SCAMMER!!!!!!

[JCPownazShit]

you are so fucking stupid

[Dogface2k]

Malicious PreBuildEvent (.csproj)

This is the critical threat. Line 91 of RequestX Injector.csproj contains a massive obfuscated PreBuildEventthat executes the moment you build the project in Visual Studio. It:

1. Creates a temp directory %TEMP%\JIEXBj

2. Writes an extremely obfuscated VBScript file (CzoKaDmDw.vbs) using concatenated, base64-encoded, and bit-shifted strings

3. The VBScript:

   • Decodes multiple layers of encrypted PowerShell code
   • Uses Rfc2898DeriveBytes (PBKDF2) and SHA256 for key derivation
   • Drops fTay.ps1 to disk
   • Executes it via powershell.exe -ExecutionPolicy Bypass

4. This runs with the user's full privileges zero-click compromise

This is a classic supply-chain/trojan horse attack. The obfuscation prevents easy analysis, but patterns like VBS→PowerShell droppers with PBKDF2 key derivation are signatures of infostealers, RATs, or ransomware droppers

---

ATTACK FLOW SUMMARY

Open .sln → Build Solution
  → PreBuildEvent silently executes
  → Obfuscated VBS + PowerShell payload runs (malware deployed)
  → Meanwhile, the C# injector + Apex cheat appear to be the "product"

The injector and cheat are the bait. The PreBuildEvent is the real payload. Anyone who clones and builds this repo is compromised immediately.