Malware I found, from tria.ge

[PiRFale-Danger]

It's basically another crappy MBR overwriter, nothing special and that's it. PS: Not a weeb

https://github.com/PiRFale-Danger/Terrible-Malware/raw/main/Rias.exe

https://tria.ge/240403-y456taca83

[LJ9859]

Thank you so much! I will add this sample in the "Trojan" section (because it overwrites the MBR and in the tria.ge listing its named "RiasTrojan.exe"), when I get time. You didn't mention that it was made by you, so if it was (just in case), then tell me so I can change it to "Viewer-Made-Malware".

Edit:

1. Sorry for being so late to reply! I've been busy.
2. Thanks for also giving me a new place to potentially find malware samples! (tria.ge.)

[PiRFale-Danger]

1. No problem
2. I made it.
3. Yes, I am a High School DxD fan lmao

[LJ9859]

1. Thanks for letting me know, I will add it when I get time (school is crazy right now so I don't have much time), and I'm also letting my laptop take a break from storing like 5gb of unwanted programs (a.k.a giving windows defender a "lunch" break)
2. I don't know what a high school dxd is, but okay!
3. so yeah.. that's all i have to say, you can close this thread now if you want, i will add it to "viewer made malware" soon, also sorry for the bad typing, its 11 am and a school night and I'm tired so yeah...

[LJ9859]

Update: I have added the trojan after exactly a month lol, i just needed free time. Hope you enjoy! Its in Malware-Database>Viewer-Made-Malware>My-Database>Rias.zip . Hope I was helpful!

[PiRFale-Danger]

Ur welcome. I might start finding malware samples on Any.run, I've got some good ones, if u want me to upload them sooner or later.

[PiRFale-Danger]

Then u can ask.

[LJ9859]

YOO Please give me some samples bc i go any.run every month and theirs always new samples, like i went on their for my schedule yesterday and i found a good one called "Spy Stalker"

[PiRFale-Danger]

https://www.mediafire.com/file/has0hlfw7camp6s/goggle.com+trojan.7z/file pass: Infected I found this one. Kaspersky detected it as: Trojan-Proxy.Win32.Wopla.u

[LJ9859]

So is this the archive of the website, the trojan itself, or just generic spysheriff? btw can i have the any.run report if there is one?

[LJ9859]

Update: Ran in any.run, seems like a generic bomb trojan, but I will add it as it seems realistic to the video McAfee did in the late 2000s about it called "Spyware Rubbernecking."

Heres the report i did: https://app.any.run/tasks/74decefe-07db-41e8-8450-ba82e76bf9a7

Edit: I also added it in the trojans section. I might run it in Windows XP to test its validity soon.

[PiRFale-Danger]

I thought it was cool, since it has some archived adware.

[LJ9859]

oh thats cool

[LJ9859]

update: i tested it on windows xp and it was really interesting, it created temp files and even gave me a new malware to put in the database! (Live-Player)