Sunday 16 January 2011

HoaxSMS (uTorrent / Flash Player) FLASH10.exe



Another HoaxSMS this time it's about a flash player
MD5: 33d0729a04964c02adf66bbda739fd2d

Read more about these Hoax here


Right after execution the following information is displayed:


the EULA:

Select a folder:

Select an option and payd 3 SMS:

The serial check is done online
URL: http://93.174.88.125/check_a_pass/
POST DATA: a_id=572&a_pass=serialHere

But we dont need to crack the file this time:
FLASH10.exe create a folder in %temp% called "extractor"


Then it launch "SfxChecker.exe" who ask you for some SMS
But FLASH10.exe have also added in the temp folder a file called "7zr.exe" and "arch.7z"
When you have entered your 3 SMS the SfxChecker launch 7zr.exe (7-Zip by Igor Pavlov) and extract the file arch.7z
We can do that right ?

C:\Documents and Settings\Administrateur\Bureau>7zr.exe e arch.7z

7-Zip (A) 9.12 beta Copyright (c) 1999-2010 Igor Pavlov 2010-03-24

Processing archive: arch.7z

Extracting Plugins_Portable_Flash_10.1.53.64.paf.exe

Everything is Ok

Size: 2430844
Compressed: 2429724

C:\Documents and Settings\Administrateur\Bureau>

And you have your flash player extracted:



In simple words you are paying again 3 SMS for nothing.
the flash player from adobe is free.

No comments:

Post a Comment