Chinese virus progress

some user extracted a Chinese virus
and another wanted to test it in a vm
it was sugested that it could break out of vms do we have any process now

Other urls found in this thread:

up.sdfuus98d7f.xyz/launch_v5.php?p=sevenzip&pid=2732&tid=8822170&b_typ=pe&n=SW50ZXJuZXQgRG93bmxvYWQgTWFuYWdlciB2Ni4y&reb=1&ic=
youtube.com/watch?v=7CWI5Rs5Qwk
twitter.com/NSFWRedditVideo

>break out of vms
Could this possibly be true?

Probably not, but you could just run a Windows VM from a Linux machine. Even if it somehow breaks out, it can't do anything.

Yes it it hijacks the clients virtualization manager or escapes past kernel level privileges to inject code into the hypervisor into the host process.

Repost from last thread:
Seems to download from get.fc-gosh.biz/launch_askar.php which seems to supposed to redirect to a stub generator to "installersetup.exe". The site is no longer up, so there is no telling what is in this file

and that installsetup is supposed to download from up.sdfuus98d7f.xyz/launch_v5.php?p=sevenzip&pid=2732&tid=8822170&b_typ=pe&n=SW50ZXJuZXQgRG93bmxvYWQgTWFuYWdlciB2Ni4y&reb=1&ic=
which is also down...

I'm the one who uploaded the file. I'll see if I have the rest of it. I made a disk image of the infected machine so it should be there. Gimme 5 minutes.

>Could this possibly be true?
It's possible, I don't know about that particular one, but yes.

Has there been any virus that screws up anything other than the HDD?

I could download and run that shit on a USB drive, with my other drives disconnected... right?

>Hi_I_am_here_for_the_job_interview.jpg

>virus probing vm like fbi probing weiner
>virus finds escape hatch
>lands in new world
>WE KANGZ NOW
>virus dies with no lines of code executed
>Virtual PC on a Power Mac G5

Where is your Chinaman now?

I found it. Gonna upload it now.

It's much more likely to spread through your local network, so don't connect the VM to your network

Okay so I did a little more research and it turns out there apparently is no payload except for the one that was hosted on line. The rest of this software is genuine, and so only this .exe was the problem.

I guess who ever made this took down the payload server or something, at any rate it seems to not be functional without it.

However, I still have a sector by sector image of the infected machines HDD. Unless it was all stored in RAM, there should be traces of it, right? Anyone know how/where I should begin to try and dissect something out of this image?

Talking about viruses, anyone happen to have taihen.nds?
It's a famous rom for Nintendo DS from many years ago that bricks it.
youtube.com/watch?v=7CWI5Rs5Qwk

I've been scanning the infected image, it seems to have found something. Hopefully it's the downloaded payload. Will report back when it's done.

New ones? no.
Old patched ones? yes.

Allright, so this is what it installed (that windows defender could find anyway).

I'm sure they will download other stuff if you let them loose, after all I shut down when they tried to force reboot my machine.

Do you want them OP?

Run Malwarebytes and Adwcleaner?

No need, these are in a read-only image of the disk post infection with the Chinese virus.

Yes please

yes

Yes

>I guess who ever made this took down the payload server or something, at any rate it seems to not be functional without it.

spooky