So I tried posting an image in /b/ and got that message. I opened the file using a hex editor and saw this. Is it normal? Pic is first 160 bytes of file.
Detected possible malicious code in image file
Other urls found in this thread:
pastebin.com
pastebin.com
twitter.com
whoa, are we seeing an in the wild example of a png attack?
I don't know. I've never seen anything like this before in an image file.
is this a zero day?
Zero day? What is it?
if i were to guess, its javascript. OP post a pastebin of the hex (dont give us an image, obviously)
in a png attack? no way in hell
>JFIF
>png attack
user, I...
This does not look malicious.
I deleted the file. I was scared. Let me search it in google for a while. I'll post the binary in pastebin if I find it.
Its late for me
get the cocks out of your eyes, there is plainly code in that hex
god damn it user
I doidn't say no code, I said not malicious.
Check the recycling bin or use recuva
I shift+del the file so no recycle bin. Tried recuva 10 minutes ago but no luck. Was overwritten. But I found the file after googling some 15 minutes. Wait a moment while I dump it into pastebin.
remember, hex, not binary. I dont want to download hxd for some Mongolian basket weaving form mystery.
Here's the hex dump.
pastebin.com
The weird part is at several hundred bytes at the beginning of the file.
Is the file dump correct?
Another dump, new line each 16 bytes.
pastebin.com
god damn it why yall post cool shit 3 in the mornin
Coders = Batman.
that seems to be a different file than the one in the OP.
the message you got just means there could be embedded data (look up steganography) in the file
Different? Where?
It's the same file.
If it's steganography, why does it looks like a collection of function names? Not some kind of message.
>Different? Where?
see picture
bump
Ah yes. It seems I used a wrong file. I downloaded several files when I was searching for the correct one.
Use the second pastebin, the one with new line after each 16 bytes.
I tried googling one of the function name and it produced some result which has the similar collection function names. Try googling this: PrintSixteenBitBool
Like this.
OP here, wrong file
use this one:
No more comments, guys?
HACKERMAN!!! EPIC OP XDDD
why did you even make this thread
look up what EXIF is you moron
looks like ai photoshop header, not malicious
Upload to virustotal.com, post results here
That's just a program signature so people can tell a picture has been doctored.
Why does Jow Forums detect it as malicious code?
Photoshop headers don't put executable code into files, and Jow Forums wouldn't detect it as malicious. Does the data even occur in the header section of the file?
Uploaded and it's clean.
Have you seen the pic in the first post?
These are literal strings...
Not compiled code... How would that even do anything if it's not interpreted in any way?
Scripting languages are not stored in compiled form.
It's just shitty malicious file detection.
Don't worry, there is nothing big bad or evil.
Probably just some shit editor saved a file in a way Jow Forums doesn't expect, or is different from the spec, or has too high a size for it's dimensions, or other reasons.
The file detection has been broken for years.
If in doubt, resave your file, modify some tiny part of it, like the gamma, brightness, color channels, blur, sharpen etc.
if there is embedded data, it will be baleted when you do that.
If it still happens, you likely are being hacked by NASA.
It could be a scripting language. Even compiled code often has strings like this in it. To connect with other APIs or libraries that use plain text. A lot of anti-virus heuristics detect powershell keywords because so much malware delivers it's payload through powershell. Because it works on every windows machine.