Are these two rar files malware? (virustotal results) (lemmy.dbzer0.com)

submitted 9 months ago* (last edited 9 months ago) by Yourname942@lemmy.dbzer0.com to c/piracy@lemmy.dbzer0.com

9 comments fedilink hide all child comments

Does anyone know if these two files are considered malware? I see a lot of things in the behavior tab that seem suspicious (but then again, I have no idea, and am relatively new/dumb).

Here are the images of the virustotal results I am referring to:

Also, I did see there was an noticeable slowness to my pc after I extracted the rar files (I was in a VM).

Thank you.

you are viewing a single comment's thread
view the rest of the comments

[-] treasure@feddit.org 22 points 9 months ago

TLDR: I can't say for 100% sure, but there are multiple reasons to believe that this is malware.

Long version: I'm seeing multiple suspicious things here.

The IPs being connected to are part of some hoster and have some abuse reports: https://www.abuseipdb.com/check-block/217.20.58.98/29
The domain being resolved is qcloud[.]com, which belongs to Tencent Cloud and definitely not Microsoft.
Other domains in memory like counter-strike[.]com[.]ua are very new and definitely sound fishy.
A standalone version of 7zip is being run and extracts the created rar file with the password "infected". Real alarm bells here.
A lot of the registry actions look like anti-debugging, which does not sound like something an Illustrator Plugin would do.

this post was submitted on 13 Aug 2025

16 points (94.4% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

69365 readers

242 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others

Loot, Pillage, & Plunder

We heartily recommend visiting the free port of freemediaheckyeah (aka FMHY) while you sail the high seas, for all the freshest links the ocean has to offer.