Remote command execution

Silent background process

Download and run file (Hidden)

Safe Mode startup

UAC Bypass

Will automatically connect to the server

Data sent and received is encrypted (substitution cipher)

Files are hidden

File Infector

Symmetric Cryptography

Hijack Execution Flow: DLL Side-Loading

Deobfuscate/Decode Files or Information

Input Capture Keylogging

Command and Scripting Interpreter

Installed Antivirus shown to server

Indicator Removal: Clear Windows Event Logs

Indicator Removal: File Deletion

Easily spread malware through download feature

Startup info doesn't show in msconfig or other startup checking programs like CCleaner

Disable Task Manager

TCP Connections

Non-Application Layer Protocol



Registry Editor

Process Manager

Clipboard Manager


Installed Programs

DDos Attack

VB Net Compiler

Location Manager [GPS - IP]

File Manager

Client [Restart - Close - Uninstall - Update - Block - Note]

Power [Shutdown - Restart - Logoff]

Hidden Content
You must register or login to view this content.