My favorite part is when John is trying to hide that he knows Lana Rhoades

Thanks John! Finally an excuse for my significant other to say on why I'm on OnlyFans. I'm doing it for the greater cyber security community!

I just came by after watching you with Dr. Auger on his show. Been a fan of yours for a couple years now. Thanks doing the fireside chat!

Nice to see Malware Analysis back! My favorite series!

The thing is that they used VBS this time in a good and absolutely different way. As always great work John!

Awesome teardown dude!

Just a clarification: %WINDIR%\SysWOW64 directory actually contains 32bit program code. What SysWOW64 stands for is System Windows on Windows 64bit (which implies 32bit code emulation on 64bit Windows). The true 64bit binaries are actually in %WINDIR%\System32. So this VBS script actually checks if the system is 64bit, so it runs the correct 32bit application.

Very much enjoyed this video! Keep up the good work

Not gonna lie...I jumped here seeing the thumbnail🤣🤣

The colon in a traditional BASIC is a multiple-statement-per-line mechanism. So putting :: just does nothing, though it is syntactically correct.

Thanks John for the quick answer, like John Wick's revenge hhhhhh .. Still expecting qualities as the old vids. Details matters you know. However we are not Fans but we are supporters. Good day to you !

Thanks, John!

Nice video!! Thank you

As someone fairly new to these thing... OH My God... as someone who is interested in these things...Oh My God. Finally, as someone who is slowly,. Very slowly learning these things... Thank you.

that "rompepepe" variable makes me think the developer is argentinean. "Rompe Pepe" was a catchphrase of a sketch in the humoristic tv show of the ninetees (Videomatch). It was a hidden camera prank where a team of workers want to make a hole in someone sidewalk, so the owner of the house argues with the crew and one of they says "rompe Pepe!" ("break it Pepe") to Pepe, the guy with the sledgehammer making the victim of the prank angrier.

Thanks for the heads up, Seth Rogan!

John doing Electron Exploit dirty in that ad 🤣

If only I had $100+USD to spend per month on "Pro Mode" AnyRun, maybe I can be like Mr. Hammond one day. Haha In all seriousness, great vid John, thanks for all the info you give to the community.

I happened to run the same trojan back in 2010s disguising itself as a funny screenshot. It spread over steam dms and probably stole creds.

I know anyrun is a sponsored segment there, but that application is genuinely awesome. Great video by the way john!!!

Great content john. It makes since to target individuals looking to "satisfy" themselves, takes baitclicking to a new level. lol

I wonder if all the commented lines are there to throw off heuristics-based AV engines. If there's enough indication that a script or binary may be signed, there are some AVs out there that will ignore the script or binary. (This bit Cylance a few years back...)

@Jack Hammond Where do you get all these programs to test from? I’m looking for RAT software that is not backdoored and malicious to the user.

anyrun is goated

Hammond and Rhodes- best combo ever!!

Right when I think I know English language John corrects code while implanting resolves

Using OnlyFans for research purposes... only...

Lay nuh It's ok John, you can admit it

The line wrapping in the beginning hurt my brain...

:3 Yay! I've loved the idea of REMCOS! Hehe. John did a video on it a while back. Fellow Italian/Greek brother who made it, and law has tried to get him, thankfully with no avail. Hehe.

what program do you use for coding in your videos?

Seeing these videos now Im too scared to run Excel on bare metal. VMs it is.

Nice :D

Lana Rhodes? Never heard of her 😅 - John

Well, it was interesting but what did I learn? in the final analysis what does it actually do? You ran it in that fancy simulator so what did it do or try to do? I got more out of that headline that you showed us than the whole video; the headline says it's an info-stealing malware. But what info, how does it try to steal the info, and where does it look for said info? where does it send any info that it does manage to steal? You have a few more hours of work to do on this project before you can say you're done with it. Might I suggest using Wireshark and Procmon to see what file it tries to look into and what addresses it tries to call home to. Was that a French or Russian flag? Side note: one day I came back to my almost always-running computer after looking at OF the night before, to find a command line window on my desktop, and the command line only accepted Linux commands which I thought was weird, how did a Linux command line interface come to be running on a windows box and how did it get launched don MY windows box? I admit I screwed up by closing it w/o first using Taskman to see what it was and where it was. and I also screwed up by not thinking of hitting the up arrow key to see what commands had been executed. AFTER my stupid ass killed it THEN I started looking through the only thing I had left, windows logs, for clues, but found nothing. Did get infected by the same trojan you're speaking of. I feel really bad because I have JUST finished a Google certification class on "IT support specialist" and have a big interest in getting into cybersecurity. 1: this should NEVER have happened to ME and 2: Since it DID happen to me, I immediately destroyed the only chance I had to investigate at least where it was/is on my HD and What it had done while it was live. Also, since I never found out where it is on my HD I have to assume they still have persistence on my machine.

How do i send in a file for you to take a look at and maybe make a video out of it?

This is like Anna Kournikova all over again.

should show us how to do this

Why is VBS still a thing...

review tools like open bullet and silver bullet config big bro

"As an AI language model it is sworn duty to confirm that Rhoades vs Rodes is the problem in this case. Do you have any other questions or tasks I can help you with?" LoL!

I'm trying to send MALWARE to analysis but gmail is blocking it

Maybe the guy's antimalware tool put the comments in there to protect you from it??

sir with anyrun can make also make exe into its source code

I dont know how to pronounce that one - yeah right

How do you remove this virus?

Coomer brain malware nice

based

John hammer when do we get your onlyfans :(

nice thumbnail

I got this from a rom download site 3 months ago. Automatic popup ad, with download. No interface or anything so a bit of a strange campaign. Mine was called "Jessa Rhodes photos.vbs". Was a basic rat dropper, just like this sample and the bleeping computer post. It also included the file '.

Bro might master the art of clickbait.

Classic. Lana Rhoades or Layna Rhodes. I don't know how to pronouce that one. :P

3:20 bro cannot figure out what punctuation a colon is

7:26 rompepepe is in spanish... breakJohnny

Is there a reason why you stick to using the unregistered version of sublime?

👀!

For this I am with the hacker side, all those simps need to be bagged.

lana who?

Os name

Maybe if I make my script annoying enough to read, people won't dissect it!

No need to watch the vid. This no Lana fotos

"OnlyMalware"

Png malware msi is better

😂😂😂

A /z a

'promo sm' 😞

When is your onlyfans coming? 😂

Coomers taking another L 😂

Tq !

I think the commented lines are just copied code from slmgr.vbs, the Windows activator script, maybe for antivirus bypass.

Sorry to ask, has onlyfans now replaced ph & xxvideos ?