I downloaded the wrong file (a virus) wanna take a look? View previous topic :: View next topic  


NFOHump.com Forum Index - The Useless Void
Page 1 of 1
Karmeck




Posts: 3371
Location: Sweden
PostPosted: Fri, 7th Nov 2025 14:17    Post subject: I downloaded the wrong file (a virus) wanna take a look?
Below file might include a virus.

https://drive.google.com/drive/folders/1fHboIc33SWDfdHGMRSrl8Iw6daiUQ4WC?usp=sharing

Was downloading updates for "The Outer Worlds 2". In my haste I forgot the ritual of going to the download site 5 times to get the actual download link. I did not know the size of the update. Enough excuses.

Running the setup, it closes chrome and then errors out.

Linked above is said archive, undoubtedly password protected to save it from scans. Password is in the archive itself.

Now, I don't know if this was the file, using the same password might finally caught up with me. Fixing that right now. But I still kinda wanna know.

I don't have a sandbox setup right now, so I share here in hope that someone want to take a look.

Archive is wired in other ways, includes a clip from a music video, I think.


What happened?, well, they tried to login to Facebook, was directly stooped.
Today my google account, also stooped right away.
Discord, sent out a bunch of crypto offers.
Back to top
Stormwolf




Posts: 24189
Location: Norway
PostPosted: Fri, 7th Nov 2025 15:55    Post subject:
Why the fuck would i want to download a potential virus? 🤣🤣
Back to top
Karmeck




Posts: 3371
Location: Sweden
PostPosted: Fri, 7th Nov 2025 16:19    Post subject:
Stormwolf wrote:
Why the fuck would i want to download a potential virus? 🤣🤣


For fun, finding out it does. Learn.
Back to top
Stormwolf




Posts: 24189
Location: Norway
PostPosted: Fri, 7th Nov 2025 17:42    Post subject:
Yeah no
Back to top
Frant
King's Bounty



Posts: 24876
Location: Your Mom
PostPosted: Fri, 7th Nov 2025 20:48    Post subject:
NOPE

Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn!
Back to top
M4trix




Posts: 9531
PostPosted: Fri, 7th Nov 2025 20:57    Post subject:




Made in China is like a box of chocolates, you never know what you're gonna get.
Back to top
madmax17




Posts: 20548
Location: Croatia
PostPosted: Fri, 7th Nov 2025 21:37    Post subject:
Haven't seen a virus since 2008.
Back to top
Shocktrooper




Posts: 4707
PostPosted: Sat, 8th Nov 2025 01:38    Post subject:
Try to upload it to virustotal.com then do some research from there
Back to top
Karmeck




Posts: 3371
Location: Sweden
PostPosted: Sat, 8th Nov 2025 09:20    Post subject:
Shocktrooper wrote:
Try to upload it to virustotal.com then do some research from there


Nothing.

Issue here is, as it's a setup file, it might be a small program that's acting, seemingly, legit, but with nefarius goals.

I literally used the exact same password on several sites though, might just be that.

Site did not find anything wrong with the setup.exe, but might be what it installs from all the other files.
Back to top
Karmeck




Posts: 3371
Location: Sweden
PostPosted: Sat, 8th Nov 2025 09:35    Post subject:
madmax17 wrote:
Haven't seen a virus since 2008.


Maybe not a virus, more like installing a program that steal your login tokens or.... Somthing.
Back to top
PickupArtist




Posts: 10210
PostPosted: Mon, 24th Nov 2025 20:04    Post subject:
and defender isnt putting anything in quarantine after it did a scan ? i know it doesnt prevent, but it does try and tell u afterwards. at least it bitched to me about hardware monitor using a ring0 file blablabla after FIVE YEARS ,,, Laughing Laughing fake warning, furst and only one in my entire time on win10 but i dont download anything any more . even though i should
Back to top
Frant
King's Bounty



Posts: 24876
Location: Your Mom
PostPosted: Fri, 20th Mar 2026 05:18    Post subject:
Well, it seems to be malware after all.

Quote:
24/62 security vendors flagged this file as malicious

Popular threat label - trojan.midie/rugmi
Threat categories - trojan, downloader

Trojan-Downloader.Win32.Rugmi is a sophisticated malware loader that enables threat actors to install and execute various types of malicious software, including information stealers like Lumma Stealer, Vidar, RecordBreaker, and Rescoms. It operates by downloading and executing encrypted payloads, often using multiple components: a downloader, an internal loader, and an external file loader, making it highly adaptable and difficult to detect.

Once installed, Rugmi can:

Disable security software to evade detection.
Establish backdoors (e.g., on port 2627) for remote access.
Steal sensitive data, including credentials and system information.
Modify system settings, hijack DLLs, and persist across reboots via registry keys, startup folders, or scheduled tasks.
Use legitimate platforms like Discord’s CDN to distribute malicious files disguised as harmless downloads.
The malware has surged in detection, with hundreds of daily instances reported in late 2023 and early 2024, often spreading through:

Malvertising.
Fake software updates.
Cracked software (e.g., VLC, OpenAI ChatGPT).
Torrent sites and phishing emails.


ps. if a rar/zip/etc. file is password protected Virustotal can't open it and thus it can't scan the files in the archive. not sure why the rar-file and the zip-file it contains were both password protected.

Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn!
Back to top
PickupArtist




Posts: 10210
PostPosted: Fri, 20th Mar 2026 13:05    Post subject:
so google and any hoster or defender cant scan it either duh Laughing

better reformat
Back to top
Frant
King's Bounty



Posts: 24876
Location: Your Mom
PostPosted: Fri, 20th Mar 2026 21:30    Post subject:
PickupArtist wrote:
so google and any hoster or defender cant scan it either duh Laughing

better reformat


But if they (against all odds) would find it to be malware Karmeck would instantly had his answer.

Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn!
Back to top
Karmeck




Posts: 3371
Location: Sweden
PostPosted: Sat, 21st Mar 2026 08:15    Post subject:
Frant wrote:
PickupArtist wrote:
so google and any hoster or defender cant scan it either duh Laughing

better reformat


But if they (against all odds) would find it to be malware Karmeck would instantly had his answer.


Thanks for posting tag info.

Well, many times with false positives, I would not be surprised if I excluded the folder from live scanning and/or even restored files if it was caught.
Back to top
Frant
King's Bounty



Posts: 24876
Location: Your Mom
PostPosted: Sat, 21st Mar 2026 15:06    Post subject:
Karmeck wrote:
Frant wrote:
PickupArtist wrote:
so google and any hoster or defender cant scan it either duh Laughing

better reformat


But if they (against all odds) would find it to be malware Karmeck would instantly had his answer.


Thanks for posting tag info.

Well, many times with false positives, I would not be surprised if I excluded the folder from live scanning and/or even restored files if it was caught.


Those scummy ad-based download "services" are not only extremely annoying, forcing you to sit through tons of weird ads. They're a haven for spreading malware and they trick you into downloading a file by putting a download file requester on the page that looks legit.

You can't even click on the actual download links without interference, they capture your first (or more) clicks to open new windows and they emulate mouse clicks to make the browser start a "download file" window that looks legit since it's your own browser's file request window.

They keep finding ways to circumvent security functions in browsers. Sometimes they force you to disable some of the security settings (like you having to enable javascript etc.) to be able to get to the actual download.

I very very rarely use that kind of download "service". I only use it if I NEED a certain file that I haven't been able to find anywhere else after searching for it for weeks/months. I'm fairly security and privacy savvy and have no problem spotting those shenanigans and circumvent them. I hate the download sites used by DODI Repacks and FitGirl use. They don't care that they're horrible, malign and dangerous; they get a free service to upload files to and perhaps a tiny bit of revenue from all the ads and shit that you have to wade through.

If I absolutely have to use such a "service" I'll use Tor with the highest security setting and download via The Linkanator, a proxy tool that lets you direct-download files from a list of sites without going through the bullshit with ads, fake download buttons that lead to malign sites. There are also scripts and other tools that can circumvent some of the crap those download sites throw at you.

Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn!
Back to top
Page 1 of 1 All times are GMT + 1 Hour
NFOHump.com Forum Index - The Useless Void
Signature/Avatar nuking: none (can be changed in your profile)  


Display posts from previous:   

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB 2.0.8 © 2001, 2002 phpBB Group