.: BackDoor Injector 2.0 :.
Released 14 years, 5 months ago. Feb 2007By EvilCoder
- From: Russia
- Coded by: EvilCoder
- Version: BackDoor Injector 2.0
- Released date: Feb 2007, 14 years, 5 months ago.
- Family: BackDoor Injector
- Category: Remote Access
tested on Windows XP February 10, 2007
Backdoor Injector V2.0 - this is shell for introducing the "modules" into the program (EXE- file) indicated written by pol'nost'yu on the assembler. Shell inzhektit module into the address space of file on the disk (i.e. it works on the similarity of infektora). Shell provides obtaining control by module with the aid of special charger, in this case worrying about the error-free execution of the program of nositelya.Zagruzchik of module in the victim obtaining control of the first, it creates Thread (thread) with the entrance point to the code of module, warp thread it returns to the execution of the very program of carrier. In zagruzshchike is so realized shielding mechanism and mechanism of shifr/deshifr of module. The second version of shell considerably is differed from previous, first of all in the new version module takes root not into the title YEKHE of file, but as additional section. This need arose, first of all, because of an increase in the sizes of new modules. Module (file * of..m0d) - this usual BEAN file with the code written in went the code style. Contents easily is examined in any HEX - editor, the file of..m0d is not encoded. SDK for creating the modules is thus far located only in the concepts in the author. If are those desiring write new modules will be and SDK. in the archive are accessible the following modules: + bind_.shell.m0d - Bindit cmd.exe on the ukazanom in the tuning port. + reverse_.shell.m0d - Konektitsya on the ukazanomu in tuning IP address and the port. Perenapravlyaya cmd.exe. + inject_.bind_.shell.m0d (NEW) - takes root in any ukazanyy in the tuning active process, further works as bindshell. + inject_.reverse_.shell.m0d (NEW) - without komentariyev. + stealth.m0d (NEW) - makes program the carrier of invisible in the system: in the conductor; in the list; (translated by systran)
URL's and mails were automatically redacted (filtered) for reader's safety. However the filter is not perfect and can't find all harmful elements. If you find something dangerous including file link, website, mail address, profanity... contact me immediately at email@example.com, thank you in advance.