Sports betting fraud

The social network "VKontakte" has become a real marketplace, of course, fraudsters do not miss the opportunity to make money and come up with new ways to deceive gullible users. I will consider the method that has been used for more than six months and will tell you how fraudsters manage to convince an ordinary user to buy a password from an archive with a knowingly unknown result of the match.

In order to gain the user's trust, the fraudster publishes something like the following:



By reference - a program with a winrar-style interface. I came across 2 such "archives", with the only difference being that one is written in Delphi and the other in C #

---

The first:

MD5: 4268f3ee48ffdb8e2f15a425db1698f1 | VirusTotal

')


I have no idea how it was possible to do this for mass distribution, and I am even more surprised at how people are being led to it! Well, okay, open the program in IDR and we can observe the following:



Here a list of passwords is created for subsequent verification, as a result, the result of the match is saved to a text file depending on the password:

---

The second sample is much more interesting:

MD5: df307eadcf17025abfdd0a1780f4b1e0 | VirusTotal

Here the design is much better and is not inferior in functionality, there is even a password conversion:



Everything is simple, take for example the password from the source: rtfgyudf , do the inverse transformation and get: rtyufgdf

As you can see, scammers are inventing new and new ways of cheating, be careful and do not see anything like that!