Gaming Community
Forum
 
Go Back   D3scene > Hot Games > WoW forum > WoW Private Server Hacks
Reload this Page WoW Infinity[cracked] for 3.0.8
Register Blogs Live view Downloads Marketplace FAQ Members List Social Groups Calendar Search Today's Posts Mark Forums Read

WoW Infinity[cracked] for 3.0.8

This is a discussion on WoW Infinity[cracked] for 3.0.8 within the WoW Private Server Hacks forum part of the WoW forum category; POST DELETED! Dont post viruses! -- thanks campstaff <3 Gmods give me an infraction please...


Welcome on D3scene.com! Make sure to register - it's free and very quick! You have to register before you can post and participate in our discussions with 70000 other registered members. Downloads, user profiles and some forums can only be seen by registered members. After you create your free account you will be able to customize many options, you will have the full access to new hacks, latest cheats and last but not least will see no advertisements at all. We would love to see you around in our community!
Closed Thread
 
LinkBack Thread Tools Display Modes
  #1  
Old 03-27-2009, 09:28 PM
Newbie

  
Join Date: Sep 2008
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Reputation: 0
Rep Power: 2
xdreamer is an unknown quantity at this point
WoW Infinity[cracked] for 3.0.8
POST DELETED! Dont post viruses! -- thanks campstaff <3

Gmods give me an infraction please
Last edited by Serverman; 03-27-2009 at 11:31 PM.
D3scene
Welcome to D3scene - probably the best location for all Gamers.

To participate in our friendly environment you have to register. After completing registration you will have full access to all threads and features. We care about members and try to make your stay as pleasant as possible. We are unique with the following feature for members - you will not see a single Advertisement!


The best: registration is completely free. It will not cost you a single penny or harm you in any way. You will lose nothing except 1 minute of your time. So why not register? We would be happy to see you around!
  #2  
Old 03-27-2009, 10:43 PM
Guru

  
Join Date: Mar 2009
Posts: 80
Thanks: 0
Thanked 13 Times in 8 Posts
Reputation: 207
Rep Power: 2
CampStaff has a spectacular aura aboutCampStaff has a spectacular aura aboutCampStaff has a spectacular aura about
Send a message via MSN to CampStaff
"Cracked Infinity" ehhh.. lets see about this. I'm not saying its bad, malicious or anything.. just.. its better if everyone here is educated on exactly what this does before they go running it.

Downloading it and looking into the rar shows it was modified 1/19/09. So its kinda old.

Lets disassemble and hex your exe:

Hmm.. packed by UPX...
Still.. no matter, we can run it on a local sandbox and log everything.


Heres the chronological log of what happens when we run your exe:

Code:
Open File: \\.\PIPE\lsarpc (OPEN_EXISTING)
                Open File: C:\9fd8f290a9fa56815c1b15d32e3f0475 (OPEN_EXISTING)
                Open File: C:\temp\passcode.dat (OPEN_EXISTING)
                Get File Attributes: C:\_winfautokill.txt Flags: (SECURITY_ANONYMOUS)
                Find File: C:\_winfautokill.txt
                Get File Attributes: c:\autoexec.bat Flags: (SECURITY_ANONYMOUS)
                Open File: c:\autoexec.bat (OPEN_EXISTING)
                Find File: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Connections\Pbk\*.pbk
                Find File: C:\WINDOWS\system32\Ras\*.pbk
                Find File: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Network\Connections\Pbk\*.pbk
                Create/Open File: \Device\RasAcd (OPEN_ALWAYS)
                Open File: \\.\PIPE\ROUTER (OPEN_EXISTING)
                Create/Open File: \Device\Tcp (OPEN_ALWAYS)
                Create/Open File: \Device\Ip (OPEN_ALWAYS)
                Create/Open File: \Device\Ip (OPEN_ALWAYS)
                Open File: \\.\Ip (OPEN_EXISTING)
                Get File Attributes: C:\\MainGUI.png Flags: (SECURITY_ANONYMOUS)
                Find File: C:\\MainGUI.png
                Create File: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\aut22.tmp
                Delete File: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\aut22.tmp
                Get File Attributes: C:\\grey.gif Flags: (SECURITY_ANONYMOUS)
                Find File: C:\\grey.gif
                Create File: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\aut25.tmp
                Copy File: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\aut25.tmp to C:\\grey.gif
                Delete File: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\aut25.tmp
                Open File: C:\\grey.gif (OPEN_EXISTING)
                Set File Time: C:\grey.gif
hmm.. really now?

Code:
Open File: C:\WINDOWS\system32\PerfStringBackup.TMP (OPEN_EXISTING)
                Create File: C:\WINDOWS\system32\PerfStringBackup.TMP
                Copy File: C:\WINDOWS\system32\PerfStringBackup.TMP to C:\WINDOWS\system32\PerfStringBackup.INI
                Delete File: C:\WINDOWS\system32\PerfStringBackup.TMP
                Get File Attributes: shell32.dll Flags: (SECURITY_ANONYMOUS)
                Get File Attributes: shell32.dll.manifest Flags: (SECURITY_ANONYMOUS)
                Open File: \\.\PIPE\lsarpc (OPEN_EXISTING)
                Get File Attributes: C:\WINDOWS\Registration Flags: (SECURITY_ANONYMOUS)
                Open File: C:\WINDOWS\Registration\R000000000007.clb (OPEN_EXISTING)
                Get File Attributes: C:\WINDOWS\system32\WBEM\Logs\ Flags: (SECURITY_ANONYMOUS)
                Create/Open File: C:\WINDOWS\system32\WBEM\Logs\wmiprov.log (OPEN_ALWAYS)
                Open File: advapi32.dll (OPEN_EXISTING)
                Open File: C:\WINDOWS\system32\DRIVERS\ACPI.sys (OPEN_EXISTING)
                Open File: C:\WINDOWS\system32\DRIVERS\ohci1394.sys (OPEN_EXISTING)
                Open File: C:\WINDOWS\system32\DRIVERS\mssmbios.sys (OPEN_EXISTING)
                Open File: C:\WINDOWS\system32\DRIVERS\intelppm.sys (OPEN_EXISTING)
                Open File: C:\WINDOWS\system32\DRIVERS\yk51x86.sys (OPEN_EXISTING)
                Open File: C:\WINDOWS\system32\DRIVERS\ipnat.sys (OPEN_EXISTING)
                Open File: C:\WINDOWS\System32\Drivers\HTTP.sys (OPEN_EXISTING)
                Open File: C:\WINDOWS\system32\DRIVERS\nic1394.sys (OPEN_EXISTING)
                Open File: \\.\pipe\PIPE_EVENTROOT/CIMV2PROVIDERSUBSYSTEM (OPEN_EXISTING)
System Drivers?

Anyways.. just for everyone's knowledge, heres the virus scan log:


File Info

Quote:
Report generated: 27.3.2009 at 21.25.11 (GMT 1)
Filename: WoWInfinityrawUPX.exe
File size: 1107 KB
MD5 Hash: 9FD8F290A9FA56815C1B15D32E3F0475
SHA1 Hash: C6689C2343B82DCD6CBED35E6B53DF6F57401CE5
Packer detected: UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo [Overlay]
Self-Extract Archive: Nothing found
Binder Detector: Nothing found
Detection rate: 3 on 24

Detections

a-squared - Nothing found!
Avira AntiVir - Nothing found!
Avast - Nothing found!
AVG - Nothing found!
BitDefender - Nothing found!
ClamAV - Nothing found!
Comodo - Nothing found!
Dr.Web - Nothing found!
Ewido - Nothing found!
F-PROT 6 - Nothing found!
G DATA - Nothing found!
IkarusT3 - Trojan.Generic
Kaspersky - Nothing found!
McAfee - Nothing found!
MHR (Malware Hash Registry) - Virus Found - detect rate 11%
NOD32 v3 - Nothing found!
Norman - Nothing found!
Panda - Nothing found!
Quick Heal - Trojan.Agent.irc
Solo Antivirus - Nothing found!
Sophos - Nothing found!
TrendMicro - Nothing found!
VBA32 - Nothing found!
Virus Buster - Nothing found!

And here's the Wireshark Pcap of the network activity of your 'cracked' exe:
Quote:
Mar 27, 2009 21:27:50.319745000 From 213.144.x.x To 213.144.x.x Query WoWInfinity Hack Tool | EzWoWGold.com - Home of WoWInfinity type A, class IN
Mar 27, 2009 21:27:50.743018000 From 213.144.x.x To 213.144.x.x Query WoWInfinity Hack Tool | EzWoWGold.com - Home of WoWInfinity type A, class IN
Mar 27, 2009 21:27:50.743018000 From 213.144.x.xTo 213.144.x.x Answer WoWInfinity Hack Tool | EzWoWGold.com - Home of WoWInfinity type CNAME, class IN, cname ezwowgold.com
Mar 27, 2009 21:27:50.743018000 From 213.144.x.x To 213.144.x.x Answer ezwowgold.com: type A, class IN, addr 67.225.241.92
At which time it downloads this from:
http://67.225.241.92/data/wowinfinity/WIkillswitch.txt
Which returns a blank page.. but if we maneuver within the folders of the site, we find:
Quote:
Our goal in our mission as the malicious attacker is to make money!
Last edited by CampStaff; 03-27-2009 at 10:56 PM.
  #3  
Old 03-27-2009, 11:10 PM
Wynthar's Avatar
Advanced Hacker

  
Join Date: Feb 2009
Location: So Cal, USA
Posts: 264
Thanks: 30
Thanked 39 Times in 15 Posts
Reputation: 235
Rep Power: 2
Wynthar has a spectacular aura aboutWynthar has a spectacular aura aboutWynthar has a spectacular aura about
...speechless...
  #4  
Old 03-27-2009, 11:31 PM
Serverman's Avatar
Paranoia!

  
Join Date: Jan 2008
Posts: 2,679
Blog Entries: 3
Thanks: 94
Thanked 93 Times in 55 Posts
Reputation: 826
Rep Power: 7
Serverman is a splendid one to beholdServerman is a splendid one to beholdServerman is a splendid one to beholdServerman is a splendid one to beholdServerman is a splendid one to beholdServerman is a splendid one to beholdServerman is a splendid one to behold
Thanks campstaff ^^ Post deleted, Gmods, permban ^^ Weee! Thread closed
D3scene
Welcome to D3scene - probably the best location for all Gamers.

To participate in our friendly environment you have to register. After completing registration you will have full access to all threads and features. We care about members and try to make your stay as pleasant as possible. We are unique with the following feature for members - you will not see a single Advertisement!


The best: registration is completely free. It will not cost you a single penny or harm you in any way. You will lose nothing except 1 minute of your time. So why not register? We would be happy to see you around!
Closed Thread

« |--->Trade<---| | Help with Equipment hack please »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
make your own wow Alpha server jphix WoW Private Server Info & Help 20 11-16-2009 09:33 PM
Make your own WoW server ! Ginzo WoW Private Server Info & Help 33 08-16-2009 06:45 PM
WoW Privat server Twin Deutsch 16 05-01-2009 10:34 AM
what do you know about the wow world? 35yeros WoW Exploration 17 02-03-2009 03:41 AM
Easiest way to not patch your WoW..forever! skatenhate7 WoW Private Server Info & Help 5 06-15-2008 10:23 PM


All times are GMT +1. The time now is 08:09 PM.

Advertise - WoW Hacks, Cheats, Bots - Top
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.0 ©2009, Crawlability, Inc.
vBulletin style developed by Transverse Styles