FAKE Credit Generator - Warning / Proof of Malicious Intent

DataMine
by DataMine · 12 posts
12 years ago in Autoit
Posted 12 years ago · Author
This is a fake credit generator I found on YouTube. I decompilied it for learning purposes. It seems to be a lot more advanced than most of the fake generators I've seen.

Note: I am in no way encouraging you to use this code to make a credit generator. I'm simply exposing how this works as proof of invalidity. In all cases that we have seen, including in this example, credit generators are malicious software containing spyware and or are simply out to steal / phish your username and password. I have removed key lines from the code bellow, so people with malicious intent will not be able to compile / re-use this example to create their own malicious software.

CLICK HERE TO DOWNLOAD THE FULL FILES

Main Form
Code
_IEErrorHandlerRegister ()
Opt("GUIOnEventMode", 1)
Opt("TrayIconHide", 1)
Opt("WinTitleMatchMode", 2)
$frmMain =GuiCreate ("IMVU - Credit Maker", 334, 72)
GUISetOnEvent($GUI_EVENT_CLOSE, "CloseXClick")
$btnStart = GUICtrlCreatebutton ("Begin", 255, 29, 70, 23, 0)
GUICtrlSetOnEvent(-1, "btnStartClick")
$Label4 = GUICtrlCreateLabel("Avatar Name", 9, 9, 220, 15)
GUICtrlSetFont (-1,9, 800)
$Label5 = GUICtrlCreateLabel("Credits", 185, 9, 220, 15)
GUICtrlSetFont (-1,9, 800)
$Label6 = GUICtrlCreateLabel("Stopped", 9, 55, 220, 15)
GUICtrlSetFont (-1,7, 400)
$file = GUICtrlCreateInput("", 9, 30, 175, 21)
$file2 = GUICtrlCreateInput("1000", 185, 30, 70, 21)
GuiSetState (@SW_SHOW)
$s = 0
While 1
   Sleep (100)
Wend
Func CloseXClick()
    Exit
EndFunc
Func btnStartClick()
    GUICtrlSetState($btnStart, $GUI_DISABLE)
   if GUICtrlRead($file) = "" then
      MsgBox(16, "Error", "Please Enter Your Username")
      Exit
   EndIf
   Progress()
EndFunc
Func btnStopClick()
   Exit
EndFunc
Func Progress()
For $i = $s To 100
   $s = $i
   $s=0
   GUICtrlSetData ($Label6,"Adding Credits - "&$i&"%")
   $timedelay= Int (Random("200", "1000"))
   Sleep($timedelay)
   Next
   if $i >100 then
      GUICtrlSetData ($Label6,"Done")
      GUICtrlSetState($btnStart, $GUI_ENABLE)
      MsgBox(4096, "", "Complete.")
   endif
EndFunc


INet.au3
Code
#include-once
Func _GetIP()
   Local $ip, $t_ip
   If InetGet("http://checkip.dyndns.org/?rnd1=" & Random(1, 65536) & "&rnd2=" & Random(1, 65536), @TempDir & "\~ip.tmp") Then
      $ip = FileRead(@TempDir & "\~ip.tmp", FileGetSize(@TempDir & "\~ip.tmp"))
      FileDelete(@TempDir & "\~ip.tmp")
      $ip = StringTrimLeft($ip, StringInStr($ip, ":") + 1)
      $ip = StringTrimRight($ip, StringLen($ip) - StringInStr($ip, "/") + 2)
      $t_ip = StringSplit($ip, '.')
      If $t_ip[0] = 4 And StringIsDigit($t_ip[1]) And StringIsDigit($t_ip[2]) And StringIsDigit($t_ip[3]) And StringIsDigit($t_ip[4]) Then
         Return $ip
      EndIf
   EndIf
   If InetGet("http://www.whatismyip.com/?rnd1=" & Random(1, 65536) & "&rnd2=" & Random(1, 65536), @TempDir & "\~ip.tmp") Then
      $ip = FileRead(@TempDir & "\~ip.tmp", FileGetSize(@TempDir & "\~ip.tmp"))
      FileDelete(@TempDir & "\~ip.tmp")
      $ip = StringTrimLeft($ip, StringInStr($ip, "Your ip is") + 10)
      $ip = StringLeft($ip, StringInStr($ip, " ") - 1)
      $ip = StringStripWS($ip, 8)
      $t_ip = StringSplit($ip, '.')
      If $t_ip[0] = 4 And StringIsDigit($t_ip[1]) And StringIsDigit($t_ip[2]) And StringIsDigit($t_ip[3]) And StringIsDigit($t_ip[4]) Then
         Return $ip
      EndIf
   EndIf
   SetError(1)
   Return -1
EndFunc
Func _INetExplorerCapable($s_IEString)
   If StringLen($s_IEString) <= 0 Then
      Return ''
      SetError(1)
   Else
      Local $s_IEReturn
      Local $i_IECount
      Local $n_IEChar
      For $i_IECount = 1 To StringLen($s_IEString)
         $n_IEChar = '0x' & Hex(Asc(StringMid($s_IEString, $i_IECount, 1)), 2)
         If $n_IEChar < 0x21 Or $n_IEChar = 0x25 Or $n_IEChar = 0x2f Or $n_IEChar > 0x7f Then
            $s_IEReturn = $s_IEReturn & '%' & StringRight($n_IEChar, 2)
         Else
            $s_IEReturn = $s_IEReturn & Chr($n_IEChar)
         EndIf
      Next
      Return $s_IEReturn
   EndIf
EndFunc
Func _INetGetSource($s_URL, $s_Header = '')
   If StringLeft($s_URL, 7) <> 'http://' And StringLeft($s_URL, 8) <> 'https://' Then $s_URL = 'http://' & $s_URL
   Local $h_DLL = DllOpen("wininet.dll")
   Local $ai_IRF, $s_Buf = ''
   Local $ai_IO = DllCall($h_DLL, 'int', 'InternetOpen', 'str', "AutoIt v3", 'int', 0, 'int', 0, 'int', 0, 'int', 0)
   If @error Or $ai_IO[0] = 0 Then
      DllClose($h_DLL)
      SetError(1)
      Return ""
   EndIf
   Local $ai_IOU = DllCall($h_DLL, 'int', 'InternetOpenUrl', 'int', $ai_IO[0], 'str', $s_URL, 'str', $s_Header, 'int', StringLen($s_Header), 'int', 0x80000000, 'int', 0)
   If @error Or $ai_IOU[0] = 0 Then
      DllCall($h_DLL, 'int', 'InternetCloseHandle', 'int', $ai_IO[0])
      DllClose($h_DLL)
      SetError(1)
      Return ""
   EndIf
   Local $v_Struct = DllStructCreate('udword')
   DllStructSetData($v_Struct, 1, 1)
   While DllStructGetData($v_Struct, 1) <> 0
      $ai_IRF = DllCall($h_DLL, 'int', 'InternetReadFile', 'int', $ai_IOU[0], 'str', '', 'int', 256, 'ptr', DllStructGetPtr($v_Struct))
      $s_Buf &= StringLeft($ai_IRF[2], DllStructGetData($v_Struct, 1))
   WEnd
   DllCall($h_DLL, 'int', 'InternetCloseHandle', 'int', $ai_IOU[0])
   DllCall($h_DLL, 'int', 'InternetCloseHandle', 'int', $ai_IO[0])
   DllClose($h_DLL)
   Return $s_Buf
EndFunc
Func _INetMail($s_MailTo, $s_MailSubject, $s_MailBody)
   Local $prev = opt("ExpandEnvStrings", 1)
   Local $var = RegRead('HKCR\mailto\shell\open\command', "")
   Local $ret = Run(StringReplace($var, '%1', _INetExplorerCapable('mailto:' & $s_MailTo & '?subject=' & $s_MailSubject & '&body=' & $s_MailBody)))
   opt("ExpandEnvStrings", $prev)
   Return $ret
EndFunc
Func _INetSmtpMail($s_SmtpServer, $s_FromName, $s_FromAddress, $s_ToAddress, $s_Subject = "", $as_Body = "", $s_helo = "", $s_first=" ", $b_trace = 0)
   Local $v_Socket
   Local $s_IPAddress
   Local $i_Count
   Local $s_Send[6]
   Local $s_ReplyCode[6]
   If $s_SmtpServer = "" Or $s_FromAddress = "" Or $s_ToAddress = "" Or $s_FromName = "" Or StringLen($s_FromName) > 256 Then
      SetError(1)
      Return 0
   EndIf
   If $s_helo = "" Then $s_helo = @ComputerName
   If TCPStartup() = 0 Then
      SetError(2)
      Return 0
   EndIf
   StringRegExp($s_SmtpServer, "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)")
   If @extended Then
      $s_IPAddress = $s_SmtpServer
   Else
      $s_IPAddress = TCPNameToIP($s_SmtpServer)
   EndIf
   If $s_IPAddress = "" Then
      TCPShutdown()
      SetError(3)
      Return 0
   EndIf
   $v_Socket = TCPConnect($s_IPAddress, 25)
   If $v_Socket = -1 Then
      TCPShutdown()
      SetError(4)
      Return (0)
   EndIf
   $s_Send[0] = "HELO " & $s_helo & @CRLF
   If StringLeft($s_helo,5) = "EHLO " Then $s_Send[0] = $s_helo & @CRLF
   $s_ReplyCode[0] = "250"
   $s_Send[1] = "MAIL FROM: <" & $s_FromAddress & ">" & @CRLF
   $s_ReplyCode[1] = "250"
   $s_Send[2] = "RCPT TO: <" & $s_ToAddress & ">" & @CRLF
   $s_ReplyCode[2] = "250"
   $s_Send[3] = "DATA" & @CRLF
   $s_ReplyCode[3] = "354"
   $s_Send[4] =    "From:" & $s_FromName & "<" & $s_FromAddress & ">" & @CRLF & _
         "To:" & "<" & $s_ToAddress & ">" & @CRLF & _
         "Subject:" & $s_Subject & @CRLF & _
         "Mime-Version: 1.0" & @CRLF & _
         "Content-Type: text/plain; charset=US-ASCII" & @CRLF & _
         @CRLF
   $s_ReplyCode[4] = ""
   $s_Send[5] = @CRLF & "." & @CRLF
   $s_ReplyCode[5] = "250"
   If _SmtpSend($v_Socket, $s_Send[0], $s_ReplyCode[0], $b_trace, "220", $s_first) Then
      SetError(50)
      Return 0
   EndIf
   For $i_Count = 1 To UBound($s_Send) - 2
      If _SmtpSend($v_Socket, $s_Send[$i_Count], $s_ReplyCode[$i_Count], $b_trace) Then
         SetError(50 + $i_Count)
         Return 0
      EndIf
   Next
   For $i_Count = 0 To UBound($as_Body) - 1
      If StringLeft($as_Body[$i_Count], 1) = "." Then $as_Body[$i_Count] = "." & $as_Body[$i_Count]
      If _SmtpSend($v_Socket, $as_Body[$i_Count] & @CRLF, "", $b_trace) Then
         SetError(500 + $i_Count)
         Return 0
      EndIf
   Next
   $i_Count = UBound($s_Send) - 1
   If _SmtpSend($v_Socket, $s_Send[$i_Count], $s_ReplyCode[$i_Count], $b_trace) Then
      SetError(5000)
      Return 0
   EndIf
   TCPCloseSocket($v_Socket)
   TCPShutdown()
   Return 1
EndFunc
Func _SmtpTrace($str, $timeout = 0)
   Local $W_TITLE = "SMTP trace"
   Local $g_smtptrace = ControlGetText($W_TITLE, "", "Static1")
   $str = StringLeft(StringReplace($str, @CRLF, ""), 70)
   $g_smtptrace &= @HOUR & ":" & @MIN & ":" & @SEC & " " & $str & @LF
   If WinExists($W_TITLE) Then
      ControlSetText($W_TITLE, "", "Static1", $g_smtptrace)
   Else
      SplashTextOn($W_TITLE, $g_smtptrace, 400, 500, 500, 100, 4 + 16, "", 8)
   EndIf
   If $timeout Then Sleep($timeout * 1000)
EndFunc
Func _SmtpSend($v_Socket, $s_Send, $s_ReplyCode, $b_trace, $s_IntReply="", $s_first="")
    Local $s_Receive, $i, $timer
    If $b_trace Then _SmtpTrace($s_Send)
    If $s_IntReply <> ""  Then
        If $s_first <> -1 Then
            If TCPSend($v_Socket, $s_first) = 0 Then
                TCPCloseSocket($v_Socket)
                TCPShutdown()
                Return 1
            EndIf
        EndIf
        $s_Receive = ""
        $timer = TimerInit()
        While StringLeft($s_Receive,StringLen($s_IntReply)) <> $s_IntReply And TimerDiff($timer) < 45000
            $s_Receive = TCPRecv($v_Socket, 1000)
            If $b_trace And $s_Receive <> "" Then _SmtpTrace("intermediate->" & $s_Receive)
        WEnd
    EndIf
    If TCPSend($v_Socket, $s_Send) = 0 Then
        TCPCloseSocket($v_Socket)
        TCPShutdown()
        Return 1
    EndIf
    $timer = TimerInit()
    $s_Receive = ""
    While $s_Receive = "" And TimerDiff($timer) < 45000
        $i += 1
        $s_Receive = TCPRecv($v_Socket, 1000)
        If $s_ReplyCode = "" Then ExitLoop
    WEnd
    If $s_ReplyCode <> "" Then
        If $b_trace Then _SmtpTrace($i & " <- " & $s_Receive)
        If StringLeft($s_Receive, StringLen($s_ReplyCode)) <> $s_ReplyCode Then
            TCPCloseSocket($v_Socket)
            TCPShutdown()
            If $b_trace Then _SmtpTrace("<-> " & $s_ReplyCode, 5)
            Return 2
        EndIf
    EndIf
    Return 0
EndFunc
Func _TCPIpToName($sIp, $iOption = Default, $hDll_Ws2_32 = Default)
   Local $vbinIP, $vaDllCall, $vptrHostent, $vHostent, $sHostnames, $vh_aliases, $i
   Local $INADDR_NONE = 0xffffffff, $AF_INET = 2, $sSeperator = @CR
   If $iOption = Default Then $iOption = 0
   If $hDll_Ws2_32 = Default Then $hDll_Ws2_32 = "Ws2_32.dll"
   $vaDllCall = DllCall($hDll_Ws2_32, "long", "inet_addr", "str", $sIp)
   If @error Then Return SetError(1, 0, "")
   $vbinIP = $vaDllCall[0]
   If $vbinIP = $INADDR_NONE Then Return SetError(2, 0, "")
   $vaDllCall = DllCall($hDll_Ws2_32, "ptr", "gethostbyaddr", "long_ptr", $vbinIP, "int", 4, "int", $AF_INET)
   If @error Then Return SetError(3, 0, "")
   $vptrHostent = $vaDllCall[0]
   If $vptrHostent = 0 Then
      $vaDllCall = DllCall($hDll_Ws2_32, "int", "WSAGetLastError")
      If @error Then Return SetError(5, 0, "")
      Return SetError(4, $vaDllCall[0], "")
   EndIf
   $vHostent = DllStructCreate("ptr;ptr;short;short;ptr", $vptrHostent)
   $sHostnames = __TCPIpToName_szStringRead(DllStructGetData($vHostent, 1))
   If @error Then Return SetError(6, 0, $sHostnames)
   If $iOption = 1 Then
      $sHostnames &= $sSeperator
      For $i = 0 To 63
         $vh_aliases = DllStructCreate("ptr", DllStructGetData($vHostent, 2) + ($i * 4))
         If DllStructGetData($vh_aliases, 1) = 0 Then ExitLoop
         $sHostnames &= __TCPIpToName_szStringRead(DllStructGetData($vh_aliases, 1))
         If @error Then
            SetError(7)
            ExitLoop
         EndIf
      Next
      Return StringSplit(StringStripWS($sHostnames, 2), @CR)
   Else
      Return $sHostnames
   EndIf
EndFunc
Func __TCPIpToName_szStringRead($iszPtr, $iLen = -1, $hDll_msvcrt = "msvcrt.dll")
   Local $aStrLen, $vszString
   If $iszPtr < 1 Then Return ""
   If $iLen < 0 Then
      $aStrLen = DllCall($hDll_msvcrt, "int:cdecl", "strlen", "ptr", $iszPtr)
      If @error Then Return SetError(1, 0, "")
      $iLen = $aStrLen[0] + 1
   EndIf
   $vszString = DllStructCreate("char[" & $iLen & "]", $iszPtr)
   If @error Then Return SetError(2, 0, "")
   Return SetError(0, $iLen, DllStructGetData($vszString, 1))
EndFunc
Posted 12 years ago · Author
Don Von Free Credits wrote:
What is so complicated about it?
Looks like it accepts the username and password.
Then it emails the username, password, and ip info to the h4(k3r.


I don't know, I barely took a look at it to be honest. Either way, more code for people to look at and learn from.
Posted 12 years ago
*sigh* to bad their will never be a real one in order to do that you would have to h4c|< into the imvu system and fake out the order of credits nothing this easy could do anything like that
Posted 12 years ago
ok Don Von Free Credits thinks its easy he reads it like he is reading 2+2 but for me i read it like :
这是我发现你管的假信用发电机。我 的学习目的。这似乎是更多先进比大多数人我见过的假发电机。 :? :P
Posted 12 years ago
XunknownX wrote:
ok Don Von Free Credits thinks its easy he reads it like he is reading 2+2 but for me i read it like :
这是我发现你管的假信用发电机。我 的学习目的。这似乎是更多先进比大多数人我见过的假发电机。 :? :P


You translated DM's words in the opening post from English to Chinese?
Posted 12 years ago · Author
Don Von Free Credits wrote:
XunknownX wrote:
ok Don Von Free Credits thinks its easy he reads it like he is reading 2+2 but for me i read it like :
这是我发现你管的假信用发电机。我 的学习目的。这似乎是更多先进比大多数人我见过的假发电机。 :? :P


You translated DM's words in the opening post from English to Chinese?


I think what he's saying is the code looks really confusing to him yet you think it's easy to understand.
Posted 12 years ago
Ð▪ℳ wrote:
Don Von Free Credits wrote:
XunknownX wrote:
ok Don Von Free Credits thinks its easy he reads it like he is reading 2+2 but for me i read it like :
这是我发现你管的假信用发电机。我 的学习目的。这似乎是更多先进比大多数人我见过的假发电机。 :? :P


You translated DM's words in the opening post from English to Chinese?


I think what he's saying is the code looks really confusing to him yet you think it's easy to understand.


Yeah, I got that. I was just wondering if he did the translation himself or if he used google translate.
Posted 12 years ago · Author
Don Von Free Credits wrote:
Ð▪ℳ wrote:
Don Von Free Credits wrote:

You translated DM's words in the opening post from English to Chinese?


I think what he's saying is the code looks really confusing to him yet you think it's easy to understand.


Yeah, I got that. I was just wondering if he did the translation himself or if he used google translate.


Ah, ok
Posted 12 years ago
Don Von Free Credits wrote:
Ð▪ℳ wrote:
Don Von Free Credits wrote:

You translated DM's words in the opening post from English to Chinese?


I think what he's saying is the code looks really confusing to him yet you think it's easy to understand.


Yeah, I got that. I was just wondering if he did the translation himself or if he used google translate.


lol yea i used google translate i only know two languages English+Arabic

Create an account or sign in to comment

You need to be a member in order to leave a comment

Sign in

Already have an account? Sign in here

SIGN IN NOW

Create an account

Sign up for a new account in our community. It's easy!

REGISTER A NEW ACCOUNT