Go Back   GamerzPlanet - For All Your Online Gaming Needs!! > General Gaming > Steam Games
Reload this Page Announcement [Clean] TF2 Achievement Hack
Home GzP Upload GzP Arcade Register All Albums FAQDonate Calendar Gameroom Today's Posts

Steam Games Discuss all Steam games here (Half-Life 2, Counter-Strike etc)


[Clean] TF2 Achievement Hack

Steam Games


Closed Thread
 
Thread Tools Display Modes
Old 05-11-2009, 05:09 AM   #1
josefsopiarz
Banned
 
Last Online: 08-18-2009 05:22 PM
Join Date: May 2009
Posts: 1
Rep Power: 0
Rep Points: 10
josefsopiarz is on a distinguished road
Feedback: (0)
Points: 598.26
Bank: 0.00
Total Points: 598.26
[Clean] TF2 Achievement Hack
Run the TF2 Achievement hack and you will get all achievements!
Have fun!



File Info

Report generated: 11.5.2009 at 13.06.32 (GMT 1)
Filename: UnlockTF2Achievements.exe
File size: 1332 KB
MD5 Hash: 8B9FEA63A1D4805A5EDFD9D4732B865C
SHA1 Hash: F46CDFB038DD7236B6EB7EB8FB1686B5FE5D8F16
Packer detected: Microsoft Visual Basic 5.0 / 6.0 [Debug]
Self-Extract Archive: Nothing found
Binder Detector: Nothing found
Detection rate: 0 on 24

Detections

a-squared - Nothing found!
Avira AntiVir - Nothing found!
Avast - Nothing found!
AVG - Nothing found!
BitDefender - Nothing found!
ClamAV - Nothing found!
Comodo - Nothing found!
Dr.Web - Nothing found!
Ewido - Nothing found!
F-PROT 6 - Nothing found!
G DATA - Nothing found!
IkarusT3 - Nothing found!
Kaspersky - Nothing found!
McAfee - Nothing found!
MHR (Malware Hash Registry) - Nothing found!
NOD32 v3 - Nothing found!
Norman - Nothing found!
Panda - Nothing found!
Quick Heal - Nothing found!
Solo Antivirus - Nothing found!
Sophos - Nothing found!
TrendMicro - Nothing found!
VBA32 - Nothing found!
Virus Buster - Nothing found!

Scan report generated by
[Only registered and activated users can see links. ]
Last edited by Einhanderkiller; 05-11-2009 at 07:51 AM.
josefsopiarz is offline  
Old 05-11-2009, 05:45 AM   #2
CampStaff
Moderator
 
Last Online: Today 09:06 AM
Join Date: Mar 2009
Posts: 300
Rep Power: 2
Rep Points: 110
CampStaff will become famous soon enoughCampStaff will become famous soon enough
Feedback: (0)
Points: 26,915.50
Bank: 0.00
Total Points: 26,915.50
Re: [Clean] TF2 Achievement Hack
Malicious TROJAN Detected

When we unrar this trojan, the icon of the exe is not of the original. Plus the file size is the same size of a recent trojan posted here a few days ago.. in fact, [Only registered and activated users can see links. ] it is exactly the same as the mentioned trojan, just renamed to pretend to be a cheat.

[Only registered and activated users can see links. ] [Only registered and activated users can see links. ]

Code:
Performs File Modification and Destruction: The executable modifies and destructs files which are not temporary. 
Performs Registry Activities: The executable reads and modifies register values. It also creates and monitors register keys.
Quote:
[ General information ]
* Applications uses MSVBVM60.DLL (Visual Basic 6).
* File length: 1364038 bytes.
* MD5 hash: 8b9fea63a1d4805a5edfd9d4732b865c.

[ Process/window information ]
* Creates a COM object with CLSID {FCFB3D23-A0FA-1068-A738-08002B3371B5} :
VBRuntime.
* Creates a COM object with CLSID {E93AD7C1-C347-11D1-A3E2-00A0C90AEA82} :
VBRuntime6.
The original file was created using C++, not VB6. Also, as the process info shows, its creating a COM object. COM has been replaced at least to some extent by the Microsoft .NET framework, and support for Web Services through the Windows Communication Foundation (WCF). Usually COM objects are/were used to access the internet. Googling the CLSID's shows they're used in existing trojans on the net.

This trojan creates these files on the host computer:
Number of new processes: 10
Quote:
Unlock TF2 Achievements.exe (1180)
  • svchost.exe (1912)
    • svchost.exe (1184)
    • svchost.exe (1496)
    • svchost.exe (1232)
    • svchost.exe (1236)
      • dwwin.exe (1888)
    • svchost.exe (1628)
    • svchost.exe (2032)
  • cmd.exe (1568)
C:\​​DOCUME~1\​​ADMINI~1\​​LOCALS~1\​​Temp\​​test. htm
C:\​​DOCUME~1\​​ADMINI~1\​​LOCALS~1\​​Temp\​​test. htm
c:\​​docume~1\​​admini~1\​​locals~1\​​temp\​​svcho st.exe
C:\​​DOCUME~1\​​ADMINI~1\​​LOCALS~1\​​Temp\​​melt. bat
It also opens these files on the host computer:
Code:
C:\​​Documents and Settings\​​Administrator\​​Local Settings\​​Temporary Internet Files\​​Content.IE5\​​index.dat
C:\​​Documents and Settings\​​Administrator\​​Cookies\​​index.dat
C:\​​Documents and Settings\​​Administrator\​​Local Settings\​​History\​​History.IE5\​​index.dat
C:\​​Documents and Settings\​​Administrator\​​Local Settings\​​History

C:\​​Documents and Settings\​​All Users\​​Application Data\​​Microsoft\​​Network\​​Connections\​​Pbk\​​rasphone.pbk
c:\​​autoexec.bat
C:\​​DOCUME~1\​​ADMINI~1\​​LOCALS~1\​​Temp\​​1081A79.dmp
C:\​​WINDOWS\​​AppPatch\​​systest.sdb     open       
C:\​​DOCUME~1\​​ADMINI~1\​​LOCALS~1\​​Temp\​​test.htm     open     
C:\​​WINDOWS\​​system32\​​shell32.dll.124.Config     open     
C:\​​WINDOWS\​​WindowsShell.Config     open          
C:\​​WINDOWS\​​system32\​​comctl32.dll.124.Config     open     
c:\​​docume~1\​​admini~1\​​locals~1\​​temp\​​svchost.exe     open    
C:\​​WINDOWS\​​system32\​​urlmon.dll.123.Config     open     
c:\​​docume~1\​​admini~1\​​locals~1\​​temp\​​svchost.exe.Manifest     open     
C:\​​DOCUME~1\​​ADMINI~1\​​LOCALS~1\​​Temp\​​melt.bat     open     
C:\​​WINDOWS\​​system32\​​cmd.exe.Manifest     open     
C:\​​WINDOWS\​​WINHELP.INI
It accesses or creates these keys in the host computers registry:
Code:
\​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​Keyboard Layout\​​Toggle
HKEY_LOCAL_MACHINE\​​System\​​CurrentControlSet\​​Control\​​Nls\​​Codepage
\​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ SOFTWARE\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings
\​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​windows\​​CurrentVersion\​​Internet Settings\​​Connections
\​​Registry\​​MACHINE\​​System\​​CurrentControlSet\​​Control\​​Session Manager
HKEY_LOCAL_MACHINE\​​Software\​​Classes\​​Interface
\​​REGISTRY\​​MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Image File Execution Options\​​svchost.exe\​​RpcThreadPoolThrottle
\​​REGISTRY\​​MACHINE\​​SYSTEM\​​ControlSet001\​​Control\​​ComputerName\​​ActiveComputerName
\​​REGISTRY\​​MACHINE\​​Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Explorer\​​Performance     maximum allowed     
HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Image File Execution Options\​​shell32.dll
HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Image File Execution Options\​​comctl32.dll
HKEY_LOCAL_MACHINE\​​Software\​​Policies\​​Microsoft\​​System\​​DNSclient
\​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Classes\​​htmlfile\​​shell
\​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Explorer\​​Shell Folders
HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Image File Execution Options\​​Secur32.dll

\​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​Microsoft\​​Windows\​​CurrentVersion\​​Run     {C83C6223-1233-3F4E-8FB5-30FD19A1CB53}     String     "c:\​​docume~1\​​admini~1\​​locals~1\​​temp\​​svchost.exe" /r     success or wait     7
Last edited by CampStaff; 05-11-2009 at 06:25 AM.
CampStaff is offline  
Closed Thread

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off
Forum Jump

All times are GMT -7. The time now is 05:50 PM.
 

Copyright ©2009, GamerzPlanet.Net
Visits: