@steve15 : I'm disapointed by myself because I have not exposed you earlier...
For the analysis, quick answer because I have no more time to loose on this...
OK, so here is my simple full process to expose the scam (so everyone with skills can do it) :
- unrar the exe
- remove the commented autoit script lines
- modify the script in order to have the decrypted file (and removing the nasty things)
- send the decrypted file to virustotal
and here are the virustotal results :
https://www.virustotal.com/fr/file/abbf75859716dbbe564d3b250aa7dfcb14c4b8f452257bd382e6a4187120a9a3/analysis/1390926392/ --> 45/50
Conclusion : steve15 is a not a professionnal pentester but rather a script kiddie trying to infect your computer with a backdoor.
No need to thank me !
@admin : you should remove the link to the tool and ban steve
Edit : @Chancellor : there is no vulnerability except the api in cgminer which is not actually a vulnerability
For the analysis, quick answer because I have no more time to loose on this...
OK, so here is my simple full process to expose the scam (so everyone with skills can do it) :
- unrar the exe
- remove the commented autoit script lines
- modify the script in order to have the decrypted file (and removing the nasty things)
- send the decrypted file to virustotal
and here are the virustotal results :
https://www.virustotal.com/fr/file/abbf75859716dbbe564d3b250aa7dfcb14c4b8f452257bd382e6a4187120a9a3/analysis/1390926392/ --> 45/50
Conclusion : steve15 is a not a professionnal pentester but rather a script kiddie trying to infect your computer with a backdoor.
No need to thank me !
@admin : you should remove the link to the tool and ban steve
Edit : @Chancellor : there is no vulnerability except the api in cgminer which is not actually a vulnerability
You really are an idiot, excuse my language.
Try this:
- Download whatever executable file online, for example Firefox installer.
- Scan with virustotal = 0/50
- Disasemble the exe or rar
- Remove the commented lines
- Modify the script to have the contents of the installer
- Remove some lines
- Send the decrypted file to virustotal = bam, at least 40/50
Every single executable known file in virustotal that gets modified with even 1 bit will get an instant alert.
That is the main reason why you cant fake EXE file assembly without triggering an alert.
Also notice our hashes:
My hash : A5F3453E03DD2E4F356BEC7FB595B799A8EA6BE2C0466CE8550C74E247511870
Your hash: abbf75859716dbbe564d3b250aa7dfcb14c4b8f452257bd382e6a4187120a9a3
You scanned a "*.BIN" file. You could have uploaded WHATEVER file you wanted to upload.
Hashcheck is not the same, so it is not the same file, period. That's called faking results.
You file contains at lease 15 DLL files that are not even present in my code!
THIS are the files included:
Try this second method:
Create any .NET project
Google some UPnP / network scanning methods/modules/classes
Compile and send to virustotal = bam, 40/50
So please, you have no idea what you are talking about.
You still failed to post the actual exploit code also.
You post the source from the crypter ITSELF to scare people, but you also fail to post the configuration file for it, so they can see i'm not using ANY of these 'scary' functions.
At most, you can be considered a medium skilled cracker, but that is where this story ends for you ici_lemmy.
Cracking, hacking and decompiling is more than running some cracked tools you found on thepiratebay.