by Icingtaupe
Written in Assembler, source included
Released in January 2006
- Builder - FWB++ webdownload, inject into the default browser - Dynamic linking for API's use ( there's NO "dangerous" API in the IAT / Import Table, mainly "GetProcAdress" / "GetModuleHandle" ).. in fact, there's no static buffer's in the server, everything is done with stack. - Choice of target directory : System32, Windows, Temp - Choice of run it or not after download the file - Choice of the webdl melt' or not - Choice of the filename after download ( name a file "file1.Exe" on your website, you can choose to save it under "csrss.exe" after download it at target .. ) - Encryption of settings ( Two very, very, very simple cryptage, one for each setting : One for the URL, another one for the FileName ) - URL length of 240 char. available, Filename => 30 char. Icingtaupe Server: size: 3,072 bytes tested on Windows XP July 10, 2006MegaSecurity