[Xylitol]

Well i present you my tiny malware bot
Who need to be improved..
I use it for follow the evolution of ransomwares mainly.
Here a screenshot:


Every X time it will download your files in a folder called "Malware" he also modify the extension of downloaded malware like this: ".exe.ViR" or ".dll.ViR" etc...
You can load a malware list or save it. (malcode.txt)
You can reduce it in the systemtray and if the sample was updated you will be notified with a the systemtray baloon like here on the 1.5 version:


He write also a file called 'Information.txt' who contain information about downloaded files
Here the information file on the 1.0 version (logs are a 48hours of homoblocker ransomware tracking):

The MD5 have changed alot :)

The version 1.6 include a tiny php website support for see 'online' the new samples who get updated

PHP Builder option:


The website:


The folder '/Help/' about how to setup your site online

[Tesk]

I will try this tool now.

I will let you know if I experience anything bad

[Xylitol]

Finally the 1.7 is released.

What's new ?
- IRC bot
- PHP ACP (edit/del/add)
- PE infos (*.exe, *.dll, *.src only)
- Send PE infos to the php site
- Timeout system configurable
- Open Source (feel free to modify it)









PHP Malware Monitoring Center:





sourceforge: https://sourceforge.net/projects/malwar ... MAD%201.7/

[gjf]

Pushing "About" causes crash. Win XP SP3.

[EP_X0FF]

Yeah, sound seems to be killed program.

[Xylitol]

hmm maybe a problem with uFMOD lib.
I run in WinXP SP3 and i dont have the problem (wut?)
can you retest with this exe ?

[EP_X0FF]

hmm maybe a problem with uFMOD lib.
I run in WinXP SP3 and i dont have the problem (wut?)
can you retest with this exe ?

This one works.

[gjf]

Yup, now it's OK.

[Xylitol]

Malware Auto-downloader v1.7 Revision 3
Some minor bugs fixed concerning the PHP Panel and the program himself.
MAD update page: Now generated with a random name for more security.
Admin Control Panel page: You can choose the name you want for the PHP file or generate also a random name.
Admin Control Panel page: Added a captcha to the login form (And dont worry captcha.fct.php is easy to understand if you want make it custom)
SourceForge ~ https://sourceforge.net/projects/malwar ... MAD%201.7/

[EP_X0FF]

I've some sort of bug-report :)

Once started on Windows 7 first time program displays the following error dialog - "Component 'MSCOMCTL.ocx' or one of its dependencies not correctly registered: a file is missing or invalid".
To solve this, program needs to be started one time with elevated rights. Another thing - I think your manifest does not working.

Below is screenshot - MAD at the left is customized exe (I put a valid manifest resource inside), MAD at the right - is original executable.

Code: Select all

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
   <assemblyIdentity
      name="MAD"
      processorArchitecture="x86"
      version="1.7.0.4"
      type="win32"/>
   <description>MAD</description>
   <dependency>
      <dependentAssembly>
         <assemblyIdentity
            type="win32"
            name="Microsoft.Windows.Common-Controls"
            version="6.0.0.0"
            processorArchitecture="x86"
            publicKeyToken="6595b64144ccf1df"
            language="*"
         />
      </dependentAssembly>
   </dependency>
   <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
      <security>
         <requestedPrivileges>
            <requestedExecutionLevel
               level="asInvoker"
               uiAccess="False"/>
         </requestedPrivileges>
      </security>
   </trustInfo>
</assembly>

and btw, Sophos "AV" does not like your program :)