Navigation X
ALERT
Click here to register with a few steps and explore all our cool stuff we have to offer!



 4066

Scam Report milwak22 Crypter

by Ecto1324 - 21 January, 2021 - 07:42 PM
This post is by a banned member (Ecto1324) - Unhide
Ecto1324  
Registered
66
Posts
3
Threads
4 Years of service
#9
(This post was last modified: 24 January, 2021 - 01:22 PM by Ecto1324.)
@Teken
This post is by a banned member (RedZX) - Unhide
RedZX  
Supreme
0
Posts
224
Threads
5 Years of service
#10
(This post was last modified: 25 January, 2021 - 04:50 PM by RedZX.)
After looking at the crypted file given by @Ecto1324
The crypt is not at fault, even though its detected a lot, its still not the issue.
Issue lies from @Ecto1324's side, he binded the file(bad work by the way, he binded the same file 2 times or was it installation 2 times(by crypter+original exe)).
Now here is how a binder works:
gets 2 files, binds them together under the binder's stub
Thats what was crypted, the binder's stub, not the files themselves as they will be dropped and executed as they were originally with XX detections.
Here is a picture after the file was executed on "its installation folder"
[Image: WnEuArax7zmz_imgg_mzRHoB.png]
.vbs .bat are used to get privilege and exclude the app from WD
Services.exe seems to be the main app in the end being added to the registry for startup(but robux generator.exe is same as Services.exe)
h1.exe contains robux generator.exe

My point is these are highly detected:
Services.exe/robux generator.exe(scanned 7 days ago not by me kek): https://www.virustotal.com/gui/file/e36a.../detection

stub's detection: https://kleenscan.com/scan_result/c80847...bfd04fd862

even though its the OP's fault for binding files the stub's detection is way too much, reaching 14/40, 1-5/40 on kleenscan should be considered good. but not 6+

Refund or not its up to mods
Both people are at fault, one should take the blame, I would favour into the crypter's side but 14/40 too many detections.
Sorry for the interference.
 
This post is by a banned member (Chromeon) - Unhide
This post is by a banned member (RedZX) - Unhide
RedZX  
Supreme
0
Posts
224
Threads
5 Years of service
#12
(25 January, 2021 - 05:26 PM)Chromeon Wrote: Show More
(25 January, 2021 - 04:49 PM)RedZX Wrote: Show More
After looking at the crypted file given by @Ecto1324
The crypt is not at fault, even though its detected a lot, its still not the issue.
Issue lies from @Ecto1324's side, he binded the file(bad work by the way, he binded the same file 2 times or was it installation 2 times(by crypter+original exe)).
Now here is how a binder works:
gets 2 files, binds them together under the binder's stub
Thats what was crypted, the binder's stub, not the files themselves as they will be dropped and executed as they were originally with XX detections.
Here is a picture after the file was executed on "its installation folder"
[Image: WnEuArax7zmz_imgg_mzRHoB.png]
.vbs .bat are used to get privilege and exclude the app from WD
Services.exe seems to be the main app in the end being added to the registry for startup(but robux generator.exe is same as Services.exe)
h1.exe contains robux generator.exe

My point is these are highly detected:
Services.exe/robux generator.exe(scanned 7 days ago not by me kek): https://www.virustotal.com/gui/file/e36a.../detection

stub's detection: https://kleenscan.com/scan_result/c80847...bfd04fd862

even though its the OP's fault for binding files the stub's detection is way too much, reaching 14/40, 1-5/40 on kleenscan should be considered good. but not 6+

Refund or not its up to mods
Both people are at fault, one should take the blame, I would favour into the crypter's side but 14/40 too many detections.
Sorry for the interference.

problem is he didnt deliver is what im thinking.

deliver what? he delivered the crypted file??? lol
just too many detections
 
This post is by a banned member (Ecto1324) - Unhide
Ecto1324  
Registered
66
Posts
3
Threads
4 Years of service
#13
This is a bump
This post is by a banned member (Ecto1324) - Unhide
Ecto1324  
Registered
66
Posts
3
Threads
4 Years of service
#14
This is a bump
This post is by a banned member (Teken) - Unhide
Teken  
Staff
6.070
Posts
6
Threads
Staff Team
6 Years of service
#15
@milwak22 please refund OP.
[Image: exit.gif]
This post is by a banned member (Teken) - Unhide
Teken  
Staff
6.070
Posts
6
Threads
Staff Team
6 Years of service
#16
@Ecto1324 any updates?
[Image: exit.gif]

Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
or
Sign in
Already have an account? Sign in here.


Forum Jump:


Users browsing this thread: 10 Guest(s)