lol666
Blockchain Consensus Specialist
2
MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1
200 XP
Recently I have been using tools from this forum and I have come across some things.
There have been some malicious exe files being spread and I am here to let everyone know, so admins please do not delete this post.
Malify
I am almost 99% positive that Malify is a virus.
I aswell as some others have used programs to see, there are some HTTP requests that are happening when malify is closed. I will show below
"Mailify.exe" touched file "%WINDIR%\Microsoft.NET\Framework\v1.0.3705\clr.dll"
"Mailify.exe" touched file "%WINDIR%\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll"
"Mailify.exe" touched file "%WINDIR%\Microsoft.NET\Framework\v1.1.4322\clr.dll"
"Mailify.exe" touched file "%WINDIR%\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll"
"Mailify.exe" touched file "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\clr.dll"
\ThemeApiPort"
With Malify not running, there should be nothing running.
%WINDIR%\assembly\NativeImages_v4.0.30319_32\Mailify\*
%WINDIR%\assembly\NativeImages_v4.0.30319_32\mscorlib\*
%WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Configuration\*
%WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Core\*
%WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Drawing\*
%WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\*
%WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\*
%WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Xml\*
%WINDIR%\assembly\NativeImages_v4.0.30319_32\System\*
I would advise you to delete it immediately, as you will have you crypto stolen as I have
Here is proof of money leaving my wallet, with a note "Sorry" in Russian.
If we follow the ether scan, we can see that it was sent to this address.
If we follow that address, we can see that it is automatically wired to another address.
This address has over 59k in it as of RIGHT NOW with CONSTANT money coming in.
I can guarantee you that this is a virus and should not be used.
Virustotal link https://www.virustotal.com/gui/file...b2e173c31aa98a02cf607e07eb783fd0b1c/detection
There have been some malicious exe files being spread and I am here to let everyone know, so admins please do not delete this post.
Malify
I am almost 99% positive that Malify is a virus.
I aswell as some others have used programs to see, there are some HTTP requests that are happening when malify is closed. I will show below
"Mailify.exe" touched file "%WINDIR%\Microsoft.NET\Framework\v1.0.3705\clr.dll"
"Mailify.exe" touched file "%WINDIR%\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll"
"Mailify.exe" touched file "%WINDIR%\Microsoft.NET\Framework\v1.1.4322\clr.dll"
"Mailify.exe" touched file "%WINDIR%\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll"
"Mailify.exe" touched file "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\clr.dll"
\ThemeApiPort"
With Malify not running, there should be nothing running.
%WINDIR%\assembly\NativeImages_v4.0.30319_32\Mailify\*
%WINDIR%\assembly\NativeImages_v4.0.30319_32\mscorlib\*
%WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Configuration\*
%WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Core\*
%WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Drawing\*
%WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\*
%WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\*
%WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Xml\*
%WINDIR%\assembly\NativeImages_v4.0.30319_32\System\*
I would advise you to delete it immediately, as you will have you crypto stolen as I have
Here is proof of money leaving my wallet, with a note "Sorry" in Russian.
If we follow the ether scan, we can see that it was sent to this address.
If we follow that address, we can see that it is automatically wired to another address.
This address has over 59k in it as of RIGHT NOW with CONSTANT money coming in.
I can guarantee you that this is a virus and should not be used.
Virustotal link https://www.virustotal.com/gui/file...b2e173c31aa98a02cf607e07eb783fd0b1c/detection