How Legitimate Software is hiding Malware

Подписаться 102 тыс.

Просмотров 12 тыс.

50% 1

Go to piavpn.com/Eri... to get 83% off Private Internet Access with 4 months free!
How Legitimate Software is hiding Malware. Using fake DLLs to hide with real exes.
Official Discord Server - / discord
Learn Reverse Engineering - skool.com/eric...
Follow me on X - / atericparker
Disclaimer: The content in this video is for education and entertainment purposes to showcase the dangers of malware & malicious software. I do not encourage any form of illegal hacking, nor do I encourage the usage of game cheats, cracks or hacks.
Cracks are sometimes shown to highlight the dangers of software piracy, my content is not intended to teach anybody how to pirate, or maliciously hack.
(C) Eric Parker 2024

Опубликовано:

30 сен 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 69

@EricParker 10 часов назад

Sponsored by PIA VPN. Go to piavpn.com/EricParker to get 83% off Private Internet Access with 4 months free!

@lussor1 9 часов назад

Dude that vpn is bad for privacy

@AnonymousJack 9 часов назад

@@lussor1 i think its legit but not sure tho coz this is the first time i heard the name of this vpn

@curious_banda 8 часов назад

Eric aren't you the guy who made video on such VPNs?

@BlueIsLeet 7 часов назад

@@lussor1 The quest for the bag makes people ignore these things

@lussor1 6 часов назад

@@BlueIsLeet so true, like nord and operagx everywhere

@robertplayz9157 8 часов назад

0:36 If you aren't doing anything shady, sandboxes analyzing your application shouldn't be a concern for you. That dialog is definitely a red flag to me.

@SIMULATAN 7 часов назад

>Legitimate Software >NVIDIA GeForce Experience

@tearwastaken 9 часов назад

Got me laughing after running the malware not once but twice

@russianspoon2367 8 часов назад

I would have thought DLL Hijacking would be more prevalent because it's not that hard to do and can give the impression that the app is legitmate. For example, some of those "cheats" videos could replace a DLL the game uses instead of straight away shipping an executable, which, to a non techy person, wouldn't be that suspicious in comparaison to running an .exe file. Not to mention the amount of sites that upload DLLs and how easy it would be for them to just embed malware in that, while still maintaining the illusion of safety to non techy people.

@optimumplatinum2640 8 часов назад

which is why you only use trusted mods from legitimate sources and reputable modders and not shady cheats

@KRT2132 8 часов назад

A video on how to properly use VirusTotal would be very beneficial. I'm new to the Security scene and I use it all the time, but I'm not sure how to 'properly' use it!

@feeber848 8 часов назад

5:25 you can tell that someone in that group speaks polish

@fuwno 8 часов назад

Kurwa!

@no-one3795 3 часа назад

Can't trust anything these days 😓

@Neuer_Alias_erstellen 8 часов назад

the nvidia installer should compair the sha256 and or size

@KohtaHirano 5 часов назад

Just curious, I notice the video is in 1440p and 4K but doesn't look much different than 1080p. Are you upscaling to get YT to apply the VP9 codec by any chance?

@hahayes1122 10 часов назад

hehehe

@literallylegendary6594 4 часа назад

I had a dream in which I clicked a RU-vid ad and accidentally downloaded malware onto someone else's computer 😭😭

@zemzemuch 4 часа назад

lmaooo i wish it was like that for real

@Icythot-m6i 6 часов назад

theres a website i like using for software, and its a community who back engineer paid software and when they upload it they leave in the description what it is and how it works

@cinderwolf32 7 часов назад

I'm gonna guess DLLs!

@joa-p2m 9 часов назад

You have a collection of very useful tools.

@DeepfriedChips 6 часов назад

Electron is not CEF They are separate projects and Electron does not depend on libcef

@lsl3135 9 часов назад

Don't activate windows!! stay strong brother

@awesomeguysuncle 8 часов назад

A certain github

@EricParker 6 часов назад

these are throwaway vms, no point activating.

@TheDeadman1810 6 часов назад

Which software did he use to capture network traffic?

@SmilerRyanYT 6 часов назад

The proxy he uses is mitmproxy with wireguard on the vm.

@coolcatgame 5 часов назад

shouldn't Electron get a hash of all it's dlls?

@tomb5372 3 часа назад

I'm surprised this is even possible. I would have expected that a signed executable would only be possible to load signed DLLs (ideally from the same authority) unless explicitly marking a DLL import as "unsafe" or something...

@Den_Ukrainian001 9 часов назад

Why😔😔😔

@twister8946 10 часов назад

@mohammadiaa 10 часов назад

How

@Paleox 2 часа назад

I can imagine eric accidentally running this on his native machine, and saying “alright, let me run this- FUCK! Oh my fucking god I ran it on my native machine-“