Loading malware into games add-ons has been around for some time now. NET being installed on almost every Windows computer nowadays, malware authors have a high chance of success using.
A de-obfuscated PE is placed into “c” after a call to smethod_1. The new executable is called using the Invoke method.Īssembly loaders are becoming more popular, another was used not long ago in the xtube exploit malware that was identified as Cryptowall.
NET loader, de-obfuscating an array of bytes and storing it in variable “c”. It has also been obfuscated using SmartAssembly, which was removed using the powerful de4dot de-obfuscator. Taking a closer look, this file was identified as a. Malwarebytes Anti-Malware identified it as. The installed malware has a black dove logo and has been identified as “fade.exe” or “Trekker.exe”. This conversation was started as a result of a thread on the website seen here. The affected mods were identified as No-Clip and Angry Planes. Yesterday, a reddit user posted about mods for GTA 5 containing malware.