No video
Hacker's Gave me a Game and I Found a Virus
Рет қаралды 400,315
Күн бұрынA hacker put malware on a Discord server that I hang out on, so naturally I downloaded it to see what it did. Instead of just running the software, I tried to reverse engineer it to get a peek underneath the hood at the assembly and see what was going on. I quickly found out there was MUCH more than what meets the eye with this malware.
🛒 GREAT BOOKS FOR THE LOWEST LEVEL🛒
Blue Fox: Arm Assembly Internals and Reverse Engineering: amzn.to/4394t87
Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation : amzn.to/3C1z4sk
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software : amzn.to/3C1daFy
The Ghidra Book: The Definitive Guide: amzn.to/3WC2Vkg
🏫 COURSES 🏫
Learn to code in C at lowlevel.academy
🔥🔥🔥 SOCIALS 🔥🔥🔥
Low Level Merch!: www.linktr.ee/...
Follow me on Twitter: / lowleveltweets
Follow me on Twitch: / lowlevellearning
Join me on Discord!: / discord
@acuifex Жыл бұрын
Now imagine what's it like for malware researchers. You go trough all of those hoops every day, just to find out that it's an xmr miner
@astronemir Жыл бұрын
It runs monero miner while waiting for something better.
@Kristukas1337 Жыл бұрын
let me guess not a big computer guy?
@mraloush8959 Жыл бұрын
@@Kristukas1337 average chris with python as his pfp acting like he knows everything. you probably tell your classmates you're a hacker
@Kristukas1337 Жыл бұрын
@@mraloush8959 I think the video on your channel speaks for itself
@claritix101 Жыл бұрын
@@Kristukas1337 lmao
@SpeckyYT Жыл бұрын
The creativity of the hacker to just name the game as an already existing one
@Rice7th Жыл бұрын
ooo ciao specky!
@aziskgarion378 Жыл бұрын
One that of a game that is very known and has a known indie developer. That's like writing FnaF 17, and people recognizing the user is not Scott Cawthon. Pretty sure the guy who wrote the malware isn't the same one who is spreading it.
@bombie Жыл бұрын
no way its the real specky
@whisconsin Жыл бұрын
@@aziskgarion378 To be fair, nowadays FNAF is community run, as Scott Cawthon retired.
@monhi64 Жыл бұрын
LLL had edited the vast majority of that scammer messages text so that no one actually typed that URL in and got scammed so I just assumed he (LLL) named it after a known game to be more anonymous. But yeah it’s definitely possible that’s the one part of the URL he didn’t change you never know
@billigerfusel Жыл бұрын
I could enjoy a 30 minute video on this topic.
@Suivezlegeek01 Жыл бұрын
True
@mehedimi Жыл бұрын
Yeah me too
@workforsurvive.1557 Жыл бұрын
Lol and so i can 😆
@slingshot99 Жыл бұрын
Count me in
@Boogie_the_cat Жыл бұрын
I would as well.
@bit0fun Жыл бұрын
Might not have been the hack of the century, but still interesting to learn what they were attempting to do. Could maybe do a video in the future trying to dig into it a bit more? Maybe even an overview on how to write a deobfuscator? Would be neat
@IlyesCodes Жыл бұрын
Yes pls
@noeaguilar4521 Жыл бұрын
I second that
@truestopguardatruestop164 Жыл бұрын
Yes
@kebman Жыл бұрын
It's the Hack of the ... Last Five Minutes! :D
@tamnker8465 Жыл бұрын
I wonder if chatGPT could deobfuscate… Hmmm…
@shimadabr Жыл бұрын
A longer video explaining the intricacies of your discovery process would be awesome.
@LowLevelLearning Жыл бұрын
Noted!
@pancak3 Жыл бұрын
@@LowLevelLearning this video is kinda useless since this wasnt sent by a human. it was a mass dm tool which has responses for everything
@spoils8179 Жыл бұрын
@@pancak3 but useful nonetheless because some people have no idea that this happens. Also an idea on what not to do, or how to run it in a decent environment.
@KunningFox Жыл бұрын
1:26 Looks like the malware maker uses Sprinthost's technical domain to host the virus. The subdomain is the username of the client. It might be a good idea to inform the hosting provider that one of their clients uses their servers for malicious purposes. The clients must provide the scan of their passport (or other documents if it's a legal entity) in order to use their services.
@luckichan Жыл бұрын
yeah i saw that too but its not really worth it tbh well if i wanted to maybe for the lulz yk
@Renni-kg6vf 8 ай бұрын
@@luckichan ???
@luckichan 8 ай бұрын
@@Renni-kg6vf the domain is known for malware
@ZarkWiffle Жыл бұрын
A friend of mine got hit with a similar scheme but this one stole passwords and other data from chromnium browsers. Once I found the malwares put requests I may or may not have uploaded a few hundred fields of fake generated data into their server.
@vinylSummer Жыл бұрын
Should've made an sql injection
@balllord3546 Жыл бұрын
@@vinylSummer stealers dont store data in sql dbs most of the time and if they do it is most likely sanitized so wouldnt work
@ggsap 6 ай бұрын
@@vinylSummer what is this? the 90s? if they smart enough to develop such kind of software they surely wont have a sql injection vuln lol
@fwilhe Жыл бұрын
Nice. Tell us more about the sandbox tool at 1:45. Is that something I should know about? I was expecting a VM, is this some wrapper for a (cloud?) VM? What considerations do you make before running sketchy binaries to avoid them breaking out of the sandbox and affecting the host system?
@fwilhe Жыл бұрын
@@Finkelfunk thanks I never heard of that before
@zafmafattack Жыл бұрын
Sandboxes designed for malware are pretty much normal virtual machines with extra features to help with analysis. Sandbox escape malware isn't usually an issue for the analysis environment if other precautions have been taken like making an isolated network segment (with a managed switch you can create vlans)
@CunningBard Жыл бұрын
thoughts on windows sandbox?
@kirill9064 Жыл бұрын
@@tacokoneko Sandboxie-Plus. It is open source too.
@natsudragneelthefiredragon Жыл бұрын
@@tacokoneko But its still on YOUR device...
@TowelPanel1852 Жыл бұрын
FYI, the first stage is called a dropper because it downloads/drops malware from another computer onto yours
@CallousCoder Жыл бұрын
“I just ran it” and that actually is often the easier thing to do. Because some code can indeed be hellishly obfuscated or even compressed and/or encrypted and to reverse engineer that can take ages. Just running it, whilst having wireshark logging and memory dumping the data segments and on Linux I live to run strace or Solaris truss as well. And see what kernel calls with what data are done. Now I never reversed engineered malware but mainly copy protection and old unsupported software (statue of limitations has passed 😂), or create cheats in games (a lot of that on this channel too) and debug unsupported code that still ran (and probably still is).
@jumanji4037 Жыл бұрын
This is really interesting, the entire idea of reverse engineering and looking for those hard coded urls and files is really smart. I’d love to see a course on decompiling executables and understanding their purpose. Happy new year!
@softwarelivre2389 Жыл бұрын
Doesn't work if it obfuscates URLs (like calling a parse function from some weird encoding made just for that purpose), or if if just uses good old plain encrypting/decrypting on the go. But network analysis should capture it just fine.
@ChrisTheCringe Жыл бұрын
In a real world scenario, viruses would have that URL obfuscated. It wouldn't be that easy.
@balllord3546 Жыл бұрын
@@ChrisTheCringe true.
@KaneYork Жыл бұрын
@@ChrisTheCringe this was a real world sample!! The first stage just didn't use advanced protections like the 2nd did
@Rottenham12345 Жыл бұрын
It would be great to see a detailed video on how you reverse engineered this. You speak through your process so casually when it’s actually super impressive stuff you’re doing that I’m sure a lot of us would like to better understand
@balllord3546 Жыл бұрын
what details do you need he pretty much explained it all.
@casquinha132 Жыл бұрын
Because it's not super impressive, you just lack background.
@Rottenham12345 Жыл бұрын
@@balllord3546 there is a difference between a summary and a detailed explanation my friend.
@bigdraco3006 Жыл бұрын
all he did was look at strings in ida and run it in a sandboxer tho xd
@balllord3546 Жыл бұрын
@@Rottenham12345 bigdraco literally said all he did. this is literally all he did there is no more detail to mention unless u want to look at the sandbox’s analysis more as he didn’t unpack the final stage
@heroclix0rz Жыл бұрын
Would be good to explain in as much detail as possible what steps you take to ensure a virus will not be run on your main machine and will definitely be isolated to the sandbox of your choice. Don't want a random 14 year old feeling invincible, only to get their mom's laptop pwned because they don't know how to put a VM in the DMZ.
@ryans3979 Жыл бұрын
He isn't using a VM machine in this video
@ToxicAtom Жыл бұрын
considering the sandbox he uses isn't running on his network and instead is an open web-based platform designed for inspecting malware, I'm pretty sure nobody will get the wrong idea from this video
@akirekoko7415 Жыл бұрын
@@ToxicAtom ninja
@khalilovitch_ Жыл бұрын
Great video, I would enjoy a detailed explanation of your approach to reverse engineer the binary
@LowLevelLearning Жыл бұрын
Coming soon!
@kebman Жыл бұрын
@@LowLevelLearning Looking forward to it!
@9superswords630 Жыл бұрын
There are a lot of good malware reversing researchers here on youtube. Many don't like to/are not capable of jumping into IDA. This is great!
@NutflX Жыл бұрын
i almost fell for this a few months ago but the part that made it believeable was it from one of my friends hacked accounts. and he was developing a basic platformer so i didnt think twice about it. i only realised once a cmd opened and discord restarted to the login page.
@TheTacticalTuna Жыл бұрын
That sucks, did you just reinstall windows after that?
@stevenglikin3219 Жыл бұрын
That's like "almost" falling for an irs scam when you already gave them 500$ of gift cards
@wChris_ Жыл бұрын
actually your IP doesnt matter! just restart your router and you will get a new one. leaking your IP address is only an issue if you have a static one which im 99.99% sure you dont have.
@LowLevelLearning Жыл бұрын
DHCP be like
@wChris_ Жыл бұрын
@@LowLevelLearning DHCP only assigns private IPs to your devices connected to your router. You probably have heard that we are running out of IPs and for the most part this is true, but to combat that issue NAT was invented, which resolves this issue by translating your private IP address into the public IP everyone see on the internet. This way IP addresses are not wasted to end users who realy dont need them.
@wChris_ Жыл бұрын
@@LowLevelLearning you can check that you really only have 1 IP by searching 'what is my IP' or something similar on multiple devices.
@Sevenhens Жыл бұрын
@@wChris_ ISPs give out residential IPs by DHCP themselves (hence why your IP can change when you restart your router).
@vyldim3401 Жыл бұрын
0:33 Folders named \Cryptor\Loader runpe huh? Really subtle hacker, reaaaaly subtle
@LowLevelLearning Жыл бұрын
Yeah they left a TON of build artifacts in that loader. Wild.
@gridfighter 4 ай бұрын
This is actually a great topic. I have a few games that are open source but the only remaining versions of them are infected. So here I am learning how to decompile them to remove the malicious part and compile them again.
@davidmurphy563 Жыл бұрын
".ru" what a surprise.
@jp4_ Жыл бұрын
php file's named bebra as well which is a russian meme so
@bill8126 4 ай бұрын
anyone from anywhere could rent that russian hosting. So it doesn't usually say about hacker nationality
@mbrofoc 4 ай бұрын
xD...
@mbrofoc 4 ай бұрын
@@bill8126yeap. Some people need to see the host map around the world and realize that you don't need any identification docs about you to buy host😂
@billyjoejimbob75 Жыл бұрын
That's funny. Always wondered why nobody ever took my old DOS screensavers back in the 90s. Then I realized they thought everyone on the internet was out to get them.
@idogaming3532 Жыл бұрын
What do DOS screensavers have to do with this?
@chadengineer Жыл бұрын
Nice video, you should do more videos about this IDA tool, it's really interesting
@LowLevelLearning Жыл бұрын
More to come!
@Littlefighter1911 Жыл бұрын
I've received a very interesting malware once, that was a Java file, but all classes and functions were renamed to sound like they were part of a game. (Like "Map", "House", "Inventory", etc.) But if you looked into the classes you could see by the behavior that this wasn't a game at all. So be careful when trying to assume things from using string. Some madman might have been smart enough to just rename everything.
@ThatNiceDutchGuy Жыл бұрын
Yes or appended some sneaky code into legit classes.
@fridosteffers891 Жыл бұрын
Happy new year! Thanks for sharing this very nice piece of information! There’s a lot to learn I guess 😀 Keep them coming, I’m hooked 😉
@LowLevelLearning Жыл бұрын
Thank you! You too!
@pedroaviladressler310 Жыл бұрын
very intelligent od someone to drop an malware disguised as a game, on a programming discord community
@SkippyDa Жыл бұрын
I had a similar thing, got send to a website to download their game, reverse engineered it, was a basic cookie/discord session stealer, including the non obfuscated code.
@GedasTM Жыл бұрын
Finding playtesters will now be even more difficult 😟
@Pedakin Жыл бұрын
This is why I can’t just “throw on a video” around people for everyone to watch. This is the kind of shit I like.
@Wannabe-channeL Жыл бұрын
Because of the hacker like this. As an indie game developer, it’s hard to find someone to play my game and they started accusing me of being a scam 😔
@cpaw Жыл бұрын
I wish one of my friends knew about scams like this before he lost his whole online presence due to a virus
@badfitz66 Жыл бұрын
I got a similar one once, but from a friend, who was actually in gamedev at the time, so I didn't question it. I downloaded and ran it and noticed that: 1. it opened the nodejs terminal for a split second 2. i was suddenly and suspiciously logged out of discord I suspect it was some sort of keylogger (most likely injected itself into discord hence the nodejs stuff, logged me out, and waited for me to put my login details again). I of course deleted the virus and nuked discord before reinstalling.
@nanahiiragi723 Жыл бұрын
If it closed discord that means your token was stolen. Discord (and other apps) have some protections in place for having the token stolen, so it only stores the token in a readable state when closed. But, logging out refreshes the token, so it also injects itself into discord to capture new tokens when you log in again. They also are usually stealers (or at least, include stealers, because why not), usually stealing saved passwords from browsers, crypto apps, tokens of other applications, saved credit card details, etc first.
@balllord3546 Жыл бұрын
@@nanahiiragi723 this simply is not true (that discord has protections for having your token stolen
@slavic_commonwealth Жыл бұрын
@@balllord3546 nope. if you run virus, then your discord token can be easily stolen
@gtxg. Жыл бұрын
@@nanahiiragi723 tokens are stored in cookie, cookie is easily grabbed
@balllord3546 Жыл бұрын
@@gtxg. no theyre stored in localStorage
@annareichelt5997 Жыл бұрын
I consider myself somewhat critical when it comes to downloading and executing software from unknown sources, but man, I would've definitly been the idiot who downloaded that "game" to be nice. Thanks for reminding me that 1. Malware could be anywhere and 2. I am an idiot
@dejangegic 10 ай бұрын
You're not an idiot, just a friendly and helpful person.
@CupidGaming522 Ай бұрын
Yeah this is a pretty common discord scam, seen it too many times. Funny everytime, great breakdown.
@lynx1436 Жыл бұрын
There's been a virus around on discord working kind of the same way as this although it gets access to accounts and someone text the hacked accounts friends from it which makes it so people dont think about downloading the file and running it. My best friend had this happen to them and the hacker sent the file to me from their account and i almost fell for the trap, my friend is too stupid to make a game so was skeptical from the start ahha
@starseer986 Жыл бұрын
would be nice if you explained some of the other stuff more, like why it took a desktop screenshot.
@bill8126 4 ай бұрын
for example bank app shortcuts or something valueable
@minirop Жыл бұрын
I miss the time where the discord malwares where simply stealing your discord token to get access to your account by sending it to a webhook. I had fun times spamming the webhooks with disgusting imagery.
@balllord3546 Жыл бұрын
these still exist
@minirop Жыл бұрын
@@balllord3546 sad then. I only got crypto miners in the past year or so.
@toperri 10 ай бұрын
just found this channel and I can't stop watching his videos
@user-hp1zj2qu6j Жыл бұрын
the last thing you must do: DDOS THEM.
@iuhere Жыл бұрын
whoa , this is new content or am i missing such content on your channel, may be youtube is filtering such content of your channel to not show in my noti... they might be watching me (or my history) 🤣 as if... anyways great video , never thought of skipping as every second of the video was nicely curated and data being pitched in simple way. the comic timing was awesome and fairly placed with the context of the video. Keep up the good work, simply put enjoyed this one.
@shayanaayan6533 Жыл бұрын
Me looking up reverse engineering malware.. Because i downloaded a pre activated software i need for my work... And here i am... Learning something new throughout the vid Thank You 💯
@nachosncheez2492 Жыл бұрын
reverse engineering series ? tips and tricks and longer beginner to advanced videos?
@technomind88 Жыл бұрын
I liked the part where you "found their IP address"
@beastly_neon Жыл бұрын
There was a similar malware campaign from 6 months ago where they ask people to check their game and it check, saved passwords, discord auth token, cryptocurrency information, etc to a russian ip. My friend got hit by it and they stole discord token and ran it using a automated to script to further distribute the malware to all server and his friends
@Defiler151 10 күн бұрын
Ngl this was sent to me by my friend (he was hacked) and I thought it was my friend who actually sent it, so I opened it and literally all my accounts were stolen. Luckily I managed to recover every single on of them. Be safe out there ladies and gents
@dibaterman Жыл бұрын
Yeah, doing that in a dev discord is kind of crazy. You're bound to have a few folks whole be energetic enough to figure out what's up. Plus in most cases the games should be hosted not downloaded. Webgl exists for this reason.
@TheOneTrueDragonKing Жыл бұрын
This is a VERY common occurrance on Discord. Hackers, malicious actors, cybercriminals, even terrorists.
@dotnet9830 Жыл бұрын
obviously
@pixel690 Жыл бұрын
interesting, the "games" i receive off of random people on discord are usually a packed nodejs program that attaches some sort of discord logger onto your client that sends them any sensitive information you may input into discord such as passwords, credit card details, etc via a webhook
@phoenixplays2800 Жыл бұрын
that may be Doenerium off of github, hate to see it
@ashfaquekhan7282 Жыл бұрын
can you please make some tutorials, or a roadmap video on how to get started with low level programming and what should a normal beginner level coder do to learn the extreme basics stuff like reversing a software and how to read it , not only for knowledge purpose but as a career too
@not_herobrine3752 Жыл бұрын
reminds me of the time i wanted to watch a movie and ended up finding out that its a piece of shitty malware with a stupider method of delivering its payload
@shapelessed 7 ай бұрын
"Hacker is gave me a game" - What a great and completely correctly written title.
@sgmvideos5175 Жыл бұрын
That's reason why so hard to actually make people test my games everyone thinks it's virus T_T
@ivanignacio2353 3 ай бұрын
how is called that app that you used for sandboxing? Great video
@pr0xythegodofhax Жыл бұрын
thanks for making a video about this, you never fail to amaze me :) love reverse engineering
@LowLevelLearning Жыл бұрын
Glad you liked it!
@pr0xythegodofhax Жыл бұрын
@@LowLevelLearning also what's the name of the online sandbox you used?
@ryyott Жыл бұрын
Bro could have given you a legit game with a silent miner compiled into it and most people would have no idea. Weird hacker with absolute no idea...
@sebgamingkid Жыл бұрын
This is why i block connections for software that i don't 100% trust before i run it even if tested with an antivirus
@Majkieboy Жыл бұрын
Long form reverse engineering stuff would be great. That's the field I'm trying to get into at the moment. Need more malware to practice on however.
@ThatNiceDutchGuy Жыл бұрын
I had this several times already. It installed Windows, it was full of monitoring user metrics.
@giftfromyoutube Жыл бұрын
Man I would sit and watch a 3hours full video on this issue without getting tired. I loved it. Some more pls
@Voorhees-Jason Жыл бұрын
I gotten that type of DM's like 4 times from random people. I ignore them generally but, the very last guy that tried, I was curious of what the scam was since it was the same pattern as I know there is scams on discord. I asked him what kind of game it was blah blah blah. He did not give me much info so I confronted him about how is it that I get DM's from different people with the exact same story. He never replied lol.
@theejoshhh Жыл бұрын
I fell for this one myself! Not sure why I ran the file, I was like 99% sure it was a hacker but they messaged me from a friend's account that I hadn't spoken to in a while. Not sure exactly what happened in the background but I'm relatively certain they stole my cookies. I found them logged into my discord and kicked them off almost immediately before wiping my whole system.
@ryanaxtell5069 Жыл бұрын
How about this. Make the malware writers regret the day they touched your server. Make them shit their pants and scream that all their data and bitcoins are gone. When in reality, they're just crying wolf for no reason.
@Nethezbet 9 ай бұрын
It is more sad that they know if they forward it to enough people, SOMEONE will run it.
@lunareclipse363 Жыл бұрын
I have seen malware that steals your discord token and uses your account to spam your friends with the same message that got you (probably not the only thing it does).
@aimeblack Жыл бұрын
man you have cool job, i wish i know how you do or where did you learn all of that. Its so cool.
@alphaknight1181 Жыл бұрын
that "game me and my friends made" actually sounds like the users discord account was hacked and then the hacker sent the malware to everywhere that user was on in hopes some would click it
@christianlbrannan1 Жыл бұрын
Hey I had this happen to me from someone I thought I could trust. I think they hacked my friends account and msg me through the account, thats why I thought It was trustworthy (I try to stay safe on the internet but things happen) Long story short Im still worried some of the malware could still be in my comnputer. Do you have any recommendations of how I can double check my system is clean @Low Level Learning
@farukdz2084 9 ай бұрын
it feels amazing to understand assembly language
@JUIYKI Жыл бұрын
Nice video man, be careful with your IP
@mathildaleina4771 Жыл бұрын
Can someone make a game where the plot is making all your files encrypted like how ransomware works. Instead of paying to get access to your file, the victim must play a lot of puzzles, mystery or any games that filled with like lore. For example, the encrypted files will be called "princess" and the victim is the hero. The hero must finished all task like puzzles and secret messages to get access to another levels until they reach the final level where they save the princess "their encrypted files" and that virus is completely gone to the computer. i found it interesting but no one done it.
@Miles-co5xm Жыл бұрын
Just wanted to check it someone can reverse my malware, thank you!
@atalamcom1941 Жыл бұрын
Mom can we have Celeste 2? Mom: we have Celeste 2 in home Celeste 2 in home:
@TheMiningLeon Жыл бұрын
I reverse engineered an .exe compiled python cookie logger, got bros webhook and spammed it
@jaroldsabillon7689 Жыл бұрын
I would love to learn how to do some of this stuff! Where can I get started? Additionally, would something like Virtual Box work to run the virus? If not what do you use?
@6-1-6 Жыл бұрын
Fun fact - I received a version of this virus and wanted to do the same thing. I received a zip file. They encrypted it with a password **which they did not provide to me**. So I literally *couldn't* have received this malware if I wanted
@alexestefan7521 Жыл бұрын
Guessing the game requires admin privileges like anything else on windows
@jumper0122 Жыл бұрын
I could watch videos of malware analysis all day. I'd love to see more of it!
@kebman Жыл бұрын
There's a reason I clicked this video instead of Fun Meme Video No 1003.
@emeraldArmy4267 Жыл бұрын
Buy a Course then. I bought it was soo cool
@honokasawada9170 Жыл бұрын
Please make a video on obfuscation, I would love to learn more about it!!!
@magnusm4 8 ай бұрын
What I wonder is how their code could just be run and automatically be allowed to disable essential defense programs. Shouldn't there be tons of checks screaming "Yo you're shutting down Windows Defender? No problem we'll just shut down all access to the computer, reboot and automatically put it in safe mode while writing a report on what you just tried to do".
@DccToon Жыл бұрын
wait, the person named "not a hacker" reminds me of when i created my discord account, i called it "not a hacker" but then i decided to change it
@the_person 3 ай бұрын
This is cool, also helped me discover the strings program and what it does :DDD
@htbmixbox Ай бұрын
funfact: now this link returns error but the entire site seems to be so scetchy that virustotal reports this site as malware even with 400
@jacobp.2024 Жыл бұрын
All that work just to harmlessly mine Minero. I'm honestly impressed he didn't take it any farther.
@RoundShades Жыл бұрын
Should have traced his ip and hit it so it couldn't take traffic anymore, making all the previous victims at the very least a loss profit for them.
@BichaelStevens Жыл бұрын
I recommend putting the actual conversation screenshots instead of live recreation facsimiles
@MrSpace5260 Жыл бұрын
it would be so good if you said "nice mining simulator" 😂
@ArianB Жыл бұрын
I got the same malware on my system It's kinda impossible to remove but it did not really harmed my device (i even found the screen shot it took) XD
@paradoxclover8799 Жыл бұрын
Wow. I actually received a DM with a request like this a while ago, I told them I would soon and I promptly forgot about it a few minutes later. They asked if I had played it the next day or the day after and I told them I was busy (I wasn't busy I was just too lazy to play it). I forgot about that person and the game a few minutes later after replying. I didn't know that was a scam until now!
@blankspace1959 Жыл бұрын
this was awesome, I would like to see this more in depth . keep up the wonderful work.
@TheMaryusz91 Жыл бұрын
Really nice and clear content, thank you to make people mora aware of how this kind of attacks work! 🙂
@tastyshadow5489 Жыл бұрын
Dumb people: download malware Smart people: avoid malware Reverse engineers: download malware
@CZghost Жыл бұрын
Cue to sending fake rickroll malware through Discord :D
@HypeLevels Жыл бұрын
Actually got sad this was only 2 minutes :(
@baali9097 Жыл бұрын
So would you say Ida got your back. Love the content
@es_zyg Жыл бұрын
What happens if they encrypt the string is it make the "game" more sus
@arodtube7668 Жыл бұрын
Lmao. “What the hell dude” Do you think they ACTUALLY stood a chance? 😂
@romoney Жыл бұрын
when will they find out that games have many folders and files for it to run
@stanleyyyyyyyyyyy Жыл бұрын
"in my favourite disassembler - Ida". Yeah, 2-4k Euros/licence. Everyone's go-to tool!
@marouaniAymen Жыл бұрын
Excellent video, what is the tool for the sandbox that did you use, is it a VM (windows on Virtual Box for example) ?
@ItsaGlitch1 Жыл бұрын
this happened to me, but they stole my passwords
@Ldinos Жыл бұрын
Does that mean that if you run this without internet access, it will do nothing?
@DaxyGamer Жыл бұрын
well it will still disable registry antivirus etc and probably store itself in registry/startup for persistence
Low Level Learning
Рет қаралды 839 М.
Low Level Learning
Рет қаралды 629 М.
Friendeez
Рет қаралды 21 МЛН
Фани Хани
Рет қаралды 3 МЛН
Cool Items Official
Рет қаралды 68 МЛН