Groups | Search | Server Info | Login | Register

Groups > alt.os.linux > #80223

Re: Linux Program

Path csiph.com!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From Paul <nospam@needed.invalid>
Newsgroups alt.comp.os.windows-10, alt.os.linux
Subject Re: Linux Program
Date Sun, 28 Jul 2024 09:01:45 -0400
Organization A noiseless patient Spider
Lines 63
Message-ID <v85ffp$3uip2$1@dont-email.me> (permalink)
References <v84l32$260bc$1@paganini.bofh.team>
MIME-Version 1.0
Content-Type text/plain; charset=utf-8
Content-Transfer-Encoding 8bit
Injection-Date Sun, 28 Jul 2024 15:01:46 +0200 (CEST)
Injection-Info dont-email.me; posting-host="dcb03a1d2fed87fb65598e4c007c4bf6"; logging-data="4148002"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19mxQeH8G7IdXqdvZL9x1xwd1SuiwnfN3I="
User-Agent Ratcatcher/2.0.0.25 (Windows/20130802)
Cancel-Lock sha1:def/Wfj0pxdFxvZ3s5UlcYXSTiM=
In-Reply-To <v84l32$260bc$1@paganini.bofh.team>
Content-Language en-US
Xref csiph.com alt.comp.os.windows-10:177994 alt.os.linux:80223

Cross-posted to 2 groups.

Show key headers only | View raw

On Sun, 7/28/2024 1:45 AM, Murray wrote:
> Does anybody know what could be wrong with this Linux Program?
> 
> <https://drive.google.com/file/d/1ynbGxad-7In-OpYEg09dnwZMdlMvcH2b/view?usp=sharing>
> 
> All  get is a bunch of numbers without anything else such as sum, 
> product etc etc.
> 
> I have unzipped the program and in terminal I type:
> 
> ./numbers
> 
> The author says it should provide a table of sums.
> 

printf("Sum 2+2=5\n");
printf("Product 3*3=42\n");
12MB more lines... Etc Etc.
Would be a decent sized table.

Strawman checks. Plausible premise.

It's a Linux program with strings like this. Almost
like I'm looking at a Windows App manifest for something
being injected.

numbers.runtime
config.json
numbers.dll  <=== Yes, in a Linux program. Seems "plausible". Could happen.
System.Collections.Immutable.dll
System.Collections.dll
System.Console.dll
System.Diagnostics.StackTrace.dll
System.IO.Compression.dll
System.IO.MemoryMappedFiles.dll
System.Private.CoreLib.dll
System.Reflection.Metadata.dll
numbers.deps.json

and this detection in it:

   Virtualization/Sandbox Evasion::System Checks [T1497.001]

   System Checks  T1497.001
     reference anti-VM strings targeting Xen
     reference anti-VM strings targeting VirtualBox
     reference anti-VM strings targeting VMWare

  ( https://github.com/mandiant/capa-rules/blob/master/anti-analysis/anti-vm/vm-detection/reference-anti-vm-strings-targeting-virtualbox.yml )

A table-of-numbers program would not need that kind of checking in it.

And it is sent to exactly two news groups. Am I using
a Windows Host and a Linux Guest, and a girl jumps out of a cake ?
Or is the package supposed to reject Linux Guest operation
and only run in a Linux Host and then some <unknown> thing happens
(my Windows dual boot is attacked) ?

What could it be ?

A Surprise Cake ??? A 12MB POC Surprise Cake ?

   Paul

Back to alt.os.linux | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Linux Program Murray <noreply@hhhhh.com> - 2024-07-28 05:45 +0000
  Re: Linux Program VanguardLH <V@nguard.LH> - 2024-07-28 02:35 -0500
  Re: Linux Program Richard Kettlewell <invalid@invalid.invalid> - 2024-07-28 10:59 +0100
  Re: Linux Program "Carlos E.R." <robin_listas@es.invalid> - 2024-07-28 14:07 +0200
    Re: Linux Program Newyana2 <newyana@invalid.nospam> - 2024-07-28 08:34 -0400
      Re: Linux Program Big Al <alan@invalid.com> - 2024-07-28 08:41 -0400
        Re: Linux Program Newyana2 <newyana@invalid.nospam> - 2024-07-28 12:42 -0400
          Re: Linux Program Jasen Betts <usenet@revmaps.no-ip.org> - 2024-08-03 13:39 +0000
          Re: Linux Program Paul <nospam@needed.invalid> - 2024-08-03 15:05 -0400
      Re: Linux Program Paul <nospam@needed.invalid> - 2024-07-28 13:20 -0400
        Re: Linux Program Newyana2 <newyana@invalid.nospam> - 2024-07-28 15:33 -0400
          Re: Linux Program Paul <nospam@needed.invalid> - 2024-07-28 17:18 -0400
  Re: Linux Program Paul <nospam@needed.invalid> - 2024-07-28 09:01 -0400
    Re: Linux Program Richard Kettlewell <invalid@invalid.invalid> - 2024-07-28 17:06 +0100
    Re: Linux Program "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2024-07-28 12:37 -0400
    Re: Linux Program "Carlos E.R." <robin_listas@es.invalid> - 2024-07-30 04:10 +0200
      Re: Linux Program Paul <nospam@needed.invalid> - 2024-07-30 00:21 -0400
        Re: Linux Program "Carlos E.R." <robin_listas@es.invalid> - 2024-07-30 13:51 +0200
        Re: Linux Program Newyana2 <newyana@invalid.nospam> - 2024-07-30 08:43 -0400
          Re: Linux Program "Jeff Gaines" <jgnewsid@outlook.com> - 2024-07-30 13:27 +0000
            Re: Linux Program Newyana2 <newyana@invalid.nospam> - 2024-07-30 12:40 -0400
              Re: Linux Program "Jeff Gaines" <jgnewsid@outlook.com> - 2024-07-30 18:41 +0000
                Re: Linux Program Newyana2 <newyana@invalid.nospam> - 2024-07-30 17:28 -0400
                Re: Linux Program "Jeff Gaines" <jgnewsid@outlook.com> - 2024-07-31 07:12 +0000
          Re: Linux Program "Carlos E.R." <robin_listas@es.invalid> - 2024-08-29 14:42 +0200
  Re: Linux Program MR <MR@invalid.invalid> - 2024-07-29 01:20 +0100
    Re: Linux Program vallor <vallor@cultnix.org> - 2024-08-03 18:24 +0000
      Re: Linux Program Paul <nospam@needed.invalid> - 2024-08-03 14:40 -0400
      Re: Linux Program John G <ghyhg@hyws.gfrd> - 2024-08-04 04:55 +0000
        Re: Linux Program danmin@danminart-dot-com.no-spam.invalid (Danart) - 2024-08-29 10:57 +0000

csiph-web