BlackHat link said:
It's not new or the latest one, it was released back in July 2014 and I used it, so I know personally.
http://ugbase.eu/help-7/decomplie-files-help/msg54585/#msg54585
- Thread starter springfield
- Start date
- Status
It's not new or the latest one, it was released back in July 2014 and I used it, so I know personally.
http://ugbase.eu/help-7/decomplie-files-help/msg54585/#msg54585
springfield
God
- Joined
- Feb 18, 2005
- Messages
- 2,965
- Reaction score
- 271
It's themida packed, so of course it will give false positive. File is clean.
m1zg4rd_PL
Well-known member
- Joined
- Jul 19, 2013
- Messages
- 222
- Reaction score
- 0
springfield link said:
Code:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Memory Mapped Files:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File Name: [ C:\CLEO_Decry.exe ]
File Name: [ C:\WINDOWS\System32\wshtcpip.dll ]
File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll ]
File Name: [ C:\WINDOWS\WindowsShell.Manifest ]
File Name: [ C:\WINDOWS\system32\DNSAPI.dll ]
File Name: [ C:\WINDOWS\system32\MSCTF.dll ]
File Name: [ C:\WINDOWS\system32\RASAPI32.DLL ]
File Name: [ C:\WINDOWS\system32\SHELL32.dll ]
File Name: [ C:\WINDOWS\system32\TAPI32.dll ]
File Name: [ C:\WINDOWS\system32\UxTheme.dll ]
File Name: [ C:\WINDOWS\system32\WININET.dll ]
File Name: [ C:\WINDOWS\system32\WS2HELP.dll ]
File Name: [ C:\WINDOWS\system32\WS2_32.dll ]
File Name: [ C:\WINDOWS\system32\hnetcfg.dll ]
File Name: [ C:\WINDOWS\system32\imm32.dll ]
File Name: [ C:\WINDOWS\system32\mlang.dll ]
File Name: [ C:\WINDOWS\system32\mswsock.dll ]
File Name: [ C:\WINDOWS\system32\rasadhlp.dll ]
File Name: [ C:\WINDOWS\system32\rasman.dll ]
File Name: [ C:\WINDOWS\system32\rtutils.dll ]
File Name: [ C:\WINDOWS\system32\sensapi.dll ]
File Name: [ C:\WINDOWS\system32\urlmon.dll ]
File Name: [ C:\WINDOWS\system32\winmm.dll ]
File Name: [ C:\WINDOWS\system32\wsock32.dll ]So, why it's using network DLLs?
T3KTONIT
Well-known member
- Joined
- Sep 2, 2013
- Messages
- 308
- Reaction score
- 5
*--------------- This is a continuation of [member=3732]m1zg4rd[/member] 's post... ---------------*
USE AT YOUR OWN RISK!
File contains numerous Networking DLLs including:
File Name: [ C:\WINDOWS\System32\wshtcpip.dll ]
File Name: [ C:\WINDOWS\system32\wsock32.dll ]
File Name: [ C:\WINDOWS\system32\urlmon.dll ]
File Name: [ C:\WINDOWS\system32\mswsock.dll ]
File Name: [ C:\WINDOWS\system32\WS2_32.dll ]
Also sends DNS query tofrs-online.ru .
in other words...
This file might contain either a Stealer or Keylogger or Trojan or or a Downloader (Which basically downloads either of the 3).
For all of you who have already downloaded and used this. i am deeply sorry to tell you, you're fucked!.
USE AT YOUR OWN RISK!
File contains numerous Networking DLLs including:
File Name: [ C:\WINDOWS\System32\wshtcpip.dll ]
File Name: [ C:\WINDOWS\system32\wsock32.dll ]
File Name: [ C:\WINDOWS\system32\urlmon.dll ]
File Name: [ C:\WINDOWS\system32\mswsock.dll ]
File Name: [ C:\WINDOWS\system32\WS2_32.dll ]
Also sends DNS query to
in other words...
This file might contain either a Stealer or Keylogger or Trojan or or a Downloader (Which basically downloads either of the 3).
For all of you who have already downloaded and used this. i am deeply sorry to tell you, you're fucked!.
springfield
God
- Joined
- Feb 18, 2005
- Messages
- 2,965
- Reaction score
- 271
Because it's cracked, normaly it would require a key which would be checked over the internet.
As always, any .exe file you download from anywhere are to be used at your own risk.
As always, any .exe file you download from anywhere are to be used at your own risk.
Opcode.eXe
Expert
because its TURE? You call yourself a blackhat u should know it :yuno:BlackHat link said:
springfield
God
- Joined
- Feb 18, 2005
- Messages
- 2,965
- Reaction score
- 271
:face_palm:BlackHat link said:
dokoko14
Well-known member
if someone gay he need to be gay because gay is everything
mg_run:
- Joined
- Feb 18, 2013
- Messages
- 1,119
- Reaction score
- 168
Ok, to make it clear under this cirumstances dont use it.
There are the arguments why:
It has too many protection against things that can't harm it and also like seen on some page it accesses http://frs-online.ru/.
If you executed this Program formely scan your pc and maybe change your passwords.
It may not steal private information, but it does many things a virus would do.
I've removed the download and closed the thread theres nothing more to say about it.
/E:
Also dont say ye... it's because it is cracked why pack a cracked executeable (common sense).
There are the arguments why:
- It acts like other virus, it refuses to execute the real payload on vms.
- It refuses to execute the real payload under given cirumstances (wireshark, wpe, any network analyses tool).
It has too many protection against things that can't harm it and also like seen on some page it accesses http://frs-online.ru/.
If you executed this Program formely scan your pc and maybe change your passwords.
It may not steal private information, but it does many things a virus would do.
I've removed the download and closed the thread theres nothing more to say about it.
/E:
Also dont say ye... it's because it is cracked why pack a cracked executeable (common sense).
- Status