im interested in what he was trying to steal....
Good he got tossed. Many thanks
Good he got tossed. Many thanks
Bitcoins or your bitcointalk account most likely (possibly even both).
Topic: user: DekoliteNom is banned, can you help decompile his malicious code? (Read 152 times)
global moderator
Activity: 3794
Merit: 2615
Join the world-leading crypto sportsbook NOW!
August 09, 2018, 02:49:21 PM
Bitcoins or your bitcointalk account most likely (possibly even both).
August 09, 2018, 02:46:36 PM
He was already banned. I've just removed all the posts though.
Good to have quick response. There is one left to remove though: http://archive.is/nRQm6Removed.
legendary
Activity: 1848
Merit: 1165
My AR-15 ID's itself as a toaster. Want breakfast?
August 09, 2018, 01:53:48 PM
im interested in what he was trying to steal....
Good he got tossed. Many thanks
Good he got tossed. Many thanks
August 09, 2018, 01:35:19 PM
He was already banned. I've just removed all the posts though.
Good to have quick response. There is one left to remove though: http://archive.is/nRQm6 global moderator
Activity: 3794
Merit: 2615
Join the world-leading crypto sportsbook NOW!
August 09, 2018, 01:32:57 PM
He was already banned. I've just removed all the posts though.
legendary
Activity: 1848
Merit: 1165
My AR-15 ID's itself as a toaster. Want breakfast?
August 09, 2018, 01:26:40 PM
Ok; So this guy posted something suspicious....
He posted a link to a .doc file with quite an unambiguous name (direct quote at the bottom)
So I looked into it:
Downloaded a copy and 7zipped it for the archive...
opened in nano. Looks like a photograph for the most part... but with a bunch extra tacked on; just very little word formatting. Ok, dig deeper.
Went to the weboffice and generated this link: https://view.officeapps.live.com/op/view.aspx?src=http%3A%2F%2Faziznews.ru%2Ffoto%2FCoins_Pump_Today.doc
Now I can safely see the photo and contents of the document through the link; and what you see.... is a blurred photo asking you to disable some security features in office.
Yikes.
So;
You guys; I know you are resourceful. What can you get out of that .doc file to see what its trying to do extra? That part is slightly out of my realm, plus I don't have VM's to test with or anything at the moment.
Can we get enough on this guy to get him a permaban?
This guys type of posting, trade rating... and not to mention; the last 117 posts of his were spamming this .doc file. so... there must be something I am onto here...
He posted a link to a .doc file with quite an unambiguous name (direct quote at the bottom)
So I looked into it:
Downloaded a copy and 7zipped it for the archive...
opened in nano. Looks like a photograph for the most part... but with a bunch extra tacked on; just very little word formatting. Ok, dig deeper.
Went to the weboffice and generated this link: https://view.officeapps.live.com/op/view.aspx?src=http%3A%2F%2Faziznews.ru%2Ffoto%2FCoins_Pump_Today.doc
Now I can safely see the photo and contents of the document through the link; and what you see.... is a blurred photo asking you to disable some security features in office.
Yikes.
So;
You guys; I know you are resourceful. What can you get out of that .doc file to see what its trying to do extra? That part is slightly out of my realm, plus I don't have VM's to test with or anything at the moment.
Can we get enough on this guy to get him a permaban?
This guys type of posting, trade rating... and not to mention; the last 117 posts of his were spamming this .doc file. so... there must be something I am onto here...
Jump to: