very little about website design, etc, and a few year ago inherited the responsibility of keeping my org's website current: I add pictures to a slideshow, change the text on the main page to ...
- 1
1
vote
3
answers
893
views
Is it safe to install Rust crates? Is `crates.io` curated or reviewed for malware?
With Debian and Ubuntu, there is some quality control. With Boost (C++'s main repo), there is significant quality control. Are Rust crates(.io) similar or are they a complete free-for-all? Can anyone ...
- 12.4k
0
votes
0
answers
2k
views
When i click on a website to enter it,it enters but the problem is a file is downloaded automatically
Once I click on a site this window appears and download the file without my permission.Note: I use Chrome as a browser and Neat Download Manager
[here is what happensand this What in the file](https://...
- 11
0
votes
2
answers
517
views
vmcloak taking forever to start Windows when setting up Cuckoo
I am trying to set up Cuckoo on an Ubuntu 18.04.6 machine as per instructions on https://cuckoo.sh/docs/installation/host/configuration.html and https://hatching.io/blog/cuckoo-sandbox-setup/ but one ...
1
vote
0
answers
239
views
Windows version of x2g client flagged as malware when downloading from x2g.org
When downloading the x2go client for Windows from x2go.org, Firefox as well as Edge claim that it's malware. Virustotal does not flag it. I would assume this to be a common issue but the FAQ from x2go ...
- 11
0
votes
0
answers
38
views
Cleaned Wordpress From Malware But One of the website directory still has it
My website was hit with malware and as a result I did run virus scan built in with my hosting panel and also removed virus. I also changed FTP and wordpress passwords. Also added additional security ...
0
votes
0
answers
45
views
How to collect in memory strings of process which executes for a second and terminates
How to collect in memory strings of process which executes for a second and terminates in seconds?, if even not able to suspend it to check for in memory strings
I was analyzing one malware file which ...
- 1
2
votes
0
answers
334
views
How did a website disable Alt-F4 and Alt-Tab?
I was browsing around on Chrome on a Windows 10 computer, and inadvertently clicked on an ad that appeared under my mouse.
Immediately, the browser went full screen and showed a website saying that ...
- 1,431
0
votes
1
answer
262
views
interpreting the fs register in a 32-bit binary running on a windows 64-bit system
I have found the following code in a 32-bit binary running on a windows 64-bit system :
mov eax,dword ptr fs:[18]
mov ecx,dword ptr [eax+F70]
mov eax,dword ptr [ecx+78]
ret
it seems that it returns ...
- 33
3
votes
4
answers
5k
views
Using Terraform to Enable Microsoft Defender for Storage on a Storage Account to scan for Malware
Im trying to enable malware scanning using "Microsoft Defender for Storage" on a Storage Account using terraform, but im not able to find out how to do it. Is it not supported in Terraform? ...
- 858
-7
votes
1
answer
265
views
MiniDumpWriteDump callback does not return to calling function
I am using MiniDumpWriteDump callbacks to read the dump into memory and encrypt it before storing to a file. It is being executed as a part of shellcode that is being written over EventAggregation.dll ...
- 1
1
vote
0
answers
662
views
.NET WinForms App misidentified as Trojan AgentTesla
I am struggling with the Windows Defender. Since a few weeks a ClassLibrary.dll from our company gets flagged as the trojan "Trojan:MSIL/AgentTesla.CED!MTB" by the Windows Defender. Of ...
- 63
0
votes
0
answers
108
views
My a.exe file appears to be corrupted. (C language)
The a.exe file is quarantined (contained in an isolated folder) by my anti-virus McAfee stating that it protected me from a virus. It didn't happen right after I started coding with C. Infact, I was ...
-4
votes
1
answer
567
views
Ubuntu 22.04 - Browser malware issue, sites redirecting to winbigdrip.life , endwisvote.live appcloudvalue.com basketballidentity.cn
I'm facing a strange problem on both of my chrome and firefox browsers. The sites are getting re-directed to other sites like winbigdrip.life , endwisvote.live appcloudvalue.com basketballidentity.cn (...
- 113
0
votes
1
answer
211
views
How to Deal with Bold Red 'Deceptive Site Ahead' Warning on Chrome?
I have dev.randomlog.org which serves as a repository for many of my tests as a developer. It's up for over a decade (nearly two I think), but...
3 days ago, the notorious big red warning covers ...
- 723