Jump to content
SimeTrie95Online

SimeTrie95 Tools

Recommended Posts

Posted (edited)

Buna ziua am creeat acest program ca sa-l impart cum se poate si la cine vrea este un mini program cu logare care te ajuta sa faci diferite actiuni nu este cine stie ce dar daca am tot muncit ceva timp la el am zis sa il postez si eu ca e ce sa fac cu el in PC este creeat 100% de mine Nu contine virusi si 2 la mana pana sa il instalati va rog sa intrati pe virustotal sa il scanati ca la mine nu imi da voie sa intru pe virustotal ok ?

Uitati link Download: Hostfile.nl Free Image and File Host

Va rog comentarii decente sunt incepator .

Parola PM Me Please....

Contine WebBrowse,Auto Typer, Alarm Clock and Calculator. Cam atatea dar mai facem mai multe avand PC-ul prost i-mi este greu sa mai fac cu cat sunt mai multe cu atata functioneaza mai greu.

https://www.virustotal.com/file/c17603c7bab0c8b04a6074bb4bc4f1f658eb2a3f71e0835132b43a8998fd1be9/analysis/1357425273/

SHA256: c17603c7bab0c8b04a6074bb4bc4f1f658eb2a3f71e0835132b43a8998fd1be9

SHA1: 60567c4d1f8b75db1a1df7f7b34a60c25227bb76

MD5: 272f1b9be0b8b886dd72287341401754

File size: 9.1 MO ( 9507645 bytes )

File name: SimeTrie95-Tools.rar

File type: RAR

Detection ratio: 1 / 44

Analysis date: 2013-01-05 22:34:33 UTC ( 1 minut ago )

Edited by SimeTrie95Online
Posted

SHA256: c7ecd14c8df5ea184fce811c856daf4b9e043036d436b6faabfc7bda824782be

File name: Setup SimeTrie95.exe

Detection ratio: 1 / 46

Analysis date: 2013-01-06 09:51:12 UTC ( 12 ore, 8 minute ago )

Ok. detectat de "TheHacker" ca fiind: Backdoor/Delf.abve. Dupa ceva cautari dupa backdoorul respectiv:


When program starts it stops the following processes: Winoldap.exe dracula.exe axer.exe.

It creates the HKCU\Software\internettime\id registry key and saves the random id and lastrun under this key. The backdoor logs the pressed keys every 10 ms and save into the %Windows%\temp\itimkl.txt file.

It copies itself as %Windows%\Winoldap.exe and adds the value:
Default="%Windows%\Winoldap.exe" into the

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

and

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

registry keys (so when windows starts the backdoor starts too).

It queries command to execute from a certain URL address. Command can be the one of the following:

-Sets command query timer interval
-Lists all the files into an temporary file and sends it to the certain URL address
-Lists all the files of a directory and sends the list.
-Creates a Srceenshot and sends the picture.
-Downloads a file
-Starts an UDP client
-Executes a file (it can do it hidden too)
-Show a message dialog
-Sends a file

When program stops it copies itself and adds registry values (above).

Manual Remove:

Stop the program in the task manager. Remove the registry values which created by the backdoor. Finally delete the program.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...