Nuclear RAT 1.0 Beta 6.2
(Backdoor.Win32.Nuclear.b for Client)
(Backdoor.Delf.jw for change.php)

by Caesar2k

Written in Delphi

Released in November 2004

more versions 

 
Spy
- Screencapture (Lossless PNG compression [always 100% quality])
- Webcam spy (Lossless PNG compression [always 100% quality])
- Live Keylogger
- Password Stealer (ICQ[2003/99/Miranda/Trillian])
- Microphone spy
- Computer Information
Controls
- Mouse
- Script Creator (VBS or BAT)
- Resolutions
- Socks 5
- WebServer 
- Remote Shell
Managers
- File Manager (Windows Explorer Style with TreeViews [cached paths])
- Global Search Files
- Window Manager (Including Send Keys)
- Process Manager 
- IE Manager 
- Registry Manager (Regedit Style with TreeViews [cached paths])
- Transfer Manager (Queue or multiple downloads at once / Set Buffer size for faster connections)
- Clipboard Manager 
- Plugins Manager (SDK included in the page [Delphi Plugins])
Extras
- Shutdown
- Message Box
- Webdownload
- Remote Port/IP scanner
- Chat
- ShellExecute
- Port Redirect
- TCP Tunnel

Safe Share Server: Unique Feature that allows you to temporary redirect the server to another client

+ Hot keys for every function listed above AND/OR a Quick menu to access any part of the RAT faster.
Unpacked Server Size: 224Kb
Packed Server Size: 102kb

Engines:
- Reverse and Direct connection, which can be executed asynchronously in one client, and change between 
  connected computers at any time :)
- Smart listen on port, in the server, if you set port 190 and its being used, it will increase the port by one
  or till it finds a listenable port
- For reverse connection, you can use a DNS for the connection, your IP or a dynamic file that is placed in 
  a server that is uploaded thru FTP, so you can redirect your servers ANYWHERE, depending on your needs :)
- The server is FWB by default, where you can inject its DLL to multiple target processes
- Its plugin capable, you can code your own plugins or use the compiled ones in the page
- Hide files and add stealth to its process with the built-in rootkit

Caesar2k


Server:
dropped files:
c:\WINDOWS\NR\example.dll    size: 198.656 bytes 
c:\WINDOWS\NR\example.exe    size: 229.378 bytes 

added to registry:
HKEY_CLASSES_ROOT\dllfile\shell\open\command
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002

tested on Windows XP
November 14, 2004
MegaSecurity