Jump to content
Tuts 4 You

uPPP v0.7 RTM

Ufo-Pu55y

By Ufo-Pu55y
in uPPP

Recommended Posts

  • Replies 64
  • Created
  • Last Reply

Top Posters In This Topic

  • Ufo-Pu55y

    18

  • cegy

    3

  • tim619

    3

  • andrextrap

    3

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Ufo-Pu55y
Ufo-Pu55y

hi, here's another update: v0.7 -new: multiple file drops with same resource -new: combobox 'Execution level': 'requireAdministrator' or 'asInvoker' -new: s

Malaya2100
Malaya2100

Hey Brother Ufo-Pu55y, "The More We Learn, The Less We Feel". "Experience comes from Mistakes and Mistakes come from Ignorance(Unknowingly)". Thanks for Your Great Work as expected.

Ufo-Pu55y
Ufo-Pu55y

.. and some c+p from the changelog: -new: byte pattern text formats when copying to clipboard: normal, for OllyDbg or for WinHex..not quite it? I guess I know that issue. It's at OS

Posted Images

  • 2 weeks later...
tam-tam

tam-tam

Posted
Posted (edited)

AV DrWeb report uPPP.exe infected with Trojan.Download2.41068

You can make open weblink to down net. 2.0. i't will be more user frendly. Also there is exist more high versions of net.

Also i can't run it at xp sp 3


/>http://tinypic.com/r/149nb6/5

at w7 running ok.

Edited by tam-tam
Ufo-Pu55y

Ufo-Pu55y

Posted
  • Author
Posted
AV DrWeb report uPPP.exe infected with Trojan.Download2.41068

Online check doesn't say so about DrWeb.

And I highly doubt that your uPPP.exe would run at all,

if it was infected on your machine for some reason.


VirSCAN.org Scanned Report :
Scanned time   : 2012/02/26 15:27:11 (CET)
Scanner results: 3% Scanner(s) (1/36) found malware!
File Name	  : uPPP.exe
File Size	  : 2657792 byte
File Type	  : PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono
MD5			: aa4e25f93abe92b7eb3a4c485c9bfd2b
SHA1		   : ae998489f5eda96860ab56544021158db027bba4
Online report  : http://r.virscan.org/67a85c75d4804a4496606a3cc7e7dc00
Scanner		Engine Ver	  Sig Ver		   Sig Date	Time   Scan result
a-squared	  5.1.0.4		 20120225211656	2012-02-25  0.43   -
AhnLab V3	  2012.02.26.00   2012.02.26		2012-02-26  2.93   -
AntiVir		8.2.8.44		7.11.21.199	   2012-01-27  0.18   -
Antiy		  2.0.18		  2.0.18.		   0002-18-00  0.18   -
Arcavir		2011			201202170436	  2012-02-17  3.91   -
Authentium	 5.1.1		   201202251833	  2012-02-25  1.59   -
AVAST!		 4.7.4		   120226-2		  2012-02-26  0.57   -
AVG			12.0.1782	   2114/4832		 2012-02-25  0.34   -
BitDefender	7.90123.7232898 7.41141		   2012-02-25  3.65   -
ClamAV		 0.97.3		  14529			 2012-02-26  1.25   -
Comodo		 5.1			 11622			 2012-02-26  2.29   -
CP Secure	  1.3.0.5		 2012.02.26		2012-02-26  0.55   -
Dr.Web		 7.0.0.11250	 2012.02.24		2012-02-24  13.52  -
F-Prot		 4.6.2.117	   20120225		  2012-02-25  0.94   -
F-Secure	   7.02.73807	  2012.02.07.03	 2012-02-07  2.41   -
Fortinet	   4.3.388		 15.246			2012-02-25  0.30   -
GData		  22.3982		 20120226		  2012-02-26  5.00   -
ViRobot		20120225		2012.02.25		2012-02-25  0.43   -
Ikarus		 T3.1.32.20.0	2012.02.26.80576  2012-02-26  5.10   -
JiangMin	   13.0.900		2012.02.25		2012-02-25  2.95   -
Kaspersky	  5.5.10		  2012.02.24		2012-02-24  0.30   -
KingSoft	   2009.2.5.15	 2012.2.26.9	   2012-02-26  1.31   -
McAfee		 5400.1158	   6631			  2012-02-25  9.89   -
Microsoft	  1.8101		  2012.02.26		2012-02-26  3.41   -
NOD32		  3.0.21		  6841			  2012-01-30  0.18   -
Panda		  9.05.01		 2012.02.25		2012-02-25  2.51   -
Trend Micro	9.500-1005	  8.802.03		  2012-02-25  0.20   -
Quick Heal	 11.00		   2012.02.25		2012-02-25  1.85   -
Rising		 20.0			23.98.04.02	   2012-02-24  4.09   -
Sophos		 3.28.1		  4.74			  2012-02-26  5.03   -
Sunbelt		3.9.2527.2	  11592			 2012-02-25  1.56   -
Symantec	   1.3.0.24		20120225.008	  2012-02-25  0.83   -
nProtect	   20120225.01	 11243173		  2012-02-25  1.27   -
The Hacker	 6.7.0.1		 v00412			2012-02-25  0.63   -
VBA32		  3.12.16.4	   20120224.1216	 2012-02-24  4.39   TrojanDownloader.CodecPack.andr
VirusBuster	5.4.1.7		 14.1.236.0/79863632012-02-25  0.21   -
tam-tam

tam-tam

Posted
Posted (edited)

i talk about http://forum.tuts4yo...&attach_id=6843

from 1st page.

uPPP.v0.7.7z

426f68ed3c02292054540cb2749a8003 *uPPP.v0.7.7z

uPPP.exe

8088f36851f4b66c36135d8e50e27193 *uPPP.exe

http://online.drweb.com/

uPPP.exe infected with Trojan.DownLoad2.41068

or

virustotal

eSafe Suspicious File

McAfee Artemis!8088F36851F4

McAfee-GW-Edition Artemis!8088F36851F4

VBA32 TrojanDownloader.CodecPack.andr

+drweb

you talking about anoter build with

MD5 : aa4e25f93abe92b7eb3a4c485c9bfd2b

Edited by tam-tam
Ufo-Pu55y

Ufo-Pu55y

Posted
  • Author
Posted

Ok, you're right. It's not that I don't believe you. smile.png

But just look at this:

http://r.virscan.org...2155ea00fd.html

Supposedly also done by an up-to-date Dr.Web on the same binary.

I'm not bashing on scanners (I'm using one myself),

but the only thing that we learn in this is to not trust in scanners anyway.

Also it casts a poor light on Dr. Web in this case, since giving false positives

on .NET binaries still might be kinda lame nowadays (at least some bashing ^^).

  • 2 weeks later...
TECHNO

TECHNO

Posted
Posted

how can i resolve this error UaDq3.png

Ufo-Pu55y

Ufo-Pu55y

Posted
  • Author
Posted (edited)
how can i resolve this error

That's weird. What AV or security tools do you use?

Looks like something's grabbing the new EXE immediately.

/EDIT:

"ProcMon" might help to find the 'another process'..

Edited by Ufo-Pu55y
TECHNO

TECHNO

Posted
Posted

MSE (Microsoft Security Essentials)

TECHNO

TECHNO

Posted
Posted

is this because of my AV?? if yes then i'll go back to avast :D

Ufo-Pu55y

Ufo-Pu55y

Posted
  • Author
Posted

MSE (Microsoft Security Essentials)

Nope, M$E is "ok". I'm using it at work myself (in order to get rid of admin terms like KAV sick.gif).

I seriously don't know wtf might lock the created patch on your box.

Simply run "ProcMon" (or any other tool with balls) in the background

to see your global file actions when you're creating the patch.exe.

  • 2 weeks later...
andrextrap

andrextrap

Posted
Posted (edited)

how to skip the adreess if not found?

example:

Untitled-3.jpg

if address 1 NOT FOUND then skip to adress 2 but not failed

if address 2 FOUND then patch successfull not failed

if address 1 n 2 NOT FOUND patch failed

diabloo2oo2 (DUP2) can do this

sorry my english is not good

Edited by andrextrap
Ufo-Pu55y

Ufo-Pu55y

Posted
  • Author
Posted

Hi,

in uPPP you can "skip" a full S+R patch entry instead.

Simply do it like this:

post-20979-0-26054900-1332148074.png

-in the first S+R patch do your search for "1BC04089.."

-in the second S+R patch do your search for "1BF65246.."

-uncheck the first S+R patch in the list (screenshot)

In the manual it's called grouping.. check it out.

At least 1 patch of such a group has to be successful.

andrextrap

andrextrap

Posted
Posted

thx its work :)

i like uppp because simple and at virustotal.com, only detect 2 false alarm :D

  • 4 months later...
SaadCrackz™

SaadCrackz™

Posted
Posted

What we really need is support for a release info box.

If you just add it uPPP will become the best patch maker

and also in the offset patch dialog can you pls add a dont check original old bytes option pls

when will version 0.9 come

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing
×
×
  • Create New...