#1 15. Dezember 2005 Ich suche morphine den stealther oder ein anderes was den server nicht kaputt macht!!! denn antidod oder wie das heisst, dass macht meinen server immer kaputt!!! + Multi-Zitat Zitieren
#2 15. Dezember 2005 Morphine http://hxdef.czweb.org/download.php?PHPSESSID=1b39633d527adfe4eb60e32b9d46fe22 + Multi-Zitat Zitieren
#4 15. Dezember 2005 im oberen feld wählst du die server.exe aus und unten wos gespeichert wird, dann auf morph und fertig + Multi-Zitat Zitieren
#5 16. Dezember 2005 hm ich habe morph 2.7 oder so runter gladen, aber wenn ich auf die morphine exe klicke obwohl meinantivirus geschlossen ist ! da startet er das ding nicht? muss ich da irgendwie was anderes installieren oder unter 98 starten oder so? habe eigentlich nur xp drauf und irgendwie will das nicht gehen >.< + Multi-Zitat Zitieren
#6 16. Dezember 2005 start >> ausführen >> 'cmd' eingeben >> mit 'cd <dir>' ins morphine-verzeichnis wechseln >> 'morphine -?' eingeben >> parameter auswählen und GO! + Multi-Zitat Zitieren
#7 16. Dezember 2005 achso kk und was heist der einzelnde befehl immer? bin nicht so der ober englisch profi wie bekomme ich das ding anti vir undetected macht mal bitte ein beispiel, was bedeutet das einzelne und wie benutzte ich das also morphine.exe -q etc. + Multi-Zitat Zitieren
#8 16. Dezember 2005 kopiers mal hierhin, hab morphine selbst grad nich zur hand ^^ + Multi-Zitat Zitieren
#9 16. Dezember 2005 Code: Morphine v2.7 ============= Morphine as a part of The Hacker Defender Project by Holy_Father <holy_father@phreaker.net> && Ratter/29A Copyright (c) 2000,forever ExEwORx betatested by ch0pper <THEMASKDEMON@flashmail.com> birthday: 03.10.2004 home: http://www.hxdef.org, http://hxdef.net.ru, http://hxdef.czweb.org, http://rootkit.host.sk licence: this program is open source under GNU GPL update: 22.07.2005: translate into C++ by ashkBiz <ashkbiz@yahoo.com> whole CPP project is in CPP directory Morphine is very unique application for PE files encryption. Unlike other PE encryptors and compressors Morphine includes own PE loader which enables it to put whole source image to the .text section of new PE file. This one is very powerful because you can compress source file with your favourite compressor like UPX and then encrypt its output with Morphine. Another powerful thing here is polymorphic engine which always creates absolutely different decryptor for the new PE file. This mean if your favourite trojan horse is detected by an antivirus you can encrypt it with Morphine. You will not get the virus alert again. What's more, Morphine allows you to encrypt one file several times! But be sure you're using -b option (see usage) when doing this. Unlike others Morphine enlarges your executable by not more than 5kb (this is not true for morphined DLLs without using -d option, see below)! Morphine supports most of PE files and many of other PE encryptor/packers. Also one of the greatest things here is that it is an open source project. In these days antivirus companies sniff around our site waiting for new version of morphine to add new decoder into their databases. But you can simply make your own undetectable version. Because new PE file has random loader it is possible the loading will take more time than you want to (especially when encrypting bigger files). If this occurs simply delete the long time loading PE file and try to build it again. And be careful with morphined DLLs. This can really slow down final execution. Whole Morphine code is compatible with Delphi 6 and 7 compiler. Morphined files can be executed on Windows with NT kernel only. Usage ----- Usage: morphine.exe [-q] [-d] [-b:ImageBase] [-o:OutputFile] InputFile -q be quiet (no console output) -d for dynamic DLLs only -i save resource icon and XP manifest -a save overlay data from the end of original file -b:ImageBase specify image base in hexadecimal string (it is rounded up to next 00010000 multiple) -o:OutputFile specify file for output (InputFile will be rewritten if no OutputFile given) Examples: 1) morphine.exe -q c:\winnt\system32\cmd.exe rewrite cmd.exe in system directory and write no info 2) morphine.exe -b:1F000000 -o:newcmd.exe c:\winnt\system32\cmd.exe create new file called newcmd.exe based on cmd.exe in system dir set its image base to 0x1F000000 and display info about processing 3) morphine.exe -d static.dll rewrite static.dll which is loaded only dynamically 4) morphine.exe -i -o:cmdico.exe c:\winnt\system32\cmd.exe create new file called cmdico.exe based on cmd.exe in system dir save its icon and or XP manifest in resource section 5) morphine.exe -i -a srv.exe rewrite srv.exe, save its icon, XP manifest and overlay data Versions -------- Better DLL support in Morphine 2.7 should make morphined DLL work also on NT4. TLS bugfix number 2 is Morphine 2.6. Version 2.5 fixes the bug in TLS support. Better support for VB programs together with end of file overlay support was added to Morphine 2.4. There were two serious bugz in previous releases. Morphine 2.3 fixs both of them. Version 2.2 supports Mew 11 SE 1.2 exe packer. Version 2.1 supports FSG 2.0 exe packer. Version 2.0 implements random secondary encryption routine and adds enables saving resource for DLLs. Last improvement in this version is a fake loop in DynLoader which protects morphine files against Norton AntiVirus. Since 1.9 you can save first icon directory and XP manifest in resource section using -i switch. Polycode is now smaller then ever - only 16 instructions - in version 1.8. Smaller polycode makes possible smaller final executable. Version 1.7 implements variable key length for second encryption routine. Version 1.6 is about :mad:ing KAV :). Well, not only :mad:ing KAV, also second decrypting unit is before loader. Version 1.5 is about improved polymorphic code. It's much more easier to write own polycode now. Also it's hard to detect for AV. Since 1.4 you can morphine DLL. There is a new option -d which isn't used by default. There are two ways how to import functions from DLL. For static import PE loader use import section in PE file. For dynamic import coder have to use functions like LoadLibrary and GetProcAddress. Many of DLLs are loaded only dynamically. But this can change in future because any program can load DLL statically. If you know your morphined DLL will never be loaded statically you can use (and it's better to use) -d option (morphined DLLs without -d can be much bigger than original). Since 1.3 we use smaller polymorphic loader. This is good for final executable which is less than 5kb bigger than original file. Also source code is more transparent. Since 1.2b morphined file has no .data section and the whole PE file is somewhere in .text section. Reason for this is that you could easily find old PE signatures and then find a key for decoding. Modifications by Jan Klaassen for 1.2a (cut&paste from mail): Somewhere on a forum I read your solutions for getting around a pattern recognition of AntiVirus in "Morphined" executables. The pattern "FF2534" was mentioned, but I think the AV also used the ..0000 bytes in front of it, or the code after it, since the AV was not triggered if the pattern mentioned was somewhere else in the code. I have made a small modification to the Morphine source code. I thought that maybe you or someone you know might be interested in these changes to get around AV recognition. I moved the jumps to the import section into the initcode (at the end) and implemented several (random) variants for the jumps. The jumps are coded seperately and are placed inside your rubbish. :) The initcode changed in the following way: - The addresses of the imported function in @DynLoaderCaller now get fixed-up with the location of the import jmps at the end of the initcode - The addresses of the import jmps get fixed-up with the location of the thunks (hint and name) of the imported function in the import section. The modified morphine and morphined exes seem to run fine on either Windows XP SP1 and Windows 2000 Adv.Server. (All morphined exes crash on Windows 98 Second Edition.) Files ----- original archive contains these files: morphine.exe 23 412 compiled and MEWed Morphine morphine.dpr 172 955 source code of Morphine morphine.txt 7 604 this readme CPP\ Morphine.exe 34 397 compiled and MEWed c++ Morphine morphine.cpp 298 692 source code of c++ Morphine Morphine.dsp 4 428 MSVS file Morphine.dsw 539 MSVS file morphine.sln 905 MSVS file morphine.vcproj 3 163 MSVS file + Multi-Zitat Zitieren
#10 17. Dezember 2005 lol raste aus.. hier haste ne bessere version morphine mit gui Morphine27GUI + Multi-Zitat Zitieren
#11 17. Dezember 2005 Hmm, bei mir kommt immer: Bringt aber nix, kommt immer wieder. ;( + Multi-Zitat Zitieren
#12 20. Dezember 2005 bei mir geht der, nur das opfer dem ich es geschickt habe meinte sein pc wäre abgestürzt als ich es ihm in einer rar datei per msn schicken wollte oO kann doch gar net sein ? hm stealtht das ding nun vor antivir ja ? und was muss ich einstellen bei der gui version `? hab alles std. gelassen + Multi-Zitat Zitieren
#13 20. Dezember 2005 wenn du morphine nicht bedienen kannst dann lass es doch einfach... btw falls du es noch nicht gemerkt hast: ein trojaner mit morphine zu stealthen bringt fast nichts.... + Multi-Zitat Zitieren
#14 21. Dezember 2005 komisch das es hier heisst, antivir detected es dann nicht etc. es muss doch ein tool geben, das den trojaner nicht kaputt macht und ihn vor antivir hauptsächlich nicht decten lässt ... und prorat funzelt dann doch oder nicht? also vonwegen festplatten rumstöbern evtl. webcam anmachen und keylgger ? + Multi-Zitat Zitieren
#15 21. Dezember 2005 ja klar funzen die tools noch aber sie sind dann trotzdem zu 90% nicht undetected. morphine ist ja schon alt^^ + Multi-Zitat Zitieren
#16 21. Dezember 2005 mir hets ja nur um antivir oO was anderes ist egal >.< wollt halt nur nen kumpel nen denkzettel verpassen, nen paar daten rumstöbern evtl. webcam aus joke anmachen was aber nicht ein muss sein muss !!! aber halt evtl. passwärter klauen und was sein sollte festplatten rumstöbern und daen saugen ^^ + Multi-Zitat Zitieren
#17 21. Dezember 2005 hm bei mir gehts mit morhpine bifrost vor antivir zu stealthen o.ô habs auch mal aufm online av hochgeladen und da erkennt antivir den packer morphine ?( naja egal, du kannstes auch mal mit av devil probieren und die offsets auslesen dann musste halt nur noch n bissl hexxn den code verändern an den bestimmten stellen. des funzt hundert pro da findeste avdevil http://217.172.39.227/~adminfp/download/Binder_Packer/av_devil_2.1.rar des rar pw is hacksector + Multi-Zitat Zitieren