Just a clarification: %WINDIR%\SysWOW64 directory actually contains 32bit program code. What SysWOW64 stands for is System Windows on Windows 64bit (which implies 32bit code emulation on 64bit Windows). The true 64bit binaries are actually in %WINDIR%\System32. So this VBS script actually checks if the system is 64bit, so it runs the correct 32bit application.
:3 Yay! I've loved the idea of REMCOS! Hehe. John did a video on it a while back. Fellow Italian/Greek brother who made it, and law has tried to get him, thankfully with no avail. Hehe.
that "rompepepe" variable makes me think the developer is argentinean. "Rompe Pepe" was a catchphrase of a sketch in the humoristic tv show of the ninetees (Videomatch). It was a hidden camera prank where a team of workers want to make a hole in someone sidewalk, so the owner of the house argues with the crew and one of they says "rompe Pepe!" ("break it Pepe") to Pepe, the guy with the sledgehammer making the victim of the prank angrier.
As someone fairly new to these thing... OH My God... as someone who is interested in these things...Oh My God. Finally, as someone who is slowly,. Very slowly learning these things... Thank you.
If only I had $100+USD to spend per month on "Pro Mode" AnyRun, maybe I can be like Mr. Hammond one day. Haha In all seriousness, great vid John, thanks for all the info you give to the community.
Thanks John for the quick answer, like John Wick's revenge hhhhhh .. Still expecting qualities as the old vids. Details matters you know. However we are not Fans but we are supporters. Good day to you !
I wonder if all the commented lines are there to throw off heuristics-based AV engines. If there's enough indication that a script or binary may be signed, there are some AVs out there that will ignore the script or binary. (This bit Cylance a few years back...)
"As an AI language model it is sworn duty to confirm that Rhoades vs Rodes is the problem in this case. Do you have any other questions or tasks I can help you with?" LoL!
:3 Yay! I've loved the idea of REMCOS! Hehe. John did a video on it a while back. Fellow Italian/Greek brother who made it, and law has tried to get him, thankfully with no avail. Hehe.
I got this from a rom download site 3 months ago. Automatic popup ad, with download. No interface or anything so a bit of a strange campaign. Mine was called "Jessa Rhodes photos.vbs". Was a basic rat dropper, just like this sample and the bleeping computer post. It also included the file '.
@@jjann54321 😅😅😅 Me single so pretty lesbian women stuff and those gym shorts stuff, was chatting and having fun in paltalk 2 decades ago, never found alternative
![I.N "HALLUCINATION" | [Stray Kids : SKZ-PLAYER]](http://i.ytimg.com/vi/n5B5q1Hwt_U/mqdefault.jpg)
![WE EXPLORED THE DARK WEB [INSTANT REGRET]](/img/1.gif)
My favorite part is when John is trying to hide that he knows Lana Rhoades
Also John: "I have done extensive academic research into Lana Rhoades and I have confirmed it is indeed a picture of her."
Drill down into these directories.
😂
@NicolasPare And all the "fluff/fluffing."
Maybe he jerks off by looking at malicious code?! 😂.. Just a joke don't be offended though
Thanks John! Finally an excuse for my significant other to say on why I'm on OnlyFans. I'm doing it for the greater cyber security community!
👀
100th like
The thing is that they used VBS this time in a good and absolutely different way. As always great work John!
Just a clarification: %WINDIR%\SysWOW64 directory actually contains 32bit program code. What SysWOW64 stands for is System Windows on Windows 64bit (which implies 32bit code emulation on 64bit Windows). The true 64bit binaries are actually in %WINDIR%\System32. So this VBS script actually checks if the system is 64bit, so it runs the correct 32bit application.
Ah!! Good call, thank you!
:3 Yay! I've loved the idea of REMCOS! Hehe. John did a video on it a while back. Fellow Italian/Greek brother who made it, and law has tried to get him, thankfully with no avail. Hehe.
id be in any line that ended with lana rhodes colon. ohh ooops. my bad. wrong colon, wrong line
damn another case of Windows naming system sucks
Not gonna lie...I jumped here seeing the thumbnail🤣🤣
that "rompepepe" variable makes me think the developer is argentinean. "Rompe Pepe" was a catchphrase of a sketch in the humoristic tv show of the ninetees (Videomatch). It was a hidden camera prank where a team of workers want to make a hole in someone sidewalk, so the owner of the house argues with the crew and one of they says "rompe Pepe!" ("break it Pepe") to Pepe, the guy with the sledgehammer making the victim of the prank angrier.
I just came by after watching you with Dr. Auger on his show. Been a fan of yours for a couple years now. Thanks doing the fireside chat!
As someone fairly new to these thing... OH My God... as someone who is interested in these things...Oh My God.
Finally, as someone who is slowly,. Very slowly learning these things... Thank you.
Using OnlyFans for research purposes... only...
The colon in a traditional BASIC is a multiple-statement-per-line mechanism. So putting :: just does nothing, though it is syntactically correct.
John doing Electron Exploit dirty in that ad 🤣
I know anyrun is a sponsored segment there, but that application is genuinely awesome. Great video by the way john!!!
Hammond and Rhodes- best combo ever!!
Awesome teardown dude!
Thanks for the heads up, Seth Rogan!
@Jack Hammond
Where do you get all these programs to test from? I’m looking for RAT software that is not backdoored and malicious to the user.
Very much enjoyed this video! Keep up the good work
Nice video!! Thank you
Lana Rhodes? Never heard of her 😅 - John
I happened to run the same trojan back in 2010s disguising itself as a funny screenshot. It spread over steam dms and probably stole creds.
If only I had $100+USD to spend per month on "Pro Mode" AnyRun, maybe I can be like Mr. Hammond one day. Haha In all seriousness, great vid John, thanks for all the info you give to the community.
Lay nuh
It's ok John, you can admit it
Thanks John for the quick answer, like John Wick's revenge hhhhhh .. Still expecting qualities as the old vids. Details matters you know. However we are not Fans but we are supporters. Good day to you !
Thanks, John!
anyrun is goated
How do i send in a file for you to take a look at and maybe make a video out of it?
I wonder if all the commented lines are there to throw off heuristics-based AV engines. If there's enough indication that a script or binary may be signed, there are some AVs out there that will ignore the script or binary. (This bit Cylance a few years back...)
what program do you use for coding in your videos?
Right when I think I know English language John corrects code while implanting resolves
I actually tried this AnyRun thing but couldn't even sign up. I tried and it just kept loading forever and never let me finish the registration
Great content john. It makes since to target individuals looking to "satisfy" themselves, takes baitclicking to a new level. lol
The line wrapping in the beginning hurt my brain...
Seeing these videos now Im too scared to run Excel on bare metal. VMs it is.
Why is VBS still a thing...
I'm trying to send MALWARE to analysis but gmail is blocking it
"As an AI language model it is sworn duty to confirm that Rhoades vs Rodes is the problem in this case. Do you have any other questions or tasks I can help you with?" LoL!
This is like Anna Kournikova all over again.
3:20 bro cannot figure out what punctuation a colon is
should show us how to do this
sir with anyrun can make also make exe into its source code
7:26 rompepepe is in spanish... breakJohnny
and aLAMBRE is wire in spanish.. sus
Bro might master the art of clickbait.
How do you remove this virus?
Nice :D
Coomer brain malware nice
:3 Yay! I've loved the idea of REMCOS! Hehe. John did a video on it a while back. Fellow Italian/Greek brother who made it, and law has tried to get him, thankfully with no avail. Hehe.
Is there a reason why you stick to using the unregistered version of sublime?
I dont know how to pronounce that one - yeah right
Classic. Lana Rhoades or Layna Rhodes. I don't know how to pronouce that one. :P
review tools like open bullet and silver bullet config big bro
For this I am with the hacker side, all those simps need to be bagged.
nice thumbnail
Os name
lana who?
based
👀!
No need to watch the vid. This no Lana fotos
When is your onlyfans coming? 😂
"OnlyMalware"
Png malware msi is better
'promo sm' 😞
Maybe if I make my script annoying enough to read, people won't dissect it!
😂😂😂
A /z a
Coomers taking another L 😂
I got this from a rom download site 3 months ago. Automatic popup ad, with download. No interface or anything so a bit of a strange campaign. Mine was called "Jessa Rhodes photos.vbs". Was a basic rat dropper, just like this sample and the bleeping computer post. It also included the file '.
I think the commented lines are just copied code from slmgr.vbs, the Windows activator script, maybe for antivirus bypass.
Tq !
Sorry to ask, has onlyfans now replaced ph & xxvideos ?
Sorry to answer, that depends on what you're into.
@@jjann54321 😅😅😅 Me single so pretty lesbian women stuff and those gym shorts stuff, was chatting and having fun in paltalk 2 decades ago, never found alternative