Stealth Redirector 2.0
(Trojan-Proxy.Win32.Steredir.a)

by Tia86

Written in Delphi, Source included

Released in December 2003

Made in Italy

more versions 


WHAT IS STEALTH REDIRECTOR?


Stealth Redirector is likely a proxy system.
The function of this software is get total anonymity exploit 
the victim pc's.


- Why i write this software?


Suppose you have the control of a pc (egg. friend pc) and 
you will use this pc for bouncing your connection, how do you 
do?

With Stealth Redirector is simple!

eg. You will connect to Cyberspace.org telnet service and not 
leave your ip in the log files.

First you connect to the victim with the client (Stealth 
Redirector Client) and create a TCP Redirect.
At the "Redirect Host" write "cyberspace.org",
at the "Redirect Port" write "23" (telnet service) and at the
"Listen Port" write a number between 1-65535 (eg. 1024).
Now connect with your telnet terminal at the victim with the 
port you choice (eg. 1024) and you get the prompt of the 
cyberspace service!


- How it work?


Stealth Redirector take the packets from a port and redirect 
these packets at a remote host.
Basically is a port redirect software.


- The functions of Stealth Redirector


TCP Redirect: you can create a multiple TCP Redirection.
FTP Redirect: you can create a FTP Redirection.
Netstat Remoto: you can view the list of the connections of 
the victim
LOG Destroy: with this function, Stealth Redirector search in 
the root of the Windows path (eg. if Windows path 
is 'D:\Windows', the program search in 'D:\') all *.log files
and
replace your IP with localhost IP (127.0.0.1).
Stato del server: the state of the Stealth Redirector Server.


- Installation


The installation mode is similar of the most Trojans.
The first time you execute, you get a windows with an error.
The program automatically copy itself in the Windows directory 
(eg. 'D:\Windows') and
create a value from the registry at this key:
HKLM\Software\Microsoft\Windows\Currentversion\Run or  HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run
for re-execute the server all times windows run.

Tia86


Server:
size: 205.960 bytes

port: 5500 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "DLL Process Control"
MegaSecurity