it consultancy

Der Spaeher malware

Der Spaeher details

  • Description

    From the doc:COMMANDS:[OUT] = the commands you must send![IN] =the commands you get from the server!TO CONNECT TO VICTIM:************************************Ok, now connect to the IP and Port (2001).You are now connected, but you are not able to use functions because a Passwort is required![OUT] PasswortAbfrage[IN]PassJetzt[OUT] 'Passwort' or [OUT] KeinPasswort (if there is no password!)[IN] PasswortOK (Passwort is OK, ready to use the functions)[IN] PasswortNichtOK (Passwort is NOT OK, type another)************************************HERE ARE THE FUNCTIONS:************************************FILEMANAGER:First you must type:[OUT] DateiManager[IN]'getdrives'then you are able to use the other functions of the filemanager.getdrives =[OUT] DateiManagershow file =[OUT] DAnzeigen [IN] DAnzeigen [OUT] 'FilePath'copy file =[OUT] KopieDatei [IN] KopieOK [OUT] 'Path ofthe file wich you will copy' [IN] KopieDatei1 [OUT] 'Path of the new file' [IN] DateiKopieOK (file coped)kill file =[OUT] DLoeschen [IN] DLoeschen [OUT] 'Path of the file' [IN] DateiLoeschen (file is now killed)rename file= [OUT] RenDatei [IN] RenOK [OUT] 'Path of the file' [IN] [OUT] 'Path of the "new" file' Path! not only the filename c:a.bat --> c:.bat not b.bat! [IN] DateiRenOK (file has been renamed)file typ = [OUT] DateiTyp [IN] DateiTyp [OUT] 'file typ' [IN] DateiTypOk (new file typ has been set)(type) path= [OUT] VerzOKK [IN] VVV [OUT] 'Path' [IN] 'Lists directory and files'start file = [OUT] DStartenU = Invisible [OUT] DSTarten = visible [IN] DStarten [OUT] 'path of file' (*.exe, *.com, *.bat) [In] DateiStarten (file started)************************************REGISTRY:Registry: GETNote: abbb = HKEY LOCAL MACHINE bbbb = HKEY CURRENT USER cbbb = HKEY USERS dbbb = HKEY CLASSES ROOT ebbb = HKEY DYN DATA fbbb = HKEY CURRENT CONFIG [OUT] Registrierung [IN] Reg1 [OUT] abbbSOFTWAREMicrosoftWindowsCurrentVersion (NOT: abbbSOFTWAREMicrosoftWindowsCurrentVersion) [IN] Reg2 [OUT] 'value' (examble: Version)Registry: SET [OUT] RegSetzen [IN] RegSuper [OUT] abbbSOFTWAREMicrosoftWindowsCurrentVersion (NOT: abbbSOFTWAREMicrosoftWindowsCurrentVersion) [IN] RegSuper2 [OUT] 'value' (examble: Version) [IN] RegSuper3 [OUT] 'data' [IN] RegSS (Reg has been Set)************************************WINDOWS:Current User= [OUT] WelcherUserminimize all= [OUT] AllesMinimieren[IN] AllesMinimieren (yeah)maximize all= [OUT] AllesMaximieren[IN] AllesMaximieren (yeah)scale down all= [OUT] AllesVerkleinern[IN] AllesVerkleinern (yeah)close all = [OUT] AllesBeenden[IN] ----------------------------------NOCH NICHT!--------------------------************************************SHOW WINDOWS:'shut down window' = [OUT] EWinBeenden [IN] EWinBeenden (yeah)'clock setting'= [OUT] EUhr [IN] EUhr (yeah)'taskbar setting'= [OUT] ETaskleiste [IN] ETaskleiste (yeah)'find' = [OUT] ESuchen [IN] ESuchen (yeah)'start' = [OUT] EAus [IN] EAus (yeah)************************************WINDOW MANAGER:show all windows = [OUT] AlleFensterErmittelnclose window = [OUT] WindowsEnde'window name' (examble: WindowsEndeSendOnlineMessage) [IN] FensterZU (window has been closed)bring to top = [OUT] 'window name' (only type the window name) [IN] FensterTop (window is top now)hide window= [OUT] FensterHide'window name'(examble: FensterHideSendOnlineMessage) [IN] FensterHide (window is now hidden)maximize window= [OUT] FensterMax'window name' (examble: FensterMaxSendOnlineMessage) [IN] FensterMax (window is now maximized)minimize window= [OUT] FensterMin'window name' (examble: FensterMinSendOnlineMessage) [IN] FensterMin (window is now minimized)refresh window = [OUT] AlleFensterErmitteln************************************COOL STUFF:shut down computer = [OUT] ComputerAusschaltenrestart computer = [OUT] ComputerNeuStartenshut down windows= [OUT] WindowsAbmeldenshut down screen = [OUT] BildschirmAbsturztile windows = [OUT]ZweiSpalten [IN] ZweiSpalten (windows has been tiled)clear clipboard= [OUT] ZwischenLeeren [IN] ZwischeLeer (clipboard is cleared)************************************MOUSE:Set Cursor = [OUT] MausBewegen [IN] MausBewegenOK (Cursor has been set)swap buttons = [OUT] MausVertauschen [IN] MausVertauschen (buttons swaped)restore buttons= [OUT] MausRichtig [IN] MausRichtig (buttons restored)************************************PLAY SOUNDS:to activate playing sound:[OUT] SoundAbSpielen[IN] SoundAbSpielensystem question= [OUT] a [IN] SoundWurdeAbGespielt (Sound has been played)system exclamation = [OUT] b [IN] SoundWurdeAbGespielt (Sound has been played)system asteriks= [OUT] c [IN] SoundWurdeAbGespielt (Sound has been played)system hand= [OUT] d [IN] SoundWurdeAbGespielt (Sound has been played)system default = [OUT] e [IN] SoundWurdeAbGespielt (Sound has been played)************************************PING PONG VIRUS:on: [OUT] PingPongan [IN] PingPongan (on)off: [OUT] PingPongaus [IN] PingPongan (off)************************************MSGMANAGER:to activate the Msg-Manager:[OUT] MSG[IN] (There is no server command, please wait 1-2 sec. and then put the commands)msg typ: (there are no server command too [IN] ) (standart is ok)ok = [OUT] vbOKerror = [OUT] vbKritischinfo = [OUT] vbInfosend message = [OUT] = 'text' [IN] Msgboxx (message has been send)************************************SEND KEYS:send key = [Out] SendKey [In] SendKeyJetzt [Out] 'key' [In] SendKeyOK (key has been send)************************************KEY LOGGER:on = [OUT] KeySpyoff = [OUT] KeySpyAus [IN] KeySpyAus (Key Logger is now off)************************************SYSTEN INFOS:[OUT] SysInfo************************************MS-DOS SCRIBT:[OUT] msdosskribt[IN] no server command (wait 1-2 sec then send the next commands)[OUT] 'scribt'[IN] msdosOK (MS-DOS scribt has

  • Alias

    Backdoor.DerSpeher.2Backdoor.DerSpeher.3.aBackdoor.DerSpeher.3.bBackdoor.DerSpeher.3.c

  • Exe

    -1718302892.exe-182618650.exederspaeher.exeds3.exeds3-mini.exehallo.exeWindowscommandmome.exeWindowssystemdkbdll.exe

  • Dll

    Windowssystemgci32q.dll