hi all,
i was looking for a crack for a certain program, this was not to use a program illegally, but to learn how it works (since i was not able to crack it myself)..
by this search i came across http://resource.crack-cd.com , when you press any of those links you will receive a program called assassin-254.exe. as curious as i am i ran the program. after 1 minute the program started to connect to www.dalexcars.com at port 80. When it is connected it downloads the following files to your C:\DOCUME~1\<current user>\LOCALS~1\Temp\ directory:
pony41.exe
intercooler18467.exe
if all works fine, it closes the connection, starts the above programs and terminates itself.
i have found that http://resource.crack-cd.com has the following link in their pages: http://china.dalexcars.com/assassin.html , this is where they get the program from.
unfortunately both of the downloaded programs were not downloaded correctly, they both have a size of 0 kb, otherwise i would have had more info on what these programs do.
i have done a whois on both sites and i have found that they both have the
same registration service, although they both have a different administrative contact.
i will send an email with this information to the address given for abuse, but what i would like to know, how can i make this program be known at AV programs?
if anyone would like to know more about this program, then follow this link, this is the link to the zip-file i have created which contains the program itself, both downloaded programs, a textfile with the explaination of what the program does, and the disassembled file from the original program.
i have made this announcement so that people who read this can take care of themselves and NOT run this program, since it can't be trusted!
regards
