cyborg-moonbase
commented
1 year ago the reason is so it can os.system pip install (to your admin system interpreter) a third-party library to multithread-kill a random list of programs in the next line:
['Suspend', 'Progress Telerik Fiddler Web Debugger', 'Fiddler', 'Wireshark', 'dumpcap', 'dnSpy', 'dnSpy-x86', 'cheatengine-x86_64', 'HTTPDebuggerUI', 'Procmon', 'Procmon64', 'Procmon64a', 'ProcessHacker', 'x32dbg', 'x64dbg', 'DotNetDataCollector32', 'DotNetDataCollector64', 'HTTPDebuggerSvc', 'HTTP Debugger', 'ida', 'ida64', 'idag', 'idag64', 'idaw', 'idaw64', 'idaq', 'idaq64', 'idau', 'idau64', 'scylla', 'scylla_x64', 'scylla_x86', 'protection_id', 'windbg', 'reshacker', 'ImportREC', 'IMMUNITYDEBUGGER', 'MegaDumper', 'disassembly', 'Debug', '[CPUImmunity', 'MegaDumper 1.0 by CodeCracker / SnD', 'Charles', 'charles', 'OLLYDBG', 'Import_reconstructor', 'codecracker', 'de4dot', 'ilspy', 'graywolf', 'simpleassemblyexplorer', 'x64netdumper', 'hxd', 'petools', 'simpleassembly', 'httpanalyzer', 'httpdebug', 'processhacker', 'memoryedit', 'memory', 'de4dotmodded', 'process hacker', 'process monitor', 'qt5core', 'ida', 'immunity', 'http', 'traffic', 'wireshark', 'fiddler', 'packet', 'hacker', 'debug', 'dnspy', 'dotpeek', 'dottrace', 'procdump', 'manager', 'memory', 'netLimit', 'netLimiter', 'sandbox']
this whole repo is like watching a clown get murdered
it doesn't even do any actual obfuscation, it makes a post request to this website: https://pyob.oxyry.com
lmao
and applies some "custom encryption" that apparently means "symmetric encryption with the secret key distributed along with the ciphertext" (lmao)
this whole repo is just embarrassing and sad
LopeKinz
soultellegend
why part of the code includes this if not ctypes.windll.shell32.IsUserAnAdmin() != 0: print("Please run this program as administrator.") sys.exit(0) the code im obfuscating is hello world