Q&A Can a txt file be malicious?

Status
Not open for further replies.

Bungus

New Member
Jul 31, 2021
1
Recently found 2 files one is message.txt
And the other is message-1.txt (I assume was a copy of the first one)
I saw that they were in my downloads folder and with an almost 1 year old date (8-8-2020)
I opened one of them and it was a 3-4 lines of gibberish text I quit the text viewer that was showing the file but left the files

Could the files have hold any malicious payload or have executed anything? I am not a tech savvy so I don't know if files that are usually harmless can hold any malicious codes
 

SecureKongo

Level 21
Verified
Feb 25, 2017
1,089
Recently found 2 files one is message.txt
And the other is message-1.txt (I assume was a copy of the first one)
I saw that they were in my downloads folder and with an almost 1 year old date (8-8-2020)
I opened one of them and it was a 3-4 lines of gibberish text I quit the text viewer that was showing the file but left the files

Could the files have hold any malicious payload or have executed anything? I am not a tech savvy so I don't know if files that are usually harmless can hold any malicious codes
a text file on it's own can't be malicious as it doesn't have any malicious code that could be executed if you just open it with the normal Windows Editor. Threat actors could possibly use the double extension trick like: Malware.txt.exe (.exe would be hidden)
But as @shmu26 already said, it's pretty unlikely and from your description it doesn't seem to be the case on your system anyway.
 

Andy Ful

Level 72
Verified
Trusted
Content Creator
Dec 23, 2014
6,128
Besides advanced attacks, the TXT files can be used also in pretty simple and common attacks. For example, some scripts can be run when having any file extension (for example Windows Script Host). But, this would also require a shortcut, another script (not malicious), etc., because TXT files cannot be run directly from Explorer. Such attacks are usually performed in the wild by using ZIP archives, ISO images, etc.
In more advanced attacks, the TXT files can simply contain encrypted malicious code.
You can post this file here for more information (it is probably not malicious, just an output of something that was run by you).
 
Last edited:

struppigel

Moderator
Verified
Staff member
Apr 9, 2020
425
I saw that they were in my downloads folder and with an almost 1 year old date (8-8-2020)
I opened one of them and it was a 3-4 lines of gibberish text I quit the text viewer that was showing the file but left the files

Hello. Yes, this could be malware. The file extension does not say anything about the actual file type. It only tells the operating system which programs are used per default to open the file, e.g., if you double-click on it. A malware can still execute such files by directly calling the correct program. The mere fact that you say it contains glibberish tells me that it is NOT a text file.

Do NOT post the file here.

Instead, please navigate to virustotal.com. Upload the file there, wait for it to be analysed. Please post the link here afterwards. Then I can take a look at it and tell you more.
 

Lenny_Fox

Level 22
Verified
Oct 1, 2019
1,125
A malware can still execute such files by directly calling the correct program. The mere fact that you say it contains glibberish tells me that it is NOT a text file.
Please explain how clicking on a text file can launch a program (other than Andy's explanation, but that requires a whole lot more of staging to execute code)? You are the expert, so please explain and put this remark in context before people draw the wrong conclusions (this is not criticism, just a reminder that an expert can be the source of scareware, when taken his words wrongly)
 

struppigel

Moderator
Verified
Staff member
Apr 9, 2020
425
Please explain how clicking on a text file can launch a program (other than Andy's explanation, but that requires a whole lot more of staging to execute code)? You are the expert, so please explain and put this remark in context before people draw the wrong conclusions (this is not criticism, just a reminder that an expert can be the source of scareware, when taken his words wrongly)
No, I don't think OP launched potential code in the file by opening it in a text editor (and never said that).
But it is on their system and arrived there somehow. If it is malicious (which we don't know yet), it is a sign that the system is infected, was infected or that there was an infection attempt. Infection chains often involve several files. So if there was an infection or an attemped one, it is probably not the only file involved.

Might also be harmless, but we don't know without seeing the file. For sure we shouldn't encourage people to upload suspicious files here on the forum.
 

upnorth

Moderator
Verified
Staff member
Malware Hunter
Jul 27, 2015
4,425
we shouldn't encourage people to upload suspicious files here on the forum.
Correct and that's why it exist a specific dedicated forum section for possible malware removal help and support.

@Bungus , Please open a new thread in the correct section and follow the advice there from real experts.

 
Status
Not open for further replies.
Top