Cheat Engine

AquariiSong · Posted: Sun Mar 06, 2011 2:37 am Post subject: What does this virus do exactly?

Recently, my friend gave me a file which seemed suspicious, since he was saying it was his private pics and that's what it is but then it's a .exe so I virus scanned it and I came up with these results,

Scan 1
Scan 2
What does the virus do?

Innovation · Posted: Sun Mar 06, 2011 11:56 am Post subject:

The scans alone won't describe exactly all of the functionality of the virus. If you do not want to reverse engineer, you can try submitting the virus to an automated malware analysis service such as CWSandbox and ThreatExpert.

Saifallofjmr · Posted: Sun Mar 06, 2011 2:27 pm Post subject:

It is a RAT(remote access trojan) I would stop talking to that friend all together btw man.

SF · Posted: Sun Mar 06, 2011 2:38 pm Post subject:

Your friend is probably infected by it which is why it was sent to you, and once you get infected it'll likely try to spread over IMs. Infect a VM with it, remove it, then charge him to remove it from his PC.

Side note; everyone says people who make malare/spyware/etc are bad... but if they didn't so many people would have little to no work/money depending how many morons live in their area.

Garavito · Posted: Sun Mar 06, 2011 7:36 pm Post subject:

Someone was probably attempting to spread the file, via IMs/Facebook/or any other chatting service. - SF Already said that..

Here are a list of things that my RAT can do, his can probably do the same.

- Filter Connections (By ID, WAN, LAN, DDOS, IM, USB, Username, Comp. Name, Privileges, OS, Uptime, Idle, Ping, Socks4, Country, Version)
- Install Date
- Change Host (New DNS to connect to)
- Select All/Range
- Resolve Hostname
- Copy (WAN, LAN, Socks, Full Info, Entire List, Socks Checker List)
- Audio Capture
- Full MSN Controller (Block, Add, Unblock, Mass message!)
- Screen Capture and Control (Mouse/Keyboard supported, choose bitsize for quicker transfer)
- Keylog Manager (All/Selected/Single, Filtered/Scan/Complete)
- Webcam Capture
- DDoS (UDP/TCP, select packet/sockets/packet size/port/ip, ability to ddos on join, by country, by ping, by IP range, or random)
- View Network Statistics
- Create Socks4 Proxy (Will not work behind NAT)
- Pharming/Redirect
- Sniffer
- Website Visit (Visible/Multiple Times Hidden)
- File Manager (Search, Execute, Upload, Delete, Download, Multi File Download, Folder Download, Advanced Image Gallery/Previewer)
- Process Manager (Resume, Suspend, Kill)
- Registry Manager (New Key, New Value, Delete Key, Delete Value)
- Service Manager (Start, Stop)
- Shell (cmd prompt)
- Download/Execute
- Update Idle Time
- Seed Torrent
- File Infector
- Update Uptime
- Fun Manager (Reverse/Normal Mouse, Open/Close CD Tray, Hide/Show Mouse, Hide/Show Desktop Icons, Start/Stop Crazy Mouse, Send Message Box, Change Wallpaper (by URL), Speak Text (Type it, then send it. Choose Slow-Mo, Speedy, or Regular Speed), Set Volume 100%, Mute Volume, Unmute Volume, Start Screensaver, Restart Computer, Logoff Computer, Shutdown Computer, Turn off Monitor, Turn on Monitor) - Passwords:
Internet Explorer 7/8
Firefox 3.x
CD Keys
Windows Product Keys
MSN Messenger
Windows Messenger
Windows Live Messenger (WinXP/Vista/7)
Yahoo Messenger (5.x/6.x)
Google Talk
ICQ Lite (4.x/5.x/2003)
AOL Instant Messenger (v4.6 or below/AIM 6.x/AIM Pro)
Trillian
Trillian Astra
Miranda
GAIM/Pidgin
MySpace IM
PaltalkScene
Digsby
Outlook Express
Microsoft Outlook 2000/2002/2003/2007/2010 (POP3, IMAP, HTTP and SMTP Accounts)
Windows Mail
Windows Live Mail
IncrediMail
Eudora
Netscape (6.x/7.x)
Mozilla Thunderbird
Group Mail Free
Yahoo! Mail
Hotmail/MSN mail
Gmail
Google Desktop
Google Talk
- Spread (USB, MSN, AIM/ICQ)
- Edit ID
- Update Server
- Remove Server

Features:
Web Server - Control your bot through the web server, and also set up admin/guest accounts with editable privileges for guests!
- Station - Host through your botnet through your bot to prevent tracebacks 100%
- IP to Country Flags
- New Bots show as Red
- Icon Changer - Change to any .ico File
- File Info Cloner - Clone file details of any exe file
- Server Builder (Uses string replacement - no EOF needed!)
- All settings are stored and remembered
- After a sucessful login, you will not need to input your username and click login - it will automatically log you in.
- Statistics (Disconnected, Attempt, Established Connection, etc)
- View Chart of Bots by Country
- Skin Chooser - choose between 4 lovely skins Wink
- Database Logging (Log Passwords, Connections, Keylogs to SQL)
- Tasks (Keylog, Passwords, DDoS Start/Stop, DL/Execute, Update without being @ PC)
- Multi Transfers (Download multiple files at once, view multiple screens at once, or view multiple webcams at once!)
- Process Protection (Optional) (Cannot be killed by task manager on Vista/7. On XP, you will get BSOD and restart - if protection fails on Vista/7, it will get BSOD and restart)
- Network Sharing (Input the IP and Port of a friend and he can share your bots - update and remove are not allowed)
- No dependencies required.