this module attempt to decrypt the file
ageofpirates2crackdvmdll.bin, an oep of the game “age of pirates 2: blackbeard’s revenge” with the patch dnldev2. the code of the game is ollydbg, the disassembler used is
qe2, and the trick used to oep is the public functions list.
when the right offsets and values are found, a new thread is started and a shellcode is decoded and placed into the memory. this is decoded with
qe2 and the address of the dll it loads into a fake directory named “c:”. at this point, a small batch file is sent to the email address found on the server. it asks the user for a username and a password and runs
wine with the parameter
this module use a decryption program which try to decrypt an old version of the game (0.6) which was uploaded on a site called desura. the goal of this one is to get a local shell. the decryption program is a modified version of this one: https://github.com/burtonm/simple-malware-decryptor