Go Back   GamerzPlanet - For All Your Online Gaming Needs!! > Online Gaming > MU Online
Reload this Page Release Philip / Zhyper Cheat III
Home GzP Upload GzP Arcade Register All Albums FAQDonate Calendar Gameroom Today's Posts

MU Online Mu Online Discussion.


Philip / Zhyper Cheat III

MU Online


Closed Thread
 
Thread Tools Display Modes
Old 07-17-2009, 03:29 PM   #1
ron1987
Banned
 
Last Online: 10-06-2009 10:25 PM
Join Date: Apr 2009
Posts: 2
Rep Power: 0
Rep Points: 10
ron1987 is on a distinguished road
Feedback: (0)
Points: 37,387.74
Bank: 0.00
Total Points: 37,387.74
Philip / Zhyper Cheat III
Tested on season 4- Works fine!
Enjoy :) .

Features:
- Simple hithack
- Skill hithack
- Teleporting by coords
- Autokill
- PickUp items
- Vault hack
- Windows Vista Support

Using:
- Run the cheat
- Select client' main.exe path
- Press "Launch"
ron1987 is offline  
Sponsored Links
Old 07-17-2009, 09:40 PM   #2
bastardgo
Lurker
 
Last Online: 11-06-2009 04:46 AM
Join Date: Apr 2008
Posts: 4
Rep Power: 0
Rep Points: 10
bastardgo is on a distinguished road
Feedback: (0)
Points: 9,837.93
Bank: 0.00
Total Points: 9,837.93
Re: Philip / Zhyper Cheat III
it doesn't... i cant see the server list...
bastardgo is offline  
Old 07-17-2009, 09:52 PM   #3
jpsantos09
Registered User
 
Last Online: 10-31-2009 04:24 AM
Join Date: Nov 2008
Posts: 26
Rep Power: 0
Rep Points: 10
jpsantos09 is on a distinguished road
Feedback: (0)
Points: 3,446.17
Bank: 0.00
Total Points: 3,446.17
Re: Philip / Zhyper Cheat III
Ok i will try it xdd
thx for sharing
jpsantos09 is offline  
Old 07-26-2009, 01:37 PM   #4
exclicko0r
Registered User
 
Last Online: 10-30-2009 02:36 AM
Join Date: Feb 2008
Posts: 19
Rep Power: 0
Rep Points: 10
exclicko0r is on a distinguished road
Feedback: (0)
Points: 5,933.19
Bank: 0.00
Total Points: 5,933.19
Re: Philip / Zhyper Cheat III
this a keylogger 100%
exclicko0r is offline  
Old 08-19-2009, 09:00 AM   #5
braveyesha
Lurker
 
Last Online: Yesterday 08:13 AM
Join Date: Aug 2009
Posts: 2
Rep Power: 0
Rep Points: 10
braveyesha is on a distinguished road
Feedback: (0)
Points: 2,316.74
Bank: 0.00
Total Points: 2,316.74
Re: Philip / Zhyper Cheat III
why see the server/channel?
braveyesha is offline  
Old 08-26-2009, 05:04 AM   #6
kristoper001
Lurker
 
Last Online: 08-26-2009 05:25 AM
Join Date: Mar 2008
Posts: 2
Rep Power: 0
Rep Points: 10
kristoper001 is on a distinguished road
Feedback: (0)
Points: 603.47
Bank: 0.00
Total Points: 603.47
Re: Philip / Zhyper Cheat III
can you guys upload it on mediafire
cuz i cant download 2 or more files in rapidshare
kristoper001 is offline  
Old 08-26-2009, 05:39 PM   #7
DracoNuv
Lurker
 
Last Online: Yesterday 07:12 AM
Join Date: Jul 2009
Posts: 8
Rep Power: 0
Rep Points: 10
DracoNuv is on a distinguished road
Feedback: (0)
Points: 3,079.24
Bank: 0.00
Total Points: 3,079.24
Re: Philip / Zhyper Cheat III
LOL VIRUS TROJAN!! ****ING NOOB its Obvius... LURKER?
Don't Download it if you don't want to get trojan and hack your PC

PRESS THANKS IF I HELP!!
DracoNuv is offline  
Old 08-26-2009, 08:37 PM   #8
CampStaff
Moderator
 
Last Online: 11-19-2009 04:11 AM
Join Date: Mar 2009
Posts: 298
Rep Power: 2
Rep Points: 104
CampStaff will become famous soon enoughCampStaff will become famous soon enough
Feedback: (0)
Points: 26,532.93
Bank: 0.00
Total Points: 26,532.93
Re: Philip / Zhyper Cheat III
Malicious TROJAN Detected

Code:
Aug 27, 2009 04:17:18              192.168.0.255:1052     66.40.52.62:21     tcp
Aug 27, 2009 04:17:18              66.40.52.62:21     192.168.0.255:1052      tcp
[Only registered and activated users can see links. ]

We begin our analysis using the above link. The exe spawns three processes, which in turn spawn yet another three processes.

The second of the first set of processes spawned begins the stolen information gathering.
Code:
  •                [Only registered and activated users can see links. ]
    •              File: C:\Documents and Settings\Jim\Local Settings\Temp\program.exe
      • 

    •              File Type: file
      • 

    •              Source File Hash: 1419D3AB0044BBA7C2F611206DAB880094716CC7
      • 

    •              Creation/Distribution: CREATE_ALWAYS
      • 

    •              Desired Access: FILE_ANY_ACCESS
      • 

    •              Share Access: FILE_SHARE_READ FILE_SHARE_WRITE
      • 

    •              Flags: FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS
      • 

    •              Stored as: 3125d7f49da6394922e6d6001b25901f.exe
      • 

                     
                                    
    •              File: C:\Documents and Settings\Jim\Local Settings\Temp\u16event.dat
      • 

    •              File Type: file
      • 

    •              Source File Hash: hash_error
      • 

    •              Creation/Distribution: CREATE_ALWAYS
      • 

    •              Desired Access: FILE_ANY_ACCESS
      • 

    •              Share Access: FILE_SHARE_READ FILE_SHARE_WRITE
      • 

    •              Flags: FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS
      • 

    •              Stored as: 9543eebb06ce76c048a0243635e47dc9.dat
      • 

                     
 
    •
A dat file is created.
Code:
  • [Only registered and activated users can see links. ]
    •              File: C:\Documents and Settings\Jim\Local Settings\Temp\u16event.dat
      • 

    •              File Type: file
      • 

    •              Source File Hash: hash_error
      • 

    •              Desired Access: FILE_ANY_ACCESS
      • 

    •              Flags: SECURITY_ANONYMOUS
      • 

                     
 
    •
It then gets deleted so to not add new files and alert the infected user of its activity.
Code:
<li id="comsub2_bullet" class="open_folder">[Only registered and activated users can see links. ]                        
  • Create Instance:
    •                              InProcServer32: C:\WINDOWS\system32\ieframe.dll
      • 

    •                              Interface ID: {000214E6-0000-0000-C000-000000000046}
      • 

                   
    • 

             
  • Com Get Class Object
    •                            InProcServer32: C:\WINDOWS\system32\urlmon.dll
      • 

    •                            Interface ID: {00000001-0000-0000-C000-000000000046}
      • 

     
    •
An Inproc Server32 is then registered, allowing the data collected to begin to move from infected computer to the trojanners server/home pc.

Code:
Connections                     
  •                              Server: deadverb.freehostia.com
    • 

  •                              Service: INTERNET_SERVICE_FTP
    • 

  •                              Successful: 1
    • 

  •                              Api-Function: InternetConnectA
    •
This Trojan then connects to a free host.

Code:
Outgoing Connections

  • FTP Data
    •                  User Name v1sp3t
      • 

    •                  Password 2629342
      • 

    •                  Passive Mode 1
      • 

    •                  Remote Data Port 53860
      • 

    •                  Login Successful 1
      • 

    • 

  • Plain Communication Data
    •
And passes the proper information to the free FTP server. Username and password is needed for this trojan to finish transfering the collected data from the infected computer to the trojanners server/home pc.

Code:
Transport Protocol: TCP
           Remote Address: 66.40.52.62
           Remote Port: 21
           Protocol: FTP
           Connection Established: 1
           Socket: 1940
Here we show that its making a TCP connection from the trojanners server IP on which port and what protocol; FTP.
We will now delete the collected data from this particular trojanner.
Quote:
226 Transfer complete.
CWD /
250 CWD command successful.
RMD Mu Online
250 RMD command successful
DELE MIHAJLOVI_260809_1936.html
250 DELE command successful.
DELE PC-25_260809_2106.html
250 DELE command successful.
DELE SLOTPC_260809_2055.html
250 DELE command successful.
DELE LENOVO-4903350B_270809_0331.html
250 DELE command successful.
DELE LENOVO-4903350B_270809_0332.html
250 DELE command successful.
DELE MERC-AD53B44336_260809_1704.html
250 DELE command successful.
DELE MERC-AD53B44336_260809_1730.html
250 DELE command successful.
DELE FILIPPIN_260809_1909.html
250 DELE command successful.
DELE OWNER-PC_260809_2019.html
250 DELE command successful.
DELE DEVON-PC_260809_2121.html
250 DELE command successful.
DELE PC2_041019_1713.html
250 DELE command successful.
DELE PETER_030907_1817.html
250 DELE command successful.
PASV
227 Entering Passive Mode (66,40,52,62,196,139).
LIST -al
150 Opening ASCII mode data connection for file list
226 Transfer complete.
Quote:
F[Only registered and activated users can see links. ]

Report generated: 27.8.2009 at 4.17.37 (GMT 1)
Filename: program.exe
File size: 1171 KB
MD5 Hash: 2da2c50aa242b02a4c57874a7084e585
SHA1 Hash: 9EA954F432262D24D35864D304710AB15AE17905
Self-Extract Archive: Nothing found
Binder Detector: Nothing found
Detection rate: 13 on 22

Detections

a-squared - Riskware.Win32.VBInject!IK
Avira AntiVir - TR/Dropper.Gen
Avast - Win32:Trojan-gen {Other}
AVG - -
BitDefender - Trojan.Generic.2199205
ClamAV - -
Comodo - TrojWare.Win32.TrojanDropper.VB.abkx
Dr.Web - -
Ewido - -
F-PROT6 - -
Ikarus T3 - VirTool.Win32.VBInject
Kaspersky - Trojan-Dropper.Win32.VB.abkx
McAfee - -
NOD32 v3 - Win32/Injector.WZ
Norman - Trojan W32/Smalltroj.QHNL
Panda - Adware/AccesMembre
QuickHeal - Trojan.Agent.ATV
Solo Antivirus - -
Sophos - Mal/Generic-A
TrendMicro - -
VBA32 - -
VirusBuster - Trojan.DR.Agent.NGPL
Last edited by CampStaff; 08-26-2009 at 08:50 PM.
CampStaff is offline  
Closed Thread

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off
Forum Jump

All times are GMT -7. The time now is 07:10 AM.
 

Copyright ©2009, GamerzPlanet.Net
Visits: