Malware spread on Google Maps,Github & Amazon

Everything started from a google search for infected files. The most commun are crack, keygen etc. I’ve found a ‘hide ip keygen’ and the link locations was very unusual…. Google Maps.

The google maps mark send’s me to some .ru link for download.



Analysing the .exe i found that the applications have’s conections with requesting for downloaad other applications.


Let’s see the last one.

I will play with screen.exe

Sens request’s to &
  • /cfgUser?uid= -user [email protected] -xmr
  • /filesUrl avdeeff1985/master
  • /registerUser?uid=
  • /getStatus?uid=
  • /checkConnection aAvh5S

Also: hxxps://

…and some others link connections:


So… i think there it is alot of actions for one single keygen!?!

Also, if you have time… on may find some vulnerability’s!

You also may create a hacker profile, starting from all these informations:


Tony… Anthony/ Lyamin/1985 …..

Search: Google,Facebook etc.

Have fun and stay safe!!!

Alex Anghelus

SC Prodefence SRL CEO - Cyber Security, Pentesting & Ethical Hacking - Malware Analyst

2 thoughts on “Malware spread on Google Maps,Github & Amazon

  • 24/06/2017 at 6:50 AM

    This is sick!!!!!!!!!
    Thanks for sharing!

  • 24/06/2017 at 9:00 AM

    Nice done Alex


Leave a Reply

SC ProDefence SRL - Cyber Security Services