Does anyone know if these two files are considered malware? I see a lot of things in the behavior tab that seem suspicious (but then again, I have no idea, and am relatively new/dumb).

Here are the images of the virustotal results I am referring to:

Also, I did see there was an noticeable slowness to my pc after I extracted the rar files (I was in a VM).

Thank you.

  • Treasure@feddit.org
    link
    fedilink
    English
    arrow-up
    22
    ·
    2 months ago

    TLDR: I can’t say for 100% sure, but there are multiple reasons to believe that this is malware.

    Long version: I’m seeing multiple suspicious things here.

    • The IPs being connected to are part of some hoster and have some abuse reports: https://www.abuseipdb.com/check-block/217.20.58.98/29

    • The domain being resolved is qcloud[.]com, which belongs to Tencent Cloud and definitely not Microsoft.

    • Other domains in memory like counter-strike[.]com[.]ua are very new and definitely sound fishy.

    • A standalone version of 7zip is being run and extracts the created rar file with the password “infected”. Real alarm bells here.

    • A lot of the registry actions look like anti-debugging, which does not sound like something an Illustrator Plugin would do.

  • MangoPenguin@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    6
    ·
    2 months ago

    There are some suspicious things going on like the qcloud and counter-strike domains, as well as the 7zip extract being run.

    I would probably get rid of it.

    • Yourname942@lemmy.dbzer0.comOP
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      2 months ago

      I installed 7zip if that made it appear (not sure if it is the case though) Yeah I may have to just pay for subscriptions with money I can’t afford :S

  • frongt@lemmy.zip
    link
    fedilink
    English
    arrow-up
    3
    ·
    2 months ago

    Unlikely for the rar file itself. The exe seems a little suspicious, so I would scan that file individually. Hard to say without unpacking and examining it.

    • Yourname942@lemmy.dbzer0.comOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 months ago

      Should I have scanned the extracted folders rather than the rar file itself? (even though it shows network communications and mitre signatures?)

      I ran an antivirus outside the VM and nothing was detected luckily. (I had already extracted the rar files, but just scanned the rar itself)