Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

56828 readers

533 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others

Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):

🏴‍☠️ Other communities

Torrenting:

Gaming:

💰 Please help cover server costs.


Ko-fi	Liberapay

founded 2 years ago

MODERATORS

[email protected]

Zlib just made a windows app, but is it a ransomware (www.virustotal.com)

submitted 2 years ago by [email protected] to c/[email protected]

4 comments fedilink hide all child comments

zlibrary on telegram is the official source behind the websit and they announced a windows app, i downloaded it and got only one threat: a ransomware, i know this is non worrying but someone on the community tab commented some gibberish that maybe indicate something

the virustotal link: https://www.virustotal.com/gui/file/96eba9b6c29a025fc3984926ea2c5f05181fde18d825f0ab823e5e172369b7e8/community

btw bonus question: can files be flagged 0/60 and still have some kind of malware or virus ?

top 4 comments

sorted by: hot top controversial new old

[–] [email protected] 8 points 2 years ago (2 children)

Don't know about that app, but it is very easy to create a file that contains malicious code that is not flagged on virustotal at all.

'joe sandbox' and 'hybrid analysis' offer online services where the file gets executed to test it for malicious behaviour. Of course a seasoned malware developer can detect sandboxes and make the malware hide itself while inside the default sandboxes.

Just avoid running random binaries from untrusted sources; prefer open source or, if you must, use a hardened sandbox VM yourself to run untrusted code.

[–] [email protected] 5 points 2 years ago

Just avoid running random binaries from untrusted sources; prefer open source

So much this.

And not only with "shady" software, since binaries can be replaced without the original trusted source being aware of. Supply chain attacks are real.

[–] [email protected] 1 points 2 years ago (1 children)

so you're saying there's no way to know if a file is safe or not, i mean there's very trusted sources in this community. how should we know then?? and is running a vm really safe? what do you mean by hardened sandbox vm?

[–] [email protected] 1 points 2 years ago

Oh, of course there is a way. Just open the binary in radare2/rizin/ghidra and look for suspicious code. Of course this is quite time consuming to do this with a binary file, so if you compile opensource code yourself you can at least read the annotated source. If you do not have the expertise to do this, you have to choose who you trust and be careful in general.

A sandbox VM can be just a Linux or Windows VM that is running on your local hypervisor and properly firewalled and configured for security, or in a container (less secure). If a software goes rogue it will likely infect only the VM (unless it knows a hypervisor escape). Proper virtual firewalling can help protect your home LAN.

An operating system that helps you do all this without requiring too much manual work is for example QubesOS.