Kodex Softwares

EVIL EXTRACTOR

UPDATE NOTES

Remastered v1.2 • February 18, 2024

  • Minor bug fixes related to agent builders.
  • Minor GUI improvements (links have been changed, etc.).
  • Anti-VM feature has been strengthened; agents with this feature enabled are now configured to stop functioning if they detect an already active reverse-engineering tool.
  • Significant background changes have been made regarding software security & performance (including: If any reverse-engineering tool used in conjunction with Evil Extractor is detected, the software will automatically shut down).
  • Version information has been added to the login page.
  • KleenScan Results:

Remastered v1.1 • January 9, 2024

  • Intermediate bug fixes (Fixed: In some cases, agent doesn’t work on some machines).
    • We strongly recommend to rebuild your agents with this update.
  • Minor GUI improvements (Fixed: Scale issue related with “Listening” and “Ping” labels, etc. Old logo replaced with the new one).
  • Added resizer to RAT Webcam Monitoring.
  • KleenScan Results:

Remastered v1.0 • December 5, 2023

  • Evil Extractor completely rewritten using .NET Framework. All the issues (UI freezing, etc.) related with Evil Extractor, has been resolved with the Remastered version.
  • PowerShell support has been removed for agents (all agents are now written in .NET Framework), thereby expanding the number of platforms agents can operate on: Windows 7/8/8.1/10/11, Windows Server 2008/2012/2016. Along with this change, the ‘can’t be destroyed’ feature has been removed.
  • License system has been entirely revamped, speeding up license verification, and the servers have been renewed (completely eliminating connection issues).
  • With Evil Extractor Remastered, HWID reset has been automated (eliminating the need for customers to contact the support team for HWID reset; they can automatically transfer their license to another machine).
  • Auto Updater feature has been added to Evil Extractor Remastered. Customers will no longer need to deal with third-party sites; updates will be automatically downloaded and installed with a single click.
  • Extreme sizes of Evil Extractor Remastered and Decryption Tool (40 MB) have been reduced to (<10 MB).
  • Evil Extractor has been completely automated: Once you enter your license key/FTP information (for connection and agent creation)/KleenScan API key, it will be automatically saved on your computer. This eliminates the need to manually input the information again.
  • Added a resize feature to the User Interface.
  • New additional features have been added, and existing features have been enhanced (features will be optional, allowing users to add or remove these features to any desired agents):
    • Persistence
    • Self-Destruction
    • Anti-VM
    • Private Encrypter (algorithm completely changed, using AES now)
    • Binder
    • Icon selection
    • Error message
    • Sleep before execution
    • x86/x64/ANY CPU selection
    • Assembly information (File Description, Company Name, Copyright, etc.)
    • Silent
    • No-Traces
  • Private encrypter model has been completely overhauled and enhanced. Moving forward, FTP and RAT IP/Port information will be encrypted using AES.
  • Error Message feature has been introduced for agents (you can optionally prompt an error message when the agent is executed on the target system).
  • Flexibility has been introduced for creating agents with or without icons, and with or without binding.
  • All the troublesome ‘path cannot contain special characters or spaces’ rules have been removed when creating agents.
  • Included new extensions for Binder: .exe, .pdf, .png, .jpg.
  • Persistence module has been enhanced and all issues resolved. Additionally, the requirement for the created agent to retain the same name has been eliminated. After the build, even if the agent’s name is changed, the persistence feature will still function.
  • Binder and persistence features have been integrated with each other. While the Bind feature is active, the agent added to startup will not execute the bound file upon system restart.
  • Removed default admin requirements for agents.
  • UAC Bypass, as agents no longer require default administrator privileges, has been removed.
  • WD Exclusion method has been removed. This feature, intended to add itself to exclusions, was inadvertently triggering an aggressive mode in Defender, contrary to its purpose.
  • Default agent sizes have been reduced/stabilized.
  • All Single Bullet agents have been rewritten from scratch and fixed all existing issues.
    • File upload speed to FTP has been doubled for all Single Bullet agents.
    • Screen & Webcam Extractor has been rewritten from scratch, resolving all issues (screen lag, camera issues, connection problems). It has been optimized for resolutions such as 100%, 125%, 150%, etc.
      •  Added custom time range feature for Screen & Webcam Extractor (customers will be able to completely set the time range they want for retrieving logs).
    • Credentials Extractor has been rewritten from scratch and enhanced (location information, etc.).
    • Location information (US, TR, GER, etc.) has been completely improved. Instead of retrieving this information from the target system’s current keyboard layout, it will now show the actual location.
    • File Extractor has been rewritten from scratch, fixed all issues and introducing two modes to prevent file clutter: Retrieve sensitive Files only / Retrieve All files.
    • Password & Cookie Extractor has been rewritten from scratch, fixed all issues (fixed date errors in the History section – 01-02-1601), resolving and enhancing all features related to passwords and cookies. Unnecessary browsers have been removed, and the entire system has been improved. Passwords & cookies agents will now function in chromium v80+ browsers (integrated into modern browsers).
      •  Supported browsers: Chrome, Microsoft Edge, Opera Stable (Default Opera browser), Opera GX, Brave, Vivaldi.
      • Passwords & Cookies Extractor will now extract information from all profiles of the supported browsers (In the original version of Evil Extractor, only information from the default profile was extracted).
  • Kodex Ransomware v3 (final form) has been released.
    • Decryption tool rewritten from scratch, all issues related decryption has been resolved.
    • Encryption/decryption algorithm for Kodex Ransomware was written from scratch, enhanced, and all issues were resolved (completely eliminating the problem of being unable to encrypt certain files). The existing encryption time was accelerated. Following numerous tests, the Encryption success rate was determined to be 95.X%+.
    • Executable (.exe) files will not be included in the encryption process for Kodex Ransomware.
    • Encryption of ‘Important documents’ no longer includes the ‘Documents’ and ‘Pictures’ folders; instead, it now encompasses ‘Desktop’ and ‘Downloads’.
    • Full Encryption folders remain unchanged: ‘Important Documents’ (Desktop + Downloads) + Other Disks (D:\, E:\, F:\, etc.).
    • In cases where the size of the file to be encrypted is excessively large, the file is open, or its structure is compromised, encryption may fail for the specified file. This scenario is included in the count of ‘Encryption failed files total of number’. To facilitate identification, ‘Encrypted.txt’ sent to your FTP server will now contain information on ‘Encrypted files total of number, Encryption failed files total of number, Time Elapsed’. 
    • Post-ransomware screenshot feature was deemed unnecessary and has been removed.
  • KleenScan agent scanning system has been completely revamped and improved. All antivirus programs have been added (customers can choose their preferred antivirus for scanning).
    • Results section has been configured to be detailed (Antivirus Name/Detection/Last Updated), and a button for automatic redirection to view results online has been added.
    • View latest KleenScan results (Ransomware agent)
  • FTP Server section now includes functionalities for deleting directories/files and logging out. Additionally, all connections have been configured to be made securely via SSL/TLS (1.2).
    • FTPs support has been introduced as default. FTP connections made through Evil Extractor Remastered or your agent will now be encrypted with SSL/TLS (1.2) for complete security.
    • File download system from the FTP server has been enhanced; all files will be downloaded along with their respective directory names for better organization.
    • ‘Test FTP’ feature has been added for the FTP server, allowing a one-click test to validate entered FTP information.
    • All connection dropout issues for the FTP server section have been resolved, and the table has been detailed as follows: NAME/TYPE (File or Directory)/PATH
  • All RAT Server features have been rewritten, with new functionalities added and all issues resolved.
    • RAT port listening feature has been enhanced to ensure there is no conflict between the application’s listened ports and the selected port.
    • You won’t need to manually enter your local IP for RAT listening; the application will determine it automatically.
    • Added domain support for RAT mode (now, it can be used with duckdns or similar services).
    • Added features to RAT:
      • Monitoring (Screen & Webcam)
      • Information
      • Wifi
      • File Manager
      • Shell (Cmd)
      • Upload & Execute (URL/File)
      • Chat (Live Chat/Error Message)
      • Power (Restart/Shutdown)
      • Kill session
    • New features of RAT Server have been tested on a public network (up to 370 ms).
  • The conflict issue within the application between RAT and FTP server has been completely resolved, allowing both interfaces to be used simultaneously.
  • With this update, all PDFs have been refreshed, and a public PDF (Features) has been published. You can view the PDF by clicking here.

v4.3 (Major Update) • September 2, 2023

  • Kodex Ransomware v2.0 has been released, with a completely renewed encryption method, and the source code has been rewritten from scratch (a unique encryption method will now be used instead of the archiving method to encrypt files). All minor and major issues stemming from Kodex Ransomware v1.0 have been fixed and improved (including the full encryption issue, screenshot resolution, timing issue, etc.).
  • Compared to Kodex Ransomware v1.0, the encryption speed of v2.0 has been increased by 83.33%, and new folders for encryption have been added (Important documents Encryption: Desktop, downloads, documents, videos, pictures folders. Full Encryption: Important documents + Other disks).
  • A “Kodex Ransomware Decryption Tool” has been developed to decrypt files encrypted using Kodex Ransomware v2.0 (this decryption tool will be sent to customers).
  • For Kodex Ransomware v2.0, the normal agent selection and can’t be destroyed features have been removed (a private encrypter will be used in every case when creating the Kodex Ransomware v2.0 agent, with the binder as an option).
  • Support for Kodex Ransomware v1.0 has been discontinued, and agents created using Kodex Ransomware v1.0 will no longer function with this update. We strongly recommend updating your software.
  • Kodex Ransomware video has been updated.
  • For RAT, when ‘Kill’ is right-clicked during the connection to the target system, the connection will be completely terminated (and the persistence feature will be removed). This way, you can completely eliminate any unwanted connections. (Customer suggestion)
  • All errors in the Persistence modules have been fixed, and their infrastructures have been revamped (UAC silently bypassed for the next reboot, fixed major issues).
  • For older cameras, a 2-second cooldown has been added to the webcam section of the Screenshot & Webcam Extractor, resolving the issue with capturing camshots.
  • In the Rat Shell, a border has been added, and a menu has been added to the top right corner in the RAT section. Also, all the fonts completely redesigned.
  • To address potential connection issues, FTP and RAT listening are now configured not to run at the same time (major bug fixes).
  • The infrastructure for both normal agent creation and Private Encrypter & Binder agent creation has been completely overhauled, resulting in faster agent generation and bug fixes. (With this update, please be aware that the installation of the Private Encrypter may take some time. Kindly wait patiently and refrain from clicking on the GUI during the download. Note that this waiting period is a one-time occurrence after the Private Encrypter update.)
  • Private Encrypter method updated, detection values decreased to 1/40. [View KleenScan results]

v4.2 • June 14, 2023

  • Added new AVs to KleenScan system, and the “something went wrong” error has been completely resolved
  • Kodex ransomware agent will now be able to perform self-debugging and automatically stop functioning when an unexpected event occurs (to prevent the deletion of files on the target system before they are encrypted)
  • Minor bug fixes (new software security system)

v4.1 • June 9, 2023

  • Added a note system for RAT Mode (Customer suggestion, you can now take notes about the target system)
  • Resolved the issue of RAT Mode freezing unexpectedly
  • RAT Mode’s execute URL section has been updated to use HTTPS and fixed errors
  • The issue of having a new tray icon appear for each notification in RAT Mode has been resolved, and a menu has been added to the tray icon
  • Errors in persistence agents have been fixed
  • WD Bypass feature has been improved
  • Fixed minor issues in RAT Mode’s Upload & Execute functionality
  • In the FTP Server System, the issue of connection dropping when it remained open for an extended period has been resolved by enhancing the ‘Refresh’ option. Users can now click the Refresh option to automatically reconnect in case of connection loss
  • Fixed the issue of screen shifting for Screen & Webcam Extractor (screenshot is now centered)
  • The problem of not being able to upload images and webcam footage for the Screen & Webcam extractor to FTP has been completely resolved (this issue was only present for Screen & Webcam Extractor in normal agent creation)
  • GUI automatic resizing has been reconfigured
  • Minor GUI improvements (Checkbox, pop-up issue, etc.)
  • GUI icon resolution issue has been fixed
  • Implemented new security measures for the software’s safety
  • Fixed small bugs in File Extractor and Kodex Ransomware
  • Made minor bug fixes in normal agent creation and private encrypter & binder

v4.0 (RAT) • May 1, 2023

  • Single Bullet & RAT Mode has been added:
  • Evil Extractor now offers two modes of operation: Single Bullet and RAT. Users can combine these modes for more advanced attacks. With RAT mode, you can establish a live connection with the target system, giving you the ability to upload, delete, download files, take screenshots, send fake error messages and perform many other actions. On the other hand, Single Bullet mode provides six primary attack types, each with unique features that work through FTP service.
  • A notification system has been added to notify the user when a target machine connects to the RAT.
  • With v4.0, the GUI resizing will be done automatically according to the screen size.
  • GUI scrollbar appearance has been changed.
  • VM setup requirement has been removed since no one was using it (although it is still recommended and those who wish can still install/use it on a VM).
  • Private Encrypter & Binder bug has been fixed.
  • Screen and webcam image counting issue has been resolved.
  • Private Encrypter and Normal Agent Creation methods updated. Detection values decreased to 1/40 -> Click here to view
  • Keylogger feature has been removed from Evil Extractor to focus on further development and a new software will be released in the future. All Evil Extractor customers will benefit from this new software.
  • Persistence modules have been improved (UAC notification bypassed).
  • PDFs have been updated to explain RAT mode.

v3.6 • March 22, 2023

  • Minor Bug Fixes (Ransomware, Screen & Webcam Extractor, Password & Cookie Extractor, Keylogger). Those features will not work properly in the old version (v3.5.5), we strongly recommend updating your software.
  • Password & Cookie Extractor improved (Added cooldown for: computers with saved a lot of information in browsers).
  • Keylogger improved (some typos fixed).
  • Screen & Webcam resolution fixed for webcam feature.

v3.5.5 • March 17, 2023

  • Minor Bug Fixes (Persistence Modules).
  • Password & Cookie feature has been improved. Password & Cookie Extractor may not work properly in the old version (v3.5), we strongly recommend updating your software.
  • Anti-VM feature has been extremely strengthened and most well-known virtual machines have been added to the blacklist (Your agent will no longer run inside machines such as JOHN-PC, ANNA-PC etc. and you will no longer see these names on your FTP server).

v3.5 • March 8, 2023

  • Minor Bug Fixes (GUI, Private Encrypter & Binder).
  • The Keylogger feature has been rewritten from scratch and is now much more detailed like -> “[ENTER]hello world![F5].”
  • All features have been renewed/updated. Old features may not work properly in the old version (v3.4), we strongly recommend updating your software.
  • Anti VM feature has been strengthened (No more sandboxies).
  • No Tracking feature has been improved.
  • Private Encrypter method updated (Detection values decreased to -> 0/34)
  • Antivirus Scan Results for All In One Extractor (With Extra Features) -> Click here to view
  • Note: Detection values may change person to person (for more information, please take a look at v2.2 update notes).

v3.4 • February 25, 2023

  • Password & Cookie, Screen & Webcam Extractor, Keylogger and Kodex Ransomware infrastructure has been completely changed (These features have been accelerated and strengthened). Those features will not work properly in the old version (v3.4 below), we strongly recommend updating your software.
  • Screen & Webcam infrastructure has been changed, also improved image quality for webcam (1920×1080).
  • Browser History removed from Credentials, added to Password & Cookie Extractor (Now, browser history detailed like: URL, Visit Time, Title).
  • Credentials Extractor completely renewed (Incoming logs will be organized in one txt file). Also, added Real-Time location, GPU, CPU, RAM and many other things to Credentials Extractor.
  • Password & Cookie Extraction infrastructure has been completely changed/renewed. Now all cookie information will be delivered in JSON format (Customer suggestion), some less popular browsers have been removed and removed Outlook & Thunderbird password extracting feature (resulting in 99% faster performance).
  • Private Video “Bypass Youtube & G-Mail 2FA” renewed (JSON Format).

v3.3 • February 18, 2023

  • Minor Bug Fixes (GUI fonts + GUI pop-up issue + License system will be work more stable from now + persistence modules)
  • Added KleenScan agent scan system (Now, you can scan your agents’ detection value through Evil Extractor)
  • Added “Select Area for Encryption” for Kodex Ransomware (Now, you have 2 option: Full Encryption, Important Documents Encryption). (Customer suggestion)
  • Added screenshot feature for Kodex Ransomware (You’ll get a single screenshot after encryption). (Customer suggestion)
  • UAC Bypass feature has been strengthened.
  • Anti-VM feature has been strengthened.
  • Added Extension Spoofing video to private videos. (Customer suggestion)
  • Private Encrypter method completely renewed (Detection values decreased to -> 0/34)
  • Antivirus Scan Results for All In One Extractor (With Extra Features) -> Click here to view
  • Note: Detection values may change person to person (for more information, please take a look at v2.2 update notes).

v3.1 • February 7, 2023

  • Minor bug fixes (GUI + Message Box + Keylogger).
  • The Keylogger infrastructure has been changed (now it’s better). This feature (Keylogger) may not work properly in the old version (v3.0), we strongly recommend updating your software.
  • Added Private Video (Bypass Youtube 2FA). (Customer suggestion)

v3.0 (GUI) • January 24, 2023

  • Evil Extractor GUI released (Evil Extractor completely renewed). Now you can follow your targets via Evil Extractor server system.
  • Added Keylogger (Persistence). Also integrated with All-in-one Extractor (Customer suggestion)
  • Minor bug fixes (Password & Cookie Extractor)
  • Private Encrypter Method Updated. Detection values decreased to -> 1/26 (All in one Extractor with extra features)
  • Added 6 hours time range option to Keylogger + Screen & Webcam Extractor
  • Kodex Ransomware instrafacture has been extremely strengthened.
  • Now, Kodex Ransomware feature will be also encrypt Downloads folder on target system too (Now: Desktop + Downloads)
  • Also, license system has been completely changed; Now, you don’t have to download Evil Extractor License Generator to use Evil Extractor. All the system is fully automated with license keys.

v2.3 • January 4, 2023

  • Minor bug fixes
  • Added contact information for Kodex Ransomware (Customer suggestion)
  • Added Opera Stable, Microsoft Edge cookie grabber for Password & Cookie Extractor
  • Added File Extractor instead of Desktop Extractor (Now, File Extractor will extract files from Downloads and Desktop folders). Now, you will only be able to receive files with certain extensions (to avoid uploading unnecessary files in FTP area).
  • Files with these extensions will be extracted: jpg, png, jpeg, mp4, mpeg, mp3, avi, txt, rtf, xlsx, docx, pptx, pdf, rar, zip, 7z, csv, xml, html

v2.2 • December 25, 2022

  • Added anti VM
  • Added agent icon selection for every agent (Now, can be used without extra features)
  • Added Private Encrypter. Now, each customer will have their own encrypter. No one will be effected by the behavior of others (like uploading agent to virustotal or automatic sample submission etc.). Detection values may change person to person.

v2.1 • December 13, 2022

  • Added live countdown (Read_me.html) to Kodex Ransomware feature.

v2.0 • December 10, 2022

  • Transfer queue completely changed (File loss is minimized in case of a possible internet loss on the target system).
  • Can’t be destroyed feature added.
  • Kodex Ransomware added.

v1.9 • December 6, 2022

  • Target location and hostname added (Now, incoming files will be more organized like: [United States]DESKTOP-XXXX). (Customer suggestion)
  • With v1.9, a single Evil Extractor agent can run at (at the same time) many different computers.

v1.8 • December 4, 2022

  • Windows Defender Bypass Method added (Evil Extractor agent will add itself to exclusions once it executes.)
  • UAC Bypass added (Evil Extractor agent will always run as administrator.)

v1.7 • December 1, 2022

  • Added Password & Cookie Extractor
  • (Now, Evil Extractor can grab passwords from 27 different browsers. Including mail softwares like: Thunderbird and Outlook)
  • Firefox table bug fixed on Password & Cookie Extractor

v1.6 • November 27, 2022

  • Minor bug fixes on Extra Features
  • Added “cookies.html” (table) for Cookie Extractor (Cookies now more organized: Expiration date, cookie value etc.)
  • Added Free FTP plans to all packages

v1.5 • November 16, 2022

  • Extra Features (Encrypter and Binder)
  • Icon change selection for agent
  • Firefox cookie grabber for Cookie Extractor
  • Time range selection for Screen & Webcam Extractor
  • Public IP information for Credentials Extractor
  • Edge browser history for Credentials Extractor

v1.4 • October 7, 2022

  • Added Screen & Webcam Extractor (Persistence)

v1.3 • October 1, 2022

  • Screenshot Extractor (Persistence)
  • x64 & x86 selection added

v1.2 • September 14, 2022

  • All in one
  • No-console (target-side console output is no longer shown)
  • No traces (leaves no traces on the target system)

v1.1 • September 12, 2022

  • Interface updated

v1.0 • September 10, 2022

  • Added Credentials Extractor
  • Added Desktop Extractor
  • Added Cookie Extractor