Thursday 12 September 2013

Power Loader 2.0 (Alueron)

Hello, i had to do this post to introduce you the C&C of Power Loader 2.0, due to a futur post about another malware based on it.

Advert:

English version, translated by Malwageddon (thanks again!) :
PowerLoader v2.0

[Preface]
Anyone who's in this business knows how difficult it is to find a good product with a good support.
Lots of software currently on the market is lack of the support and uses some ancient technologies with questionable bypass techniques.
So, here is the description of the loader that will solve these problems and increase your earnings.

[Loader Description]

- Private pro-active defences bypass code, includes a number of private OS integration methods.
- Uses private process attach method for (32bit/64bit), doesn't hang in the processes.
- Bypasses are implemented and working on all OS versions (xp/server/vista/7, user/admin, uac/on/off, 32bit/64bit)
- Successfully bypasses 32bit/64bit: Outpost, ComodoIs2012, Kis2013, Avg2013, ZoneAlarm, Avast, Dr.Web, F-Secure and many more.
- Protects and hides the loader, allows to restore your files, random filenames.
- Supports DLL injection in 32bit/64bit processes.
- DLLs are stored encrypted and injected into the processes by the loader.
- Doesn't store any leftover/rubbish files on the disk - integrity level.
- The only file that is left on the system and the only file working is your EXE(32bit), encrypting is done on that file only.
- Network activity is hidden from the firewalls, traffic is encrypted with RC4, supports backup servers.
- High callback rate and lifetime.

[Admin Panel]
- Easy to use multifunctional admin panel.
- Provides different load and execute commands for different types of files including DLLs
- Configuration editing, loader update, many other settings.
- Detailed statistics by date/build/countries/OS, live/dead/online/new bots.
- Tasks assignment by countries/builds with all necessary options.

[How to buy]
- We sell two loader versions - with and without DLL support. Number of licences is limited.
PowerLoader v2.0 Build - 500LR/WMZ
Rebuild for a new domain - 50LR/WMZ
Constant updates and support, latest technologies and high quality that will provide you with easy operation and bring top earnings.
Please contact support if you have any questions:
....@jabbim.com
Ready to take any tests on.
It's not says ont he advert but the source of Power Loader was also on sale.

The authentication is do simply like this:

When you are inside:

Stats system:

Stats country:

Task:

Add a new task:


Files:

Add file:

Settings:

Logs:

About the structure of Power Loader it has the following:
EXEs are stored inside the folder /files/ and are encoded/renamed (RC4) to avoid researchers.

Leaked builder of Power Loader:

If you want some good read about Alueron you can click on the following link:
- Gapz and Redyms droppers based on Power Loader code
- PowerLoader Injection - Something truly amazing
And get some sample a well as interesting reads here:
- Power Loader (blast, alias Alureon)

4 comments:

  1. Article about the injection method: http://touchmymalware.blogspot.com/2013/08/powerloader-injection-something-truly.html

    ReplyDelete
  2. Another resource: http://www.virusbtn.com/virusbulletin/archive/2012/10/vb201210-code-injection

    ReplyDelete
  3. Nice, we are waiting for something new from u.

    ReplyDelete
  4. comment télécharger ce botnet pour lui tester dans mon virtuelle lab thx xylibox

    ReplyDelete