43 replies to this topic

[mystario]

IS THIS WORKING WITH WIN7

[Neelix]

no, it only work with win 3.11 and win 95 ... 

[Trojan]

This looks like an awesome project, best of luck to everyone involved!

-Trojan

[noh4t]

Nice project im working with it currently i was just wondering is there a way too get this working on 64bit without changing the runpe?

[SuckerZ]

Neelix, on 11 Mar 2013 - 4:24 PM, said:

no, it only work with win 3.11 and win 95 ... 

 yeah u made my day nice project

[noh4t]

Dam.. worked on this all day and it does not work with any of my programs such a shame.. easy fix or should i give up?

Not working with Spynet/Cybergate/DNARat .... such a shame such a nice crypter too..

[poison2012]

Something is going on here

Good work & luck!

[noh4t]

Replaced GetfilePath with another method and also tryed too change the runpe too a simular shell code one..

Still fails with spynet and dnarat once the rat has droped i can see it in task manager it does successfully drop into its install directory then it goes too inject into default browser and comes up with a erorr about firefox run times..

[DualCoder]

noh4t, on 08 Sept 2013 - 12:25 AM, said:

Dam.. worked on this all day and it does not work with any of my programs such a shame.. easy fix or should i give up?

Not working with Spynet/Cybergate/DNARat .... such a shame such a nice crypter too..

 

Which stub are you using? If it's the one I wrote (C++) maybe I can help...

 

//DualCoder

[noh4t]

DualCoder, on 08 Sept 2013 - 4:38 PM, said:

Which stub are you using? If it's the one I wrote (C++) maybe I can help...
 
//DualCoder

I Wish i knew c++ but i am using the VB Version posted. thanks though dual.

[Neelix]

you might add eof support in builder to make it work.

[noh4t]

Neelix, on 08 Sept 2013 - 7:13 PM, said:

you might add eof support in builder to make it work.

It Already has EOF Support i just checked.


Public Sub WriteEOFData(sFilePath As String, sEOFData As String)
On Error Resume Next
Dim sFile As String
Dim lFF As Long

lFF = FreeFile

Open sFilePath For Binary As #lFF
sFile = Space(LOF(lFF))
Get #lFF, , sFile
Close #lFF

Kill sFilePath
lFF = FreeFile

Open sFilePath For Binary As #lFF
Put #lFF, , sFile & sEOFData
Close #lFF
End Sub


Also i fuded the stub but avast picks it up at runtime not scantime

Attached Files

•  fuckavast.jpg   52.75KB   1 downloads

[Neelix]

i meant check it not add, sry. if it dont work try to inject in its own process (app.path)

or try to use it without callapi i couldnt take a look at that scrs atm but it was working on win7 64 bit. try bozok rat, if it fails to connect, there is something wrong with your os or modifications on stub.

[noh4t]

Neelix, on 08 Sept 2013 - 8:05 PM, said:

i meant check it not add, sry. if it dont work try to inject in its own process (app.path)
or try to use it without callapi i couldnt take a look at that scrs atm but it was working on win7 64 bit. try bozok rat, if it fails to connect, there is something wrong with your os or modifications on stub.

Okay i will try neelix also bozok will work fine becuase normal version has no injection seems its only programs that inject that have issues.

Will keep you updated if anybody els wants too help would be apresheated

[noh4t]

'app.path

If Mid$(RootOptions, 3, 1) = 1 Then Call RootPE(Environ("windir") & "\App.Path & " \ " & App.EXEName & .exe", RootByte)

---------------------------
Projekt1
---------------------------
Run-time error '13':

Type mismatch
---------------------------
OK
---------------------------

what is wrong with my command~?

[SuckerZ]

try this: If Mid$(RootOptions, 3, 1) = 1 Then Call RootPE(Environ("windir") & "\" & App.Path & " \ " & App.EXEName & .exe", RootByte())

[SuckerZ]

this is better:

 

If (Mid$(RootOptions, 3, 1) = 1) Then Call RootPE(App.Path & " \ " & App.EXEName & " .exe", RootByte())

 

should be working

[Neelix]

noh4t, on 10 Sept 2013 - 7:10 PM, said:

'app.path

If Mid$(RootOptions, 3, 1) = 1 Then Call RootPE(Environ("windir") & "\App.Path & " \ " & App.EXEName & .exe", RootByte)

---------------------------
Projekt1
---------------------------
Run-time error '13':

Type mismatch
---------------------------
OK
---------------------------

what is wrong with my command~?

 

Might first understand the basics of vb before messing around with crypters.

 

 

SuckerZ, on 11 Sept 2013 - 12:42 AM, said:

this is better:

 

If (Mid$(RootOptions, 3, 1) = 1) Then Call RootPE(App.Path & " \ " & App.EXEName & " .exe", RootByte())

 

should be working

[noh4t]

I Made it into a function it's less detected working this way.

Thanks

[dafuq]

Neelix, on 25 Dec 2012 - 02:22 AM, said:

 

 

Good idea/project.

Might wanna let the disable firewall out, This could lead to higher detection rate.

Since most of the bots/malware are connecting to a server and already have a firewall bypass in them you could leave that option.

Also an idea is inject into a specific custom process.

 

I will take a look at the c++ part.