C.I.A Cruel Intentionz 1.3
(Backdoor.Win32.Ciadoor.13)

by Alchemist

Written in Visual Basic

Released in December 2004

more versions 


CIA 1.3

New In This Version

--------------------------------------------------------------------

2 Methods of Fwb ( Firewall Bypass )
   - Spyware Method ( Uses a common method performed by various spyware applications to try and bypass software firewalls )
   - DLL Injection ( Injects server as a DLL in to a trusted process to try and bypass software firewalls )
       - Choose Fwb Into IE or Explorer
       - Choose Injected DLL name

Plugin Engine
  - Easily create & design custom plugins in VB that can be used in the server
  - Full details & Examples included in package!

Smaller Server ( As Small as 52 kb compressed & 171 kb uncompressed , size varies depending on settings )
Server is now packed using Mew 
Cjpg.dll plugin is used now for captures (cuts servers size & faster compression)
Informaton Is Scripted From Client Side ( Check Scripts folder - this saves server size by 10 - 20 kb and meens you can customize scripts to own needs )
Unlimited amounts of scripts can be added ( CDkeys & Basically anything can be fetched from the registry )
Added Siren Sound In NT Beeper
Added About 20+ More Global Variables
Added Reverse Connection only server (better for bypassing FW's)
Screen Clicks in Full Screen Mode
Added over 250 icons
Custom icons easily added to list in the "icons" folder
Unblock Some Popular Firewalls ( XP Firewall & Sygate Ect ( Beta ) )
Added FBI Chat Plugin thanks 2 Edjorges idea  ( Includes Source )
Added Msn Details Plugins Editor Plugin ( Includes Source )
Added Example Fonts Plugins Editor Plugin ( Includes Source )
Added Example Message Plugins Editor Plugin ( Includes Source )
Added Auto-Start with server for plugins (example included)
Added Auto-Start Plugins Editor Plugin
Added Flowbys Text 2 Speech Plugin

Upgraded Binder -

- ListView Upgraded From ListBox
- Show File Path & Name
- Show File Sizes

- Choose File Destination

- System Directory
- Windows Directory
- Temp Directory
- Root Drive

- Choose Execution Type

- Run Hidden
- Run Normal
- Run Minimized
- Run Maximized
- No Execution

- Plugin & DLL Options

- Register Plugins/DLLs/OCXs
- Choose Plugin To Autostart With Server

--------------------------------------------------------------------

Changes/Bug Fixes

--------------------------------------------------------------------

Server is build in VB6 especially for NT based operating systems ( No longer supports old windows 9x systems)
Server much is smaller & uses less memory
Fixed CPU usage issue with Explorer Hide Files
Taskmanger should no longer flicker in hiding process
System Colors Bugs Fixed
Fixed Multi Client Download Bug
Changed Server Builder Layout
Changed The Way Server Determinds if Plugin Is Installed ( hopefully better )
Changed The SIN Code Slightly Should Work Better Now ( Fixed timing bug )
SIN will now correctly delete any offline servers
Mouse Clicks More Accurate
Updated Matix Chat Slightly
Updated & Fixed Socks4 Server
Removed Dependency From Client ( MSINET.OCX & Smaller Client)
Fixed SMTP Finder Bug
Fixed Multiple File Binding Bug

Many More Tweaks & Fixes...

Alchemist


Server:
dropped files:
c:\WINDOWS\system32\ckl009.dat     size: 224 bytes 
c:\WINDOWS\system32\DlQ936o14m.ini size: 54.847 bytes 
c:\WINDOWS\system32\scvhost.exe    size: 54.847 bytes 
c:\WINDOWS\system32\wsock32.sys    size: 163.328 bytes 

port: 6333, 6334, 6335 TCP

added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Generic Host Process"
data: C:\WINDOWS\System32\scvhost.exe 

HKEY_CURRENT_USER\Software\VB and VBA Program Settings\set\set
HKEY_CLASSES_ROOT\CLSID\{E14DCE67-8FB7-4721-8149-179BAA4D792C}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{E14DCE67-8FB7-4721-8149-179BAA4D792C}\ProgID
HKEY_CLASSES_ROOT\CLSID\{E14DCE67-8FB7-4721-8149-179BAA4D792C}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{E14DCE67-8FB7-4721-8149-179BAA4D792C}\VERSION
HKEY_CLASSES_ROOT\Interface\{0958C4C9-77B0-4AA8-9364-7886BFCA7E39}\ProxyStubClsid
HKEY_CLASSES_ROOT\Interface\{0958C4C9-77B0-4AA8-9364-7886BFCA7E39}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{0958C4C9-77B0-4AA8-9364-7886BFCA7E39}\TypeLib
HKEY_CLASSES_ROOT\N.Cs4\Clsid
HKEY_CLASSES_ROOT\TypeLib\{C9F1C5A0-F3D8-48E2-8B8C-3E86B4CAC7E3}\3.0\0\win32
HKEY_CLASSES_ROOT\TypeLib\{C9F1C5A0-F3D8-48E2-8B8C-3E86B4CAC7E3}\3.0\FLAGS
HKEY_CLASSES_ROOT\TypeLib\{C9F1C5A0-F3D8-48E2-8B8C-3E86B4CAC7E3}\3.0\HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects


tested on Windows XP
December 22, 2004
MegaSecurity