dnSpy - .NET assembly editor, debugger, decompiler

val2032 · #1 01-07-2022, 05:44

Pay attention to the web address below

Code:

hxxps://www.dnspy.net

Don't run the releases from this page!

The file dnspy.dll is modified and it contains MSHTA.exe exploit. It creates many entries in Task Scheduler (see Microsoft/Windows/Directx)! It will stop Windows Defender and will try to download and run exe files from 4api(dot)net (possible crypto miners).

Kaspersky reports dnspy.net as safe website !

val2032 · #2 01-09-2022, 07:53

I supose he is the same person who modified IDA...

I just found the article below:

Code:

hxxps://www.bleepingcomputer.com/news/security/trojanized-dnspy-app-drops-malware-cocktail-on-researchers-devs/amp/

Thread Tools
Show Printable Version Email this Page
Display Modes
Switch to Linear Mode Hybrid Mode Switch to Threaded Mode

The Following User Gave Reputation+1 to val2032 For This Useful Post:
user1 (01-07-2022)

The Following 7 Users Say Thank You to val2032 For This Useful Post:
CrackDJ (02-16-2022), darkBLACK (01-14-2022), Fyyre (02-18-2022), Stingered (01-07-2022), tonyweb (01-09-2022), user1 (01-07-2022), wilson bibe (01-07-2022)

The Following User Says Thank You to val2032 For This Useful Post:
CRC32 (01-09-2022)