Jump to content
Nytro

Dem0nyc Trojan v1.0

By Nytro, in Programe hacking

Recommended Posts

Guest BanKai

Guest BanKai

Posted
Posted

poate trebuia sa le aratzi programul the hard way daca tot era indetectabil trebuia sa ii infectezi pe acesti trojan happy boys si apoi sa aratzi nishte screenuri aici . evident trebuia sa ceri permisiunea unui admin sa faci asta ;)

wrm Newbie

wrm

Posted
Posted
poate trebuia sa le aratzi programul the hard way daca tot era indetectabil trebuia sa ii infectezi pe acesti trojan happy boys si apoi sa aratzi nishte screenuri aici . evident trebuia sa ceri permisiunea unui admin sa faci asta ;)

Tie ti-ar fi convenit sa ti se intample asta ? Sau voi vorbiti fara sa stiti ce vorbiti ? De ce sa ne fi infectat ? Ca sa ia un VIP ? Sau aici asa se ia VIP ? Am sa o hacksoresc si eu pe bunica, pun screen, si vip =))

hackedss Newbie

hackedss

Posted
Posted

Da frate de ala vorbeam si eu doar nu postam de geaba dar uite fratelo ....

4ecf4382ee7317b6b50d152f86fae9e3.JPG

aici in progam scrie 1.0v si am dat de inteles ca e greseala e apoi ai zis u ca e nedetectabil e uite dovada ca e ... 


Antivirus	Version	Last Update	Result

AVG	7.5.0.488	2007.10.16	BackDoor.Generic8.PII
Fortinet	3.11.0.0	2007.10.16	W32/Agent.BTX!tr
F-Secure	6.70.13030.0	2007.10.16	Trojan.Win32.Agent.btx
Ikarus	T3.1.1.12	2007.10.16	Trojan-Dropper.Win32.Agent.AIY
Kaspersky	7.0.0.125	2007.10.16	Trojan.Win32.Agent.btx
Norman	5.80.02	2007.10.16	W32/Malware
VBA32	3.12.2.4	2007.10.16	Trojan.Win32.Agent.btx

apropo cu cate ai incercat sa il packuesti dar tot degeaba 


MD5: 8a6ddba28d36ac5727459f0962131f74
SHA1: d069a0f9fc4e2256355cad20f8b7299d327aed90
packers: RAR
norman sandbox: [ General information ]
 * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email]ANALYSIS@NORMAN.NO[/email] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
 * Applications uses MSVBVM60.DLL (Visual Basic 6).
 * Form uses id Form.
 * Creating several executable files on hard-drive.
 * File length: 191828 bytes.

 [ Changes to filesystem ]
 * Creates directory C:.
 * Creates directory C:\WINDOWS.
 * Creates directory C:\WINDOWS\TEMP.
 * Creates directory C:\WINDOWS\TEMP\RarSFX0.
 * Creates file C:\WINDOWS\TEMP\RarSFX0\need.exe.
 * Creates file C:\WINDOWS\TEMP\RarSFX0\MSWINSCK.OCX.
 * Creates file C:\WINDOWS\TEMP\RarSFX0\smss.exe.

 [ Changes to registry ]
 * Creates key \"HKCU\Software\WinRAR SFX\".
 * Sets value \"C%%WINDOWS\"=\"C:\WINDOWS\TEMP\RarSFX0\" in key \"HKCU\Software\WinRAR SFX\".

 [ Process/window information ]
 * Attemps to NULL C:\WINDOWS\need.exe NULL.
 * Creates a COM object with CLSID {FCFB3D23-A0FA-1068-A738-08002B3371B5} : VBRuntime.
 * Creates a COM object with CLSID {E93AD7C1-C347-11D1-A3E2-00A0C90AEA82} : VBRuntime6.
 * Modifies other process memory.
 * Modifies execution flow of a remote process.

oricum marfa progam si la mai multe apropo vezi prv...

Nytro Mentor

Nytro

Posted
  • Author
Posted

pai lam packuit cu un crypter privat ... si serverul e o arhiva SFX ... ce dracu am scanat ieri ? ...

Pai v1.1 e v1.0 cryptata ... un timp a fost 100% UD ...

File Dem0nyc_Trojan_Server_v1.1.exe received on 10.17.2007 08:06:53 (CET)

Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 7/32 (21.88%)

Loading server information...

Your file is queued in position: 1.

Estimated start time is between 39 and 56 seconds.

Do not close the window until scan is complete.

The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.

If you are waiting for more than five minutes you have to resend your file.

Your file is being scanned by VirusTotal in this moment,

results will be shown as they're generated.

Compact Print results

Your file has expired or does not exists.

Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.

Email:

Antivirus Version Last Update Result

AhnLab-V3 2007.10.17.0 2007.10.16 -

AntiVir 7.6.0.23 2007.10.17 -

Authentium 4.93.8 2007.10.17 -

Avast 4.7.1051.0 2007.10.17 -

AVG 7.5.0.488 2007.10.16 BackDoor.Generic8.PII

BitDefender 7.2 2007.10.17 -

CAT-QuickHeal 9.00 2007.10.16 -

ClamAV 0.91.2 2007.10.16 -

DrWeb 4.44.0.09170 2007.10.17 -

eSafe 7.0.15.0 2007.10.15 -

eTrust-Vet 31.2.5216 2007.10.17 -

Ewido 4.0 2007.10.16 -

FileAdvisor 1 2007.10.17 -

Fortinet 3.11.0.0 2007.10.17 W32/Agent.BTX!tr

F-Prot 4.3.2.48 2007.10.17 -

F-Secure 6.70.13030.0 2007.10.17 Trojan.Win32.Agent.btx

Ikarus T3.1.1.12 2007.10.17 Trojan-Dropper.Win32.Agent.AIY

Kaspersky 7.0.0.125 2007.10.17 Trojan.Win32.Agent.btx

McAfee 5142 2007.10.16 -

Microsoft 1.2908 2007.10.16 -

NOD32v2 2596 2007.10.17 -

Norman 5.80.02 2007.10.16 W32/Malware

Panda 9.0.0.4 2007.10.16 -

Prevx1 V2 2007.10.17 -

Rising 19.45.21.00 2007.10.17 -

Sophos 4.22.0 2007.10.17 -

Sunbelt 2.2.907.0 2007.10.16 -

Symantec 10 2007.10.17 -

TheHacker 6.2.8.093 2007.10.16 -

VBA32 3.12.2.4 2007.10.16 Trojan.Win32.Agent.btx

VirusBuster 4.3.26:9 2007.10.16 -

Webwasher-Gateway 6.6.1 2007.10.17 -

Additional information

File size: 191828 bytes

MD5: 8a6ddba28d36ac5727459f0962131f74

SHA1: d069a0f9fc4e2256355cad20f8b7299d327aed90

packers: RAR

norman sandbox: [ General information ]

* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.

* Applications uses MSVBVM60.DLL (Visual Basic 6).

* Form uses id Form.

* Creating several executable files on hard-drive.

* File length: 191828 bytes.

[ Changes to filesystem ]

* Creates directory C:.

* Creates directory C:\WINDOWS.

* Creates directory C:\WINDOWS\TEMP.

* Creates directory C:\WINDOWS\TEMP\RarSFX0.

* Creates file C:\WINDOWS\TEMP\RarSFX0\need.exe.

* Creates file C:\WINDOWS\TEMP\RarSFX0\MSWINSCK.OCX.

* Creates file C:\WINDOWS\TEMP\RarSFX0\smss.exe.

[ Changes to registry ]

* Creates key \"HKCU\Software\WinRAR SFX\".

* Sets value \"C%%WINDOWS\"=\"C:\WINDOWS\TEMP\RarSFX0\" in key \"HKCU\Software\WinRAR SFX\".

[ Process/window information ]

* Attemps to NULL C:\WINDOWS\need.exe NULL.

* Creates a COM object with CLSID {FCFB3D23-A0FA-1068-A738-08002B3371B5} : VBRuntime.

* Creates a COM object with CLSID {E93AD7C1-C347-11D1-A3E2-00A0C90AEA82} : VBRuntime6.

* Modifies other process memory.

* Modifies execution flow of a remote process.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...