SciLor's Open Source Forums

Also visit my Website!
It is currently Tue Sep 26, 2017 1:04 pm

All times are UTC + 1 hour [ DST ]




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Thu Mar 25, 2010 9:38 pm 
Offline
The Developer

Joined: Wed Jan 13, 2010 11:56 pm
Posts: 1467
Donated: free software
I have recently found the Software "RapidShare Premium Accounts Seeker v2.0.0"

THIS IS A PASSWORD/LICENSE STEALER or even more...

It is presented as on various websites:

Coded by RSS Team.

RS Premium Accounts Seeker Imports fresh RS accounts.
It's 100% working (importing RS accounts).


Filelist:
Code:
RS_Seeker_2_Setup.exe

And after install:
Code:
RSdwn.dll
RSPAS.exe
sqlite3.dll


-------------

I made a simple analysis of it:
OK, Virustotal has only 3 Heuristic results, but analysing it with an hex editor makes it even more suspicious.
It looks like an Key-Stealer for different software:

ex: RSPAS.exe

Steam Stealer?!
Code:
Software\Valve\Steam\   ÿÿÿÿ      SteamPath   ÿÿÿÿ   \config\SteamAppData.vdf    ÿÿÿÿ
   AutoLoginUser   ÿÿÿÿ   "   ÿÿÿÿ   Error   U‹ì3ÉQQQQQSVW‰Eü3ÀUh¸"@ dÿ0d‰ 3ÀUh†"@ dÿ0d‰ ²¡Ô@B èœüÿÿ£D B º  €¡D B èüÿÿ3ɺÐ"@ ¡D B è‡üÿÿMøºð"@ ¡D B è}üÿÿ‹Uø¸H B è8ðÿÿ¡H B èfðÿÿHŽ  j Eô¹#@ ‹H B èZðÿÿ‹Mô²¡`=B èkóÿÿ£P B 3ɲ¡T=B è`óÿÿ£L B ¡P B ‹ÿRP‹P B ¡L B è0óÿÿ¸P B èªõÿÿ¡L B ‹P¸$#@ è<ðÿÿ£T B ƒT B (EðP¡L B ‹@¹ÿ   ‹T B èðÿÿ‹Eðèìïÿÿ£\ B ¸L B èYõÿÿh,#@ Eì¹T#@ ‹H B è¥ïÿÿ‹Eìè½ïÿÿPèoóÿÿPèaóÿÿ£` B hd B jdhh B ¡\ B èÚôÿÿP¡\ B Pÿ` B ƒÄ‹Eüºh B ¹d   è<ïÿÿ3ÀZYYd‰ëé½îÿÿ‹Eüºh#@ èðîÿÿèÃîÿÿ3ÀZYYd‰h¿"@ E캠  èÉîÿÿÃé“îÿÿëë_^[‹å]à ÿÿÿÿ   Software\Valve\Steam\   ÿÿÿÿ      SteamPath   ÿÿÿÿ   \ClientRegistry.blob    ÿÿÿÿ   Phrase  SteamDecryptDataForThisMachine  ÿÿÿÿ
   \steam.dll 


Trillian Messanger Stealer
Code:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trillian    UninstallString ÿÿÿÿ   \Trillian\User Settings\    ÿÿÿÿ   \users\global\profiles.ini  num Profiles    ÿÿÿÿ   Profile0    ÿÿÿÿ      Profile00   -1  Name    Preferences Type    Preferences Location    ÿÿÿÿ   \users\default  ÿÿÿÿ
   \yahoo.ini  ÿÿÿÿ   \msn.ini   


Windows Live Messenger Stealer
Code:
WindowsLive:name=*  ÿÿÿÿE   <p class=MsoNormal align=center style="text-align:center"><b><u><span   ÿÿÿÿJ   style="font-size:16.0pt;line-height:115%;font-family:"Arial","sans-serif";  ÿÿÿÿU   mso-ascii-theme-font:minor-bidi;mso-hansi-theme-font:minor-bidi;mso-bidi-font-family:   ÿÿÿÿX   Arial;mso-bidi-theme-font:minor-bidi">-- Messenger Live --<o:p></o:p></span></u></b></p>    ÿÿÿÿ   </html> ÿÿÿÿj   <table width="50%" align="center" cellpadding="3px" style="border:1px solid #FF9900; background:#EEF9FF;">  ÿÿÿÿ   <tr>    ÿÿÿÿ   <td width="200">E-Mail=     ÿÿÿÿ   </td>   ÿÿÿÿ   </tr>   ÿÿÿÿ   </table>    ÿÿÿÿ   </body> ÿÿÿÿ<   <td width="200">Pass= (null! / Password is not saved !)</td>


Various Licenses:
Code:
SOFTWARE\Microsoft\Windows NT\CurrentVersion    ÿÿÿÿj   <table width="50%" align="center" cellpadding="3px" style="border:1px solid #FF9900; background:#EEF9FF;">  ÿÿÿÿ!   <td width="200">ProductName(OS):    ÿÿÿÿ   </td>   ÿÿÿÿ   </tr>   ÿÿÿÿ   </table>    ÿÿÿÿ   </body> ÿÿÿÿ
   CSDVersion  ÿÿÿÿz   <td width="200"><table width="50%" align="center" cellpadding="3px" style="border:1px solid #FF9900; background:#EEF9FF;">  ÿÿÿÿ   <td width="200">CSDVersion:     ÿÿÿÿ   RegisteredOwner ÿÿÿÿ!   <td width="200">RegisteredOwner:    ÿÿÿÿ   RegisteredOrganization  ÿÿÿÿ(   <td width="200">RegisteredOrganization:     ÿÿÿÿ   Email   ÿÿÿÿ"   SOFTWARE\Internet Download Manager  ÿÿÿÿ1   <td width="200">Internet Download Manager:  </tr>   ÿÿÿÿ   <td width="200">Email:  ÿÿÿÿ   FName   ÿÿÿÿ   <td width="200">First Name:     ÿÿÿÿ   LName   ÿÿÿÿ   <td width="200">Last Name:  ÿÿÿÿ   Serial  ÿÿÿÿ   <td width="200">Serial:     ÿÿÿÿ      SerialNum   ÿÿÿÿ)   SOFTWARE\Zone Labs\ZoneAlarm\Registration   ÿÿÿÿ   <td width="200">ZoneAlarm   ÿÿÿÿ   <td width="200">Username:   ÿÿÿÿ   <td width="200">Company:    ÿÿÿÿ    SerialNumber    ÿÿÿÿ   SOFTWARE\Ipswitch\WS_FTP    ÿÿÿÿ   <td width="200">WS FTP  ÿÿÿÿ   regname ÿÿÿÿ   SOFTWARE\Nullsoft\Winamp    ÿÿÿÿ   <td width="200">Winamp </tr>    ÿÿÿÿ   <td width="200">Regname:    ÿÿÿÿ   regkey  ÿÿÿÿ   SOFTWARE\Westwood\Tiberian Sun  ÿÿÿÿ*   <td width="200">Westwood Alarmstufe Rot 2   ÿÿÿÿ7   SOFTWARE\Vmware, Inc.\Vmware Workstation\License.ws.5.0 ÿÿÿÿ   <td width="200">VMware  ÿÿÿÿ(   <td width="200">VMware Workstation 5.0:     ÿÿÿÿ>   SOFTWARE\Vmware, Inc.\Vmware Workstation\License.ws.6.0.200907  ÿÿÿÿ*   <td width="200">VMware Workstation 6.5.1:   ÿÿÿÿ5   SOFTWARE\VMware, Inc.\VMware Server\License.vs.1.0-00   ÿÿÿÿ   <td width="200">VMware Server:  ÿÿÿÿ   CDKey   ÿÿÿÿ0   SOFTWARE\Unreal Technology\Installed Apps\UT2004    ÿÿÿÿ"   <td width="200">Unreal Tournament   ÿÿÿÿ(   <td width="200">Unreal Tournament 2004:     ÿÿÿÿ0   SOFTWARE\Unreal Technology\Installed Apps\UT2003    ÿÿÿÿ(   <td width="200">Unreal Tournament 2003:     ÿÿÿÿ   RegCode ÿÿÿÿ   SOFTWARE\TuneUp\Utilities\8.0   ÿÿÿÿ   <td width="200">Tuneup  ÿÿÿÿ   <td width="200">TuneUP 2009:    ÿÿÿÿ   Company ÿÿÿÿ    <td width="200">TuneUP Company:     ÿÿÿÿ   UserName    ÿÿÿÿ!   <td width="200">TuneUP UserName:    ÿÿÿÿ    unlock code ÿÿÿÿ    Software\@stake\LC5\Registration    ÿÿÿÿ&   <td width="200">@Stake L0pht CrackLC5   ÿÿÿÿ   <td width="200">@Stake Serial:  ÿÿÿÿ
   3DMarkRegName   ÿÿÿÿ&   SOFTWARE\MadOnion.com\Registration2001  ÿÿÿÿ   <td width="200">3D Mark </tr>   ÿÿÿÿ    3DMarkRegKey    ÿÿÿÿ   <td width="200">Key:    ÿÿÿÿ   LMKEY   ÿÿÿÿ   SOFTWARE\Borland\Delphi\6.0 ÿÿÿÿ!   <td width="200">Delphi 6(LMKEY):    ÿÿÿÿ   LMLIC   ÿÿÿÿ!   <td width="200">Delphi 6(LMLIC):    ÿÿÿÿ   SOFTWARE\Borland\Delphi\7.0 ÿÿÿÿ   <td width="200">Delphi 7:   ÿÿÿÿ!   <td width="200">Delphi 7(LMLIC):    ÿÿÿÿ'   Software\Alcohol Soft\Alcohol 120%\Info ÿÿÿÿ   <td width="200">Alcohol ÿÿÿÿ      ServerKey   ÿÿÿÿ   <td width="200">Password:   ÿÿÿÿ   SerialNo    ÿÿÿÿ   SOFTWARE\Sunflowers\Anno 1701   ÿÿÿÿ   <td width="200">Anno1701    ÿÿÿÿ*   SOFTWARE\Autodesk\AutoCAD\R15.0\ACAD-1:409  ÿÿÿÿ   <td width="200">Autocad     ÿÿÿÿ   <td width="200">Serial 2000:    ÿÿÿÿ,   SOFTWARE\Autodesk\AutoCAD\R16.0\ACAD-201:409    ÿÿÿÿ   <td width="200">Serial 2002:    ÿÿÿÿ-   SOFTWARE\Autodesk\AutoCAD LT\R2000\ACLT-1:409   ÿÿÿÿ    <td width="200">Serial LT 2000:     ÿÿÿÿ-   SOFTWARE\Autodesk\AutoCAD LT\R10\ACLT-301:409   ÿÿÿÿ    <td width="200">Serial LT 2005:     ÿÿÿÿ*   SOFTWARE\Autodesk\AutoCAD LT\R8\ACLT-1:409  ÿÿÿÿ    <td width="200">Serial LT 2002:     ÿÿÿÿ-   SOFTWARE\Autodesk\AutoCAD\R17.1\ACAD-6001:409   ÿÿÿÿ   <td width="200">Serial 2008:    ÿÿÿÿ0   SOFTWARE\Autodesk\AutoCAD LT\R13\ACADLT-6001:409    ÿÿÿÿ    <td width="200">Serial LT 2008:     ÿÿÿÿ-   SOFTWARE\Autodesk\AutoCAD\R17.0\ACAD-5001:409   ÿÿÿÿ   <td width="200">Serial 2007:    ÿÿÿÿ0   SOFTWARE\Autodesk\AutoCAD LT\R12\ACADLT-5001:409    ÿÿÿÿ    <td width="200">Serial LT 2007:     ÿÿÿÿ.   SOFTWARE\Autodesk\AutoCAD LT\R11\ACLT-4001:409  ÿÿÿÿ    <td width="200">Serial LT 2006:     ÿÿÿÿ-   SOFTWARE\Autodesk\AutoCAD\R17.0\ACAD-5007:409   ÿÿÿÿ(   <td width="200">Serial Electrical 2007:     ÿÿÿÿ-   SOFTWARE\Autodesk\AutoCAD\R16.2\ACAD-4007:409   ÿÿÿÿ(   <td width="200">Serial Electrical 2006:     ÿÿÿÿ,   SOFTWARE\Autodesk\AutoCAD\R16.1\ACAD-307:409    ÿÿÿÿ(   <td width="200">Serial Electrical 2005:     ÿÿÿÿ-   SOFTWARE\Autodesk\AutoCAD\R17.0\ACAD-5005:409   ÿÿÿÿ(   <td width="200">Serial Mechanical 2007:     ÿÿÿÿ-   SOFTWARE\Autodesk\AutoCAD\R16.2\ACAD-4005:409   ÿÿÿÿ(   <td width="200">Serial Mechanical 2006:     ÿÿÿÿ,   SOFTWARE\Autodesk\AutoCAD\R16.1\ACAD-305:409    ÿÿÿÿ(   <td width="200">Serial Mechanical 2005:     ÿÿÿÿ   SOFTWARE\Autodesk\3dsmax\8.0    ÿÿÿÿ   <td width="200">3ds Max 8:  ÿÿÿÿ   SOFTWARE\Autodesk\3dsmax\7.0    ÿÿÿÿ   <td width="200">3ds Max 7:  ÿÿÿÿ-   SOFTWARE\Autodesk\AutoCAD\R17.0\ACAD-5004:409   ÿÿÿÿ3   <td width="200">Serial Architectural Desktop 2007:  ÿÿÿÿ-   SOFTWARE\Autodesk\AutoCAD\R16.2\ACAD-4004:409   ÿÿÿÿ2   <td width="200">Serial Architectural Desktop 2006:  ÿÿÿÿ,   SOFTWARE\Autodesk\AutoCAD\R16.1\ACAD-304:409    ÿÿÿÿ3   <td width="200">Serial Architectural Desktop 2005:  ÿÿÿÿ-   SOFTWARE\Autodesk\AutoCAD\R17.0\ACAD-5006:409   ÿÿÿÿ'   <td width="200">Building Systems 2007:  ÿÿÿÿ
   ProductKey  ÿÿÿÿ*   Software\Axialis\IconWorkshop\registration  ÿÿÿÿ)   <td width="200">Axailis IconWorkshop 6.0    ÿÿÿÿ   ergc    ÿÿÿÿ2   Software\Electronic Arts\EA GAMES\Battlefield 1942  ÿÿÿÿ   <td width="200">Battle Field    ÿÿÿÿ   <td width="200">Serial 1942:    ÿÿÿÿC   Software\Electronic Arts\EA GAMES\Battlefield 1942 The Road to Rome ÿÿÿÿ1   <td width="200">Serial BF 1942 The Road to Rome:    ÿÿÿÿ/   Software\Electronic Arts\EA GAMES\Battlefield 2 ÿÿÿÿ&   <td width="200">Serial Battlefield 2:   ÿÿÿÿ2   Software\Electronic Arts\EA GAMES\Battlefield 2142  ÿÿÿÿ)   <td width="200">Serial Battlefield 2142:    ÿÿÿÿI   Software\Electronic Arts\EA GAMES\Battlefield 1942 Secret Weapons of WWII   ÿÿÿÿ4   <td width="200">Serial 1942 Secret Weapons of WWII:     ÿÿÿÿ5   Software\Electronic Arts\EA GAMES\Battlefield Vietnam   ÿÿÿÿ,   <td width="200">Serial Battlefield Vietnam:     ÿÿÿÿ#   SOFTWARE\SnapStream Media\Beyond TV ÿÿÿÿ   <td width="200">SnapStream  ÿÿÿÿ"   <td width="200">Serial Beyond TV:   ÿÿÿÿ&   SOFTWARE\SnapStream Media\Beyond Media  ÿÿÿÿ%   <td width="200">Serial Beyond Media:    ÿÿÿÿ1   Software\Electronic Arts\EA GAMES\Black and White   ÿÿÿÿ    <td width="200">Black and White     ÿÿÿÿ    serialnumber    ÿÿÿÿ   SOFTWARE\techland\Chrome    ÿÿÿÿ   <td width="200">Chrome  ÿÿÿÿ   codkey  ÿÿÿÿ    SOFTWARE\Activision\Call of Duty    ÿÿÿÿ   <td width="200">CALL OF DUTY    ÿÿÿÿ   key ÿÿÿÿ1   SOFTWARE\Activision\Call of Duty United Offensive   ÿÿÿÿ"   <td width="200">United Offensive:   ÿÿÿÿ"   SOFTWARE\Activision\Call of Duty 2  ÿÿÿÿ    <td width="200">Call of Duty 2:     ÿÿÿÿ"   SOFTWARE\Activision\Call of Duty 4  ÿÿÿÿ    <td width="200">Call of Duty 4:     ÿÿÿÿ$   SOFTWARE\Activision\Call of Duty WAW    ÿÿÿÿ$   <td width="200">Call of Duty 5 WaW:     ÿÿÿÿ*   SOFTWARE\Electronic Arts\EA Games\Generals  ÿÿÿÿ   <td width="200">Generals    ÿÿÿÿH   SOFTWARE\electronic arts\ea games\command and conquer generals zero hour    ÿÿÿÿ   <td width="200">ZeroHour:   ÿÿÿÿ>   SOFTWARE\Electronic Arts\Electronic Arts\Command and Conquer 3  ÿÿÿÿ$   <td width="200">Command and Conquer:    ÿÿÿÿ   serial  ÿÿÿÿ   SOFTWARE\westwood\tiberian sun  ÿÿÿÿ   <td width="200">Tiberian Sun    ÿÿÿÿ   SOFTWARE\westwood\red alert ÿÿÿÿ   <td width="200">Red Alert   ÿÿÿÿ   <td width="200">Serial :    ÿÿÿÿ   SOFTWARE\Westwood\Red Alert 2   ÿÿÿÿ#   <td width="200">Serial Red Alert 2: ÿÿÿÿ    SOFTWARE\Westwood\Yuri's Revenge    ÿÿÿÿ'   <td width="200">Serial Yuri's Revenge:  ÿÿÿÿ   Version ÿÿÿÿ   SOFTWARE\THQ\Company of Heroes  ÿÿÿÿ"   <td width="200">Company of Heroes   ÿÿÿÿ   <td width="200">Version:    ÿÿÿÿ      RegNumber   ÿÿÿÿ+   Software\Eugen Systems\ActOfWar_HighTreason ÿÿÿÿ(   <td width="200">Act Of War High Treason     ÿÿÿÿ   Software\Eugen Systems\ActOfWar ÿÿÿÿ    DiscKey_SCCT    ÿÿÿÿ0   SOFTWARE\Ubisoft\Splinter Cell Chaos Theory\Keys    ÿÿÿÿ   <td width="200">Splinter Cell   ÿÿÿÿ   <td width="200">Chaos Theory:   ÿÿÿÿ4   SOFTWARE\Ubisoft\Splinter Cell Pandora Tomorrow\Keys    ÿÿÿÿ!   <td width="200">Pandora Tomorrow:   ÿÿÿÿ   CDKEY   ÿÿÿÿ   Software\THQ\Dawn of War    ÿÿÿÿ   <td width="200">Dawn of War     ÿÿÿÿ   <td width="200">Dawn of War:    ÿÿÿÿ    Software\THQ\Dawn of War II Beta    ÿÿÿÿ$   <td width="200">Dawn of War II Beta:    ÿÿÿÿ'   Software\THQ\Dawn of War - Dark Crusade ÿÿÿÿ,   <td width="200">Dawn of War - Dark Crusade:     ÿÿÿÿ"   Software\THQ\Dawn of War Soulstorm  ÿÿÿÿ'   <td width="200">Dawn of War Soulstorm:  ÿÿÿÿ      CDKEY_WXP   ÿÿÿÿ,   <td width="200">Dawn of War Winter Assault:     ÿÿÿÿ/   Software\Electronic Arts\Electronic Arts\Crysis ÿÿÿÿ   <td width="200">Crysis :    ÿÿÿÿ;   Software\Wow6432Node\Electronic Arts\Electronic Arts\Crysis ÿÿÿÿ!   <td width="200">Crysis (64/32b):    ÿÿÿÿ?   Software\Electronic Arts\EA Games\The Godfather 2 The Game\ergc ÿÿÿÿ!   <td width="200">The Godfather 2:    ÿÿÿÿ#   SOFTWARE\sega\Medieval II Total War ÿÿÿÿ#   <td width="200">Medieval Total War  ÿÿÿÿ'   <td width="200">Medieval II Total War:  ÿÿÿÿ   Serial8 ÿÿÿÿ/   SOFTWARE\Nero\Installation\Families\Nero 8\Info ÿÿÿÿ   <td width="200">Nero    ÿÿÿÿ   <td width="200">Nero 8:     ÿÿÿÿ   Serial7 ÿÿÿÿ/   SOFTWARE\Nero\Installation\Families\Nero 7\Info ÿÿÿÿ   <td width="200">Nero 7: ÿÿÿÿ   Serial9 ÿÿÿÿ/   SOFTWARE\Nero\Installation\Families\Nero 9\Info


I have also found the website where all the data goes (Maybe ftp):
Code:
C:\Windows\sc_s_    ÿÿÿÿ   .xdf    2   F T P - T E A M B E A N _ 3 2 1 E 3 A 2 E 9 0 3 1      f t p . t 3 5 . c o m      f 4 d 5 f 5 . t 3 5 . c o m        4 d f s _ e r 5 d e     ÿÿÿÿ   _   ÿÿÿÿ   sc_s_   ÿÿÿÿ   .png    ÿÿÿÿ   Server Connection error.    ÿÿÿÿ"   Cannot connect to accounts server.  ÿÿÿÿ   C:\Windows\rsaccdata.gran   ÿÿÿÿ(   http://nizarmix.l4rge.com/aze1s0x.xcxpps

_________________
My Windows Mobile and Windows Open Source Website:
www.scilor.com

Like my work? Donate!
Donation Website

My Programs:
grooveshark™.com Downloader, GrooveMobile, Fuel Blaster, Chameleon TicTacToe, QuickTap, WiMoBlue, Driving Licence Trainer, CodeSnippetViewer, Gesture Launcher, Fahrplanauskunft, GSensor Control


Top
 Profile  
 
 
Online
The Adswinger

Joined: Wed Jan 13, 2010 11:56 pm
Posts: Too many!
Donated: Ad Posts


PostPosted: Sat Aug 07, 2010 12:19 pm 
thats soms sick shit, tanks


Top
  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
template->_php_include(): File ./counter/foruminclude.php does not exist or is empty Powered by phpBB® Forum Software © phpBB Group