Tools To Help Catch Trojans Etc Etc

~~ViT~~ · 10-05-2008, 11:23 PM

iam a lite tired of so many virustotal masters experts so iam goo give a lite help to all so u guys will real learn something for real and stop make the dumb with virustotal results and garbage prog

i will not make tuto for the tools

that u guys will dedicate the time like i have do and many others and will learn like all that have start like me from 000

lets start with a simple tool

PS_Detector_2.2

this is a simple tool that can give u a simple information

if is packed with upx

if mess with or user id

if have strings of passwords stealer

etc etc

pic of the prog

link

[Only registered users can see links. ]

pass:viprasys.com

next is also a easy tool that all must have and learn to use

Winhex

WinHex is in its core a universal hexadecimal editor, particularly helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security. An advanced tool for everyday and emergency use: inspect and edit all kinds of files, recover deleted files or lost data from hard drives with corrupt file systems or from digital camera cards. Features include (depending on the license type):

now lets make this easy and this is my favorite tool to hex all files post in this forum

there is others like this one but i prefere this one for me

this is very helpfull to read the strings etc etc also can help see if any prog is packed but will not help to much if the porg is packed

so is nice tool to see any file no packed

pic of the prog

link

[Only registered users can see links. ]

pass:viprasys.com

now we have one maybe a lite more complicate but with the time will be easy use

PE Explorer

PE Header and Section Viewer/Editor
Resource Viewer and Editor
Exported/Imported API Function List Viewer
Disassembler
Dependency Scanner
Digital Signature Viewer
UPX, Upack and NsPack Static Unpackers

What You Can Do with PE Explorer

See what's inside an executable
Customize GUI elements of your favorite Windows programs
Track down what a program accesses and which DLLs are called
Understand the way a program works and interacts
Validate and verify signed PE files
Special support for Delphi applications
Open UPX-, Upack- and NsPack-compressed files seamlessly in
PE Explorer, without long workarounds

this is also one of my favorite tools will let u read in the option Disassembler like if u are use a simple hex editor but this have much more things

pic

link

[Only registered users can see links. ]

pass:viprasys.com

this is also a tool that all must have

Yahoo Protocol Assistant

what to say about this tool
this is packet snifer in my case i use to snif the login or some yahoo prog

as u guys know some punks love put a password stealer in the login so when u guys login the ids the prog automatic send the id and pass to X id of the punk

this trick also can be use my send a email to X email and can be catch with any hex editor just look if u guys find the email

in this example iam snif what my gurl is send to me in pm

pic

link

[Only registered users can see links. ]

pass:viprasys.com

one more tool to add to this colection is

RDG Packer Detector v0.6.4 Beta R-1

RDG Packer Detector is a detector of packers, Cryptors, Compilers,
Packers Scrambler, Joiners, Installers.

- system of Fast detection Has.
- system of Powerful detection Has Analyzing the complete file, allowing to the muli-detection of packers an several cases.
- It allows to create signatures your own signatures of detection.
- Crypto-Grafico Analyzer Has.
- He allows to calculate the checksum and a file.
- He allows to calculate the Entropy, informing if the analyzed program this tablet, encriptado or no.
- Detector of OEP (Original Entry point) of a program.
etc...

basic i simple use this tool to see in what language the prog is made and if is packed and packed with what

pic

link

[Only registered users can see links. ]

pass:viprasys.com

other tool similar to the last one use to detect also if is packed etc etc

die 0.64

The Analyzer DiE is intended for determination of the type packer/protector/compiler beside EHE files. I.e. allows to hear, than will shake the file that required for the further unpacking.
Also program has a row useful function

- a viewing the import
- a viewing section
- a viewing hex
- disassembled file
- a viewing the main features PE
- a reception hash md5
- a reception CRC-32
- support plugins (PDK possible download with site)
- copying of contents on 2-nd call

pic

link

[Only registered users can see links. ]

pass.viprasys.com

this is now a very complicate tool

OllyDbg

OllyDbg is a 32-bit assembler level analysing debugger for Microsoft® Windows®. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable.

* Intuitive user interface, no cryptical commands
* Code analysis - traces registers, recognizes procedures, loops, API calls, switches, tables, constants and strings
* Directly loads and debugs DLLs
* Object file scanning - locates routines from object files and libraries
* Allows for user-defined labels, comments and function descriptions
* Understands debugging information in Borland® format
* Saves patches between sessions, writes them back to executable file and updates fixups
* Open architecture - many third-party plugins are available
* No installation - no trash in registry or system directories

* Debugs multithread applications
* Attaches to running programs
* Configurable disassembler, supports both MASM and IDEAL formats
* MMX, 3DNow! and SSE data types and instructions, including Athlon extensions
* Full UNICODE support
* Dynamically recognizes ASCII and UNICODE strings - also in Delphi format!
* Recognizes complex code constructs, like call to jump to procedure
* Decodes calls to more than 1900 standard API and 400 C functions
* Gives context-sensitive help on API functions from external help file
* Sets conditional, logging, memory and hardware breakpoints
* Traces program execution, logs arguments of known functions
* Shows fixups
* Dynamically traces stack frames
* Searches for imprecise commands and masked binary sequences
* Searches whole allocated memory
* Finds references to constant or address range
* Examines and modifies memory, sets breakpoints and pauses program on-the-fly
* Assembles commands into the shortest binary form
* Starts from the floppy disk

iam not even close expert in this tool
this is used by crackers to brake protections etc etc can be use to alot of things

pic

link

[Only registered users can see links. ]

pass.viprasys.com

lets jump to unpackers

AoRe UnPack Tools v2

this is a all in one tool that have alot of unpackers to unpack many of the yahoo tools that are packed

as u can see in the pic they are alot and each one is to use depende of the type of unpacked u want

pic

link

[Only registered users can see links. ]

pass:viprasys.com

to finish 2 more unpacked to armadillo

Dillodie 1.6 and Armageddon v132

this tools are just to unpacked armadillo and dont unpack all versions

Dillodie 1.6

pic

link

[Only registered users can see links. ]

pass:viprasys.com

Armageddon v132

pic

link

[Only registered users can see links. ]

pass:viprasys.com

now my last words this progs all by it self dont make u know anything u must dedicate the time learn
downlaod some clean and infect files and used to see

this topic is not to replay here ask how to use this or that

if anyone have any nice tool that want share make just like me

put some explanation and pics and link

now i hope all stop be virustotal masters and learn to be a master of this tools and show of how much u know

some of the tools post some av can say trojan so dont used

if u like my dedicate time to make this press tx apreciate

to the ones that will ripp this topic tx also

~~ViT~~ · 11-05-2008, 09:24 PM

StripperX

Name Stripper V213b9
Description ASProtect Unpacker.

tool to unpack ASProtect 2.1 and more version

link

[Only registered users can see links. ]

pass:viprasys.com

10-05-2008, 11:23 PM	#1 (permalink)
~~ViT~~ ~~Special-Ones~~ Join Date: Feb 2007 Location: In the middle of nothing... in the middle of everything ... Posts: 16,609 Thanks: 602 Thanked 37,245 Times in 7,780 Posts Reputation: 114363	Tools To Help Catch Trojans Etc Etc iam a lite tired of so many virustotal masters experts so iam goo give a lite help to all so u guys will real learn something for real and stop make the dumb with virustotal results and garbage prog i will not make tuto for the tools that u guys will dedicate the time like i have do and many others and will learn like all that have start like me from 000 lets start with a simple tool PS_Detector_2.2 this is a simple tool that can give u a simple information if is packed with upx if mess with or user id if have strings of passwords stealer etc etc pic of the prog link [Only registered users can see links. ] pass:viprasys.com next is also a easy tool that all must have and learn to use Winhex WinHex is in its core a universal hexadecimal editor, particularly helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security. An advanced tool for everyday and emergency use: inspect and edit all kinds of files, recover deleted files or lost data from hard drives with corrupt file systems or from digital camera cards. Features include (depending on the license type): now lets make this easy and this is my favorite tool to hex all files post in this forum there is others like this one but i prefere this one for me this is very helpfull to read the strings etc etc also can help see if any prog is packed but will not help to much if the porg is packed so is nice tool to see any file no packed pic of the prog link [Only registered users can see links. ] pass:viprasys.com now we have one maybe a lite more complicate but with the time will be easy use PE Explorer PE Header and Section Viewer/Editor Resource Viewer and Editor Exported/Imported API Function List Viewer Disassembler Dependency Scanner Digital Signature Viewer UPX, Upack and NsPack Static Unpackers What You Can Do with PE Explorer See what's inside an executable Customize GUI elements of your favorite Windows programs Track down what a program accesses and which DLLs are called Understand the way a program works and interacts Validate and verify signed PE files Special support for Delphi applications Open UPX-, Upack- and NsPack-compressed files seamlessly in PE Explorer, without long workarounds this is also one of my favorite tools will let u read in the option Disassembler like if u are use a simple hex editor but this have much more things pic link [Only registered users can see links. ] pass:viprasys.com this is also a tool that all must have Yahoo Protocol Assistant what to say about this tool this is packet snifer in my case i use to snif the login or some yahoo prog as u guys know some punks love put a password stealer in the login so when u guys login the ids the prog automatic send the id and pass to X id of the punk this trick also can be use my send a email to X email and can be catch with any hex editor just look if u guys find the email in this example iam snif what my gurl is send to me in pm pic link [Only registered users can see links. ] pass:viprasys.com one more tool to add to this colection is RDG Packer Detector v0.6.4 Beta R-1 RDG Packer Detector is a detector of packers, Cryptors, Compilers, Packers Scrambler, Joiners, Installers. - system of Fast detection Has. - system of Powerful detection Has Analyzing the complete file, allowing to the muli-detection of packers an several cases. - It allows to create signatures your own signatures of detection. - Crypto-Grafico Analyzer Has. - He allows to calculate the checksum and a file. - He allows to calculate the Entropy, informing if the analyzed program this tablet, encriptado or no. - Detector of OEP (Original Entry point) of a program. etc... basic i simple use this tool to see in what language the prog is made and if is packed and packed with what pic link [Only registered users can see links. ] pass:viprasys.com other tool similar to the last one use to detect also if is packed etc etc die 0.64 The Analyzer DiE is intended for determination of the type packer/protector/compiler beside EHE files. I.e. allows to hear, than will shake the file that required for the further unpacking. Also program has a row useful function - a viewing the import - a viewing section - a viewing hex - disassembled file - a viewing the main features PE - a reception hash md5 - a reception CRC-32 - support plugins (PDK possible download with site) - copying of contents on 2-nd call pic link [Only registered users can see links. ] pass.viprasys.com this is now a very complicate tool OllyDbg OllyDbg is a 32-bit assembler level analysing debugger for Microsoft® Windows®. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. * Intuitive user interface, no cryptical commands * Code analysis - traces registers, recognizes procedures, loops, API calls, switches, tables, constants and strings * Directly loads and debugs DLLs * Object file scanning - locates routines from object files and libraries * Allows for user-defined labels, comments and function descriptions * Understands debugging information in Borland® format * Saves patches between sessions, writes them back to executable file and updates fixups * Open architecture - many third-party plugins are available * No installation - no trash in registry or system directories * Debugs multithread applications * Attaches to running programs * Configurable disassembler, supports both MASM and IDEAL formats * MMX, 3DNow! and SSE data types and instructions, including Athlon extensions * Full UNICODE support * Dynamically recognizes ASCII and UNICODE strings - also in Delphi format! * Recognizes complex code constructs, like call to jump to procedure * Decodes calls to more than 1900 standard API and 400 C functions * Gives context-sensitive help on API functions from external help file * Sets conditional, logging, memory and hardware breakpoints * Traces program execution, logs arguments of known functions * Shows fixups * Dynamically traces stack frames * Searches for imprecise commands and masked binary sequences * Searches whole allocated memory * Finds references to constant or address range * Examines and modifies memory, sets breakpoints and pauses program on-the-fly * Assembles commands into the shortest binary form * Starts from the floppy disk iam not even close expert in this tool this is used by crackers to brake protections etc etc can be use to alot of things pic link [Only registered users can see links. ] pass.viprasys.com lets jump to unpackers AoRe UnPack Tools v2 this is a all in one tool that have alot of unpackers to unpack many of the yahoo tools that are packed as u can see in the pic they are alot and each one is to use depende of the type of unpacked u want pic link [Only registered users can see links. ] pass:viprasys.com to finish 2 more unpacked to armadillo Dillodie 1.6 and Armageddon v132 this tools are just to unpacked armadillo and dont unpack all versions Dillodie 1.6 pic link [Only registered users can see links. ] pass:viprasys.com Armageddon v132 pic link [Only registered users can see links. ] pass:viprasys.com now my last words this progs all by it self dont make u know anything u must dedicate the time learn downlaod some clean and infect files and used to see this topic is not to replay here ask how to use this or that if anyone have any nice tool that want share make just like me put some explanation and pics and link now i hope all stop be virustotal masters and learn to be a master of this tools and show of how much u know some of the tools post some av can say trojan so dont used if u like my dedicate time to make this press tx apreciate to the ones that will ripp this topic tx also

11-05-2008, 09:24 PM	#2 (permalink)
~~ViT~~ ~~Special-Ones~~ Join Date: Feb 2007 Location: In the middle of nothing... in the middle of everything ... Posts: 16,609 Thanks: 602 Thanked 37,245 Times in 7,780 Posts Reputation: 114363	Re: Tools To Help Catch Trojans Etc Etc StripperX Name Stripper V213b9 Description ASProtect Unpacker. tool to unpack ASProtect 2.1 and more version link [Only registered users can see links. ] pass:viprasys.com

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
How-To Make All Viruses/Trojans Undetectable!	Bastion	Hackers' Lounge	3	12-26-2008 04:22 PM
Making Undetectable Trojans	moosa	Hackers' Lounge	26	12-19-2008 10:41 AM
Places where viruses and trojans hide	Web-Zone-Attack	How To...	0	02-12-2008 04:51 PM
trojans in newbie posts	desperado4u25	Request To Admins	7	07-13-2007 12:15 AM