Muy buenas a todos.
Les dejo la v.3.0 del VBScript Sequence Destroyer + Posibilidad de ofuscar que he estado programando estos últimos días.
El Builder tiene ciertas restricciones así que depende de lo que seleccionéis se os desactivaran en algunos casos otras opciones.
De un server original pueden salir hasta 30 variantes ya que hay 5 métodos de cifrado y ademas puedes elegir ofuscar el cifrado o no para cada método, a parte de esto se puede meter todo en una sola linea o normal y ademas en ciertos casos puedes elegir si declarar variables etc... total que pueden llegar a salir hacia unos 30 servers un poquito distintos entre ellos.
El Builder permite también añadir comentarios random.
En la ultima versión me pidieron que añadiera las opciones de esparcir por carpetas y ficheros (los de H-Worm) en esta ya se pueden elegir los valores.
También le añadí la ruta donde hay que instalarse (también de H-Worm).
Aunque si abren el .vbs generado verán como ha sido cifrado les comento un poco cada opción.
Replace y ForNext: Añaden caracteres entre los caracteres del server original de Hworm. Dim Server ==> D*-*i*-*m*-* *-*S*-*e*-*r*-*v*-*e*-*r
Una vez hecho esto (vuelve a juntar todos los caracteres originales y los ejecuta).
Recursive: Parte el server en unos 520 trozos y con una función recursiva va juntando todos los caracteres y finalmente los ejecuta.
Arrays: Separa cada carácter del server original en un espacio de cada array. Luego se concatena todo el array y finalmente se ejecuta.
Server in Coments: Coge cada carácter del server original y lo pone como comentario en una nueva linea. Mediante la función READLINE el documento se abre a si mismo va leyendo las lineas omitiendo la comilla ' de los comentarios de forma que finalmente queda todo el server original concatenado y se ejecuta.
Cada vez que genera un nuevo server cifrado todas las variables son randomizadas y de diferente longitud.
ESPERO QUE LES GUSTE

Aqui les dejo una foto:
Imagen



Scan Server H-Worm Original:
Filename: Original.vbs
Filesize: 13,92 kB
Date: 2016-04-17 03:48:12
MD5: bdd90c509cae65e620b320720c56f63d
SHA1: e06599f14cf0cd06410f6a8c8f4313de23f3973a
Status: Infected
Rate: 21/35

Details:
Ad-Aware - Worm.VBS.Dunihi.BC
A-Squared - Worm.VBS.Dunihi.BC (B)
Avast - Download:BV:Agent-AXJ [Trj]
AVG Free - Virus identified VBS/Downloader.Agent
AntiVir (Avira) - VBS/Agent.BH.3
BitDefender - Worm.VBS.Dunihi.BC
BullGuard - Gen:Variant.Barys.50512
Clam Antivirus - File is clean
COMODO Internet Security - File is clean
Dr.Web - Trojan.Hworm.1

ESET NOD32 - Worm.VBS/Agent.NHT
eTrust-Vet - <virus> Worm.VBS.Dunihi.BC
FortiClient - File is clean
F-PROT Antivirus - File is clean
F-Secure Internet Security - Worm.VBS.Dunihi.BC
G Data - Worm.VBS.Dunihi.BC, Script.Worm.Dinihou.E
IKARUS Security - Trojan-Downloader.VB.Houdini
K7 Ultimate - NetWorm ( 0040f5f81 )
Kaspersky Antivirus - Worm.VBS.Dinihou.a
McAfee - VBS/Autorun.worm.aapj
MS Security Essentials - Worm:VBS/Jenxcus.K
NANO Antivirus - File is clean
Norman - Worm.VBS.Dunihi.BC
Norton Antivirus - File is clean
Panda CommandLine - File is clean
Panda Security - File is clean
Quick Heal Antivirus - VBS/HBraker.NO
Solo Antivirus - File is clean
Sophos - VBS/Dinihou-G
SUPERAntiSpyware - File is clean
Trend Micro Internet Security - VBS_DUNIHI.SM2
Twister Antivirus - File is clean
VBA32 Antivirus - File is clean
VIPRE - File is clean
Zoner AntiVirus - File is clean

Scan Result: [Enlace externo eliminado para invitados]
[Enlace externo eliminado para invitados]

Scan Server SOLO REPLACE:
Filename: CryptedReplace.vbs
Filesize: 193,64 kB
Date: 2016-04-17 03:30:44
MD5: 6ea73044954480e91381b876ccedca3a
SHA1: f7d46b1772e41f40c536eb3faf9637ccdb5b39fc
Status: Infected
Rate: 1/35

Details:
Ad-Aware - File is clean
A-Squared - File is clean
Avast - File is clean
AVG Free - File is clean
AntiVir (Avira) - File is clean
BitDefender - File is clean
BullGuard - File is clean
Clam Antivirus - File is clean
COMODO Internet Security - File is clean
Dr.Web - File is clean
ESET NOD32 - File is clean
eTrust-Vet - File is clean
FortiClient - File is clean
F-PROT Antivirus - File is clean
F-Secure Internet Security - File is clean
G Data - File is clean
IKARUS Security - File is clean
K7 Ultimate - File is clean
Kaspersky Antivirus - HEUR:Worm.Script.Generic
McAfee - File is clean
MS Security Essentials - File is clean
NANO Antivirus - File is clean
Norman - File is clean
Norton Antivirus - File is clean
Panda CommandLine - File is clean
Panda Security - File is clean
Quick Heal Antivirus - File is clean
Solo Antivirus - File is clean
Sophos - File is clean
SUPERAntiSpyware - File is clean
Trend Micro Internet Security - File is clean
Twister Antivirus - File is clean
VBA32 Antivirus - File is clean
VIPRE - File is clean
Zoner AntiVirus - File is clean

Scan Result: [Enlace externo eliminado para invitados]
[Enlace externo eliminado para invitados]

Scan Server SOLO FORNEXT:
Filename: CryptedForNext.vbs
Filesize: 182,68 kB
Date: 2016-04-17 03:50:53
MD5: e9c569b5e0b21b2cd63755be1aafa8bb
SHA1: 2ad27f211e7d7600364aee90f491f3e436c4212f
Status: Infected
Rate: 1/35

Details:
Ad-Aware - File is clean
A-Squared - File is clean
Avast - File is clean
AVG Free - File is clean
AntiVir (Avira) - File is clean
BitDefender - File is clean
BullGuard - File is clean
Clam Antivirus - File is clean
COMODO Internet Security - File is clean
Dr.Web - File is clean
ESET NOD32 - File is clean
eTrust-Vet - File is clean
FortiClient - File is clean
F-PROT Antivirus - File is clean
F-Secure Internet Security - File is clean
G Data - File is clean
IKARUS Security - File is clean
K7 Ultimate - File is clean
Kaspersky Antivirus - HEUR:Worm.Script.Generic
McAfee - File is clean
MS Security Essentials - File is clean
NANO Antivirus - File is clean
Norman - File is clean
Norton Antivirus - File is clean
Panda CommandLine - File is clean
Panda Security - File is clean
Quick Heal Antivirus - File is clean
Solo Antivirus - File is clean
Sophos - File is clean
SUPERAntiSpyware - File is clean
Trend Micro Internet Security - File is clean
Twister Antivirus - File is clean
VBA32 Antivirus - File is clean
VIPRE - File is clean
Zoner AntiVirus - File is clean

Scan Result: [Enlace externo eliminado para invitados]
[Enlace externo eliminado para invitados]

Scan Server SOLO RECURSIVE:
Filename: CryptedRecursive.vbs
Filesize: 41,32 kB
Date: 2016-04-17 03:52:43
MD5: 89a6c23e7d7720ffb76830d6bf17cef8
SHA1: b51041339889a9e701e34d2171ff15b49ff81d2a
Status: Clean
Rate: 0/35

Details:
Ad-Aware - File is clean
A-Squared - File is clean
Avast - File is clean
AVG Free - File is clean
AntiVir (Avira) - File is clean
BitDefender - File is clean
BullGuard - File is clean
Clam Antivirus - File is clean
COMODO Internet Security - File is clean
Dr.Web - File is clean
ESET NOD32 - File is clean
eTrust-Vet - File is clean
FortiClient - File is clean
F-PROT Antivirus - File is clean
F-Secure Internet Security - File is clean
G Data - File is clean
IKARUS Security - File is clean
K7 Ultimate - File is clean
Kaspersky Antivirus - File is clean
McAfee - File is clean
MS Security Essentials - File is clean
NANO Antivirus - File is clean
Norman - File is clean
Norton Antivirus - File is clean
Panda CommandLine - File is clean
Panda Security - File is clean
Quick Heal Antivirus - File is clean
Solo Antivirus - File is clean
Sophos - File is clean
SUPERAntiSpyware - File is clean
Trend Micro Internet Security - File is clean
Twister Antivirus - File is clean
VBA32 Antivirus - File is clean
VIPRE - File is clean
Zoner AntiVirus - File is clean

Scan Result: [Enlace externo eliminado para invitados]
[Enlace externo eliminado para invitados]

Scan SOLO ARRAY:
Filename: CryptedArray.vbs
Filesize: 183,69 kB
Date: 2016-04-17 03:54:25
MD5: be5f06959fcd40816f91aa1fb84ed100
SHA1: 91f38becb9f3947a7c50375d3b7545f43a17a6f6
Status: Infected
Rate: 1/35

Details:
Ad-Aware - File is clean
A-Squared - File is clean
Avast - File is clean
AVG Free - File is clean
AntiVir (Avira) - File is clean
BitDefender - File is clean
BullGuard - File is clean
Clam Antivirus - File is clean
COMODO Internet Security - File is clean
Dr.Web - File is clean
ESET NOD32 - File is clean
eTrust-Vet - File is clean
FortiClient - File is clean
F-PROT Antivirus - File is clean
F-Secure Internet Security - File is clean
G Data - File is clean
IKARUS Security - File is clean
K7 Ultimate - File is clean
Kaspersky Antivirus - HEUR:Worm.Script.Generic
McAfee - File is clean
MS Security Essentials - File is clean
NANO Antivirus - File is clean
Norman - File is clean
Norton Antivirus - File is clean
Panda CommandLine - File is clean
Panda Security - File is clean
Quick Heal Antivirus - File is clean
Solo Antivirus - File is clean
Sophos - File is clean
SUPERAntiSpyware - File is clean
Trend Micro Internet Security - File is clean
Twister Antivirus - File is clean
VBA32 Antivirus - File is clean
VIPRE - File is clean
Zoner AntiVirus - File is clean

Scan Result: [Enlace externo eliminado para invitados]
[Enlace externo eliminado para invitados]


Scan SOLO SERVER IN COMMENTS:
Filename: ServerCommentReadLine.vbs
Filesize: 35,50 kB
Date: 2016-04-17 03:58:27
MD5: 479a51f88a2389f2ccfd9452f09b6a2b
SHA1: a109cca6feb77b4af12d0de5b8f04d90b639c33a
Status: Clean
Rate: 0/35

Details:
Ad-Aware - File is clean
A-Squared - File is clean
Avast - File is clean
AVG Free - File is clean
AntiVir (Avira) - File is clean
BitDefender - File is clean
BullGuard - File is clean
Clam Antivirus - File is clean
COMODO Internet Security - File is clean
Dr.Web - File is clean
ESET NOD32 - File is clean
eTrust-Vet - File is clean
FortiClient - File is clean
F-PROT Antivirus - File is clean
F-Secure Internet Security - File is clean
G Data - File is clean
IKARUS Security - File is clean
K7 Ultimate - File is clean
Kaspersky Antivirus - File is clean
McAfee - File is clean
MS Security Essentials - File is clean
NANO Antivirus - File is clean
Norman - File is clean
Norton Antivirus - File is clean
Panda CommandLine - File is clean
Panda Security - File is clean
Quick Heal Antivirus - File is clean
Solo Antivirus - File is clean
Sophos - File is clean
SUPERAntiSpyware - File is clean
Trend Micro Internet Security - File is clean
Twister Antivirus - File is clean
VBA32 Antivirus - File is clean
VIPRE - File is clean
Zoner AntiVirus - File is clean

Scan Result: [Enlace externo eliminado para invitados]
[Enlace externo eliminado para invitados]

Bueno, estos son todos los scans que voy a publicar ya que sino tendría que escanear 20 y pico servers mas aunque mas o menos o estan fud o los detecta KaspersKy.

[RAR BlowFish]
Password del RAR(BASE64<==>ATOM128):
[spoiler]YnhoNWd4aDVNaWNoTEk2Sg==[/spoiler]

Descarga: [Enlace externo eliminado para invitados]
Al Encontrar Bugs fallos etc, agradeceria que se reportara!
Gracias!
A su salud
Skype: Janpr99
pro, solo eso debo decirte, gracias por compartir, podrias poner un boton para pausar la cancion :c
estoy matando el tiempo, mientras el tiempo nos mata lentamente..

Mostrar/Ocultar

Buen trabajo y gracias por la contribución amigo.
"Concentrarse en las fortalezas, reconocer las debilidades, las oportunidades y tomar la guardia contra las amenazas."

―Sun Tzu
Muy bueno tio, currazo que te has dado.
Saludos
666699966999999996699966699999
666699966999999996699966969999
699999966999999996699966996999
666699966999999996699966999699
666699966999999996699966999699
699999996699999966999966996999
699999999669999669999966969999
699999999996666999999966699999
https://reversecodes.wordpress.com

http://indeseables.github.io/
I'm using Blowfish Advanced Cs to unrar, but it doesn't work for me. What RAR decrypter for Blowfish did you used?
Responder

Volver a “Troyanos y Herramientas”