BSODs and Cracked Games – It’s the Game

I think this may be the one example of the a user-mode program, actually being the sole cause of a BSOD. While it’s technically impossible for a user-mode program to cause a BSOD directly, it can be possible for a user-mode program to cause a kernel-mode driver to act in a manner which would cause a BSOD. In this case, the a user had downloaded several cracked games (which contained infected files), I even gave a warning that cracked games tend to be malware, and it looked like I was exactly right.

So, lets begin: one of the games had a application error which I opened with Visual Studio, it indicated that a thread attempted to access a virtual address which it didn’t have access to. It’s most likely kernel address space in my opinion, I may check this later. 

As soon as, I noticed this it gave me assumptions that the game(s) are most likely malware, since I already established with the user they were cracked, and they were in full acknowledgment of this too. 

Looking at the MBAM Log (Malwarebytes), I found some interesting entries:

C:\Program Files (x86)\Square Enix\Sleeping Dogs\buddha.dll (Malware.Gen.SKR)

Another game indicated this:

D:\Users\USER\Downloads\SAINTS ROW 4 CRACK ONLY-RELOADED.rar (VirTool.Obfuscator)

D:\Users\USER\Downloads\SAINTS ROW 4 CRACK ONLY-RELOADED\Crack\steam_api.dll (VirTool.Obfuscator)

D:\Users\USER\Downloads\Saints Row IV Commander In Chief Edition-FULL UNLOCKED\Saints Row IV\steam_api.dll (VirTool.Obfuscator)

VirTool.Obfuscator is a Windows Virus which hides itself as a certain file, in this case a .DLL for Saints Row IV, to perform malicious actions.



Advertisements

About 0x14c

I'm a Computer Science student and writer. My primary interests are Graph Theory, Number Theory, Programming Language Theory, Logic and Windows Debugging.
This entry was posted in Miscellaneous. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s