WoW Infinity[cracked] for 3.0.8

This is a discussion on WoW Infinity[cracked] for 3.0.8 within the WoW Private Server Hacks board part of the WoW Private Servers category; POST DELETED! Dont post viruses! -- thanks campstaff <3 Gmods give me an infraction please...

Results 1 to 4 of 4
  1. #1
    xdreamer is offline Newbie
    Array
    Join Date
    Sep 2008
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    0
    Reputation
    0

    WoW Infinity[cracked] for 3.0.8

    POST DELETED! Dont post viruses! -- thanks campstaff <3



    Gmods give me an infraction please
    Last edited by Serverman; 03-27-2009 at 10:31 PM.

  2. #2
    CampStaff is offline Guru
    Array
    Join Date
    Mar 2009
    Posts
    82
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    10
    Reputation
    214
    "Cracked Infinity" ehhh.. lets see about this. I'm not saying its bad, malicious or anything.. just.. its better if everyone here is educated on exactly what this does before they go running it.

    Downloading it and looking into the rar shows it was modified 1/19/09. So its kinda old.

    Lets disassemble and hex your exe:


    Hmm.. packed by UPX...
    Still.. no matter, we can run it on a local sandbox and log everything.


    Heres the chronological log of what happens when we run your exe:


    Code:
    Open File: \\.\PIPE\lsarpc (OPEN_EXISTING)
                    Open File: C:\9fd8f290a9fa56815c1b15d32e3f0475 (OPEN_EXISTING)
                    Open File: C:\temp\passcode.dat (OPEN_EXISTING)
                    Get File Attributes: C:\_winfautokill.txt Flags: (SECURITY_ANONYMOUS)
                    Find File: C:\_winfautokill.txt
                    Get File Attributes: c:\autoexec.bat Flags: (SECURITY_ANONYMOUS)
                    Open File: c:\autoexec.bat (OPEN_EXISTING)
                    Find File: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Connections\Pbk\*.pbk
                    Find File: C:\WINDOWS\system32\Ras\*.pbk
                    Find File: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Network\Connections\Pbk\*.pbk
                    Create/Open File: \Device\RasAcd (OPEN_ALWAYS)
                    Open File: \\.\PIPE\ROUTER (OPEN_EXISTING)
                    Create/Open File: \Device\Tcp (OPEN_ALWAYS)
                    Create/Open File: \Device\Ip (OPEN_ALWAYS)
                    Create/Open File: \Device\Ip (OPEN_ALWAYS)
                    Open File: \\.\Ip (OPEN_EXISTING)
                    Get File Attributes: C:\\MainGUI.png Flags: (SECURITY_ANONYMOUS)
                    Find File: C:\\MainGUI.png
                    Create File: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\aut22.tmp
                    Delete File: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\aut22.tmp
                    Get File Attributes: C:\\grey.gif Flags: (SECURITY_ANONYMOUS)
                    Find File: C:\\grey.gif
                    Create File: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\aut25.tmp
                    Copy File: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\aut25.tmp to C:\\grey.gif
                    Delete File: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\aut25.tmp
                    Open File: C:\\grey.gif (OPEN_EXISTING)
                    Set File Time: C:\grey.gif
    hmm.. really now?

    Code:
    Open File: C:\WINDOWS\system32\PerfStringBackup.TMP (OPEN_EXISTING)
                    Create File: C:\WINDOWS\system32\PerfStringBackup.TMP
                    Copy File: C:\WINDOWS\system32\PerfStringBackup.TMP to C:\WINDOWS\system32\PerfStringBackup.INI
                    Delete File: C:\WINDOWS\system32\PerfStringBackup.TMP
                    Get File Attributes: shell32.dll Flags: (SECURITY_ANONYMOUS)
                    Get File Attributes: shell32.dll.manifest Flags: (SECURITY_ANONYMOUS)
                    Open File: \\.\PIPE\lsarpc (OPEN_EXISTING)
                    Get File Attributes: C:\WINDOWS\Registration Flags: (SECURITY_ANONYMOUS)
                    Open File: C:\WINDOWS\Registration\R000000000007.clb (OPEN_EXISTING)
                    Get File Attributes: C:\WINDOWS\system32\WBEM\Logs\ Flags: (SECURITY_ANONYMOUS)
                    Create/Open File: C:\WINDOWS\system32\WBEM\Logs\wmiprov.log (OPEN_ALWAYS)
                    Open File: advapi32.dll (OPEN_EXISTING)
                    Open File: C:\WINDOWS\system32\DRIVERS\ACPI.sys (OPEN_EXISTING)
                    Open File: C:\WINDOWS\system32\DRIVERS\ohci1394.sys (OPEN_EXISTING)
                    Open File: C:\WINDOWS\system32\DRIVERS\mssmbios.sys (OPEN_EXISTING)
                    Open File: C:\WINDOWS\system32\DRIVERS\intelppm.sys (OPEN_EXISTING)
                    Open File: C:\WINDOWS\system32\DRIVERS\yk51x86.sys (OPEN_EXISTING)
                    Open File: C:\WINDOWS\system32\DRIVERS\ipnat.sys (OPEN_EXISTING)
                    Open File: C:\WINDOWS\System32\Drivers\HTTP.sys (OPEN_EXISTING)
                    Open File: C:\WINDOWS\system32\DRIVERS\nic1394.sys (OPEN_EXISTING)
                    Open File: \\.\pipe\PIPE_EVENTROOT/CIMV2PROVIDERSUBSYSTEM (OPEN_EXISTING)
    System Drivers?

    Anyways.. just for everyone's knowledge, heres the virus scan log:


    File Info

    Report generated: 27.3.2009 at 21.25.11 (GMT 1)
    Filename: WoWInfinityrawUPX.exe
    File size: 1107 KB
    MD5 Hash: 9FD8F290A9FA56815C1B15D32E3F0475
    SHA1 Hash: C6689C2343B82DCD6CBED35E6B53DF6F57401CE5
    Packer detected: UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo [Overlay]
    Self-Extract Archive: Nothing found
    Binder Detector: Nothing found
    Detection rate: 3 on 24

    Detections

    a-squared - Nothing found!
    Avira AntiVir - Nothing found!
    Avast - Nothing found!
    AVG - Nothing found!
    BitDefender - Nothing found!
    ClamAV - Nothing found!
    Comodo - Nothing found!
    Dr.Web - Nothing found!
    Ewido - Nothing found!
    F-PROT 6 - Nothing found!
    G DATA - Nothing found!
    IkarusT3 - Trojan.Generic
    Kaspersky - Nothing found!
    McAfee - Nothing found!
    MHR (Malware Hash Registry) - Virus Found - detect rate 11%
    NOD32 v3 - Nothing found!
    Norman - Nothing found!
    Panda - Nothing found!
    Quick Heal - Trojan.Agent.irc
    Solo Antivirus - Nothing found!
    Sophos - Nothing found!
    TrendMicro - Nothing found!
    VBA32 - Nothing found!
    Virus Buster - Nothing found!

    And here's the Wireshark Pcap of the network activity of your 'cracked' exe:
    Mar 27, 2009 21:27:50.319745000 From 213.144.x.x To 213.144.x.x Query WoWInfinity Hack Tool | EzWoWGold.com - Home of WoWInfinity type A, class IN
    Mar 27, 2009 21:27:50.743018000 From 213.144.x.x To 213.144.x.x Query WoWInfinity Hack Tool | EzWoWGold.com - Home of WoWInfinity type A, class IN
    Mar 27, 2009 21:27:50.743018000 From 213.144.x.xTo 213.144.x.x Answer WoWInfinity Hack Tool | EzWoWGold.com - Home of WoWInfinity type CNAME, class IN, cname ezwowgold.com
    Mar 27, 2009 21:27:50.743018000 From 213.144.x.x To 213.144.x.x Answer ezwowgold.com: type A, class IN, addr 67.225.241.92
    At which time it downloads this from:
    http://67.225.241.92/data/wowinfinity/WIkillswitch.txt
    Which returns a blank page.. but if we maneuver within the folders of the site, we find:
    Our goal in our mission as the malicious attacker is to make money!
    Last edited by CampStaff; 03-27-2009 at 09:56 PM.
    Quote Originally Posted by JAvEX
    Public hack or even a private hack, if you cheat, you run the risk of getting banned.

  3. #3
    Wynthar's Avatar
    Wynthar is offline Advanced Hacker
    Array
    Join Date
    Feb 2009
    Location
    So Cal, USA
    Posts
    267
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    10
    Reputation
    243
    ...speechless...

  4. #4
    Serverman's Avatar
    Serverman is offline Paranoia!

    Array
    Join Date
    Jan 2008
    Posts
    3,449
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    17
    Reputation
    1301
    Thanks campstaff ^^ Post deleted, Gmods, permban ^^ Weee! Thread closed
    My car is not leaking oil?
    Its marking its territory!

Similar Threads

  1. what do you know about the wow world?
    By 35yeros in forum WoW Exploration
    Replies: 21
    Last Post: 03-16-2013, 03:12 AM
  2. WoW Privat server
    By Twin in forum Deutsch
    Replies: 23
    Last Post: 02-02-2012, 04:54 PM
  3. make your own wow Alpha server
    By jphix in forum WoW Private Servers
    Replies: 20
    Last Post: 11-16-2009, 09:33 PM
  4. Make your own WoW server !
    By Ginzo in forum WoW Private Servers
    Replies: 33
    Last Post: 08-16-2009, 05:45 PM
  5. Easiest way to not patch your WoW..forever!
    By skatenhate7 in forum WoW Private Servers
    Replies: 5
    Last Post: 06-15-2008, 09:23 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •