Nuclear RAT 1.0 Beta 8
(Backdoor.Win32.Nuclear.ag)

by Caesar2k

Written in Delphi

Released in May 2006

more versions

 
Current feature list of this program:
- Colored connected computers listings according to their ping
- Online keylogger
- Screencapture (with mouse gestures) using PNG compression
- Webcam capture (with driver selection) using PNG compression
- Computer information with a wide variety of information
- Mouse control
- Script editor for VBS and BAT, no need for uploading files
- Screen resolution control
- Socks5 with NOAUTH
- Webserver for downloading and browsing files on the remote computer
- Remote shell
- Filemanager with treeview style with:
  - Download
  - Download folder
  - Upload file
  - Run
  - Run hidden
  - Rename file
  - Delete file
  - Play wav and mid files
  - File properties
  - Filter folder contents
  - Diferent view styles for the file list
  - Global search files
  - Rename folder
  - Create folder
  - Delete folder
  - Folder properties
  - Sort by filename, size of type (ascending and descending)
  - Auto refresh on folder click
  - Auto open some types of readable files, such as txt, rtf, png, gif, bmp, jpg, etc
- Windows manager with:
  - Send keys
  - Show/Hide/Disable and more features for each window
  - Find window by handle or by title
  - Get all windows (visible or not) or just the visible ones
- Process manager with:
  - Module manager (unload DLL and unload DLL from all processes)
  - Process manager (kill and inject server into process)
- Registry manager in treeview style with:
  - Delete key
  - Create key
  - Rename value name
  - Delete value name
  - Set value with all types of registry values available (REG_SZ, REG_EXPAND_SZ, REG_MULTI_SZ, REG_DWORD, REG_BINARY)
  - Create value
- Transfer manager with downloads/uploads with the modes of queue (downloads and uploads in sequence) and 
  multi-threaded (download and upload many at once)
- Clipboard manager with Set/Get/Clear functions
- Plugins manager with:
  - Client side extensions
  - Upload plugin function
- Connections manager to break any connection thats getting through the client
- Shutdown computer with log off, shutdown and restart 
- Message box 
- Web download feature
- IP Range scanner
- Chat
- shellExecute
- Port redirect function with multiple redirections, and IN and OUT traffic information
- TCP tunnel with multiple connections allowed and various ports
- Quick floating menu to have your most used functions in hand and external programs and files!
- Share Server, make the server connect to another IP and port temporarily (reverse connection)
- Remote connection manager you can check all the connected IPs to the server
--------------- Client abilities ---------------------
- Multi-Threaded client, you can perform many tasks at once
- Lag meter and pingtimeout for servers not responding after 3 tries (or you define the timeout tries)
- Average speed, in/out global traffic, even for plugins
- Broadcast commands to your online server list: download, execute plugin command, disconnect, 
  close, update, uninstall
- Every single request made from the client is using one port, so you wont need to forward a lot 
  of ports again when using reverse on a computer behind a router
- Update/Uninstall/Close/Disconnect servers simpliest task ever
- Support for reverse and direct connections simultaneously
- Saves spaces by using right-click menus and not having big buttons for everything
- Built-in help for most of functions, just click the question marks around the client
- Sounds for downloads, connections and disconnections
- Plugin system compatible with most languages, since they use stdcall as export, Delphi and C++ tested
- Hybrid server mode: listen on a port or reverse connect at same time on the same server!
- Flow control for commands, you wont get content before the last ends!
---------------- Server abilities ---------------------
- Server can either be injected to a lot of targets at same time or be loaded by the server exe
- Possibility for creating reverse or direct connection servers
- Fake error message on execution
- Bind plugins with the server and execute its functions on load
- Make plugins as generic (no gui needed), client based (using a gui plugin on client side) and 
  extension (add functionality to the server) 
- The server has a lot of error checking, to guarantee its going to be stable
- Encrypted information between client-server
- Relatively small exe, considering all its functions
- PHP script logging enabled, keep track of your direct, reverse and hybrid servers


Server:
dropped files:
c:\WINDOWS\NR\example.dll    Size: 181,760 bytes 
c:\WINDOWS\NR\example.exe    Size: 216,064 bytes  

added to registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "example"
data: C:\WINDOWS\NR\example.exe 

HKEY_CLASSES_ROOT\dllfile\shell\open\command "(Default)"
data: rundll32.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "example"
data: C:\WINDOWS\NR\example.exe 

HKEY_CLASSES_ROOT\dllfile\shell\open\command


tested on Windows XP
June 05, 2006

MegaSecurity