Analysis of Skylanders Giants PC game
When I was a kid, I played Skylanders: Giants, it was probably my favourite game growing up.
It was released for the following platforms:
- Nintendo 3DS
- PlayStation 3
- Wii
- Wii U
- Xbox 360
As much as I’d like to believe that the game was ported to PC, it’s way more likely that this is malware, especially given how SEO-optimized it is and the list in the blog archive.
Source: Shady games site
Downloading
The Install Game button downloads an installer program.
Naturally there’s also adware involved. Let’s install it!
And also AVG Secure Browser.
Finally, it “downloads” some files and then thanks us.
Notice the lack of the “Later” button and close being greyed out.
When “Run” is clicked, the AVG Secure Browser opens up and goes to the download link, https://gamefabrique.com/dl/games2/360/skylanders-giants.exe.
Interestingly, when looked at in procmon, this does actually seem to try to download something from bt.rutracker.org
Looking at the strings of the executable shows us the magnet link.
Payload doesn’t exist anymore
I tried downloading the torrent, and turns out that the torrent was removed from the tracker.
Conclusion
When analysing malware, look for recent stuff, that way the downloads might still be active.