In the first few days, a colleague said that he had a fun sample. Today I took the time to read it. It was quite interesting to leave a bubble...
Provide the MD5 of a sample, and the sample will not be downloaded, so that I will not be convicted of spreading Trojans...
MD5: 92e72ddc2748fcec67b9d0c3307c77ce
When the software is running, enter the password in the pop-up window. How ?? Curious... let's crack it !!!
The specific process will not be mentioned. Find the key code, of which 123456 is the fake code that I enter casually. The real password is 123, for example:
After finding the real password, a very painful scene appeared ...... confirmed a sentence "cracking three generations !! Ah !!!
Open the program again and enter the password "123!
You have done the following:
1 .taskkill.exe/f/im qq.exe/t first do qq.exe
2. JoachimPeiper. dat is released in the system32 directory. Its content is "bytes; 21881; UeyNB = m0B/eghfUlRPDjNMQwYKFA =;". Why is this used ???? Stealing your QQ number ......
3.release the fdsf.bmp file on the d drive. This is not an image, but also a PE file. Why is this PE not analyzed ..
4. release the "92e72ddc2748fcec67b9d0c3307c77ce _ photo wome" and "92e72ddc2748fcec67b9d0c3307c77ce _ photo wom" files in the current directory .. among them, wome hides and opens IE browser and google.com, which may be used to test the network or be a loyal fan of google... this call steals your qq pe ..
5. The rxing. bat file is also released in the SYSTEM directory. This is not a batch process, and this product is also a PE file ....
In short, if you dare to crack his password, This will release a lot of files, and you will be deducted for theft .....
From Xiao Ju's column
Trojans are also spread in this way... Khan