It seems Chinese skids are just as hilarious as Western skids when it comes to shitty malware. I've just reversed a Chinese bot:
- Download+exec is broken (URL, not dl path, passed to WinExec)
- Various pacotes functions that seem copypasted from elsewhere, one leaks ~64kb memory per thread.
- Totally broken functionality to add a privileged user thanks to misunderstanding of MultiByteToWideChar
- Requires admin privs, no UAC bypass.
@slipstream Cool. Where'd you pick this specimen up from? And what tools do you use for decompiling etc?
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!