Bandook 1.2
(Backdoor.Win32.Bandok.d)

by Princeali

Server packed with FSG

Released in May 2005

more versions 




Bandook v1.2 By Princeali
============================================================================================
Bandook is a  fwb+ Reverse connection 
Mini Trojan ,with Basic Functions , and its only 5 kb .

Why bandook ?
------------
Bandook in Lebanese means Child from mixed race
parents ,so since this Software is a mix between 
C++ / delphi its called  bandook .

============================================================================================

*Features*									              
*FWB+ (Firewall bypass Plus Technology) using the Default Browser.				
*Small Size 5 kb File / Stable							              
*Encrypted Settings / all commands are Sent encrypted through Sockets				
*File Upload / Execute (with abilitie to Cancel File Trasnfer at any time)				
*File Download From Web (with abilitie to Abort Download at any Time)				
*Process Manager (List Processes / Terminate Process)						
*Socks 4 Server ( can be Enabled / Disabled using any port)					
*PWS Fetching (Gets Protected Password Storage using a PPSV Plugin)				
 *Mass Download / Execute (Send Download Command to All Clients at the Same Time)			
*Auto Download on Connect Option								
*ActiveX Startup only (wont show in MSConfig)
*Msn Notification Style On Connection (Can be Enabled / Disabled)							+
*General Information (Including Cam detection)							
*Remove Server 										
*Ping System											


Usage Tips
----------
Make a Server , listen on a port and you are ready , just i will give few notes :
1-Pws.bndk : This is the ppsv Plugin used for fetching pass , u need to install it in order 
                    to get the password list (Can be done easly through bandook)
2-In Case of File Trasnfer Failure / Hangon , U can Click abort anytime :).


Version History:
************
Changes in v1.2
===========================================================================================
-Upload File Added
-Fixed Connection Function
-Process Manager Added
-PWS Plugin Added 
-better Communication System
-better Fwb+ 
-Removed XP Firewall Disabling , Adds Socks 4 port to the allowed Xp Firewall list
-ActiveX Startup method
-Added MSN Notification Style
-Faster System (No More Loops in the Client)
-Fixed a bug with reconnection (that used to happen sometimes)
-Save urls Used make it easier instead of typing them each time
-Remove Target From list in Case of Disconnection

Princeali


Server:
dropped file:
c:\WINDOWS\system32\ali.exe
size: 5,317 bytes 

port: 1167 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{B6A807N6-42DF-4W02-93E5-B156B3FA8AL1} "StubPath"
data: C:\WINDOWS\System32\ali.exe 
	
	
	
tested on Windows XP
June 03, 2005
MegaSecurity