>>57360649
some anon extracted a Chinese virus
and another wanted to test it in a vm
it was sugested that it could break out of vms do we have any process now
>>57370440
>break out of vms
Could this possibly be true?
>>57370871
Probably not, but you could just run a Windows VM from a Linux machine. Even if it somehow breaks out, it can't do anything.
>>57370871
Yes it it hijacks the clients virtualization manager or escapes past kernel level privileges to inject code into the hypervisor into the host process.
Repost from last thread:
Seems to download from get.fc-gosh.biz/launch_askar.php which seems to supposed to redirect to a stub generator to "installersetup.exe". The site is no longer up, so there is no telling what is in this file
>>57371553
and that installsetup is supposed to download from http://up.sdfuus98d7f.xyz/launch_v5.php?p=sevenzip&pid=2732&tid=8822170&b_typ=pe&n=SW50ZXJuZXQgRG93bmxvYWQgTWFuYWdlciB2Ni4y&reb=1&ic=
which is also down...
>>57371553
>>57371585
I'm the one who uploaded the file. I'll see if I have the rest of it. I made a disk image of the infected machine so it should be there. Gimme 5 minutes.
>>57370871
>Could this possibly be true?
It's possible, I don't know about that particular one, but yes.
>>57370440
Has there been any virus that screws up anything other than the HDD?
I could download and run that shit on a USB drive, with my other drives disconnected... right?
>>57372481
>Hi_I_am_here_for_the_job_interview.jpg
>>57370440
>virus probing vm like fbi probing weiner
>virus finds escape hatch
>lands in new world
>WE KANGZ NOW
>virus dies with no lines of code executed
>Virtual PC on a Power Mac G5
Where is your Chinaman now?
>>57372065
I found it. Gonna upload it now.
>>57370440
It's much more likely to spread through your local network, so don't connect the VM to your network
>>57372065
>>57373046
>>57371585
>>57371553
Okay so I did a little more research and it turns out there apparently is no payload except for the one that was hosted on line. The rest of this software is genuine, and so only this .exe was the problem.
I guess who ever made this took down the payload server or something, at any rate it seems to not be functional without it.
However, I still have a sector by sector image of the infected machines HDD. Unless it was all stored in RAM, there should be traces of it, right? Anyone know how/where I should begin to try and dissect something out of this image?
Talking about viruses, anyone happen to have taihen.nds?
It's a famous rom for Nintendo DS from many years ago that bricks it.
https://www.youtube.com/watch?v=7CWI5Rs5Qwk
>>57373559
I've been scanning the infected image, it seems to have found something. Hopefully it's the downloaded payload. Will report back when it's done.
>>57372481
New ones? no.
Old patched ones? yes.
>>57375049
Allright, so this is what it installed (that windows defender could find anyway).
I'm sure they will download other stuff if you let them loose, after all I shut down when they tried to force reboot my machine.
Do you want them OP?
>>57375535
Run Malwarebytes and Adwcleaner?
>>57375554
No need, these are in a read-only image of the disk post infection with the Chinese virus.
>>57375535
Yes please
>>57370871
yes
>>57375535
Yes
>>57373559
>I guess who ever made this took down the payload server or something, at any rate it seems to not be functional without it.
spooky