Hi,
I found this post via Slashdot and I'm glad my PSP-3000 is finally hackable. My only concern is that the EXE files in the zip are showing to be infested with trojans.
From VirusTotal for psp-cfw.exe
Code:
Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.08 Backdoor.Win32.Nepoe!IK
AhnLab-V3 5.0.0.2 2009.06.08 -
AntiVir 7.9.0.180 2009.06.08 TR/Dropper.Gen
Antiy-AVL 2.0.3.1 2009.06.08 -
Authentium 5.1.2.4 2009.06.08 -
Avast 4.8.1335.0 2009.06.08 -
AVG 8.5.0.339 2009.06.08 -
BitDefender 7.2 2009.06.08 -
CAT-QuickHeal 10.00 2009.06.08 -
ClamAV 0.94.1 2009.06.08 -
Comodo 1286 2009.06.08 -
DrWeb 5.0.0.12182 2009.06.08 -
eSafe 7.0.17.0 2009.06.07 Win32.TRDropper
eTrust-Vet 31.6.6547 2009.06.08 -
F-Prot 4.4.4.56 2009.06.08 -
F-Secure 8.0.14470.0 2009.06.08 -
Fortinet 3.117.0.0 2009.06.08 PossibleThreat
GData 19 2009.06.08 -
Ikarus T3.1.1.59.0 2009.06.08 -
K7AntiVirus 7.10.757 2009.06.08 -
Kaspersky 7.0.0.125 2009.06.08 -
McAfee 5640 2009.06.08 -
McAfee+Artemis 5640 2009.06.08 Artemis!4AF049C80009
McAfee-GW-Edition 6.7.6 2009.06.08 Trojan.Dropper.Gen
Microsoft 1.4701 2009.06.08 -
NOD32 4139 2009.06.08 -
Norman 6.01.09 2009.06.08 -
nProtect 2009.1.8.0 2009.06.08 -
Panda 10.0.0.14 2009.06.08 -
PCTools 4.4.2.0 2009.06.06 -
Prevx 3.0 2009.06.08 -
Rising 21.33.03.00 2009.06.08 Trojan.DL.Win32.Mnless.due
Sophos 4.42.0 2009.06.08 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.06.08 -
Symantec 1.4.4.12 2009.06.08 -
TheHacker 6.3.4.3.342 2009.06.08 -
TrendMicro 8.950.0.1092 2009.06.08 -
VBA32 3.12.10.6 2009.06.08 -
ViRobot 2009.6.8.1773 2009.06.08 -
VirusBuster 4.6.5.0 2009.06.08 -
Additional information
File size: 170096 bytes
MD5...: 4af049c8000985cb2668ad9544469fbd
SHA1..: 204054120f4c12eb99a2f9ac78f8c53374316721
SHA256: a8366be97123cab9c922ac1859f8d84e19fe3d81508d198c9f3fa728fdbddae4
ssdeep: -
PEiD..: EXECryptor v1.4.0.1
TrID..: File type identification
Win32 EXE Yoda's Crypter (67.9%)
Win32 Executable Generic (21.8%)
Generic Win/DOS Executable (5.1%)
DOS Executable Generic (5.1%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x4a297299 (Fri Jun 05 19:31:37 2009)
machinetype.......: 0x14c (I386)
( 2 sections )
name viradd virsiz rawdsiz ntrpy md5
.nfJBg86 0x1000 0x2b000 0x200 0.84 5098f2e34093c94e448242d5d033c3ac
.nfJBg86 0x2c000 0x26a5a 0x23659 7.64 e308657a4053ce18c185fa53151aa663
( 1 imports )
> kernel32.dll: LoadLibraryA, GetProcAddress, VirtualAlloc, VirtualProtect, VirtualFree, GetModuleHandleA
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
packers (Kaspersky): PE_Patch.RLPack, RLPack
and LAUNCH-ME.exe only showed in 1 av scan
Code:
Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.08 Trojan.Msil!IK*
AhnLab-V3 5.0.0.2 2009.06.08 -
AntiVir 7.9.0.180 2009.06.08 -
Antiy-AVL 2.0.3.1 2009.06.08 -
Authentium 5.1.2.4 2009.06.08 -
Avast 4.8.1335.0 2009.06.08 -
AVG 8.5.0.339 2009.06.08 -
BitDefender 7.2 2009.06.08 -
CAT-QuickHeal 10.00 2009.06.08 -
ClamAV 0.94.1 2009.06.08 -
Comodo 1286 2009.06.08 -
DrWeb 5.0.0.12182 2009.06.08 -
eSafe 7.0.17.0 2009.06.07 -
eTrust-Vet 31.6.6547 2009.06.08 -
F-Prot 4.4.4.56 2009.06.08 -
F-Secure 8.0.14470.0 2009.06.08 -
Fortinet 3.117.0.0 2009.06.08 -
GData 19 2009.06.08 -
Ikarus T3.1.1.59.0 2009.06.08 -
K7AntiVirus 7.10.757 2009.06.08 -
Kaspersky 7.0.0.125 2009.06.08 -
McAfee 5640 2009.06.08 -
McAfee+Artemis 5640 2009.06.08 -
McAfee-GW-Edition 6.7.6 2009.06.08 -
Microsoft 1.4701 2009.06.08 -
NOD32 4139 2009.06.08 -
Norman 6.01.09 2009.06.08 -
nProtect 2009.1.8.0 2009.06.08 -
Panda 10.0.0.14 2009.06.08 -
PCTools 4.4.2.0 2009.06.06 -
Prevx 3.0 2009.06.08 -
Rising 21.33.03.00 2009.06.08 -
Sophos 4.42.0 2009.06.08 -
Sunbelt 3.2.1858.2 2009.06.08 -
Symantec 1.4.4.12 2009.06.08 -
TheHacker 6.3.4.3.342 2009.06.08 -
TrendMicro 8.950.0.1092 2009.06.08 -
VBA32 3.12.10.6 2009.06.08 -
ViRobot 2009.6.8.1773 2009.06.08 -
VirusBuster 4.6.5.0 2009.06.08 -
Additional information
File size: 53248 bytes
MD5 : 395556bdb3ff6a6532a84eb24a9f3f45
SHA1 : c8e3b3cb4d4ee623173bd98d11a2c6d76a938913
SHA256: 0e1dd2ba3a79dd576fdc9acab433596bc9d6e77b38cbf3b86c48a3b9cbfb3a46
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x636E
timedatestamp.....: 0x4A296C5C (Fri Jun 5 21:05:00 2009)
machinetype.......: 0x14C (Intel I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x2000 0x4374 0x4400 5.58 cc38e69b6eef6c60b2896acd4dcf75ae
.sdata 0x8000 0x9D 0x200 1.82 6305d7f34dfce143874da943dd60e433
.rsrc 0xA000 0x8390 0x8400 5.95 b037a529f77d9994c9be3064cfd68d7d
.reloc 0x14000 0xC 0x200 0.08 dd22e0847e06a2173d66bdb77541b4d2
( 1 imports )
> mscoree.dll: _CorExeMain
( 0 exports )
TrID : File type identification
Generic CIL Executable (.NET, Mono, etc.) (79.2%)
Windows Screen Saver (14.1%)
Win16/32 Executable Delphi generic (2.2%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
ssdeep: -
PEiD : -
RDS : NSRL Reference Data Set
I am a bit hesitant to try this due to these av results.
Bookmarks