Author Topic: world clock  (Read 168 times)

PushPop

  • Regular Member
  • *
  • Posts: 7
world clock
« on: December 28, 2017, 06:30:31 AM »
Hello guys
Merry Christmas even if I'm late.
This is my new watch.
It is possible to set the font.and the color, also of the background.
In the tooltyp of the icon you can see which country is selected.
Perhaps the setup interface is not very elegant but does its job.
Wishing you a happy new year a.ttendo your comments.
Hello to all

I have removed the attachment as it is clearly unreliable. You are welcome to post working code complete with the running executable but as you can imagine we are very wary of anyone who posts code that,
a. Does not work
b. Has no source code

Please fix your example and repost it with workable source code.
« Last Edit: December 28, 2017, 09:04:23 PM by hutch-- »

caballero

  • Member
  • ****
  • Posts: 825
    • Abre Ojos Ensamblador
Re: world clock
« Reply #1 on: December 28, 2017, 06:57:14 AM »
I execute Clock1.exe but I cannot see anything
En un lugar de la Mancha de cuyo nombre no quiero acordarme

PushPop

  • Regular Member
  • *
  • Posts: 7
Re: world clock
« Reply #2 on: December 28, 2017, 07:25:16 AM »
Hello
We need to unzip everything to make everything work
Greetings

caballero

  • Member
  • ****
  • Posts: 825
    • Abre Ojos Ensamblador
Re: world clock
« Reply #3 on: December 28, 2017, 07:37:13 AM »
Extracted everyting, same result
En un lugar de la Mancha de cuyo nombre no quiero acordarme

PushPop

  • Regular Member
  • *
  • Posts: 7
Re: world clock
« Reply #4 on: December 28, 2017, 07:46:10 AM »
Maybe this can help you

PushPop

  • Regular Member
  • *
  • Posts: 7
Re: world clock
« Reply #5 on: December 28, 2017, 08:00:38 AM »
In my windows 7 everything works.
Let me know if you can not make it work.
Greetings

hutch--

  • Administrator
  • Member
  • ******
  • Posts: 5040
  • Mnemonic Driven API Grinder
    • The MASM32 SDK
Re: world clock
« Reply #6 on: December 28, 2017, 09:44:11 AM »
Same problem here on Win10 64 professional, double click on clock1.exe and it shows the run cursor for a moment but nothing starts. SetClock1.exe does not seem to do anything.
hutch at movsd dot com
http://www.masm32.com    :biggrin:  :biggrin:


jj2007

  • Member
  • *****
  • Posts: 7889
  • Assembler is fun ;-)
    • MasmBasic
Re: world clock
« Reply #8 on: December 28, 2017, 01:28:51 PM »
Carissimo, ci prendi per i fondelli? Why does it write to the registry? Post the source, so that we can build it ourselves.
Jotti: 15/18 scanners reported malware

sinsi

  • Member
  • *****
  • Posts: 1022
Re: world clock
« Reply #9 on: December 28, 2017, 01:29:54 PM »
Entry point
Code: [Select]
.rsrc:00407216                 add     esp, 0FFFFFFE0h
.rsrc:00407219                 call    sub_4073FF
.rsrc:0040721E                 xadd    [esp+20h+arg_0], ebp
.rsrc:00407223                 mov     ebx, [esp+20h+var_20]
In the resource section???
I can walk on water but stagger on beer.

jj2007

  • Member
  • *****
  • Posts: 7889
  • Assembler is fun ;-)
    • MasmBasic
Re: world clock
« Reply #10 on: December 28, 2017, 01:46:17 PM »
I didn't run it, but I suggest anyone who did, check with Task Manager for new processes, or run Malwarebytes etc
Before you reboot, have a look at e.g. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

caballero

  • Member
  • ****
  • Posts: 825
    • Abre Ojos Ensamblador
Re: world clock
« Reply #11 on: December 28, 2017, 08:54:07 PM »
Yesterday night I had the suspicion of having screwed up running this program.

I do not understand:
- Why the hell write in the registry
- If it is supposed to not just run a program, why not accompany with a few guideline at least?
- Is there a scanner that is not positive in all types of viruses?

It would be nice that Mr Pushpop say what it have to say
En un lugar de la Mancha de cuyo nombre no quiero acordarme

LiaoMi

  • Member
  • **
  • Posts: 194
Re: world clock
« Reply #12 on: December 28, 2017, 08:54:50 PM »
https://www.hybrid-analysis.com/sample/9dfe0723b7a2925dc3f8af3c8986a28d6aa20a8191bc214da67905154f05623b?environmentId=100

Code: [Select]
Installs hooks/patches the running process
details
"reg.exe" wrote bytes "4053597758585a77186a5a77653c5b770000000000bfb8760000000056ccb876000000007ccab87600000000376873756a2c5b77d62d5b7700000000206973750000000029a6b87600000000a48d737500000000f70eb87600000000" to virtual address "0x76911000" (part of module "NSI.DLL")
source
Hook Detection
relevance
10/10

Code: [Select]
Imports suspicious APIs
details
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegCreateKeyA
RegEnumKeyExA
GetFileAttributesA
GetModuleFileNameA
DeleteFileA
GetCommandLineA
GetModuleHandleA
WriteFile
Sleep
CreateFileA
ShellExecuteA
FindWindowA
source
Static Parser
relevance
1/10

Code: [Select]
Queries sensitive IE security settings
details
"<Input Sample>" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SECURITY"; Key: "DISABLESECURITYSETTINGSCHECK")
source
Registry Access
relevance
8/10

Code: [Select]
Modifies proxy settings
details
"<Input Sample>" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP"; Key: "PROXYBYPASS")
"<Input Sample>" (Access type: "DELETEVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP"; Key: "PROXYBYPASS")
source
Registry Access
relevance
10/10

Code: [Select]
Marks file for deletion
details
"C:\9dfe0723b7a2925dc3f8af3c8986a28d6aa20a8191bc214da67905154f05623b.exe" marked "C:\Reg.tmp" for deletion
source
API Call
relevance
10/10

Code: [Select]
Reads terminal service related keys (often RDP related)
details
"<Input Sample>" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER"; Key: "TSUSERENABLED")
source
Registry Access
relevance
10/10