OP 10 November, 2022 - 02:00 AM
(This post was last modified: 10 November, 2022 - 02:02 AM by oxcy. Edited 1 time in total.)
Recently I have been using tools from this forum and I have come across some things.
There have been some malicious exe files being spread and I am here to let everyone know, so admins please do not delete this post.
Malify https://cracked.io/Thread-✨MAILIFY✨-MAIL...R-AIO-TOOL
I am almost 99% positive that Malify is a virus.
I aswell as some others have used programs to see, there are some HTTP requests that are happening when malify is closed. I will show below
"Mailify.exe" touched file "%WINDIR%\Microsoft.NET\Framework\v1.0.3705\clr.dll"
"Mailify.exe" touched file "%WINDIR%\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll"
"Mailify.exe" touched file "%WINDIR%\Microsoft.NET\Framework\v1.1.4322\clr.dll"
"Mailify.exe" touched file "%WINDIR%\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll"
"Mailify.exe" touched file "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\clr.dll"
\ThemeApiPort"
With Malify not running, there should be nothing running.
%WINDIR%\assembly\NativeImages_v4.0.30319_32\Mailify\*
%WINDIR%\assembly\NativeImages_v4.0.30319_32\mscorlib\*
%WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Configuration\*
%WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Core\*
%WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Drawing\*
%WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\*
%WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\*
%WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Xml\*
%WINDIR%\assembly\NativeImages_v4.0.30319_32\System\*
I would advise you to delete it immediately, as you will have you crypto stolen as I have
Here is proof of money leaving my wallet, with a note "Sorry" in Russian.
https://imgur.com/a/KCDclYh
If we follow the ether scan, we can see that it was sent to this address.
https://imgur.com/a/qT0NUty
If we follow that address, we can see that it is automatically wired to another address.
https://imgur.com/a/eQvTa7R
This address has over 59k in it as of RIGHT NOW with CONSTANT money coming in.
https://imgur.com/a/3UClnXS
I can guarantee you that this is a virus and should not be used.
There have been some malicious exe files being spread and I am here to let everyone know, so admins please do not delete this post.
Malify https://cracked.io/Thread-✨MAILIFY✨-MAIL...R-AIO-TOOL
I am almost 99% positive that Malify is a virus.
I aswell as some others have used programs to see, there are some HTTP requests that are happening when malify is closed. I will show below
"Mailify.exe" touched file "%WINDIR%\Microsoft.NET\Framework\v1.0.3705\clr.dll"
"Mailify.exe" touched file "%WINDIR%\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll"
"Mailify.exe" touched file "%WINDIR%\Microsoft.NET\Framework\v1.1.4322\clr.dll"
"Mailify.exe" touched file "%WINDIR%\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll"
"Mailify.exe" touched file "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\clr.dll"
\ThemeApiPort"
With Malify not running, there should be nothing running.
%WINDIR%\assembly\NativeImages_v4.0.30319_32\Mailify\*
%WINDIR%\assembly\NativeImages_v4.0.30319_32\mscorlib\*
%WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Configuration\*
%WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Core\*
%WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Drawing\*
%WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\*
%WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\*
%WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Xml\*
%WINDIR%\assembly\NativeImages_v4.0.30319_32\System\*
I would advise you to delete it immediately, as you will have you crypto stolen as I have
Here is proof of money leaving my wallet, with a note "Sorry" in Russian.
https://imgur.com/a/KCDclYh
If we follow the ether scan, we can see that it was sent to this address.
https://imgur.com/a/qT0NUty
If we follow that address, we can see that it is automatically wired to another address.
https://imgur.com/a/eQvTa7R
This address has over 59k in it as of RIGHT NOW with CONSTANT money coming in.
https://imgur.com/a/3UClnXS
I can guarantee you that this is a virus and should not be used.
Virustotal link https://www.virustotal.com/gui/file/bd3eb6b8913d5d96b114ac21f4cd6b2e173c31aa98a02cf607e07eb783fd0b1c/detection
