Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Large Hidden Jpg.


  • Please log in to reply
No replies to this topic

#1 escher

escher

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 07 December 2012 - 12:40 PM

I really do not know if this is a security problem but it is weird. I was using a program called Space Sniffer to find large files that I could remove to gain space. At C:\Program Data\Microsoft\Works SE there were a bunch of numbered folders (0-3)and inside No. 1 were a few jpgs that looked normal, (Pictures of people sitting at computers, Microsoft 2007 "Try it for 60 days" etc.) The full address is C:\ProgramData\Microsoft\Works SE\1\http^3a^2f^2fads.msn.com^2fads^2f^2f1. All pics were around 20 Kb. except one which was 2.67 Gigs. It was the same visual size as the others but had a humongous text content. I used a hex editor to try and read it and though I am no programmer it looks a combination of code and something that lists software that I use. The first few lines are:

ÿØÿà..JFIF.....d.d..ÿì..Ducky.......9..ÿî.!Adobe.dÀ..............0..3...PRÿÛ.„.......................................................!!!!!!!!!!................!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!ÿÂ....ú.,..........ÿÄ..............................................................................!. 0"...@1AB.#DP23C$4%&F5......................!..1"..AQaq2 .‘±#C..0¡ÁBRr¢Ò3Ñáb‚’²ÂƒÄ.ðcs4…@Ã$e£D¤....................A!1¡Ñ.C0Qaq..2.
@P±Á‚ðáp€‘"Bb`ñR....................!1A.Qaq. 0ð‘¡±ÁÑ@áPñÿÚ............óœæº²é.*ÈHI1s0Ä1dy8G˜.²•.±5²°¬¢L.ÈT¦±.-.f6.먉ÎéTÚ“¤ñA.¤d¥.”CKDšÚ

Interspersed with what looks like code are other things:

0.µpʶÐ.¹¹. É"çPM•.ö.;VL•c"{{æ$´W.A.S.C.o.n.f.i.g.u.r.a.t.i.o.n.A.P.I...P.r.o.c.e.s.s.M.o.d.e.l.L.i.b.r.a.r.i.e.s...P.r.o.c.e.s.s.M.o.d.e.l.....
N.e.t.F.x.E.n.v.i.r.o.n.m.e.n.t.....N.e.t.F.x.E.x.t.e.n.s.i.b.i.l.i.t.y.....A.S.P.N.E.T.....W.M.I.C.o.m.p.a.t.i.b.i.l.i.t.y..
...W.i.n.d.o.w.s.A.u.t.h.e.n.t.i.c.a.t.i.o.n.B.i.n.a.r.i.e.s...W.i.n.d.o.w.s.A.u.t.h.e.n.t.i.c.a.t.i.o.n...W.3.S.V.C...
S.t.a.t.i.c.C.o.n.t.e.n.t...S.h.a.r.e.d.L.i.b.r.a.r.i.e.s...S.e.r.v.e.r.S.i.d.e.I.n.c.l.u.d.e...R.u.n.t.i.m.e.S.t.a.t.u.s.
C.o.n.t.r.o.l.L.i.b.r.a.r.y...R.e.q.u.e.s.t.M.o.n.i.t.o.r.....R.e.q.u.e.s.t.F.i.l.t.e.r.i.n.g.B.i.n.a.r.i.e.s....
.R.e.q.u.e.s.t.F.i.l.t.e.r.i.n.g.....O.D.B.C.L.o.g.g.i.n.g.B.i.n.a.r.i.e.s...O.D.B.C.L.o.g.g.i.n.g...M.e.t.a.b.a.s.e...
..M.a.n.a.g.e.m.e.n.t.S.c.r.i.p.t.i.n.g.T.o.o.l.s.....M.a.n.a.g.e.m.e.n.t.C.o.n.s.o.l.e...M.a.n.a.g.e.d.C.o.d.e.A.s.s.e.m.b.l.i.e.s..
.L.o.g.g.i.n.g.L.i.b.r.a.r.i.e.s.....L.e.g.a.c.y.S.n.a.p.i.n.....L.e.g.a.c.y.S.c.r.i.p.t.s...I.S.A.P.I.F.i.l.t.e.r...I.S.A.P.I.
E.x.t.e.n.s.i.o.n.s...I.P.S.e.c.u.r.i.t.y.B.i.n.a.r.i.e.s.....I.P.S.e.c.u.r.i.t.y.....I.I.S.R.e.s.e.t.........
I.I.S.C.e.r.t.i.f.i.c.a.t.e.M.a.p.p.i.n.g.A.u.t.h.e.n.t.i.c.a.t.i.o.n...H.t.t.p.T.r.a.c.i.n.g.B.i.n.a.r.i.e.s.
..H.t.t.p.T.r.a.c.i.n.g...H.t.t.p.R.e.d.i.r.e.c.t.....H.t.t.p.P.r.o.t.o.c.


It also references unique software that I have on my system like Maxthon (Browser) Calibre (Books) etc. (The attributes of the jpg.in Properties is HSA.)
Obviously I can't post the entire 2.67 Gigs here but that is the essence of what it contains. I know I can just delete it but my curiosity is aroused. Any ideas??

Edited by escher, 07 December 2012 - 01:17 PM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users