{"id":57933,"date":"2017-09-25T14:26:40","date_gmt":"2017-09-25T19:26:40","guid":{"rendered":"https:\/\/www.pcmatic.com\/blog\/?p=57933"},"modified":"2017-09-25T14:26:40","modified_gmt":"2017-09-25T19:26:40","slug":"locky-malware-distributed-via-7zscript","status":"publish","type":"post","link":"https:\/\/www.pcmatic.com\/blog\/locky-malware-distributed-via-7zscript\/","title":{"rendered":"Locky malware being distributed via 7z\/script"},"content":{"rendered":"<p>A week ago, Lawrence Abrams at Bleeping Computer <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/locky-ransomware-switches-to-the-ykcol-extension-for-encrypted-files\/\">wrote <\/a>about Locky ransomware now taking a 7z form. The PC Matic Research Team has seen this new form of Locky this past week. Like many other variants of Locky, the core components which make up the binary are very similar except for the encrypted file extension switching to ykcol., locky spelled backwards.<\/p>\n<p>The new initial infection vector see&#8217;s a somewhat odd usage of a 7z archive with an accompanying email which convinces the user to open the archive and file within. In our sample, the file in the archive had a .vbs extension. The Visual Basic (VBS) file, when double-clicked, attempts to run using WScript aka Windows Script Host. Visual Basic scripts can both download content from servers using the Internet and execute programs using the command shell. The VB Script is highly obfuscated to try and thwart analysis, or a least provide a nice puzzle to analysts. However, once it is deobfuscated, all it does is try a few servers for an executable file, download the file, and then run it. So much like other versions of Locky, this one still uses a typical .exe file to run. The difference is that by using a compressed 7z and vbs, it may trick certain email scanning and network scanning anti-malware platforms or make the user feel that it is a safe file too.<\/p>\n<p>Here&#8217;s a look at some of the code. Please click the images for a larger picture:<\/p>\n<figure id=\"attachment_57937\" aria-describedby=\"caption-attachment-57937\" style=\"width: 689px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/Anim2UniBall.png\"><img fetchpriority=\"high\" decoding=\"async\" class=\"wp-image-57937\" src=\"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/Anim2UniBall.png\" alt=\"Game function which is never called in malware\" width=\"689\" height=\"504\" srcset=\"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/Anim2UniBall.png 1047w, https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/Anim2UniBall-768x562.png 768w\" sizes=\"(max-width: 689px) 100vw, 689px\" \/><\/a><figcaption id=\"caption-attachment-57937\" class=\"wp-caption-text\">The first shot contains an interesting video-game like function called Anim2Uniball, which is never called. Possibly meant to throw off automated analysis systems<\/figcaption><\/figure>\n<figure id=\"attachment_57938\" aria-describedby=\"caption-attachment-57938\" style=\"width: 506px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/Locky_Dummy_Func.png\"><img decoding=\"async\" class=\"wp-image-57938 size-full\" src=\"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/Locky_Dummy_Func.png\" alt=\"RobertBaration\" width=\"506\" height=\"260\" \/><\/a><figcaption id=\"caption-attachment-57938\" class=\"wp-caption-text\">Secondly, we have another useless function which is never called, named RobertBaration, a likely misspelling of Robert Baratheon from the popular show, Game of Thrones.<\/figcaption><\/figure>\n<figure id=\"attachment_57939\" aria-describedby=\"caption-attachment-57939\" style=\"width: 882px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/LurkMore.png\"><img decoding=\"async\" class=\"wp-image-57939\" src=\"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/LurkMore.png\" alt=\"Lurkmoremanoeuvring variable names\" width=\"882\" height=\"341\" srcset=\"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/LurkMore.png 1729w, https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/LurkMore-768x297.png 768w\" sizes=\"(max-width: 882px) 100vw, 882px\" \/><\/a><figcaption id=\"caption-attachment-57939\" class=\"wp-caption-text\">Finally, here is some functionality which is used but which has nonsensical names. It is clear that an &#8220;automatic obfuscator&#8221; program was not used here because that would have replaced every string with complete gibberish or random numbers. In this case, the author of the script used nonsensical names but the names do hold actual meaning in other contexts, such as RobertBaration<\/figcaption><\/figure>\n<p>Using the methods outlined in <a href=\"https:\/\/techtalk.pcpitstop.com\/2017\/07\/03\/deobfuscating-javascript-malware\/\">this post<\/a>, we successfully deobfuscated the program and extracted as much info as possible. You will notice that the previous post is titled &#8220;Deobfuscating JavaScript Malware&#8221; and this one contains a Visual Basic Script instead of JavaScript. Although the language is different, the methodology of deobfuscating and even running the two is the same. Both types of scripts can be evaluated by Windows Script Host, both can download and run files, and both essentially work in the same manner to deliver malware. PC Matic SuperShield will protect against this threat with its superior whitelisting approach.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A week ago, Lawrence Abrams at Bleeping Computer wrote about Locky ransomware now taking a 7z form. The PC Matic Research Team has seen this new form of Locky this past week. Like many other variants of Locky, the core components which make up the binary are very similar except for the encrypted file extension [&hellip;]<\/p>\n","protected":false},"author":68,"featured_media":55153,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[4851,4949],"tags":[2853,4900,4363,4892,5346,5347],"class_list":["post-57933","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-malware-research-team","category-ransomware","tag-analysis","tag-locky","tag-ransomware","tag-research","tag-script","tag-vbs"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Locky malware being distributed via 7z\/script<\/title>\n<meta name=\"description\" content=\"A week ago, Lawrence Abrams at Bleeping Computer wrote about Locky ransomware now taking a 7z form. The PC Matic Research Team has seen this new form of\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.pcmatic.com\/blog\/locky-malware-distributed-via-7zscript\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Locky malware being distributed via 7z\/script\" \/>\n<meta property=\"og:description\" content=\"A week ago, Lawrence Abrams at Bleeping Computer wrote about Locky ransomware now taking a 7z form. The PC Matic Research Team has seen this new form of\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.pcmatic.com\/blog\/locky-malware-distributed-via-7zscript\/\" \/>\n<meta property=\"og:site_name\" content=\"PC Matic Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/pcmatic\" \/>\n<meta property=\"article:published_time\" content=\"2017-09-25T19:26:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/lockBG-blue.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"730\" \/>\n\t<meta property=\"og:image:height\" content=\"410\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"PC Matic Malware Research\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@pcmatic\" \/>\n<meta name=\"twitter:site\" content=\"@pcmatic\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"PC Matic Malware Research\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/locky-malware-distributed-via-7zscript\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/locky-malware-distributed-via-7zscript\\\/\"},\"author\":{\"name\":\"PC Matic Malware Research\",\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/#\\\/schema\\\/person\\\/f5f9723c200c849e0a641a91c625683c\"},\"headline\":\"Locky malware being distributed via 7z\\\/script\",\"datePublished\":\"2017-09-25T19:26:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/locky-malware-distributed-via-7zscript\\\/\"},\"wordCount\":489,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/locky-malware-distributed-via-7zscript\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/wp-content\\\/uploads\\\/lockBG-blue.jpg\",\"keywords\":[\"analysis\",\"Locky\",\"ransomware\",\"Research\",\"script\",\"vbs\"],\"articleSection\":[\"Malware Research Team\",\"Ransomware\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/locky-malware-distributed-via-7zscript\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/locky-malware-distributed-via-7zscript\\\/\",\"url\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/locky-malware-distributed-via-7zscript\\\/\",\"name\":\"Locky malware being distributed via 7z\\\/script\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/locky-malware-distributed-via-7zscript\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/locky-malware-distributed-via-7zscript\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/wp-content\\\/uploads\\\/lockBG-blue.jpg\",\"datePublished\":\"2017-09-25T19:26:40+00:00\",\"description\":\"A week ago, Lawrence Abrams at Bleeping Computer wrote about Locky ransomware now taking a 7z form. The PC Matic Research Team has seen this new form of\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/locky-malware-distributed-via-7zscript\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/locky-malware-distributed-via-7zscript\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/locky-malware-distributed-via-7zscript\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/wp-content\\\/uploads\\\/lockBG-blue.jpg\",\"contentUrl\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/wp-content\\\/uploads\\\/lockBG-blue.jpg\",\"width\":730,\"height\":410},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/locky-malware-distributed-via-7zscript\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Locky malware being distributed via 7z\\\/script\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/\",\"name\":\"PC Matic Blog\",\"description\":\"Tech Tips and Tricks\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/#organization\",\"name\":\"PC Matic - Top Antivirus Company in the USA.\",\"url\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/techtalk.pcmatic.com\\\/wp-content\\\/uploads\\\/PC-MaticLogo-e1472689639222.png\",\"contentUrl\":\"https:\\\/\\\/techtalk.pcmatic.com\\\/wp-content\\\/uploads\\\/PC-MaticLogo-e1472689639222.png\",\"width\":1535,\"height\":483,\"caption\":\"PC Matic - Top Antivirus Company in the USA.\"},\"image\":{\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/pcmatic\",\"https:\\\/\\\/x.com\\\/pcmatic\",\"https:\\\/\\\/www.instagram.com\\\/pcmaticusa\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/pcmatic\",\"https:\\\/\\\/www.youtube.com\\\/c\\\/PCMaticVideo\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/#\\\/schema\\\/person\\\/f5f9723c200c849e0a641a91c625683c\",\"name\":\"PC Matic Malware Research\",\"url\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/author\\\/pc-matic-malware-research\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Locky malware being distributed via 7z\/script","description":"A week ago, Lawrence Abrams at Bleeping Computer wrote about Locky ransomware now taking a 7z form. The PC Matic Research Team has seen this new form of","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.pcmatic.com\/blog\/locky-malware-distributed-via-7zscript\/","og_locale":"en_US","og_type":"article","og_title":"Locky malware being distributed via 7z\/script","og_description":"A week ago, Lawrence Abrams at Bleeping Computer wrote about Locky ransomware now taking a 7z form. The PC Matic Research Team has seen this new form of","og_url":"https:\/\/www.pcmatic.com\/blog\/locky-malware-distributed-via-7zscript\/","og_site_name":"PC Matic Blog","article_publisher":"https:\/\/www.facebook.com\/pcmatic","article_published_time":"2017-09-25T19:26:40+00:00","og_image":[{"width":730,"height":410,"url":"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/lockBG-blue.jpg","type":"image\/jpeg"}],"author":"PC Matic Malware Research","twitter_card":"summary_large_image","twitter_creator":"@pcmatic","twitter_site":"@pcmatic","twitter_misc":{"Written by":"PC Matic Malware Research","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.pcmatic.com\/blog\/locky-malware-distributed-via-7zscript\/#article","isPartOf":{"@id":"https:\/\/www.pcmatic.com\/blog\/locky-malware-distributed-via-7zscript\/"},"author":{"name":"PC Matic Malware Research","@id":"https:\/\/www.pcmatic.com\/blog\/#\/schema\/person\/f5f9723c200c849e0a641a91c625683c"},"headline":"Locky malware being distributed via 7z\/script","datePublished":"2017-09-25T19:26:40+00:00","mainEntityOfPage":{"@id":"https:\/\/www.pcmatic.com\/blog\/locky-malware-distributed-via-7zscript\/"},"wordCount":489,"commentCount":0,"publisher":{"@id":"https:\/\/www.pcmatic.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.pcmatic.com\/blog\/locky-malware-distributed-via-7zscript\/#primaryimage"},"thumbnailUrl":"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/lockBG-blue.jpg","keywords":["analysis","Locky","ransomware","Research","script","vbs"],"articleSection":["Malware Research Team","Ransomware"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.pcmatic.com\/blog\/locky-malware-distributed-via-7zscript\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.pcmatic.com\/blog\/locky-malware-distributed-via-7zscript\/","url":"https:\/\/www.pcmatic.com\/blog\/locky-malware-distributed-via-7zscript\/","name":"Locky malware being distributed via 7z\/script","isPartOf":{"@id":"https:\/\/www.pcmatic.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.pcmatic.com\/blog\/locky-malware-distributed-via-7zscript\/#primaryimage"},"image":{"@id":"https:\/\/www.pcmatic.com\/blog\/locky-malware-distributed-via-7zscript\/#primaryimage"},"thumbnailUrl":"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/lockBG-blue.jpg","datePublished":"2017-09-25T19:26:40+00:00","description":"A week ago, Lawrence Abrams at Bleeping Computer wrote about Locky ransomware now taking a 7z form. The PC Matic Research Team has seen this new form of","breadcrumb":{"@id":"https:\/\/www.pcmatic.com\/blog\/locky-malware-distributed-via-7zscript\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.pcmatic.com\/blog\/locky-malware-distributed-via-7zscript\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.pcmatic.com\/blog\/locky-malware-distributed-via-7zscript\/#primaryimage","url":"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/lockBG-blue.jpg","contentUrl":"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/lockBG-blue.jpg","width":730,"height":410},{"@type":"BreadcrumbList","@id":"https:\/\/www.pcmatic.com\/blog\/locky-malware-distributed-via-7zscript\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.pcmatic.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Locky malware being distributed via 7z\/script"}]},{"@type":"WebSite","@id":"https:\/\/www.pcmatic.com\/blog\/#website","url":"https:\/\/www.pcmatic.com\/blog\/","name":"PC Matic Blog","description":"Tech Tips and Tricks","publisher":{"@id":"https:\/\/www.pcmatic.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.pcmatic.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.pcmatic.com\/blog\/#organization","name":"PC Matic - Top Antivirus Company in the USA.","url":"https:\/\/www.pcmatic.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.pcmatic.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/techtalk.pcmatic.com\/wp-content\/uploads\/PC-MaticLogo-e1472689639222.png","contentUrl":"https:\/\/techtalk.pcmatic.com\/wp-content\/uploads\/PC-MaticLogo-e1472689639222.png","width":1535,"height":483,"caption":"PC Matic - Top Antivirus Company in the USA."},"image":{"@id":"https:\/\/www.pcmatic.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/pcmatic","https:\/\/x.com\/pcmatic","https:\/\/www.instagram.com\/pcmaticusa\/","https:\/\/www.linkedin.com\/company\/pcmatic","https:\/\/www.youtube.com\/c\/PCMaticVideo"]},{"@type":"Person","@id":"https:\/\/www.pcmatic.com\/blog\/#\/schema\/person\/f5f9723c200c849e0a641a91c625683c","name":"PC Matic Malware Research","url":"https:\/\/www.pcmatic.com\/blog\/author\/pc-matic-malware-research\/"}]}},"_links":{"self":[{"href":"https:\/\/www.pcmatic.com\/blog\/wp-json\/wp\/v2\/posts\/57933","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.pcmatic.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.pcmatic.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.pcmatic.com\/blog\/wp-json\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.pcmatic.com\/blog\/wp-json\/wp\/v2\/comments?post=57933"}],"version-history":[{"count":0,"href":"https:\/\/www.pcmatic.com\/blog\/wp-json\/wp\/v2\/posts\/57933\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.pcmatic.com\/blog\/wp-json\/wp\/v2\/media\/55153"}],"wp:attachment":[{"href":"https:\/\/www.pcmatic.com\/blog\/wp-json\/wp\/v2\/media?parent=57933"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.pcmatic.com\/blog\/wp-json\/wp\/v2\/categories?post=57933"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.pcmatic.com\/blog\/wp-json\/wp\/v2\/tags?post=57933"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}