help a noob please, what is this trojan trying to do on my computer? thank you
help a noob please, what is this trojan trying to do on my computer? thank you

360 Mobile Vision - North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

first of all sorry about my bad English. I downloaded a bad file , upon clicking on it, nothing happened and then the file auto-delete. I knew it was fishy and my anti-virus did not detect a single thing! so I open the task manager and I see this running in background :

I click right click on it and click “Open file location” , it was siting in “..AppDataLocalGraphics Codec Stacks ver8.69” this folder was empty (even with “View Hidden Items” on) . I try to walk back to ‘Local’ and again the ‘Graphics Codec Stacks ver8.69’ folder was not there(hidden) so I power shell and do this :


then this :


I used shutil module from python to copy that folder to desktop (I run a scan on it by antivirus and still nothing) then I downloaded jetbrains dotpeek to “decompile” it , it was written in C# and the code was completely random , like all I see are irrelevant math equations. the code is completely obfuscated . like this :

using Microsoft;

using syeasrasrfasr;

using System;

using System.Windows.Forms;

namespace Microsofts


internal class Program



private static void Main()


u003CModuleu003E.RunAction = 0;

int int32_1 = Convert.ToInt32(-2.0 - 2.0);

if ((Convert.ToInt32(5.86214091642749E+17 / 541393614.5) ^Convert.ToInt32(679511851.643738 - Math.Log(339755916.0))) ==Convert.ToInt32(872759619.0 + Math.Truncate(872759618.5)))


u003CModuleu003E.RunAction = Convert.ToInt32(1.45969769413186 +Math.Cos(1.0));

int num = sizeof (float);

int32_1 += num;


I kept a copy of the decompiled folder of the trojan, if anybody can or want to read this , I can send it to you , I’m really curious about what is this doing on my computer and how they can manage to make it completely indictable by antivirus software. thank you

submitted by /u/100k51
[link] [comments]

By admin