Octopus features:
-Crypter:
The client will crypt files with RC4 algorithm using variable encryption key (generated and randomized automatically on client execution anyways, but also customizable). File/s code will be completely scrambled, and FUD (Fully UnDetected).
Almost all stub strings are encrypted with a variable encryption key: for Anti-Viruses will be very difficult to tag strings, since they get changed on each encryption. Also the crypted file code is encrypted with variable key, so it will be totally different for each encryption.
-Binder:
-Unlimited file number support: Join together how many files you want.
-Working with all file types: .exe, .doc, .jpg, etc.
-Direct memory execution: If you choose this option, your executable file will be executed directly in memory, without being dropped to hard disk.
Warning: memory execution works only with executable files (.exe, .scr ...)! For other file types, you must use the drop and execute option!
Warning: if you use the drop option, file will be decrypted before being dropped (scantime crypt only)! If you want the dropped file to still be crypted/undetectable, then crypt it using memory execution, save it, then bind it using dropping option.
-How to make malware / server always run at startup but not binded file
Why is this needed? Because when you install for example a server, installed file will be a copy of file which has been run (so if you binded more files, they will be run also on startup)
This is good technique to avoid this (for all binders and crypters):
Crypt single server (memory run);
- Clear binder list;
- Bind crypted server with legit file/s (drop and execute).
-Spreader:
E-mail spread:
Octopus will gather email addresses list from infected computer MSN accounts; then it will send a customizable message to all the addresses. It will do this operation each number of specified days (default:7). Note that Octopus will not attach itself, but you can put links in the email message.
-Send using victim's address: emails will be sent using infected owner's address.
-Spoof sender address: with this option you can type any custom address (real or even fake) that will appear as the sender address. Examples of accepted addresses are:
info@promotion.com (show only sender address)
Weekly Promotion <info@promotion.com> (show sender's name + address).
If anti-spam level is high, emails coming from unknown addresses could be received in spam box.
MSN Messenger spread:
-Multilanguage MSN spreader: this function sends a different message depending on computer language. Currently supported languages are: English, Spanish, German, French, Italian, Turkish, Romanian, Dutch, Swedish. If computer uses a different language, Octopus will use the backup, customizable message.
Instead of using multilingual spread, you can choose to use a customizable message, like any other classic MSN spreader.
Drives/USB spread:
the program will spread itself to all drives (Removable hard drives, USB drives, memory cards etc.) connected to the computer. An autorun.ini file is created to execute the server automatically when the drive is opened. You can choose if the program will spread only when executed, or continously try to spread until the process is active. If you check the “Hide files” option, then the spread file and the Autorun.ini file will have hidden, system and readonly attributes. You can also choose a different name for the copied file.
Peer-to-peer
spread:
the application will copy itself to the selected P2P programs sharing folders. You can set a different name for the copied file instead that using the original one.
-General features:
No external dependencies needed: The stub does not need any external dependency and is programmed to be run under any Windows system. The builder does not need any external file except the provided .ocx, so you will not need to have Visual Basic installed or anything else.
Shell parameters support: Octopus is compatible with programs that need to be executed with command line parameters.
Custom parameters support: You can also set custom command-line parameters for files to be executed, using the binder pop-up menu.
EOF Data support: This crypter is compatible with application which store data/settings at End Of File (for example Bifrost). By the way some applications have got EOF data but they don't need it to store settings, so EOF preserve option can be disabled without corrupting the application.
Icon / Information cloner: Clones icon, informations, or both, on your choice, from desided file to output file.
Files compression: you can choose to compress files of your choice in binder list. File code will be packed with UPX before crypting; this will decrease output size.
Size adder: Almost the opposite function of file compressor, with this very fast size adder you can add a custom size (in kilobytes or megabytes) to output file.
Fully
compatible with .scr extension: While
other binders/crypters (private also) don't work if output file has
.scr instead of .exe extension, Octopus will work good.
Hardware ID protection: Octopus client will run only on system where hardware ID is provided with the Hardware ID Generator (provided by me when purchasing).
Online authentication mechanism: Octopus
will check online if the ID is authorized. In case of chargebacks or
scams, Builder will be locked. This is a read-only operation and no
information is transmitted remotely to me.
Execution delay: Octopus server will execute after the specified time; this is helpful to avoid detections regarding program behaviour. The only action that will be performed before the delay is the message box function (if enabled). Leave the value to 0 for no delay, in this case the program will be executed immediately.
-Downloader :
Unlimited file number support (multidownloader)
Every file type supported.
The
downloader will download chosen files from the specified URL to the
specified directory. Then you can choose if it must also execute
file or not. You can download and execute any file type (executables but also pictures etc.)
Downloader can be useful if you want Octopus to execute files, without adding much size to stub.
-Message Box:
On program run, a message box with specified features will be displayed. This is the only action the server does before the time delay (if there is).
Tested and working with:
Spy-Net
- Cyber-Gate
Apocalypse RAT
Cerberus RAT
Poison Ivy
Bifrost
Zeus
ButterFly Bot
Bandook
Lost Door
Turkojan
iStealer
- My other softwares
...more and more...
By the way Octopus should be compatible with any file.
Example of Virus-Scan:
Unencrypted Spy-Net server:
File Info
Report date: 10.2.2010 at 23.03.54 (GMT 1)
File name: Spy-Netserver.exe
File size: 278528 bytes
MD5 Hash: 9ed0b70cb9863d0407ae42912c96b685
SHA1 Hash: 94925334D2378905738ACFC7EF490DAED1C3590A
Detection rate: 18 on 20
Status: INFECTED
Detections
a-squared - Worm.Win32.Rebhip!IK
Avira AntiVir - TR/Spy.Gen
Avast - Win32:Dialer-gen [Dialer]
AVG - Generic16.OHR
BitDefender - Trojan.Agent.AOFE
ClamAV - Nothing found
Comodo - TrojWare.Win32.Spatet.A0
Dr.Web - Win32.HLLW.SpyNet
F-PROT6 - W32/Trojan2.JRCA
G-Data - Win32:Dialer-gen [Dialer] B
Ikarus T3 - Worm.Win32.Rebhip
Kaspersky - Trojan.Win32.Llac.bdm
McAfee - Generic PWS.di trojan
NOD32 - Win32/Spatet.A
Panda - Trj/Spy.YM
Solo Antivirus - Trojan.Win32.Llac.GK
Sophos - Mal/Behav-328
TrendMicro - Nothing found
VBA32 - Trojan.Win32.Llac.bdm
VirusBuster - Worm.DR.Rebhip.Gen
Spy-Net server crypted with Octopus:
Report date: 10.2.2010 at 22.48.11 (GMT 1)
File name: Output.exe
File size: 376832 bytes
MD5 Hash: d065e41ced0d3cfa246c1ddd397744ed
SHA1 Hash: 8A9C97A2AC56F4825413F86B026E29850239813C
Detection rate: 0 on 20
Status: CLEAN
Detections
a-squared - Nothing found
Avira AntiVir - Nothing found
Avast - Nothing found
AVG - Nothing found
BitDefender - Nothing found
ClamAV - Nothing found
Comodo - Nothing found
Dr.Web - Nothing found
F-PROT6 - Nothing found
G-Data - Nothing found
Ikarus T3 - Nothing found
Kaspersky - Nothing found
McAfee - Nothing found
NOD32 - Nothing found
Panda - Nothing found
Solo Antivirus - Nothing found
Sophos - Nothing found
TrendMicro - Nothing found
VBA32 - Nothing found
VirusBuster - Nothing found
Disclaimer:
I will not be held responsible for the use you make of this program (Octopus). You (the purchaser) are the only one responsible for your actions, not me (the seller)! This program must be used only on own computers.
