executable files Archives

Winsage

February 23, 2025

I tried QuickLook for Windows, and now I can’t live without it

QuickLook is an application for Windows that replicates a macOS feature allowing users to preview files by selecting them and pressing the space bar. It streamlines the process of reviewing documents, images, and media files without opening each one individually. Users can download QuickLook from the Microsoft Store, and it operates system-wide, including in Open/Save dialog boxes. The app supports a wide range of file types for previewing, excluding executable files, and allows for basic modifications, such as editing text in Word documents and cropping images. QuickLook can significantly reduce the time spent on routine tasks, enabling users to accomplish actions more quickly. Additionally, it supports plugins for specialized file types and can be set to launch automatically at startup.

Winsage

February 5, 2025

0-Day Vulnerabilities in Microsoft Sysinternals Tools Allow Attackers To Launch DLL Injection Attacks on Windows

A critical 0-Day vulnerability has been identified in Microsoft Sysinternals tools, allowing attackers to exploit DLL injection techniques to execute harmful code. This vulnerability has been verified and remains unresolved despite being disclosed to Microsoft over 90 days ago. The Sysinternals tools, including Process Explorer, Autoruns, and Bginfo, are widely used for system analysis and troubleshooting but lack integration with the Windows Update system, requiring manual management of security patches. The vulnerability stems from how Sysinternals tools load DLL files, prioritizing untrusted paths over secure system directories. Attackers can place a malicious DLL in the same directory as a legitimate Sysinternals executable, leading to the execution of arbitrary code under the user's privileges. A real-world example demonstrated that an attacker could deploy a Trojan via the Bginfo tool by loading a malicious DLL from a network directory. The vulnerability affects multiple Sysinternals applications, and a comprehensive list is available from the researcher. Microsoft has classified the issue as a "defense-in-depth" enhancement rather than a critical vulnerability, focusing on local execution rather than risks associated with network paths. As of December 2024, the vulnerability remains unpatched, prompting users to take precautionary steps such as avoiding running tools from network locations and verifying DLL integrity.

Tech Optimizer

December 26, 2024

“I went through hell” Japanese indie dev on how their game was wrongly flagged as a virus, and blocked on Steam

A Japanese indie developer, Shiromofu Factory, launched the game Dungeon Antiqua on October 10, 2024. The game, inspired by early Final Fantasy and Wizardry titles, is available on Windows and macOS and has received a Very Positive review status on Steam. After a December 6 update, users reported virus warnings from antivirus programs like Norton, Avast, and McAfee, which were triggered by the game's use of the Pyxel engine and Pyinstaller for executable files. The developer advised users to exclude the game's .exe file from scans, but on December 12, Steam blocked the game from sale due to multiple virus reports. The developer requested a rollback to an earlier version, which prevented future updates. They purchased Norton Antivirus for testing and attempted various solutions, including filing reports with antivirus companies and considering a code signing certificate. They identified that the use of Python’s “os.remove()” function contributed to the false alerts and implemented a workaround. However, antivirus software retained memory of flagged files, causing continued blocks. Ultimately, flipping the fairy image associated with the game’s file by 180 degrees allowed Dungeon Antiqua to bypass the antivirus barriers and resume updates.

Winsage

December 19, 2024

I used the command prompt to convert my media files on Windows, here’s how you can too

Windows Command Prompt can be used to convert media files into various formats using FFmpeg, an open-source multimedia framework. To set up FFmpeg on a Windows system, users must download it from the official FFmpeg website, extract the files, and create a folder for FFmpeg. The path to the FFmpeg "bin" folder must then be added to the system's Environment Variables to allow global access from the Command Prompt. To convert files, users can navigate to the folder containing the media files and use specific commands: - For images: ffmpeg -i Image.OriginalFormat Image.NewFormat - For audio: ffmpeg -i Audio.OriginalFormat Audio.NewFormat - For video: ffmpeg -i Video.OriginalFormat Video.NewFormat - To extract audio from a video: ffmpeg -i Video.OriginalFormat Audio.NewFormat FFmpeg supports various formats: - Image Formats: JPG/JPEG, PNG, TIFF, BMP, GIF, WebP, ICO, PPM, PGM, PBM, TGA - Audio Formats: MP3, AAC, WAV, OGG, FLAC, AC3, ALAC, WMA, AMR, AIFF, Opus, MP2, PCM, M4A, DTS - Video Formats: MP4, MKV, AVI, MOV, WMV, FLV, WebM, MPEG, OGG, 3GP, RM, TS, M2TS, VOB, DIVX, HEVC If the error "ffmpeg is not recognized as an internal or external command" occurs, it usually indicates a problem with the path configuration in the Environment Variables.

Tech Optimizer

December 14, 2024

New HeartCrypt Packer-as-a-Service (PaaS) Protecting Malware From Antivirus

HeartCrypt is a packer-as-a-service (PaaS) developed in July 2023 and launched in February 2024, designed to help malware operators evade antivirus detection. It has facilitated the packing of over 2,000 malicious payloads across 45 malware families. HeartCrypt injects harmful code into legitimate executable files, complicating detection by antivirus software. It is promoted on underground forums and Telegram channels, charging a fee per file for packing Windows x86 and .NET payloads. Its clients include operators of malware families like LummaStealer, Remcos, and Rhadamanthys. The packing process involves several techniques: - Payload Execution: The payload is encrypted with a single-byte XOR operation and executed through process hollowing or .NET framework capabilities. - Stub Creation: Position-independent code (PIC) is integrated into the binary’s .text section. - Control Flow Hijacking: The entry point of the original binary is altered to redirect execution to the malicious PIC. - Resource Addition: Resources disguised as BMP files contain encoded malicious code. - Obfuscation Techniques: Multiple layers of encoding are used, including stack strings and dynamic API resolution. HeartCrypt employs anti-analysis techniques such as loading non-existent DLLs to detect sandbox environments and using virtual DLLs to evade Windows Defender’s emulator. The service lowers entry barriers for malware operators, potentially increasing malware infections. Security researchers have analyzed HeartCrypt payloads, revealing insights into its operations and associated malware campaigns.

Winsage

November 25, 2024

How to install File Server Resource Manager on Windows Server

File Server Resource Manager (FSRM) is a tool for administrators to manage file storage on Windows servers. It allows for quota management, file type blocking, and space utilization reporting. FSRM must be installed on all servers where File Dynamics will manage quotas, including the Engine host. To install FSRM on a Windows server, follow these steps: 1. Open Server Manager, select Add Roles and Features, and proceed with a role-based installation. 2. Choose the target server and navigate to File and Storage Services to select File Server Resource Manager. 3. Optionally, install additional features like .NET Framework 4.7. 4. Click Install and verify successful installation through Server Manager. To configure quotas, navigate to Quota Management in FSRM, create a quota for a specific folder, and set notification thresholds. For file screening, create file groups to block or allow specific file types, and set up file screen templates. Additional features like Storage Reports can be configured to generate reports on file usage by scheduling report tasks and specifying parameters. The initial step to install a file server in Windows Server is to install the File Server role from Server Manager and configure the shared folder properties.

AppWizard

September 25, 2024

Google Play Infected! 11 Million Devices Hit by Botnet Malware – Jason Deegan

Five years ago, a legitimate Android application on the Google Play Store was compromised, connecting 100 million devices to hacker-controlled servers due to malicious code introduced through a library for ad revenue generation. Recently, Kaspersky researchers discovered two new infected applications on the Google Play Store, downloaded 11 million times, linked to a rogue software development kit (SDK) used for ad integration. The malware, named Necro, utilized advanced techniques including steganography and established connections with command-and-control servers to harvest user data and download harmful code. The infected applications included Wuta Camera, which had 10 million downloads, and Max Browser, with 1 million downloads, both of which have since been removed or updated to eliminate the malicious components. Necro has also been found in various Android apps in alternative marketplaces, often disguised as modified versions of legitimate applications.

AppWizard

September 24, 2024

These Popular Android Apps Might Be Infected With the Necro Trojan

Recent findings indicate that certain Google Play apps and unofficial modifications of popular applications are being exploited to spread the Necro trojan malware, which can log keystrokes, steal sensitive information, install additional malware, and execute remote commands. The Necro trojan, first identified in 2019, was previously found in the PDF maker app CamScanner. A new version has been detected in the Wuta Camera app and Max Browser on the Google Play Store, both of which have since been removed by Google. Unofficial 'modded' versions of popular apps like Spotify and WhatsApp, often available on third-party websites, are also spreading the malware. These modified apps can contain malicious SDKs that trigger the trojan payload upon user interaction. The malware can download files, install applications, and subscribe users to paid services without consent. Users are advised to be cautious when downloading apps from third-party sources.

AppWizard

September 24, 2024

Necro malware infects 11M+ Android devices via Google Play apps – SiliconANGLE

A new iteration of Necro malware has been identified on at least 11 million devices, infiltrating Android devices through applications distributed via the Google Play store. Researchers at Kaspersky Lab Inc. found that the malware entered through malicious advertising software development kits (SDKs) embedded in apps, as well as game modifications and altered versions of popular applications in unofficial app stores. Compromised applications include Wuta Camera, downloaded over 10 million times, and Max Browser, with over 1 million downloads, both of which have been removed from Google Play. The malware utilizes an SDK called “Coral SDK” and employs image steganography through a component named “shellPlugin.” Once installed, it performs covert activities such as displaying ads in invisible windows, automatically clicking on them, downloading executable files, installing third-party applications, opening links to execute JavaScript, subscribing users to paid services without consent, and rerouting internet traffic through infected devices. Cybersecurity expert Katie Teitler-Santullo emphasized the need for app developers to verify SDK integrity and scan source code for malicious content to prevent exploitation.

TrendTechie

September 6, 2024

Is uTorrent Safe to Use? How to Download Safely in 2024

Using uTorrent poses risks such as exposing your IP address to other users, potential data collection by the software, and the possibility of downloading malware-infected files. The owner of uTorrent, Rainberry, Inc., collects user data, including IP addresses and browsing information, which could be sold or exposed in data breaches. Additionally, as a US-based company, it is subject to intelligence-sharing agreements that may compromise user privacy. To enhance safety while using uTorrent, employing a reliable VPN is recommended. ExpressVPN is highlighted as a top choice due to its strong security features, fast speeds, and P2P support across all servers. Other VPNs mentioned include CyberGhost and Private Internet Access, each with specific benefits for torrenting. Users should avoid installing additional software during uTorrent setup, regularly update the application, use trusted or private trackers, verify torrents before downloading, scan files with anti-malware software, disable ads, and back up critical data. Downloading pirated content is illegal in many jurisdictions and poses additional risks. uTorrent itself is legal, but the legality of downloaded content depends on copyright laws. Alternatives to uTorrent include qBittorrent, Deluge, and Transmission, which are open-source and free of bundled software.