.: SkD RAT 2.0 Beta :.
Released 15 years, 10 months ago. Dec 2005By SkD
- Coded by: SkD
- Version: SkD RAT 2.0 Beta
- Released date: Dec 2005, 15 years, 10 months ago.
- Coded in: Visual Basic
- Family: SkD RAT
- Category: Remote Access
Server: dropped files: c:\WINDOWS\windos32.dll Size: 50,176 bytes c:\WINDOWS\winsys32.exe Size: 34,304 bytes c:\WINDOWS\system32\win32system.dat Size: 135 bytes port: 1234 TCP startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows32Bit Service" data: C:\WINDOWS\winsys32.exe tested on Windows XP June 06, 2005
Well, this is my new version of my RAT. I think there are lots of changes since the last version (1.5)! The server is rewritten completely in a different language (Delphi), meaning that you dont need the Visual Basic runtimes anymore, and no more WinSock OCX is needed as Im using the WinSock API. This version is completely based on reverse-connection which makes the server connect to your computer instead of you connecting to a remote computer (direct connect). Here is a list of what my RAT currently features: -FireWall ByPass (Tested on ZoneLabs ZoneAlarm 6.0) -SDTRestore (Unhook Kernel+User Mode APIs) -In-Built RootKit (Hide Files,etc) -Server Multi-Threaded (While Downloading, you can do other functions!) -Registry Manager (More like a Registry Viewer as there is no delete,create,edit keys..) -Services Manager -MessageBox -URL Download -Mouse Control -Control Panel -Crazy Mouse -Send Keys -Power Options (Log Off,ShutDown,Reboot..) -MsN Passwords (Grab passwords for MSN messenger,Yahoo! messenger,ICQ,etc) -Offline/Online Keylogger -Window Manager -Task (Process) Manager -Hide StartButton/Show StartButton -Scripting -FileManager -ClipBoard Manager -PC Information -Mass Download (Send a command to all servers on your reverse-connected list to download a file + execute from any URL) SkD
URL's and mails were automatically redacted (filtered) for reader's safety. However the filter is not perfect and can't find all harmful elements. If you find something dangerous including file link, website, mail address, profanity... contact me immediately at firstname.lastname@example.org, thank you in advance.