13
Are these two rar files malware? (virustotal results)
(lemmy.dbzer0.com)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 13 Aug 2025
13 points (100.0% liked)
Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ
63529 readers
669 users here now
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.
Rules • Full Version
1. Posts must be related to the discussion of digital piracy
2. Don't request invites, trade, sell, or self-promote
3. Don't request or link to specific pirated titles, including DMs
4. Don't submit low-quality posts, be entitled, or harass others
Loot, Pillage, & Plunder
📜 c/Piracy Wiki (Community Edition):
🏴☠️ Other communities
FUCK ADOBE!
Torrenting/P2P:
- !seedboxes@lemmy.dbzer0.com
- !trackers@lemmy.dbzer0.com
- !qbittorrent@lemmy.dbzer0.com
- !libretorrent@lemmy.dbzer0.com
- !soulseek@lemmy.dbzer0.com
Gaming:
- !steamdeckpirates@lemmy.dbzer0.com
- !newyuzupiracy@lemmy.dbzer0.com
- !switchpirates@lemmy.dbzer0.com
- !3dspiracy@lemmy.dbzer0.com
- !retropirates@lemmy.dbzer0.com
💰 Please help cover server costs.
 |
 |
|---|---|
| Ko-fi | Liberapay |
founded 2 years ago
MODERATORS
TLDR: I can't say for 100% sure, but there are multiple reasons to believe that this is malware.
Long version: I'm seeing multiple suspicious things here.
The IPs being connected to are part of some hoster and have some abuse reports: https://www.abuseipdb.com/check-block/217.20.58.98/29
The domain being resolved is qcloud[.]com, which belongs to Tencent Cloud and definitely not Microsoft.
Other domains in memory like counter-strike[.]com[.]ua are very new and definitely sound fishy.
A standalone version of 7zip is being run and extracts the created rar file with the password "infected". Real alarm bells here.
A lot of the registry actions look like anti-debugging, which does not sound like something an Illustrator Plugin would do.