Sunday, 16 January 2011

HoaxSMS (uTorrent / Flash Player) FLASH10.exe

Another HoaxSMS this time it's about a flash player
MD5: 33d0729a04964c02adf66bbda739fd2d

Read more about these Hoax here

Right after execution the following information is displayed:

the EULA:

Select a folder:

Select an option and payd 3 SMS:

The serial check is done online
POST DATA: a_id=572&a_pass=serialHere

But we dont need to crack the file this time:
FLASH10.exe create a folder in %temp% called "extractor"

Then it launch "SfxChecker.exe" who ask you for some SMS
But FLASH10.exe have also added in the temp folder a file called "7zr.exe" and "arch.7z"
When you have entered your 3 SMS the SfxChecker launch 7zr.exe (7-Zip by Igor Pavlov) and extract the file arch.7z
We can do that right ?

C:\Documents and Settings\Administrateur\Bureau>7zr.exe e arch.7z

7-Zip (A) 9.12 beta Copyright (c) 1999-2010 Igor Pavlov 2010-03-24

Processing archive: arch.7z

Extracting Plugins_Portable_Flash_10.1.53.64.paf.exe

Everything is Ok

Size: 2430844
Compressed: 2429724

C:\Documents and Settings\Administrateur\Bureau>

And you have your flash player extracted:

In simple words you are paying again 3 SMS for nothing.
the flash player from adobe is free.

No comments:

Post a Comment