Back to roots 2 | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
|
popularity : 54% |
|||||||||||||
alltime top: #64547 |
|
|||||||||||||
added on the 2014-02-22 07:46:00 by wbcbz7 |
popularity helper
comments
just out of curiosity: why does it try to connect the interwebs?
added on the 2014-02-22 09:26:26 by sensenstahl
really? I see no connections
chaos zoomer with nice (but ripped from Starport BBS intro) AdLib music. Yes, it really trying to connect to unknown web servers (why?), and it`s not mine prod :)
Not very smooth 2d effect on my I7. And only that. Trying to connect? Where can I see that? Don't do anything to my computer..
I saw somwhere a similar web routine...
the prod opens a ssl connection to the (seattle based) IP address 4.53.147.198.
sadly i dont speak https so i dont know what they are talking about.
sadly i dont speak https so i dont know what they are talking about.
use wireshark to analyze.
Wrapped with Spoon Virtual Application Studio 2012 http://spoon.net/studio cracked with serial by Lz0/LineZer0
The wrapper is a Microsoft .NET transparent SsHd downloader to
Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\roaming\modified\@PROGRAMFILESX86@\
Guessing the Seattle Bellevue IPv4 address 138.8.119.35 is related to Microsoft.
b2r2.exe(1.4 Mb) drops b2r.exe(26 Kb) which is the Back to the roots win32 demo and launches music\a2t_play32.exe
Modifies ProxyServer, ProxyOverride, ProxyEnable, SavedLegacySettings keys through windows registry.
Launches DNS/RPC through svchost.exe
This plus lack of .nfo
The wrapper is a Microsoft .NET transparent SsHd downloader to
Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\roaming\modified\@PROGRAMFILESX86@\
Guessing the Seattle Bellevue IPv4 address 138.8.119.35 is related to Microsoft.
b2r2.exe(1.4 Mb) drops b2r.exe(26 Kb) which is the Back to the roots win32 demo and launches music\a2t_play32.exe
Modifies ProxyServer, ProxyOverride, ProxyEnable, SavedLegacySettings keys through windows registry.
Launches DNS/RPC through svchost.exe
This plus lack of .nfo
Above replace IPv4 address 138.8.119.35 by 4.53.147.198 as wysiwtf said.
All in all personally I wouldn't recommend running this because it is unknown how Lz0 regged this. It might be better to upload the 26kb executable b2r.exe alone, without the bloated >1Mb Internet connection wrapper.
All in all personally I wouldn't recommend running this because it is unknown how Lz0 regged this. It might be better to upload the 26kb executable b2r.exe alone, without the bloated >1Mb Internet connection wrapper.
If you want to just see the demo, I've uploaded it to http://www.sendspace.com/file/8mw8sq
but still be warned of the virustotal below
SHA256: 52e0489544ba802de089921d8fecffe9f097e15884e314d42c1ca28c587226f3
File name: b2r.exe
Detection ratio: 2 / 50
Analysis date: 2014-02-22 19:17:56 UTC ( 0 minutes ago )
Antivirus Result Update
CMC Packed.Win32.Zcrypt.3!O 20140220
Qihoo-360 HEUR/Malware.QVM05.Gen 20140222
but still be warned of the virustotal below
SHA256: 52e0489544ba802de089921d8fecffe9f097e15884e314d42c1ca28c587226f3
File name: b2r.exe
Detection ratio: 2 / 50
Analysis date: 2014-02-22 19:17:56 UTC ( 0 minutes ago )
Antivirus Result Update
CMC Packed.Win32.Zcrypt.3!O 20140220
Qihoo-360 HEUR/Malware.QVM05.Gen 20140222
Hi.
Makes me remember of the 3D0 when you play music thru it and/or an old AMOS Commodore Amiga demo...
Anyone recalls?
Makes me remember of the 3D0 when you play music thru it and/or an old AMOS Commodore Amiga demo...
Anyone recalls?
Baudsurfer, thanks for this info! Heh, I can`t imagine that this demo packed by cracked packer and modifies registry. Why a\v doesn`t warned this file? :-D
In russian: да, эту дему точно рупор делал :)
In russian: да, эту дему точно рупор делал :)
Quote:
Baudsurfer, thanks for this info! Heh, I can`t imagine that this demo packed by cracked packer and modifies registry. Why a\v doesn`t warned this file? :-D
In russian: да, эту дему точно рупор делал :) added on the 2014-02-23 12:29:19 by wormsbiysk
The demo itself is only 26 kb (I've given the link to the extracted file here) whereas the executable in the download link you provided is over a megabyte.
I do not have interest to reverse-engineer a megabyte of wrappers : I'd rather code something myself : I stopped looking when I saw the hacked serial, the sshd protocol and attempts to access my registry keys related to Internet connection.
afaik demo ain't packed to hide virus. some parts has been created with help of portable Virtual Application Studio.
maybe the reason in the tool?
My Comodo still silent.
maybe the reason in the tool?
My Comodo still silent.
and tune ain't ripped from StarportBBStro 2(because sources are shared, Reality made famous tune for RAD Tracker).
should be fixed...
submit changes
if this prod is a fake, some info is false or the download link is broken,
do not post about it in the comments, it will get lost.
instead, click here !