Detected possible malicious code in image file

So I tried posting an image in /b/ and got that message. I opened the file using a hex editor and saw this. Is it normal? Pic is first 160 bytes of file.

Attached: hex.png (239x551, 9K)

Other urls found in this thread:

pastebin.com/D97zQWu1
pastebin.com/VnnmNj65
twitter.com/SFWRedditGifs

whoa, are we seeing an in the wild example of a png attack?

I don't know. I've never seen anything like this before in an image file.

is this a zero day?

Zero day? What is it?

if i were to guess, its javascript. OP post a pastebin of the hex (dont give us an image, obviously)

in a png attack? no way in hell

>JFIF
>png attack

user, I...

This does not look malicious.

I deleted the file. I was scared. Let me search it in google for a while. I'll post the binary in pastebin if I find it.

Its late for me
get the cocks out of your eyes, there is plainly code in that hex
god damn it user

I doidn't say no code, I said not malicious.

Check the recycling bin or use recuva

I shift+del the file so no recycle bin. Tried recuva 10 minutes ago but no luck. Was overwritten. But I found the file after googling some 15 minutes. Wait a moment while I dump it into pastebin.

remember, hex, not binary. I dont want to download hxd for some Mongolian basket weaving form mystery.

Here's the hex dump.
pastebin.com/D97zQWu1
The weird part is at several hundred bytes at the beginning of the file.

Is the file dump correct?

Another dump, new line each 16 bytes.
pastebin.com/VnnmNj65

god damn it why yall post cool shit 3 in the mornin

Coders = Batman.

that seems to be a different file than the one in the OP.

the message you got just means there could be embedded data (look up steganography) in the file

Different? Where?
It's the same file.
If it's steganography, why does it looks like a collection of function names? Not some kind of message.

>Different? Where?
see picture

Attached: hex.png (121x385, 20K)

bump

Ah yes. It seems I used a wrong file. I downloaded several files when I was searching for the correct one.
Use the second pastebin, the one with new line after each 16 bytes.

I tried googling one of the function name and it produced some result which has the similar collection function names. Try googling this: PrintSixteenBitBool

Like this.

Attached: fnames.png (1324x237, 49K)

OP here, wrong file
use this one:

No more comments, guys?

HACKERMAN!!! EPIC OP XDDD

why did you even make this thread

look up what EXIF is you moron

looks like ai photoshop header, not malicious

Upload to virustotal.com, post results here

Attached: belly.gif (463x330, 1.99M)

That's just a program signature so people can tell a picture has been doctored.

Why does Jow Forums detect it as malicious code?

Photoshop headers don't put executable code into files, and Jow Forums wouldn't detect it as malicious. Does the data even occur in the header section of the file?

Uploaded and it's clean.
Have you seen the pic in the first post?

These are literal strings...
Not compiled code... How would that even do anything if it's not interpreted in any way?

Scripting languages are not stored in compiled form.

It's just shitty malicious file detection.
Don't worry, there is nothing big bad or evil.

Probably just some shit editor saved a file in a way Jow Forums doesn't expect, or is different from the spec, or has too high a size for it's dimensions, or other reasons.
The file detection has been broken for years.
If in doubt, resave your file, modify some tiny part of it, like the gamma, brightness, color channels, blur, sharpen etc.
if there is embedded data, it will be baleted when you do that.
If it still happens, you likely are being hacked by NASA.

It could be a scripting language. Even compiled code often has strings like this in it. To connect with other APIs or libraries that use plain text. A lot of anti-virus heuristics detect powershell keywords because so much malware delivers it's payload through powershell. Because it works on every windows machine.