LinkBack URL
About LinkBackshi for all
Size
* ~1400 bytes (Varies with settings)
Base
* ActiveX startup
* Install into system directory
* Injection into explorer.exe process
* Invisible in the task manager
* Runs on Windows 98/2000/Me/NT/XP/Longhorn
Plugin
* Computer information
* File manager
* Process manager
* Windows manager
* Service manager
* Registry manager
* Screen capture (requires GDIPlus.dll)
* Camera capture (requires GDIPlus.dll)
* LZO data compression
How To Use
1. Set Up DNS
Find a free DNS provider (No-IP - Dynamic DNS, Static DNS for Your Dynamic IP) and register a DNS (iciko.no-ip.org).
2. Build Server
Open the Spirit client and, in the menu, select File > New Server. In the box under DNS, enter the DNS you registered. Enter any number for the port or leave it as it is (24880). You can add more DNS if you want and edit the registry key and the install filename. Press on the Create button and save the file somewhere.
3. Run Server
Run the server on the computer you want to access.
4. Configure Client
In the Spirit client, select View > Settings and enter the port you chose earlier and press enter. The connection should come appear soon. Double-click on the computer name in the list and press yes to upload the DLL. Now, double-click again and you can access the managers. To use such functions as screen capture, right click on the computer name and select Media.
Frequently Asked Questions
Uhhh...
Changelog
Version 4.0 Beta 1
2006-06-01
* First public beta of Spirit 4.0
Future Changes
* Keylogger
* Scripting
* More functions for the managers
Credits
drocon, thanks for teaching me nasm and CS.
eXeco, thanks for the fwb# example.
Jørgen Ibsen, thanks for the apLib compression library.
Markus F.X.J. Oberhumer, thanks for the UCL compression library.
ufinal, thanks.
Purchase
Undetected price: 50USD
I offer a service to make a custom server for the small fee stated above. Each freshly compiled server comes sandbox bypass and a modified compression engine.
Any server detected within the first week after the payment will be replaced...if I feel like it.
Contact me for more details: iciiko[at]gmail.com
+ Reply to Thread
Results 1 to 3 of 3
Thread: Spirit Uploader 4.0
-
08-12-2007 #1H4krGuest
Spirit Uploader 4.0
-
08-12-2007 #2Senior Member
- Join Date
- Aug 2005
- Posts
- 1,459
dont think i would buy this with this kinda of undecided action. you either offer your customers the service or not, you cant just say if i can be bothered or not.Any server detected within the first week after the payment will be replaced...if I feel like it.
Contact me for more details: iciiko[at]gmail.com
you wouldnt go in to a fastfood resturant or food take out and ask for steak or burgers and the waiter/cook says nah i cant be bothered to i dont feel like cooking.
-
08-12-2007 #3Senior Member
- Join Date
- Aug 2005
- Posts
- 1,459
Anubis - Analysis ReportAnalysis Report for Spirit.exe
Comment on this report
Summary:
No threats could be detected by Anubis. This does not imply that execution of this executable is safe.
Table of Contents
expand allexpand all collapse allcollapse all
* General information
* Spirit.exe
o C:\Spirit.exe
o Primary Analysis Subject
o General information
o a) Registry Activities
o b) Other Activities
1. General Information
- Information about Anubis' invocation
Time needed: 151 s
Report created: 12/08/07, 16:43:33
Termination reason: Timeout
Program version: 1.5
2. Spirit.exe
- General information about this executable
Analysis Reason: Primary Analysis Subject
Filename: Spirit.exe
MD5: 7c57c6b76c235f652d92f25e0be9977a
SHA-1: 8e76e9b985d9bbef4d1fbacf12bb6ecb72eaa8b8
File Size: 215587 Bytes
Command Line: "C:\Spirit.exe"
Process-status at analysis end: alive
Exit Code: 0
- Load-time Dlls
- Run-time Dlls
Module Name Base Address Size
C:\WINDOWS\system32\UxTheme.dll 0x5AD70000 0x00038000
C:\WINDOWS\system32\Riched32.dll 0x732E0000 0x00005000
C:\WINDOWS\system32\MSCTF.dll 0x74720000 0x0004B000
C:\WINDOWS\system32\RICHED20.dll 0x74E30000 0x0006C000
- SigBuster Output
NsPack All_Versions SN:1635
2.a) Spirit.exe - Registry Activities
- Registry Keys Created:
HKU\S-1-5-21-1614895754-115176313-1202660629-1003\Software\Spirit
+ Registry Values Read:
Key Name Value Times
HKU\S-1-5-21-1614895754-115176313-1202660629-1003\software\Microsoft\Windows\CurrentVersion \Explorer\Advanced ListviewAlphaSelect 0 1
HKU\S-1-5-21-1614895754-115176313-1202660629-1003\software\Microsoft\Windows\CurrentVersion \Explorer\Advanced ListviewShadow 0 1
HKU\S-1-5-21-1614895754-115176313-1202660629-1003\software\Microsoft\Windows\CurrentVersion \Explorer\Advanced ListviewWatermark 0 1
2.b) Spirit.exe - Other Activities
- Mutexes Created:
CTF.TimListCache.FMPDefaultS-1-5-21- 1614895754-115176313-1202660629-1003MUTEX.DefaultS-1-5-21- 1614895754-115176313-1202660629-1003
SPIRIT
- Keyboard Keys Monitored:
Key Times
VKey-Code: 27 61
please note that on unknown and serveal other security forums this file has been infected by posters/ users use at your own risk
Reply With QuoteThread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
[DEV] Che Uploader Beta 1
By Che in forum Malware Samples and InformationReplies: 18Last Post: 27-04-2011, 19:27 -
FC uploader
By ratws in forum SnippetsReplies: 1Last Post: 04-02-2007, 03:25 -
FC-uploader??
By drkdreams in forum Delphi HelpReplies: 0Last Post: 26-11-2006, 20:14 -
Ltt FTP uploader
By ratws in forum SnippetsReplies: 0Last Post: 08-10-2005, 23:50 -
TM fwb uploader help
By -silent- in forum General Programming HelpReplies: 5Last Post: 27-05-2005, 21:33
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts