some trojan, does not run in my vm so can not test.
http://www.virustotal.com/file-scan/rep ... 1291831159
http://www.virustotal.com/file-scan/rep ... 1291831159
Attachments
(391.77 KiB) Downloaded 148 times
A forum for reverse engineering, OS internals and malware analysis
Blackshades NET is a very advanced Remote Administration tool coded in Visual Basic 6. Unlike many of you think, VB6 is not as limited and useless as you think. This RAT, unlike many other that are for sale on the marketplace, has no dependencies (.NET Framework, java, etc) and works extremely well. The current version is 3.3
Price: $50
Commands:
- Ping
- Filter Connections (By ID, WAN, LAN, DDOS, IM, USB, Username, Comp. Name, Privileges, OS, Uptime, Idle, Ping, Socks4, Country, Version)
- Install Date
- Change Host (New DNS to connect to)
- Select All/Range
- Resolve Hostname
- Copy (WAN, LAN, Socks, Full Info, Entire List, Socks Checker List)
- Audio Capture
- Full MSN Controller (Block, Add, Unblock, Mass message!)
- Screen Capture and Control (Mouse/Keyboard supported, choose bitsize for quicker transfer)
- Keylog Manager (All/Selected/Single, Filtered/Scan/Complete)
- Webcam Capture
- DDoS (UDP/TCP, select packet/sockets/packet size/port/ip, ability to ddos on join, by country, by ping, by IP range, or random)
- View Network Statistics
- Create Socks4 Proxy (Will not work behind NAT)
- Pharming/Redirect
- Sniffer
- Website Visit (Visible/Multiple Times Hidden)
- File Manager (Search, Execute, Upload, Delete, Download, Multi File Download, Folder Download, Advanced Image Gallery/Previewer)
- Process Manager (Resume, Suspend, Kill)
- Registry Manager (New Key, New Value, Delete Key, Delete Value)
- Service Manager (Start, Stop)
- Shell (cmd prompt)
- Download/Execute
- Update Idle Time
- Seed Torrent
- File Infector
- Update Uptime
- Fun Manager (Reverse/Normal Mouse, Open/Close CD Tray, Hide/Show Mouse, Hide/Show Desktop Icons, Start/Stop Crazy Mouse, Send Message Box, Change Wallpaper (by URL), Speak Text (Type it, then send it. Choose Slow-Mo, Speedy, or Regular Speed), Set Volume 100%, Mute Volume, Unmute Volume, Start Screensaver, Restart Computer, Logoff Computer, Shutdown Computer, Turn off Monitor, Turn on Monitor) - Passwords:
Internet Explorer 7/8
Firefox 3.x
CD Keys
Windows Product Keys
MSN Messenger
Windows Messenger
Windows Live Messenger (WinXP/Vista/7)
Yahoo Messenger (5.x/6.x)
Google Talk
ICQ Lite (4.x/5.x/2003)
AOL Instant Messenger (v4.6 or below/AIM 6.x/AIM Pro)
Trillian
Trillian Astra
Miranda
GAIM/Pidgin
MySpace IM
PaltalkScene
Digsby
Outlook Express
Microsoft Outlook 2000/2002/2003/2007/2010 (POP3, IMAP, HTTP and SMTP Accounts)
Windows Mail
Windows Live Mail
IncrediMail
Eudora
Netscape (6.x/7.x)
Mozilla Thunderbird
Group Mail Free
Yahoo! Mail
Hotmail/MSN mail
Gmail
Google Desktop
Google Talk
- Spread (USB, MSN, AIM/ICQ)
- Edit ID
- Update Server
- Remove Server
Features:
Web Server - Control your bot through the web server, and also set up admin/guest accounts with editable privileges for guests!
- Station - Host through your botnet through your bot to prevent tracebacks 100%
- IP to Country Flags
- New Bots show as Red
- Icon Changer - Change to any .ico File
- File Info Cloner - Clone file details of any exe file
- Server Builder (Uses string replacement - no EOF needed!)
- All settings are stored and remembered
- After a sucessful login, you will not need to input your username and click login - it will automatically log you in.
- Statistics (Disconnected, Attempt, Established Connection, etc)
- View Chart of Bots by Country
- Skin Chooser - choose between 4 lovely skins Wink
- Database Logging (Log Passwords, Connections, Keylogs to SQL)
- Tasks (Keylog, Passwords, DDoS Start/Stop, DL/Execute, Update without being @ PC)
- Multi Transfers (Download multiple files at once, view multiple screens at once, or view multiple webcams at once!)
- Process Protection (Optional) (Cannot be killed by task manager on Vista/7. On XP, you will get BSOD and restart - if protection fails on Vista/7, it will get BSOD and restart)
- Network Sharing (Input the IP and Port of a friend and he can share your bots - update and remove are not allowed)
- No dependencies required.
markusg wrote:http://www.virustotal.com/file-scan/rep ... 1294245382This is another Blackshades backdoor.
markusg wrote:93D8F1~1.EXE
http://www.virustotal.com/file-scan/rep ... 1294576113
C:\Users\Admin\Desktop\Blackshades project\Blackshades NET\server\server.vbp