|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
j0shua1302 How do I cheat? Reputation: 0
Joined: 17 Jul 2014 Posts: 1
|
Posted: Thu Jul 17, 2014 10:35 am Post subject: Flung trainer...HELP!!!!!!!!!!!!!! |
|
|
I have been using Flung trainer for like 4 months for all kinds of games like Dead Space 3 , FIFA 14 , Dark Souls 2
2 days ago I started playing DMC 5 and the trainer for that game worked well...but yesterday it suddenly stopped @@...
I thought something was wrong with the trainer or the game so I tried to fix it but then I realized all the Fling trainer for all the games had stopped...
Now I think maybe the problem comes from my PC but I just dont know what it is...
Can someone please help me
|
|
Back to top |
|
|
STN I post too much Reputation: 42
Joined: 09 Nov 2005 Posts: 2672
|
Posted: Thu Jul 17, 2014 11:25 am Post subject: |
|
|
I have a question for you
What in the fuck has this to do with CE ?
Anything Cheat Engine related, bugs, suggestions, helping others, etc..
And go ask FLING why their trainer is not working, does this look like a place where support for other trainer makers that have zilch to do with CE is provided ?
If we are going down this road, i have a question of mine that i hope someone can help me with.
I have been using devious trainers for decades, now all of a sudden yesterday it stopped working and caused my PC to fry...i think my PC was smoking because there was smoke coming out of it. I didn't think much of it but now the trainer won't work.
I thought something was wrong with the trainer or the game so I tried to fix it - i have no idea how i tried to fix but then I realized all the devious trainer for all the games had stopped...
Now I think maybe the problem comes from my PC but I just dont know what it is...
Can someone please help me
_________________
|
|
Back to top |
|
|
Geri Moderator Reputation: 111
Joined: 05 Feb 2010 Posts: 5636
|
Posted: Thu Jul 17, 2014 1:13 pm Post subject: |
|
|
Just report it. But it's not like I didn't notice it anyway.
_________________
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Thu Jul 17, 2014 2:05 pm Post subject: |
|
|
perhaps their trainers come with a remote admin tool which takes over your system while you use it. (e.g stealing your passwords, reading your mail, sending people in your address book trojans, infecting .exe's with viruses, etc...)
and perhaps the server it connects to has been shut down by the authorities, causing the trainer to fail gathering the data it needs
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Xblade Of Heaven Master Cheater Reputation: 0
Joined: 16 Oct 2005 Posts: 394 Location: DEAD
|
Posted: Thu Jul 17, 2014 2:11 pm Post subject: |
|
|
this is just cheap publicity to that person ...
_________________
Welcome to the Hell.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Thu Jul 17, 2014 2:16 pm Post subject: |
|
|
yeah, it's likely a trojan that's failing in calling home
Edit: it's confirmed. Their trainers are trojans
atom0s wrote: | His trainer executables are unpackers. They extract a packed trainer from within its own resources.
On load, it obtains the AppData folder via:
Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
Then extracts the trainer via:
mMain.SaveIt(ref obj, folderPath + "\\Trainer.exe");
Afterward it creates the Trainer process. There are two processes it extracts:
Trainer.exe = mT (resource file)
MemoryStr.exe = mM (resource file)
Trainer.exe - mT
Looks to be a non-packed, non-managed executable. Compiled with Visual Studio 2010 from the look of it. The file does appear to be an actual trainer. No malicious strings from the look of it. Has signature scanning functionality within it.
Code: | 011B02A4 |. FF15 4C101E01 CALL DWORD PTR DS:[<&KERNEL32.VirtualAll>; kernel32.VirtualAllocEx
011B02AA |> 6A 38 PUSH 0x38 ; /Arg2 = 00000038
011B02AC |. 68 A45F1E01 PUSH mt.011E5FA4 ; |Arg1 = 011E5FA4 ASCII "F3 0F 10 46 50 F3 0F 10 4E 54 F3 0F 10 56 58 F3 0F 58 84"
011B02B1 |. 8D4F 2C LEA ECX,DWORD PTR DS:[EDI+0x2C] ; |
011B02B4 |. 8947 04 MOV DWORD PTR DS:[EDI+0x4],EAX ; |
011B02B7 |. E8 6478FFFF CALL mt.011A7B20 ; \mt.011A7B20
011B02BC |. 6A 0E PUSH 0xE ; /Arg2 = 0000000E
011B02BE |. 68 E05F1E01 PUSH mt.011E5FE0 ; |Arg1 = 011E5FE0 ASCII "F3 0F 10 46 50"
011B02C3 |. 8D4F 48 LEA ECX,DWORD PTR DS:[EDI+0x48] ; |
011B02C6 |. E8 5578FFFF CALL mt.011A7B20 ; \mt.011A7B20
011B02CB |. 68 EB010000 PUSH 0x1EB ; /Arg2 = 000001EB
011B02D0 |. 8D77 64 LEA ESI,DWORD PTR DS:[EDI+0x64] ; |
011B02D3 |. 68 F05F1E01 PUSH mt.011E5FF0 ; |Arg1 = 011E5FF0 ASCII "39 35 00 05 C5 05 0F 84 93 00 00 00 39 35 00 05 C6 05 0F 85 68 00 00 00 83 3D 00 01 CB 05 01 75 0C D9 86 60 0A 00 00 D9 9E 5C 0A 00 00 83 3D 04 01 CB 05 01 75 14 52 8B 96 64 0A 00 00 D9 82 F4 00 00 00 D9 9A F0 00 00 00 5"...
011B02D8 |. 8BCE MOV ECX,ESI ; |
011B02DA |. E8 4178FFFF CALL mt.011A7B20 ; \mt.011A7B20
011B02DF |. 6A 05 PUSH 0x5 ; /Arg2 = 00000005
011B02E1 |. 68 DC611E01 PUSH mt.011E61DC ; |Arg1 = 011E61DC ASCII "iComp"
011B02E6 |. 8D4D D4 LEA ECX,DWORD PTR SS:[EBP-0x2C] ; |
011B02E9 |. C745 E8 0F0000>MOV DWORD PTR SS:[EBP-0x18],0xF ; |
011B02F0 |. 895D E4 MOV DWORD PTR SS:[EBP-0x1C],EBX ; |
011B02F3 |. 885D D4 MOV BYTE PTR SS:[EBP-0x2C],BL ; |
011B02F6 |. E8 2578FFFF CALL mt.011A7B20 ; \mt.011A7B20
|
MemoryStr.exe - mM
File is another executable. This time this one is managed, and obfuscated. A main namespace that did not get obfuscated it named 'Bot_Downloader', so it does appear to be a downloader / file dropper at first glance.
File is obfuscated with CryptoObfuscator.
The file after being unpacked, can be found to do the following:
- Connects to: http://trainersmasterdot tk/api/ and downloads the base64 string.
- Decodes the base64 string with some minor encryption using the key: DerLo (uses the MD5 of this string)
- The decoded address is a download url for another executable named WMIClient.exe
- The downloaded file is from: http://exa-man.site90.net/MyDB.db
- The file is stored from where the original trainer launched, again as WMIClient.exe
- The file is the executed immediately after downloading.
WMIClient.exe / MyDB.db
- File is also an executable.
- File is managed written in VB.NET also obfuscated with CryptoObfuscator.
- File contains 3 more binaries in its resources (m32bit, m64bit, mDll)
- File is most definitely a trojan.
This file attempts to download more junk, which I didn't bother looking into after seeing what this file alone does. It is certainly a virus.
The file attempts to locate various registry information about your system to locate and determine any anti-virus running on your system.
It scans for:
- NOD32, AVG, Avira, AhnLab-v3, BitDefender, ByteHero, ClamAV, F-Prot, F-Secure, GData, and about 50 more known virus scanners.
It adds itself to your systems registry to ensure that it runs on startup of your machine.
It creates several more executables/binaries onto the disk:
- WMIService.exe
- pthreadGC2.dll
- wimihost.exe
- u-host.exe
It attempts to access info on your processor via:
- HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\ProcessorNameString
It attempts to access more downloadable files and junk:
Code: | public const string string_1 = "http://exa-techo.faster-host.cz.cc/API/";
public static string string_2 = "stratum+tcp://pool.xhash.net:3355";
public static string string_3 = "X11"; |
It attempts to upload your system information to:
Code: | http://exa-techo.faster-host.cz.cc/API/ |
Including the following info:
- Your personal id.
- Your version of his software.
- Your processor type / info.
- Your system type (32bit/64bit)
- Your antivirus software.
The resource files it stores are not managed. They are a console based bitcoin miner.
Conclusion
His trainers are trojans to install bitcoin miner software onto the systems of the people that use his junk so he can freely profit off the users with them knowing assuming their anti-virus does not catch any of this happening. |
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|