Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Malware Analysis
Analyzing SCR file
Message
<blockquote data-quote="struppigel" data-source="post: 1054779" data-attributes="member: 86910"><p>Hi there.</p><p></p><p>SCR is just an extension, the file itself is a Portable Executable .NETCore App. You can see from the .pdb that it is compiled with a singlefilehost stub. That means when creating this executable, the person decided to compile it with the .NET environment into one executable.</p><p>DnSpy does not work here because it cannot open .NETCore App singlefiles. You can open it with ILSpy, though.</p><p></p><p>The file is a rather simple downloader, which is also why no one detects a specific family here. This is the full code:</p><p></p><p>[ATTACH=full]278105[/ATTACH]</p><p></p><p>The more interesting part will be the downloaded file. The levelcomputer.zip is 192 MB in size, so VT is not fond of it. I am gonna check if I can remove some bloat to share the file.</p></blockquote><p></p>
[QUOTE="struppigel, post: 1054779, member: 86910"] Hi there. SCR is just an extension, the file itself is a Portable Executable .NETCore App. You can see from the .pdb that it is compiled with a singlefilehost stub. That means when creating this executable, the person decided to compile it with the .NET environment into one executable. DnSpy does not work here because it cannot open .NETCore App singlefiles. You can open it with ILSpy, though. The file is a rather simple downloader, which is also why no one detects a specific family here. This is the full code: [ATTACH type="full"]278105[/ATTACH] The more interesting part will be the downloaded file. The levelcomputer.zip is 192 MB in size, so VT is not fond of it. I am gonna check if I can remove some bloat to share the file. [/QUOTE]
Insert quotes…
Verification
Post reply
Top