Translate Blog to your language


Tuesday, November 6, 2012

Silence Winlocker 5.0

 Having a look on a version who play MP3 file.

Now let's start the boring part (reversing)
At first it call the time service dept and retrieve the date and check it with 29 Oct
(I've passed on some part of the code)
It's a protection inside Silence Winlocker, the bad guys have 7 days to f*ck ppl with his bin, after the bin will not work and should buy a new one.

Kill process:

Add a startup key:

Load from ressource an MP3 file:

And about ressource there is even one picture

Call the C&C:

Remove some entry in registry:

Kill taskmgr if found:

Play the MP3 file:
md5: 819be88d910d97bb06e02bc255977999

Call the C&C for picture:

And here we go

The C&C look's like this:


Number of connections:


You have 72 hours to pay the fine!

Tring with a 'working' MoneyPak code

Wait! Your request is processed within 24 hours.

Code appeared on the panel:



The latest version of Silent Winlocker (5.0) have not changed alot, they replaced the fbi sound by webcam feature after... it's still the same crap who do same things.


kill proc:


Call the gate:


Landing fail:

It should look's like this:


Number of connections:

Ukash/PSC/MoneyPak Payment:


Panel files



Also got the Citadel HID calculator
I lol'd of guys who cry 'Citadel leak is fake'
ppl dont know that the protection message is 'CORRUPTED EXE SHIT'

No comments:

Post a Comment

back to top