Added Sentry debugging, getting long string as undefined
That's probably a malware works, mostly reported on windows platform. As you can see from the question, comments and from the internet; all reported for windows systems. According to few malicious activity logging/analysis/reporting service (see ref links below); the malware writes/ends the file with a series of “PADDINGPADDINGXX” strings.
Search in extracted strings section of following sites
- https://www.hybrid-analysis.com/sample/90fa224a030dc8c20e31bc5a6bd02885605e36d01646f40151ba23741830efb7?environmentId=1
- https://totalhash.cymru.com/analysis/?d88d47519bcc49b5c3b345e98e87d20b8928a2c3
- https://www.reverse.it/sample/8cb0a45f5a071c0f521a8afb62335e23fdcc3a3e06bac9a392bff1a89b40cf8c?environmentId=100
- https://www.reverse.it/sample/3f62bec0770de977b84b61c4f72813120f8d6fb6eb4caf96dc7e8e7b4676e444?environmentId=100
- https://www.zscaler.com/blogs/research/current-trojan-ambler-activity
- https://malwr.com/analysis/MzIyYmFkMWM1M2FmNDVlM2JlZjBmYmYwZmM4NDIwMTI/
This is a speculative answer. But I intend this to be a resource collection of links pointing towards understanding this issue. Feel free to improve this!
- Malware analysis of rtfn.exe
- Visual Studio error :: Error occurring due to one click amazon toolbar
- Bloated application size
- Releasing a game for different platforms :: It states the following:
ac2game.dat is just your windows .exe renamed. You can snip out the unnecessary executable parts by opening it in a hex editor and searching for the string "PADDING". There is a block of text that repeats "PADDINGXX" for a bit, then "CLIB". Chop out everything before CLIB (but leave CLIB). This saves a little space.
- Extracting resources with dlls
- 4 lines PADDINGXX at the end of executable
- interesting IRC log
It's always good to sumble upon a good 1.8k block of "PADDINGXXPADDINGXXPADDINGXX"
All of this leads me to believe that this occurs when memory is allocated, but not utilised. So in your case IE spaghetti code must have picked up some of this.