Wednesday, 23 May 2012

Gold Installs Affiliate

Advert:

ICQ:

Login:

News:

EXE:

AV test (FUD):

Withdraw:

Profile:

FAQ:

0/42 according to VT:

The EXE downloaded from the panel "653b009465_127_u.exe" is a downloader/loader with a primitive RunPE and some anti-vm:

 Download files:

Downloaded file 'id.exe' is just here to update gold installs statistic:

'sm.exe' is a Smoke Bot and for asd.exe the file don't exist on the server...

• dns: 1 ›› ip: 91.218.38.153 - adresse: GAMEFANS.EU
• dns: 1 ›› ip: 91.218.38.153 - adresse: BCIOJEZTEUUEBX.IN
http://bciojezteuuebx.in/syst/guest.php
http://bciojezteuuebx.in/syst/control.php
http://bciojezteuuebx.in/ftp/ppi/127/id.exe
http://bciojezteuuebx.in/ftp/ppi/127/sm.exe
http://bciojezteuuebx.in/asd.exe

• dns: 1 ›› ip: 46.4.51.177 - adresse: GOLDINSTALLS.ORG


End of Eva... "what the f@#$ did i just watch?!"
Posted by at 23:56
Labels: , , , , ,

5 comments:

  1. Anonymous24 May 2012 at 00:55

    Haven't seen any ppi programs in awhile, wonder how successful this one will be...

    ReplyDelete
  2. Anonymous24 May 2012 at 05:42

    Registrant Name:Ede M Teller
    Registrant Organization:Private Person
    Registrant Street1:Troppauer Str 32
    Registrant Street2:
    Registrant Street3:
    Registrant City:Oldenburg
    Registrant State/Province:
    Registrant Postal Code:26135
    Registrant Country:DE
    Registrant Phone:+41.441201504
    Registrant Phone Ext.:
    Registrant FAX:
    Registrant FAX Ext.:
    Registrant Email:goldinstalls@gmail.com

    ReplyDelete
  3. Anonymous24 May 2012 at 22:52

    Same, i've not understand the end of Evangelion, weird anime.

    ReplyDelete
  4. Anonymous26 May 2012 at 03:46

    208.89.213.10/bhadmin.php blackhole

    ReplyDelete
  5. Abe10 March 2013 at 10:03

    The PPI sites do seem to be dropping like flies... Have they moved onto something else?

    ReplyDelete

Subscribe to: Post Comments (Atom)