Added Sentry debugging, getting long string as undefined

 

We're building a Angular 1.x app with Bootstrap components. We recently added Sentry debugging to site and just got this error:

'PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX' is undefined

browser = IE 11.0
device = Other
level = error
logger = javascript
os = Windows 8.1

Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; InfoPath.3; MDDCJS; rv:11.0) like Gecko

I found a couple of references on Twitter but nothing else. Anyone seen this before? How can I fix this?

That's probably a malware works, mostly reported on windows platform. As you can see from the question, comments and from the internet; all reported for windows systems. According to few malicious activity logging/analysis/reporting service (see ref links below); the malware writes/ends the file with a series of “PADDINGPADDINGXX” strings.

Search in extracted strings section of following sites

  • https://www.hybrid-analysis.com/sample/90fa224a030dc8c20e31bc5a6bd02885605e36d01646f40151ba23741830efb7?environmentId=1
  • https://totalhash.cymru.com/analysis/?d88d47519bcc49b5c3b345e98e87d20b8928a2c3
  • https://www.reverse.it/sample/8cb0a45f5a071c0f521a8afb62335e23fdcc3a3e06bac9a392bff1a89b40cf8c?environmentId=100
  • https://www.reverse.it/sample/3f62bec0770de977b84b61c4f72813120f8d6fb6eb4caf96dc7e8e7b4676e444?environmentId=100
  • https://www.zscaler.com/blogs/research/current-trojan-ambler-activity
  • https://malwr.com/analysis/MzIyYmFkMWM1M2FmNDVlM2JlZjBmYmYwZmM4NDIwMTI/

    • This is a speculative answer. But I intend this to be a resource collection of links pointing towards understanding this issue. Feel free to improve this!

  • Malware analysis of rtfn.exe
  • Visual Studio error :: Error occurring due to one click amazon toolbar
  • Bloated application size
  • Releasing a game for different platforms :: It states the following:

    ac2game.dat is just your windows .exe renamed. You can snip out the unnecessary executable parts by opening it in a hex editor and searching for the string "PADDING". There is a block of text that repeats "PADDINGXX" for a bit, then "CLIB". Chop out everything before CLIB (but leave CLIB). This saves a little space.

  • Extracting resources with dlls
  • 4 lines PADDINGXX at the end of executable
  • interesting IRC log

    It's always good to sumble upon a good 1.8k block of "PADDINGXXPADDINGXXPADDINGXX"

    • All of this leads me to believe that this occurs when memory is allocated, but not utilised . So in your case IE spaghetti code must have picked up some of this.

    链接地址: http://www.djcxy.com/p/51922.html

    上一篇: Google Chrome在alert()功能上的不可预知的行为

    下一篇: 增加了Sentry调试功能,将未定义的字符串变长