Jump to content

Recommended Posts

Posted

It's a leak of the scripts you may have seen used by some people on DragonNetwork such as title animation.

 

Read the read me file inside the archive if you need help to set it up.

 

More will be leaked later on.

 

All credits go to TheMadPizza, this crazy italian.

 

New link:

 

Scripts only (place in Scripts directory of PHX):

http://www.multiupload.com/8H5QPOMA29

 

 

Full package:

http://www.multiupload.com/1KKSGCZZ33

Password is coderx.ru

 

Antivirus results

AhnLab-V3 - 2011.01.10.00 - 2011.01.09 - -

AntiVir - 7.11.1.58 - 2011.01.09 - -

Antiy-AVL - 2.0.3.7 - 2011.01.09 - -

Avast - 4.8.1351.0 - 2011.01.09 - -

Avast5 - 5.0.677.0 - 2011.01.09 - -

AVG - 9.0.0.851 - 2011.01.09 - -

BitDefender - 7.2 - 2011.01.09 - -

CAT-QuickHeal - 11.00 - 2011.01.09 - -

ClamAV - 0.96.4.0 - 2011.01.09 - -

Command - 5.2.11.5 - 2011.01.08 - -

Comodo - 7341 - 2011.01.09 - -

DrWeb - 5.0.2.03300 - 2011.01.09 - -

Emsisoft - 5.1.0.1 - 2011.01.09 - -

eTrust-Vet - 36.1.8087 - 2011.01.07 - -

F-Prot - 4.6.2.117 - 2011.01.08 - -

F-Secure - 9.0.16160.0 - 2011.01.09 - -

Fortinet - 4.2.254.0 - 2011.01.09 - W32/Hupigon.MYFU!tr.bdr

GData - 21 - 2011.01.09 - -

Ikarus - T3.1.1.90.0 - 2011.01.09 - -

Jiangmin - 13.0.900 - 2011.01.09 - -

K7AntiVirus - 9.75.3472 - 2011.01.07 - -

Kaspersky - 7.0.0.125 - 2011.01.09 - -

McAfee - 5.400.0.1158 - 2011.01.09 - -

McAfee-GW-Edition - 2010.1C - 2011.01.09 - -

Microsoft - 1.6402 - 2011.01.09 - -

NOD32 - 5772 - 2011.01.09 - -

Norman - 6.06.12 - 2011.01.09 - -

nProtect - 2011-01-09.01 - 2011.01.09 - -

Panda - 10.0.2.7 - 2011.01.09 - -

PCTools - 7.0.3.5 - 2011.01.09 - -

Prevx - 3.0 - 2011.01.09 - -

Rising - 22.81.05.00 - 2011.01.08 - -

Sophos - 4.61.0 - 2011.01.09 - -

SUPERAntiSpyware - 4.40.0.1006 - 2011.01.09 - -

Symantec - 20101.3.0.103 - 2011.01.09 - -

TheHacker - 6.7.0.1.112 - 2011.01.09 - -

TrendMicro - 9.120.0.1004 - 2011.01.09 - -

TrendMicro-HouseCall - 9.120.0.1004 - 2011.01.09 - -

VBA32 - 3.12.14.2 - 2011.01.06 - -

VIPRE - 8009 - 2011.01.09 - -

ViRobot - 2011.1.8.4244 - 2011.01.09 - -

VirusBuster - 13.6.136.0 - 2011.01.09 - -

File info:

MD5: 6b6fe6384deffd407556d4c6195056d9

SHA1: b6e31c19ccc204598638680f3db5622cccf5711a

SHA256: 943a7af3a4f286402b85c3fae0ea3be5f2a25368cf6848401d44525088b35845

File size: 2340176 bytes

Scan date: 2011-01-09 21:13:38 (UTC)

Posted

I found trojan horse,droper.

 

You can download the software from the original source:

http://forum.coderx.ru/downloads.php?do=file&id=39

 

and copy the text files from the archive, if you don't believe

 

Note that the original archive is password encrypted to pass antivirus checks, as all hooking programs are detected as trojans. The shared archive is not encrypted.

Posted

i download from http://forum.coderx.ru/downloads.php?do=file&id=39 and i did not find

a virus. on your i fnd.. maybe because is from diff. site or u infected it?

 

btw its a version of phx. i did noot find any scripts.

as i wrote the version from coderx is password encrypted, that's why.. recompress his version with no encryption and you will get a similar output

 

the scripts are located into "scripts"

 

ps: the password for coderx version is "coderx.ru" if you can't read russian

Posted

I repacked it like phx authors do so you get the same scan output.. same files really..

 

http://www.virustotal.com/file-scan/report.html?id=943a7af3a4f286402b85c3fae0ea3be5f2a25368cf6848401d44525088b35845-1294607618

 

Again, special scripts are in scripts directory

  • 2 weeks later...
  • 2 weeks later...
  • 4 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...