>>52223725 some program probably passed a chararray to CreateFile without a terminating null and garbage on the stack/heap outside of the intended buffer got interpreted as UTF-16.
its probably nothing. very rarely does the existence of chinese characters actually indicate the existence of chinese hackers or anything like that. most times, binary garbage getting coverted to a character set end up displaying as chinese characters because there are so goddamn many and they are all larger values.
>>52223773 its such a huge range that its pretty common. have you ever noticed that very often when you look at non character buffers as utf-16/unicode (via "du [addr]" in windbg or the like) ? This is that same thing. I've seen that many times in the 15+ years I've been writing native code. For the last 10 years of doing malware analysis, I've never seen a piece of malware put down files using the authors system encoding. I'm not saying it couldn't happen, but I've never seen it.
whatever it is it's not working right because it put it's shit in %homepath%\appdata instead of local, locallow, or roaming. the registry ties all of these directories together, if something is storing it's shit in appdata it will have to be in roaming, local, or locallow. most shitware stores its things/itself in roaming.
just out of curiosity it has 1Kb worth of whatever, open it with notepad. lets see it.
>>52224011 indeed, not an issue with utf-8. whatever is making that file may have some interesting memory corruption bugs, if thats something you're interested in. Never know, might get lucky and find an RCE bug. Stuff like this is a pretty clear indicator that whoever wrote that code was less than meticulous.
>>52224801 > tencent or sogu > trying this hard to sound cool on the internet
Neither of those pieces of malware are remotely related to this problem. Especially considering OP is having the exact problem described by the GTA help forum article.
Also, the fact that a piece of code was compiled on a computer with its locale set to some chinese locale would somehow make it spit out shit in chinese filenames is a total amateur assumption. Its just not how it works. The author would have needed to hardcode or derive those characters specifically, and while the sogu and tencent authors aren't exactly the best of the bunch, they aren't retarded.
>>52225015 Considering the fact that the filename is that which is caused by a common programming error, I'm going with probably nothing, because in the majority of cases thats what it is. But, how would we have security theater if we didn't just jump to the "could be encrypted PII" conclusion first. Most of the files on the computer don't have encrypted personally identifiable information in them and up to this point there is no reason to indicate that this file is any different.
All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the shown content originated from that site. This means that 4Archive shows their content, archived. If you need information for a Poster - contact them.
If a post contains personal/copyrighted/illegal content, then use the post's [Report] link! If a post is not removed within 24h contact me at firstname.lastname@example.org with the post's information.