vx-underground
Big shout-out to this random NERD who infected themselves with malware while doing nerd stuff Bro was reading posts from FFmpeg, some 18+ VTuber, and Linux forum stuff. He didn't pay attention and detonated malware on his machine from a fake Microsoft Teams…
HOW ARE YOU GONNA UNIRONICALLY BROWSE ARCH LINUX FORUMS BUT DETONATE A FAKE MS TEAMS BINARY
DAWG, LOCK IN
DAWG, LOCK IN
😁82🥰22🤣21🤓6👍5🙏2❤1🎉1🤝1
Massive shout-out to the local governments of New York, Hawaii, Louisiana, and the homies at the Supreme Court of California.
It's 2025 and they're helping people get FREE ROBUX
It's 2025 and they're helping people get FREE ROBUX
🤣86❤18🙏9👏4😁4❤🔥1🔥1😢1🎉1🤝1
vx-underground
Massive shout-out to the local governments of New York, Hawaii, Louisiana, and the homies at the Supreme Court of California. It's 2025 and they're helping people get FREE ROBUX
The "FREE ROBUX" advertisements on this websites LOOKS like it's trying to implement the "ClickFix" malware masquerading and/or payload delivery method.
After you enter your Roblox name for your "FREE ROBUX" the website states the server is "overloaded" and you need to "manually bypass" the authentication, or whatever, so you need to "verify" you're a human
This all aligns perfectly with "ClickFix". All signs point to YES for a malware delivery campaign except there is one small problem... THEY FORGOT TO SET THE FUCKING DOWNLOAD LINK IN THE CAPTCHA BUTTON
Dawg, how the fuck are you going to deliver malware when your slop website doesn't actually deliver anything? If you're wondering why you don't have any infected machines, it's because YOU DIDN'T SET THE FUCKING DOWNLOAD BUTTON
After you enter your Roblox name for your "FREE ROBUX" the website states the server is "overloaded" and you need to "manually bypass" the authentication, or whatever, so you need to "verify" you're a human
This all aligns perfectly with "ClickFix". All signs point to YES for a malware delivery campaign except there is one small problem... THEY FORGOT TO SET THE FUCKING DOWNLOAD LINK IN THE CAPTCHA BUTTON
Dawg, how the fuck are you going to deliver malware when your slop website doesn't actually deliver anything? If you're wondering why you don't have any infected machines, it's because YOU DIDN'T SET THE FUCKING DOWNLOAD BUTTON
🤣109❤9😁8😢1
vx-underground
The "FREE ROBUX" advertisements on this websites LOOKS like it's trying to implement the "ClickFix" malware masquerading and/or payload delivery method. After you enter your Roblox name for your "FREE ROBUX" the website states the server is "overloaded" and…
I'm over here smashing the CAPTCHA button, begging these nerds for some free malw— er...... "Robux" and nothing happened. I thought I was clicking the button wrong. I am filled with disappointment.
😱44😢17🤣12❤5😁3
Here is a tip for noobs for reverse engineering malware stuff
Tip 1. When you get a file and you think it might be spooky, you need to determine what kind of file it is. You cannot rely on file extensions.
The easiest and most ghetto way (the way I do it) is opening the file with a text editor and looking at the first few bytes in the file
If the weird spooky file starts with "MZ" at the beginning, it's an executable binary (.exe, .DLL, .sys). If it starts with "PK" it's a compressed file (or maybe an Android file, long story). Anything else that looks readable is going to be weird stuff like malicious JavaScript, .Lnk files, HTA files, Python files, etc.
Knowing the file type is very important. This will help you determine what kind of stick you need to poke the spooky file with
Tip 1. When you get a file and you think it might be spooky, you need to determine what kind of file it is. You cannot rely on file extensions.
The easiest and most ghetto way (the way I do it) is opening the file with a text editor and looking at the first few bytes in the file
If the weird spooky file starts with "MZ" at the beginning, it's an executable binary (.exe, .DLL, .sys). If it starts with "PK" it's a compressed file (or maybe an Android file, long story). Anything else that looks readable is going to be weird stuff like malicious JavaScript, .Lnk files, HTA files, Python files, etc.
Knowing the file type is very important. This will help you determine what kind of stick you need to poke the spooky file with
❤104👍20🥰11💯7😎6🫡5🤓2😁1😢1
vx-underground
Here is a tip for noobs for reverse engineering malware stuff Tip 1. When you get a file and you think it might be spooky, you need to determine what kind of file it is. You cannot rely on file extensions. The easiest and most ghetto way (the way I do it)…
"why not use a hex editor or some other tool?"
I mean, you can. But a really quick and easy way to quickly and easily determine the file type is to use a read only application, like a text editor, to review the first few bytes of the file.
If you're not sure or confident in what you see then you use something else to review the file headers and stuff.
Since I unironically reverse engineer malware on Windows (generally speaking, not a good idea, but I'm around malware so much I don't give a fuck anymore), I just right click the file and select Open With Notepad++
I mean, you can. But a really quick and easy way to quickly and easily determine the file type is to use a read only application, like a text editor, to review the first few bytes of the file.
If you're not sure or confident in what you see then you use something else to review the file headers and stuff.
Since I unironically reverse engineer malware on Windows (generally speaking, not a good idea, but I'm around malware so much I don't give a fuck anymore), I just right click the file and select Open With Notepad++
🤣58❤24😎13👍4🥰2🙏2😢1🫡1
When I made my malware reverse engineering tip thingie, some noobs commented that file headers are complicated, or whatever. At first glance they seem kind of crazy but they're actually pretty shrimple.
For those who don't know, every executable file on your machine (with some exceptions, but we won't go there) have "headers". The word "head" here is the keyword. It's what is first. It's the "head" of the executable.
The "headers", or stuff that comes first, is just a bunch of mumbo jumbo your operating system reads to understand what the fuck it's doing and to understand what it's looking at.
Windows is different than Linux. We'll discuss Windows because that's all I know because I'm a Windows nerd.
Windows does a bunch of junk when files are executed (not just .exe files). We won't discuss it all because it's a bunch of nerd stuff. We'll focus exclusively on .exe files.
The Windows headers (called PE headers, an acronym for Portable Executable) are layered and are old and have historical context. There's multiple headers. Each "header" discusses different stuff about the .exe file.
You can think of headers as like shipping labels on a box that you receive in the mail. The shipping labels will describe stuff about the box like, size, height, weight, what could potentially be inside (such as batteries), blah blah blah. File headers do the same kind of
File headers on Windows will say stuff like:
- Is this a .exe, .dll, .sys, etc?
- Where the fuck is the actual code in this file?
- Where the fuck does the actual code stop (so it knows when to stop reading)?
- Where the fuck are the embedded images the code might use (called the resource section, for displaying icons)?
- How big is this fucking thing?
- When the fuck was this compiled?
- How old is this fucking thing?
- Is this fucking thing signed?
- What the fuck is it written in (mostly for .NET stuff)?
- What other fucking libraries does this thing depend on?
- Does this fucking thing share code with other things (for .dlls and stuff)?
... and a bunch of other stuff the computer might need to know.
Is all of this important to your computer? No, not really. But some of it is for silly stuff like "drivers". Some of it is metadata naturally included from compilers (the thing that made the .exe).
Does Windows actually say "fuck" a lot when trying to run .exe files? Yes, yes it does. Windows is very angry
Can you modify the file headers to trick Windows? Yes, this is done by things called "malware" or malicious software. You can lie to Windows and still make it run the .exe by confusing it's little brain (kind of, different story for a different day)
For those who don't know, every executable file on your machine (with some exceptions, but we won't go there) have "headers". The word "head" here is the keyword. It's what is first. It's the "head" of the executable.
The "headers", or stuff that comes first, is just a bunch of mumbo jumbo your operating system reads to understand what the fuck it's doing and to understand what it's looking at.
Windows is different than Linux. We'll discuss Windows because that's all I know because I'm a Windows nerd.
Windows does a bunch of junk when files are executed (not just .exe files). We won't discuss it all because it's a bunch of nerd stuff. We'll focus exclusively on .exe files.
The Windows headers (called PE headers, an acronym for Portable Executable) are layered and are old and have historical context. There's multiple headers. Each "header" discusses different stuff about the .exe file.
You can think of headers as like shipping labels on a box that you receive in the mail. The shipping labels will describe stuff about the box like, size, height, weight, what could potentially be inside (such as batteries), blah blah blah. File headers do the same kind of
File headers on Windows will say stuff like:
- Is this a .exe, .dll, .sys, etc?
- Where the fuck is the actual code in this file?
- Where the fuck does the actual code stop (so it knows when to stop reading)?
- Where the fuck are the embedded images the code might use (called the resource section, for displaying icons)?
- How big is this fucking thing?
- When the fuck was this compiled?
- How old is this fucking thing?
- Is this fucking thing signed?
- What the fuck is it written in (mostly for .NET stuff)?
- What other fucking libraries does this thing depend on?
- Does this fucking thing share code with other things (for .dlls and stuff)?
... and a bunch of other stuff the computer might need to know.
Is all of this important to your computer? No, not really. But some of it is for silly stuff like "drivers". Some of it is metadata naturally included from compilers (the thing that made the .exe).
Does Windows actually say "fuck" a lot when trying to run .exe files? Yes, yes it does. Windows is very angry
Can you modify the file headers to trick Windows? Yes, this is done by things called "malware" or malicious software. You can lie to Windows and still make it run the .exe by confusing it's little brain (kind of, different story for a different day)
❤83👍9🤣5🫡5🤓4💯2🥰1🤔1😢1
vx-underground
Got invited to do another talk at another University Getting paid in pizza again Easiest pizza of my life. Good game, nerds.
Oh. My. God.
I'm pizza farming IRL.
Another pizza dinner for my wife and I. God damn it feels good to be a gangster
I'm pizza farming IRL.
Another pizza dinner for my wife and I. God damn it feels good to be a gangster
❤🔥115🥰20❤14🤣9🤓2😢1
Here's another noob reverse engineering trick.
This trick is for when you're a lazy nerd and don't want to use the command line and also you have no idea what's going on
If you're on Windows you can open .exe files with 7z GUI (open file as an archive). You can use this to look at each section, including the resource section, to look at possible embedded binaries or whatever junk is present (or not present)
This trick is for when you're a lazy nerd and don't want to use the command line and also you have no idea what's going on
If you're on Windows you can open .exe files with 7z GUI (open file as an archive). You can use this to look at each section, including the resource section, to look at possible embedded binaries or whatever junk is present (or not present)
❤67🥰10🤓10🤣6🔥5🫡4😢1💯1
Tiny people living inside my computer,
I have pushed updates to the malware website you sometimes visit.
Thank you for your time.
https://vx-underground.org/Updates
I have pushed updates to the malware website you sometimes visit.
Thank you for your time.
https://vx-underground.org/Updates
❤53🥰17🤣8👍3😢1
vx-underground
I have the source code to Lockbit 5.0 Someone randomly messaged me saying they had the source code. I didn't believe them. They sent me the source code. They disappeared. I have no idea what's going on
I guess all we can do is post a funny video of a cat walking away and blame this on "another day of internet schizophrenia"
🔥52💯16🤣16❤3🥰2😁2❤🔥1😢1
vx-underground
I have the source code to Lockbit 5.0 Someone randomly messaged me saying they had the source code. I didn't believe them. They sent me the source code. They disappeared. I have no idea what's going on
Last time I had something silly from Lockbit ransomware group, Dmitry Khoroshev (alleged leader of Lockbit ransomware group, estimated net worth of $4,000,000,000 according to the FBI, NCA, and EUROPOL), said he would put me in a coffin
What does it mean
What does it mean
🤣112😢23🤔15❤8🙏6🥰4😁2😱2🎉1🤝1
> make post saying tired of AI slop malware
> say want to see spooky goop
> get sent source code to Lockbit 5
I said "spooky goop". I did not say "the source code to something that an adversary of the United States government is currently using to perform ransomware attacks against critical infrastructure"
Spooky goop is usually like, interesting malware stuff. What I have received is more akin to "dangerous goop". Generally speaking, I do not like dangerous goop because dangerous goop is dangerous.
> say want to see spooky goop
> get sent source code to Lockbit 5
I said "spooky goop". I did not say "the source code to something that an adversary of the United States government is currently using to perform ransomware attacks against critical infrastructure"
Spooky goop is usually like, interesting malware stuff. What I have received is more akin to "dangerous goop". Generally speaking, I do not like dangerous goop because dangerous goop is dangerous.
❤68🤣47🥰11🔥6😱4😢2🎉2💯2
vx-underground
> make post saying tired of AI slop malware > say want to see spooky goop > get sent source code to Lockbit 5 I said "spooky goop". I did not say "the source code to something that an adversary of the United States government is currently using to perform…
Anyway, I gotta do stuff offline. I'm busy. Not sure what I'm gonna do yet with this source code.
The last time I archived the source code to ransomware stuff a bunch of hospitals got ransomed by random nerds and everyone blamed me for it. I should probably be careful
The last time I archived the source code to ransomware stuff a bunch of hospitals got ransomed by random nerds and everyone blamed me for it. I should probably be careful
😁54😢23❤13👍12🤣10🫡7🥰2🤔2😱1