HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

SQLi ask v.8.0

Status
Not open for further replies.
B

b4ck7r4ck

Banned
User
Joined
Oct 19, 2015
Messages
3
Reputation
0
Reaction score
0
Points
1
Credits
0
‎9 Years of Service‎
60%
Please note, if you want to make a deal with this user, that it is blocked.
1446665034_1601dafc6a4f.jpg


Program for working with SQL vulnerabilities, looking for a dork, merges base

1448626427_21f50ff1a4.jpg


File Infected

FileName : SQLi ask v.8.0.exe

MD5 : aaf4a8db3d67977315051b4928b07132

SHA1 : 1c077b840184928b4e66f07376937a6054803053

Analyze by bxlcity

Code: 
>Code injection in process: C:\Program Files\Internet Explorer\iexplore.exe
Code injection in process: C:\Sandbox\-\DefaultBox\user\current\AppData\Local\Temp\1.exe
Created a mutex named: Local\MidiMapper_modLongMessage_RefCnt
Created an event named: Global\CPFATE_5904_v4.0.30319
Created process: C:\Program Files\Internet Explorer\iexplore.exe, , null
Created process: C:\Users\-\AppData\Local\Temp\1.exe
Created process: null, explorer.exe, null
Defined code injection in process: C:\Windows\explorer.exe
Defined file type created in Windows folder: C:\Windows\.Sys\explorer.exe
Defined file type created: C:\Users\-\AppData\Local\Temp\1.exe
Defined file type created: C:\Users\-\AppData\Local\Temp\SQLi ask v.8.0.exe
Defined registry AutoStart location created or modified: machine\software\microsoft\Active Setup\Installed Components\{11T235R3-0U12-M418-VT88-KH1QMX458547}\StubPath = C:\Windows\.Sys\explorer.exe
Defined registry AutoStart location created or modified: machine\software\microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = C:\Windows\.Sys\explorer.exe
Defined registry AutoStart location created or modified: machine\software\microsoft\Windows\CurrentVersion\Run\HKLM = C:\Windows\.Sys\explorer.exe
Defined registry AutoStart location created or modified: user\current\software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = C:\Windows\.Sys\explorer.exe
Defined registry AutoStart location created or modified: user\current\software\Microsoft\Windows\CurrentVersion\Run\HKCU = C:\Windows\.Sys\explorer.exe
Detected keylogger functionality
Got computer name
Got input locale identifiers
Hid file from user: C:\Users\-\AppData\Roaming\logs.dat
Hid file from user: C:\Windows\.Sys\explorer.exe
Hid folder from user: C:\Windows\.Sys
Opened a service named: AudioSrv
Slept over 2 minutes
 
Last edited by a moderator:
Re: SQLi ask v.8.0

READ THE RULES NEXT TIME ANALYZE BEFORE!

This link is hidden for visitors. Please Log in or register now.


7.- Posting download links to infected files or virus' will result in you being banned. Please report such files.

Moved to Post Infected!

 
Status
Not open for further replies.
Back
Top