Groups | Search | Server Info | Login | Register
Groups > alt.os.linux > #80223
| From | Paul <nospam@needed.invalid> |
|---|---|
| Newsgroups | alt.comp.os.windows-10, alt.os.linux |
| Subject | Re: Linux Program |
| Date | 2024-07-28 09:01 -0400 |
| Organization | A noiseless patient Spider |
| Message-ID | <v85ffp$3uip2$1@dont-email.me> (permalink) |
| References | <v84l32$260bc$1@paganini.bofh.team> |
Cross-posted to 2 groups.
On Sun, 7/28/2024 1:45 AM, Murray wrote:
> Does anybody know what could be wrong with this Linux Program?
>
> <https://drive.google.com/file/d/1ynbGxad-7In-OpYEg09dnwZMdlMvcH2b/view?usp=sharing>
>
> All get is a bunch of numbers without anything else such as sum,
> product etc etc.
>
> I have unzipped the program and in terminal I type:
>
> ./numbers
>
> The author says it should provide a table of sums.
>
printf("Sum 2+2=5\n");
printf("Product 3*3=42\n");
12MB more lines... Etc Etc.
Would be a decent sized table.
Strawman checks. Plausible premise.
It's a Linux program with strings like this. Almost
like I'm looking at a Windows App manifest for something
being injected.
numbers.runtime
config.json
numbers.dll <=== Yes, in a Linux program. Seems "plausible". Could happen.
System.Collections.Immutable.dll
System.Collections.dll
System.Console.dll
System.Diagnostics.StackTrace.dll
System.IO.Compression.dll
System.IO.MemoryMappedFiles.dll
System.Private.CoreLib.dll
System.Reflection.Metadata.dll
numbers.deps.json
and this detection in it:
Virtualization/Sandbox Evasion::System Checks [T1497.001]
System Checks T1497.001
reference anti-VM strings targeting Xen
reference anti-VM strings targeting VirtualBox
reference anti-VM strings targeting VMWare
( https://github.com/mandiant/capa-rules/blob/master/anti-analysis/anti-vm/vm-detection/reference-anti-vm-strings-targeting-virtualbox.yml )
A table-of-numbers program would not need that kind of checking in it.
And it is sent to exactly two news groups. Am I using
a Windows Host and a Linux Guest, and a girl jumps out of a cake ?
Or is the package supposed to reject Linux Guest operation
and only run in a Linux Host and then some <unknown> thing happens
(my Windows dual boot is attacked) ?
What could it be ?
A Surprise Cake ??? A 12MB POC Surprise Cake ?
Paul
Back to alt.os.linux | Previous | Next — Previous in thread | Next in thread | Find similar
Linux Program Murray <noreply@hhhhh.com> - 2024-07-28 05:45 +0000
Re: Linux Program VanguardLH <V@nguard.LH> - 2024-07-28 02:35 -0500
Re: Linux Program Richard Kettlewell <invalid@invalid.invalid> - 2024-07-28 10:59 +0100
Re: Linux Program "Carlos E.R." <robin_listas@es.invalid> - 2024-07-28 14:07 +0200
Re: Linux Program Newyana2 <newyana@invalid.nospam> - 2024-07-28 08:34 -0400
Re: Linux Program Big Al <alan@invalid.com> - 2024-07-28 08:41 -0400
Re: Linux Program Newyana2 <newyana@invalid.nospam> - 2024-07-28 12:42 -0400
Re: Linux Program Jasen Betts <usenet@revmaps.no-ip.org> - 2024-08-03 13:39 +0000
Re: Linux Program Paul <nospam@needed.invalid> - 2024-08-03 15:05 -0400
Re: Linux Program Paul <nospam@needed.invalid> - 2024-07-28 13:20 -0400
Re: Linux Program Newyana2 <newyana@invalid.nospam> - 2024-07-28 15:33 -0400
Re: Linux Program Paul <nospam@needed.invalid> - 2024-07-28 17:18 -0400
Re: Linux Program Paul <nospam@needed.invalid> - 2024-07-28 09:01 -0400
Re: Linux Program Richard Kettlewell <invalid@invalid.invalid> - 2024-07-28 17:06 +0100
Re: Linux Program "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2024-07-28 12:37 -0400
Re: Linux Program "Carlos E.R." <robin_listas@es.invalid> - 2024-07-30 04:10 +0200
Re: Linux Program Paul <nospam@needed.invalid> - 2024-07-30 00:21 -0400
Re: Linux Program "Carlos E.R." <robin_listas@es.invalid> - 2024-07-30 13:51 +0200
Re: Linux Program Newyana2 <newyana@invalid.nospam> - 2024-07-30 08:43 -0400
Re: Linux Program "Jeff Gaines" <jgnewsid@outlook.com> - 2024-07-30 13:27 +0000
Re: Linux Program Newyana2 <newyana@invalid.nospam> - 2024-07-30 12:40 -0400
Re: Linux Program "Jeff Gaines" <jgnewsid@outlook.com> - 2024-07-30 18:41 +0000
Re: Linux Program Newyana2 <newyana@invalid.nospam> - 2024-07-30 17:28 -0400
Re: Linux Program "Jeff Gaines" <jgnewsid@outlook.com> - 2024-07-31 07:12 +0000
Re: Linux Program "Carlos E.R." <robin_listas@es.invalid> - 2024-08-29 14:42 +0200
Re: Linux Program MR <MR@invalid.invalid> - 2024-07-29 01:20 +0100
Re: Linux Program vallor <vallor@cultnix.org> - 2024-08-03 18:24 +0000
Re: Linux Program Paul <nospam@needed.invalid> - 2024-08-03 14:40 -0400
Re: Linux Program John G <ghyhg@hyws.gfrd> - 2024-08-04 04:55 +0000
Re: Linux Program danmin@danminart-dot-com.no-spam.invalid (Danart) - 2024-08-29 10:57 +0000
csiph-web