API tools faq
paste
Guest User

Untitled

a guest
Aug 22nd, 2010
308
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.76 KB | None | 0 0
raw download clone embed print report
  1. [b][size=18]Unikorn Flexible Loader 1.2.1[/size][/b]
  2.  
  3. Hello there,
  4.  
  5. I'm glad to introduce one of my products to darkode members. Here's the Unikorn FlexLdr 1.2.1.
  6. As in its name, it's basically a loader bot which stays in background, downloads then execute files
  7. under master's commands.
  8.  
  9. Moreover, FlexLdr is not only a loader, but also a platform, designed with modular in mind,
  10. so that, it's possible to intergrate other plugins with rich features into FlexLdr on-the-fly.
  11. For example, they are SOCKS5, Advanced DDoS (HTTP/TCP/UDP). Plugins currently in development is:
  12.  
  13. + Hotmail spam sender (login hotmail over http and support registering hotmail accounts)
  14. + Emails crawler.
  15.  
  16. More plugins can be intergrated in the future such as: formgrabber, screenshot, webinjects,
  17. VNC and many others, only limited by imagination.
  18.  
  19. [b][size=18]STANDARD EDITION[/size][/b]
  20. -----------------
  21.  
  22. [b][u]Key features[/u]: [/b]
  23.  
  24. + Tested and working stable on following 32bit systems:
  25.  
  26. • Windows XP SP2, SP3
  27. • Windows 2003 Server
  28. • Windows Vista
  29. • Windows Vista SP1
  30. • Windows 7 x86 SP0
  31. • Vista SP2
  32.  
  33. + Work with both Admin & Guest privilege
  34. + Supports multiple controler servers.
  35. + Supports downloading with HTTP/HTTPS
  36. + Supports encrypted file downloading and executing.
  37. + Supports task-based loading. User scan start/stop/delete tasks at ease.
  38. + Supports loading unlimited or limited files specified in Admin CP.
  39. + Supports reporting failure at downloading or executing remote file.
  40. + Supports loading files per group of countries.
  41. + Supports two downloading type: URLDownloadToFile and WININET.
  42. + Downloading files will be executed with highest privlege possible (most of time it's SYSTEM).
  43. + Downloaded files can be specified deleted after execution or not.
  44. + Bots are identified uniquely, files are executed only one per bot.
  45.  
  46. [b][u]Unikorn FlexLdr Special features[/u]:[/b]
  47.  
  48. [b][color=red]- Bypassing Windows 7 UAC.
  49. - Maximize the successful installation rates by unique infection vectors.
  50. - Bot can be installed mutilple approaches: installed as service with DLL or single exe.
  51. - Unique installation injection scheme (no QueueUserAPC(), OpenProcess(), WriteProcessMemory() and CreateRemoteThread())[/color] [/b]
  52. - Evading HIPS/personal firewall by anti-usermodehooks (restoring abitrary instructions, not only 5 bytes) on several system DLLs such as ntdll.dll, kernel32.dll, advapi32.dll etc,.
  53. - Anti-memory forensic and scanners.
  54. - Hybrid techniques which make antirootkits fail (tested RkU3.8.384.586, GMER 1.0.15.15281, RootRepeal 1.3.5)
  55. - Evade NIDS by encrypted communication with controler server, support both HTTP/HTTPS.
  56. - Each bots build has unique communication builds.
  57. - If installed with Admin privilege, bots will be executed with SYSTEM privilege.
  58. - Designed with modular in mind, supports PLUGINS and SDK.
  59. - Asynchronous API usage instead of synchronous APIs, makes bots more stable and reliable.
  60. - Multi-threading based helps increasing stability and robustness.
  61. - Bots can disable kernel mode HIPS's hooks (both SDTs, harddisk filter drivers). Tested with following personal firewall and HIPS on Windows SP2/3 without patches:
  62.  
  63. • Kaspersky Internet Security 2009
  64. • Outpost Firewall Pro 2009
  65. • Online Armor Personal/Premium/++ v4.0.0.15 (even with enable Run Safer, which reduce privileges of the loader)
  66. • Zone Alarm Pro 9.0.112
  67. • Comodo Internet Security 3.13.121240.574
  68. • F-Secure Internet Security 2010 v10.00.246
  69. • Kerio WinRoute Firewall v6.7.1.6399
  70. • BitDefender Internet Security 2010
  71. • Jetico Personal Firewall v.2.1.0.7 (* Firewall still show outbound connection)
  72. • DefenseWall 2.56
  73. • Malware Defender 2.5.0
  74. • PC Tools Firewall Plus 6.0.0.86
  75.  
  76. + Bot's size is 40 ~ 70KB and can be packed with cryptors/protectors.
  77. + All written in C and ASM
  78.  
  79.  
  80. [b][size=18]ADVANCED EDITION (or so-called version 2.0):[/size][/b]
  81. -----------------
  82.  
  83. - [b][color=red]Kernel mode driversupports advanced rootkit hidding files techniqes. 100% bypassed ALL avaiable antirootkit
  84. you can use :’) Tested with lastest RkU, GMER, RootRepeal, DrWeb CureIt. It's actually advanced, which you can maybe never see it on sale, I guarantee this.[/color][/b]
  85.  
  86. The rootkit protects file at sector-level of harddisk, i.e it fakes the real content of the file from AV scanner with content of random
  87. clean PE file. Therefore, AV regconize the file as innocent. Moreover, it also protects threads, processes and virtual memory
  88. of the injected process, which make memory scanner and process/thread terminator useless.
  89.  
  90. - [b][color=red]Support fallback domains which bots generated based on current date. [/color][/b]
  91. If you domains/control server is cut-off, you still can calculate the new domain name bots communicate to
  92. in the abitrary specified date. Bot will download your updated EXE from here, verified if it's actually from you.
  93. If it is, execute it. If not, bot will try another domain. Bots will connect ~7000 domain in a day.
  94.  
  95. - Bot DLL is like standard version, contains all features of standard edition.
  96. - Bot DLL is injected from kernel mode and store encrypted raw on disk sectors, not by traditional filesystem.
  97. Explorers and other file system browsers cannot see this DLL.
  98. - Currently in beta testing phase.
  99.  
  100. [b][size=18]ADMIN CONTROL PANEL:[/size][/b]
  101.  
  102. + Easy to install
  103. + Admin can easily administrate on detailed graphs and statistic.
  104.  
  105. [b][size=18]PLUGIN features:[/size][/b]
  106.  
  107. + All plugins are encrypted and loading on-the-fly without writting to disk.
  108. + If you can code, SDK can also be provided with reasonable price.
  109.  
  110. Two available plugins:
  111.  
  112. [b]+ SOCKS5 plugin:[/b]
  113. • Asynchronous socket usage, which makes the SOCKS very stable and reliable
  114. • Support authorization
  115. • Periodically change port / username / password.
  116.  
  117. [b]+ Advanced DDOS plugin supports:[/b]
  118.  
  119. • [b][color=red]Driver-based networking [/color][/b]
  120. • HTTP/HTTPS ddos
  121. • TCP ddos supports SYN/ACK/random DATA ddos
  122. • UDP ddos supports random DATA ddos
  123. • [b][color=red]With HTTP DDoS, all fields of HTTP headers can be configured and choosing randomly (see screenshot) to combine
  124. which makes it be the most powerful DDoS tool ever on the market. [/color][/b]
  125. • [b][color=red]HTTP/HTTPS ddos bypass anti-ddos solutions by authorization and cookies dynamically.[/color][/b]
  126.  
  127.  
  128. [b][size=18]Screenshots:[/size][/b]
  129.  
  130. [b]Real life STAT Board:[/b]
  131.  
  132. [img]http://img688.imageshack.us/img688/6244/stat2l.jpg[/img]
  133.  
  134. [b]Real life LOAD Board:[/b]
  135.  
  136. [img]http://img192.imageshack.us/img192/9085/load2u.jpg[/img]
  137.  
  138. [b]Real life CHART Board:[/b]
  139.  
  140. [img]http://img684.imageshack.us/img684/9461/chartj.jpg[/img]
  141.  
  142. [b]Graphic Statistic about bots activities[/b]
  143.  
  144. [img]http://img695.imageshack.us/img695/3685/graph2.jpg[/img]
  145.  
  146. [b]Advanced DDoS options[/b]
  147.  
  148. [img]http://img101.imageshack.us/img101/3876/99020110.jpg[/img]
  149. [img]http://img683.imageshack.us/img683/477/ddos1h.jpg[/img]
  150. [img]http://img6.imageshack.us/img6/4696/16817376.jpg[/img]
  151. [img]http://img177.imageshack.us/img177/2696/ddos2.jpg[/img]
  152.  
  153.  
  154. [b]Other Boards:[/b]
  155.  
  156. http://img63.imageshack.us/img63/9547/loginf.jpg
  157. http://img682.imageshack.us/img682/1354/optionscu.jpg
  158. http://img96.imageshack.us/img96/8708/builds2.jpg
  159.  
  160.  
  161.  
  162. [b][size=18]PRICES:[/size][/b]
  163. - Support free 15 bot builds exe for each customer.
  164.  
  165. + Standard edition:
  166. - First domain: [color=green]550 WMZ [/color]
  167. - 5 next addon domains: [color=green]110 WMZ/domain[/color]
  168. - 5 Next domains: [color=green]50 WMZ/domain [/color]
  169. - 5 Next domains: FREE
  170. - Free support
  171.  
  172. + Advanced edition:
  173. - First domain: [color=green]1600 WMZ [/color]
  174. - 12 months support
  175.  
  176. + SOCKS5 plugin: [color=green]150 WMZ[/color]
  177. + Advanced DDOS plugin: [color=green]800 WMZ[/color]
  178.  
  179. + SDK: PM/email for price.
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!