Backdoor.Gamehack/Variant

Computer Issues? Game Issues? Hardware/Software Questions. Post them here and our resident Computer Geek will try to help you.
Post Reply
User avatar
Bubbachuk-PG-
Site Admin
Site Admin
Posts: 4918
Joined: Sun May 16, 2010 1:59 pm
Location: Marshville, North Carolina
Contact:
Contact Bubbachuk-PG-

Backdoor.Gamehack/Variant

Post by Bubbachuk-PG- »

I just found this trojan/malware on the computer I host our games on. The file is called "div2crack/.exe".

Below is the info I found on it. I don't know if it's anything or not but it's the first time it's shown up in the scans I do regularly:

civ2crack.exe
The application civ2crack.exe has been detected as a potentially unwanted program by 7 anti-malware scanners.
Remove civ2crack.exe - Powered by Reason Core Security
File name:
civ2crack.exe

MD5:
187f00d70a0a1648a8a14071d03a4ca7

SHA-1:
09f81c0a3905b39f15c6a5f7d94d55ec5897eff1

SHA-256:
49afea27e0d133eba829855841d0d4d6d1f7de9299adbda3c7e48f25cfe220c0

Analysis
Scanner detections:
7 / 68

Status:
Potentially unwanted

Analysis date:
10/10/2015 8:58:26 PM UTC (14 days ago)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-Appcare/HackTool.62013
2015.05.27

Comodo Security
ApplicUnwnt.Win32.Adware.Agent.618590
22250

Dr.Web
Tool.GameCrack
9.0.1.0247

F-Prot
W32/Backdoor2.HTYV
v6.4.7.1.166

Jiangmin
Adware/Agent.qx
KV150904

nProtect
Trojan/W32.Agent.67846
15.05.22.01

SUPERAntiSpyware
Backdoor.GameHack/Variant
9649

Remove civ2crack.exe - Powered by Reason Core Security
File Details
File size:
66.3 KB (67,846 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\civ2crack.exe

File PE Metadata
Compilation timestamp:
6/4/1999 2:35:11 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
768:UfyynL17CMyUKcmsHII+YWXWO1jCyGh+k:ULCKKDFY5Oi

Entry address:
0x1FE0

Entry point:
55, 8B, EC, 6A, FF, 68, 00, 50, 40, 00, 68, 78, 3B, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, C4, A8, 53, 56, 57, 89, 65, E8, FF, 15, 2C, 91, 40, 00, 33, D2, 8A, D4, 89, 15, 4C, 87, 40, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 48, 87, 40, 00, C1, E1, 08, 03, CA, 89, 0D, 44, 87, 40, 00, C1, E8, 10, A3, 40, 87, 40, 00, E8, F4, 1A, 00, 00, 85, C0, 75, 0A, 6A, 1C, E8, 39, 01, 00, 00, 83, C4, 04, C7, 45, FC, 00, 00, 00, 00, E8, DA, 18, 00, 00, E8, C5, 18, 00, 00, FF, 15, 90, 91, 40...

[+]

Entropy:
3.8184

Developed / compiled with:
Microsoft Visual C++

Code size:
15.5 KB (15,872 bytes)
Image
Image

The democracy will cease to exist when you take away from those who
are willing to work and give to those who would not. ~ Thomas Jefferson

Website: http://pgsquad.com
Facebook: https://www.facebook.com/oliver.holmes.357
Top
User avatar
Red Dog-PG-
Squad Member
Squad Member
Posts: 1005
Joined: Thu Jan 10, 2013 1:21 pm

Re: Backdoor.Gamehack/Variant

Post by Red Dog-PG- »

Intresting... Seems like a crack to run the Civilization 2 game without using the CD :?
Image

Image

Handle every stressful situation like a Dog....if you can't eat, hump it, or play with it, pee on it and walk away
Top
User avatar
Bubbachuk-PG-
Site Admin
Site Admin
Posts: 4918
Joined: Sun May 16, 2010 1:59 pm
Location: Marshville, North Carolina
Contact:
Contact Bubbachuk-PG-

Re: Backdoor.Gamehack/Variant

Post by Bubbachuk-PG- »

I don't have that game. ;)
Image
Image

The democracy will cease to exist when you take away from those who
are willing to work and give to those who would not. ~ Thomas Jefferson

Website: http://pgsquad.com
Facebook: https://www.facebook.com/oliver.holmes.357
Top
Post Reply

Return to “Tech Talk”