minus-squareTreasure@feddit.orgtoPiracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ@lemmy.dbzer0.com•Are these two rar files malware? (virustotal results)linkfedilinkEnglisharrow-up22·7 days agoTLDR: I can’t say for 100% sure, but there are multiple reasons to believe that this is malware. Long version: I’m seeing multiple suspicious things here. The IPs being connected to are part of some hoster and have some abuse reports: https://www.abuseipdb.com/check-block/217.20.58.98/29 The domain being resolved is qcloud[.]com, which belongs to Tencent Cloud and definitely not Microsoft. Other domains in memory like counter-strike[.]com[.]ua are very new and definitely sound fishy. A standalone version of 7zip is being run and extracts the created rar file with the password “infected”. Real alarm bells here. A lot of the registry actions look like anti-debugging, which does not sound like something an Illustrator Plugin would do. linkfedilink
TLDR: I can’t say for 100% sure, but there are multiple reasons to believe that this is malware.
Long version: I’m seeing multiple suspicious things here.
The IPs being connected to are part of some hoster and have some abuse reports: https://www.abuseipdb.com/check-block/217.20.58.98/29
The domain being resolved is qcloud[.]com, which belongs to Tencent Cloud and definitely not Microsoft.
Other domains in memory like counter-strike[.]com[.]ua are very new and definitely sound fishy.
A standalone version of 7zip is being run and extracts the created rar file with the password “infected”. Real alarm bells here.
A lot of the registry actions look like anti-debugging, which does not sound like something an Illustrator Plugin would do.