Kodex Softwares

EVIL EXTRACTOR

UPDATE NOTES

Remastered v1.7 • October 18, 2024

  • Important bug fixes:
    • On computers that do not use the Gregorian calendar (e.g., Thailand, etc.), agents sometimes failed to run. This issue has been completely resolved, and agents will work smoothly regardless of whether the Gregorian calendar or any other calendar system is used.
      • With this update, you will need to rebuild your agents.
  • New features have been added to the screen and webcam monitoring sections in the RAT:
    • For Screen Monitoring, screens are now listed. If the target system uses multiple monitors, you will be able to list and monitor the screen of your choice.
    • Previously, Screen Monitoring combined multiple monitors side by side if the target system had more than one monitor, which caused the mouse control to click in the wrong places and resulted in poor display quality. This issue has been completely resolved with the addition of the option to split the screens.
    • For Webcam Monitoring, cameras are now listed. If the target system has multiple cameras, you can choose and monitor the desired camera.
  • UI has been updated:
    • All right-click menus in Evil Extractor (RAT Server, FTP Server, RAT File Manager, RAT Wifi Profiles) have been customized.
    • Most icons have been changed, and the UI has been further modernized.
    • Disabled buttons in the RAT screen monitoring section have been removed, and the remaining buttons have been organized/rearranged.
    • The bottom frame in the RAT screen and webcam monitoring sections has been removed.
  • In the RAT’s Fun Menu, since the desktop and taskbar objects were defined only once when the agent was run on the target system, hide and show events sometimes failed to work when the resolution changed, the wallpaper was changed, or a new screen was added, etc. This issue has been completely resolved.
  • In the RAT section, the “.bat” extension has been added to the “Execute From Local” and “Execute From URL” methods. (Customer Suggestion)
  • A new security measure has been added to the Kodex Ransomware v3 Decryption Tool.

Remastered v1.6 • October 7, 2024

  • RAT Section:
    • Monitoring
      • Mouse and keyboard control features have been added to the RAT live screen monitoring (the keyboard controller supports all languages).
      • The screen and webcam monitoring options in RAT have been highly optimized (though the image quality has slightly decreased). As a result, the speed and stability of image transmission have improved significantly.
      • Gaps that appeared on the top, bottom, left, or right of the screen in screen and webcam monitoring have been fixed.
      • A memory leak issue on the agent side during live webcam usage has been fully resolved, and the webcam section has been optimized.
    • Shell (CMD)
      • The command restriction in the RAT’s cmd section has been removed, allowing users to execute any command on the target system (with error output added).
      • The RAT has been protected from crashing, even when an incorrect or infinite loop command is used in the cmd section.
    • File Manager
      • A “Start” option has been added to the right-click menu in RAT’s file manager, allowing users to easily open files on the target system.
      • A bug in the RAT file manager’s download section, where files under the size limit (400 MB) would sometimes still trigger an error, has been completely resolved.
    • Live Chat
      • The 50-character limit in RAT’s live chat has been removed (the new max length is 300), and multiline functionality has been added. Also, messages that are too long for a single line will now wrap to the next line, ensuring that no message overflows and goes unseen.
      • A bug that caused the live chat to close and the connection to drop when alt-tabbed on the target system has been fixed. The chat can no longer be closed by alt-tabbing on the target system, preventing connection drops.
      • The window for RAT’s live chat feature will always stay on top of other applications on the target system.
    • A Fun Menu has been added to the RAT: Desktop and taskbar show/hide, play sound (boing or unplug), set wallpaper.
    • A “Reconnect” option has been added to the RAT menu. This option closes the current connection with the target system and gives you a new one. If you believe there is an issue with the existing connection, you can use this option.
    • The RAT notification alert has been set to always appear in front of all windows (previously, it sometimes stayed in the background and was not visible).
    • Several bugs causing disconnections in RAT’s live chat, screen and webcam monitoring, and cmd forms have been identified, fixed, and optimized.
    • Issues caused by improperly closing certain windows in the RAT section of Evil Extractor (e.g., alt+F4) have been fully resolved.
    • A minor bug was detected and fixed in the execute URL section of the RAT (the bug did not prevent the feature from working).
    • From now on, actions you take on clients (such as screen monitoring) will not interfere with actions on other clients.
    • Incoming connections in the RAT have been stabilized.
    • All these new features and bug fixes have been tested and confirmed on public networks.
      • With this update, you will need to rebuild your RAT agents.
  • Single Bullet Section:
    • The “Retrieve sensitive files only” and “Retrieve all files” modes have been removed from the File Extractor. Instead, a fully customizable “Keywords” and “Extensions” feature has been added. Users can now customize the file extraction process by entering their desired keywords and file extensions.
    • Due to the removal of a third-party library in the passwords & cookies section, the file size (previously 4.2 MB) has been reduced to 1.02 MB, and an expiration date value has been added to the JSON cookie file.
    • These new features have been integrated into the All In One Extractor, and the file size has been optimized to 1.09 MB.
  • The session control time for Evil Extractor has been extended to 24 hours (it was previously 12 hours). If Evil Extractor remains open, it will restart every 24 hours to verify your license.
  • All file transfers (downloads, uploads, etc.) in Evil Extractor and agents have been optimized and are now twice as fast.
  • All public and private videos have been re-recorded, and explanatory PDFs have been added alongside the private videos. The new private video series includes: Agent Camouflage Technique, Bypass 2FA, and Extension Spoofing.

Remastered v1.5 • September 1, 2024

  • RAT Section:
    • A ‘Download and Execute’ feature has been added to the ‘Execute’ menu in the RAT section.
      • Users can now use this feature to download and execute files from the internet on the target system after establishing a connection (Allowed file types: .exe, .jpg, .png, .pdf).
    • The ‘Execute URL’ option in the RAT section has been renamed to ‘Visit a Website’.
    • A ‘Goto’ option has been added to the right-click menu in the ‘File Manager’ section of the RAT (Shortcut to Desktop and Downloads folders). This allows users to quickly navigate to popular file paths with a single click.
    • A disk selection option has been added to the ‘File Manager’ section in the RAT, allowing users to switch between disks as they wish.
    • The reconnect option in the RAT agent has been improved, and the bugs found have been fixed.
  • Single Bullet Section:
    • The Screen & Webcam Extractor now includes the option to enter two different time intervals. The first is the time interval in which you want to retrieve logs (in minutes), and the second is the interval at which you want to capture screen and webcam images (in seconds). Additionally, all these updates have been integrated into the All In One Extractor.
      • Previously, screen and webcam images were only captured at the time intervals you set for retrieving logs. Now, you can capture screen and webcam images at any desired time interval.
  • New security measures have been implemented to Evil Extractor.
    • File binder is no longer allowed to bind Kodex Softwares.
    • If Evil Extractor has been modified, it will detect the alteration and the application will not launch.
  • The 100 MB file limit for the binder (Single Bullet and RAT Agent) has been increased to 300 MB.
  • The interface has been updated (some old icons have been replaced, etc.).
  • The KleenScan interface was adjusted and some unpopular AVs were removed (Total number of AVs: 30).

Remastered v1.4 • July 17, 2024

  • High-DPI support has been added to Evil Extractor Remastered and Kodex Ransomware v3 Decryption Tool. Additionally, the screen scaling issue that occurred with high DPI settings has been completely resolved.
  • Added Custom Message instead of Error Message (optional) for Single Bullet/RAT agent builders. User can select their preferred icon for custom message (Error, Warning or Information).
  • The technique used for binding files has been completely rewritten and all existing issues have been resolved. The 5 MB file limit has been increased (up to 100 MB).
    • The unnecessary file size increase during the binding process has been fixed; now the size of your original agent will only increase by the size of the file to be bound.
      • For example: If the agent size is 700 KB and the file size to be bound is 10 MB, the total file size will be 10.7 MB.
  • Added version information to the main page.
  • Various bug fixes related to the .NET Framework v4.5 builder have been made in the background.
  • The issue where the “kleenscan_api.txt” file in the Autofill folder was not being updated when the KleenScan API key was changed has been fixed.
  • The execution order of the sleep feature in Extra Features has been changed.
  • An issue in the File Extractor, usually occurring with the ‘Retrieve All Files’ option (System.IO.PathTooLongException), causing the agent to crash, has been resolved. The same precaution has been applied to the ‘Retrieve Sensitive Files Only’ mode. Additionally, all these changes have been integrated into the All In One Extractor.
  • The port listening input for RAT has been adjusted from a maximum of 4 digits to 5 digits. (Customer Suggestion)
  • The ‘Message Box’ section in the RAT menu during live connections has been reorganized and now supports 3 types of message boxes (Error, Warning, and Information).
  • The 40 MB limit in the upload, download, and execute file sections of the RAT has been increased to 400 MB. These features have been tested on a public network (up to 300ms).

Remastered v1.3 • June 10, 2024

  • Implemented intermediate bug fixes for Passwords & Cookies Extractor, also integrated with the All In One Extractor.
    • We strongly recommend to rebuild your agents with this update.
  • Significantly enhanced the ‘No Traces’ feature: all files/folders used by agents in the background are now set to ‘Hidden’.
  • Added a ‘Wallet Type‘ feature to the ransomware module, allowing users to select their preferred wallet type (btc, xmr, ltc, etc.).
  • Redesigned the interface (updated some logos, added a ‘Documentation’ button to the bottom left corner, organized all textboxes, etc.).
  • Fixed background registry entry error for the software.

Remastered v1.2 • February 18, 2024

  • Minor bug fixes related to agent builders.
  • Minor GUI improvements (links have been changed, etc.).
  • Anti-VM feature has been strengthened; agents with this feature enabled are now configured to stop functioning if they detect an already active reverse-engineering tool.
  • Significant background changes have been made regarding software security & performance (including: If any reverse-engineering tool used in conjunction with Evil Extractor is detected, the software will automatically shut down).
  • Version information has been added to the login page.
  • KleenScan Results:

Remastered v1.1 • January 9, 2024

  • Intermediate bug fixes (Fixed: In some cases, agent doesn’t work on some machines).
    • We strongly recommend to rebuild your agents with this update.
  • Minor GUI improvements (Fixed: Scale issue related with “Listening” and “Ping” labels, etc. Old logo replaced with the new one).
  • Added resizer to RAT Webcam Monitoring.
  • KleenScan Results:

Remastered v1.0 • December 5, 2023

  • Evil Extractor completely rewritten using .NET Framework. All the issues (UI freezing, etc.) related with Evil Extractor, has been resolved with the Remastered version.
  • PowerShell support has been removed for agents (all agents are now written in .NET Framework), thereby expanding the number of platforms agents can operate on: Windows 7/8/8.1/10/11, Windows Server 2008/2012/2016/2019/2022. Along with this change, the ‘can’t be destroyed’ feature has been removed.
  • License system has been entirely revamped, speeding up license verification, and the servers have been renewed (completely eliminating connection issues).
  • With Evil Extractor Remastered, HWID reset has been automated (eliminating the need for customers to contact the support team for HWID reset; they can automatically transfer their license to another machine).
  • Auto Updater feature has been added to Evil Extractor Remastered. Customers will no longer need to deal with third-party sites; updates will be automatically downloaded and installed with a single click.
  • Extreme sizes of Evil Extractor and Decryption Tool (40 MB) have been reduced to (<10 MB).
  • Evil Extractor has been completely automated: Once you enter your license key/FTP information (for connection and agent creation)/KleenScan API key, it will be automatically saved on your computer. This eliminates the need to manually input the information again.
  • Added a resize feature to the User Interface.
  • New additional features have been added, and existing features have been enhanced (features will be optional, allowing users to add or remove these features to any desired agents):
    • Persistence
    • Self-Destruction
    • Anti-VM
    • Private Encrypter (algorithm completely changed, using AES now)
    • Binder
    • Icon selection
    • Error message
    • Sleep before execution
    • x86/x64/ANY CPU selection
    • Assembly information (File Description, Company Name, Copyright, etc.)
    • Silent
    • No-Traces
  • Private encrypter model has been completely overhauled and enhanced. Moving forward, FTP and RAT IP/Port information will be encrypted using AES.
  • Error Message feature has been introduced for agents (you can optionally prompt an error message when the agent is executed on the target system).
  • Flexibility has been introduced for creating agents with or without icons, and with or without binding.
  • All the troublesome ‘path cannot contain special characters or spaces’ rules have been removed when creating agents.
  • Included new extensions for Binder: .exe, .pdf, .png, .jpg.
  • Persistence module has been enhanced and all issues resolved. Additionally, the requirement for the created agent to retain the same name has been eliminated. After the build, even if the agent’s name is changed, the persistence feature will still function.
  • Binder and persistence features have been integrated with each other. While the Bind feature is active, the agent added to startup will not execute the bound file upon system restart.
  • Removed default admin requirements for agents.
  • UAC Bypass, as agents no longer require default administrator privileges, has been removed.
  • WD Exclusion method has been removed. This feature, intended to add itself to exclusions, was inadvertently triggering an aggressive mode in Defender, contrary to its purpose.
  • Default agent sizes have been reduced/stabilized.
  • All Single Bullet agents have been rewritten from scratch and fixed all existing issues.
    • File upload speed to FTP has been doubled for all Single Bullet agents.
    • Screen & Webcam Extractor has been rewritten from scratch, resolving all issues (screen lag, camera issues, connection problems). It has been optimized for resolutions such as 100%, 125%, 150%, etc.
      •  Added custom time range feature for Screen & Webcam Extractor (customers will be able to completely set the time range they want for retrieving logs).
    • Credentials Extractor has been rewritten from scratch and enhanced (location information, etc.).
    • Location information (US, TR, GER, etc.) has been completely improved. Instead of retrieving this information from the target system’s current keyboard layout, it will now show the actual location.
    • File Extractor has been rewritten from scratch, fixed all issues and introducing two modes to prevent file clutter: Retrieve sensitive Files only / Retrieve All files.
    • Password & Cookie Extractor has been rewritten from scratch, fixed all issues (fixed date errors in the History section – 01-02-1601), resolving and enhancing all features related to passwords and cookies. Unnecessary browsers have been removed, and the entire system has been improved. Passwords & cookies agents will now function in chromium v80+ browsers (integrated into modern browsers).
      •  Supported browsers: Chrome, Microsoft Edge, Opera Stable (Default Opera browser), Opera GX, Brave, Vivaldi.
      • Passwords & Cookies Extractor will now extract information from all profiles of the supported browsers (In the original version of Evil Extractor, only information from the default profile was extracted).
  • Kodex Ransomware v3 (final form) has been released.
    • Decryption tool rewritten from scratch, all issues related decryption has been resolved.
    • Encryption/decryption algorithm for Kodex Ransomware was written from scratch, enhanced, and all issues were resolved (completely eliminating the problem of being unable to encrypt certain files). The existing encryption time was accelerated. Following numerous tests, the Encryption success rate was determined to be 95.X%+.
    • Executable (.exe) files will not be included in the encryption process for Kodex Ransomware.
    • Encryption of ‘Important documents’ no longer includes the ‘Documents’ and ‘Pictures’ folders; instead, it now encompasses ‘Desktop’ and ‘Downloads’.
    • Full Encryption folders remain unchanged: ‘Important Documents’ (Desktop + Downloads) + Other Disks (D:\, E:\, F:\, etc.).
    • In cases where the size of the file to be encrypted is excessively large, the file is open, or its structure is compromised, encryption may fail for the specified file. This scenario is included in the count of ‘Encryption failed files total of number’. To facilitate identification, ‘Encrypted.txt’ sent to your FTP server will now contain information on ‘Encrypted files total of number, Encryption failed files total of number, Time Elapsed’. 
    • Post-ransomware screenshot feature was deemed unnecessary and has been removed.
  • KleenScan agent scanning system has been completely revamped and improved. All antivirus programs have been added (customers can choose their preferred antivirus for scanning).
    • Results section has been configured to be detailed (Antivirus Name/Detection/Last Updated), and a button for automatic redirection to view results online has been added.
    • View latest KleenScan results (Ransomware agent)
  • FTP Server section now includes functionalities for deleting directories/files and logging out. Additionally, all connections have been configured to be made securely via SSL/TLS (1.2).
    • FTPs support has been introduced as default. FTP connections made through Evil Extractor Remastered or your agent will now be encrypted with SSL/TLS (1.2) for complete security.
    • File download system from the FTP server has been enhanced; all files will be downloaded along with their respective directory names for better organization.
    • ‘Test FTP’ feature has been added for the FTP server, allowing a one-click test to validate entered FTP information.
    • All connection dropout issues for the FTP server section have been resolved, and the table has been detailed as follows: NAME/TYPE (File or Directory)/PATH
  • All RAT Server features have been rewritten, with new functionalities added and all issues resolved.
    • RAT port listening feature has been enhanced to ensure there is no conflict between the application’s listened ports and the selected port.
    • You won’t need to manually enter your local IP for RAT listening; the application will determine it automatically.
    • Added domain support for RAT mode (now, it can be used with duckdns or similar services).
    • Added features to RAT:
      • Monitoring (Screen & Webcam)
      • Information
      • Wifi
      • File Manager
      • Shell (Cmd)
      • Upload & Execute (URL/File)
      • Chat (Live Chat/Error Message)
      • Power (Restart/Shutdown)
      • Kill session
    • New features of RAT Server have been tested on a public network (up to 370 ms).
  • The conflict issue within the application between RAT and FTP server has been completely resolved, allowing both interfaces to be used simultaneously.
  • With this update, all PDFs have been refreshed, and a public PDF (Features) has been published. You can view the PDF by clicking here.

v4.3 (Major Update) • September 2, 2023

  • Kodex Ransomware v2.0 has been released, with a completely renewed encryption method, and the source code has been rewritten from scratch (a unique encryption method will now be used instead of the archiving method to encrypt files). All minor and major issues stemming from Kodex Ransomware v1.0 have been fixed and improved (including the full encryption issue, screenshot resolution, timing issue, etc.).
  • Compared to Kodex Ransomware v1.0, the encryption speed of v2.0 has been increased by 83.33%, and new folders for encryption have been added (Important documents Encryption: Desktop, downloads, documents, videos, pictures folders. Full Encryption: Important documents + Other disks).
  • A “Kodex Ransomware Decryption Tool” has been developed to decrypt files encrypted using Kodex Ransomware v2.0 (this decryption tool will be sent to customers).
  • For Kodex Ransomware v2.0, the normal agent selection and can’t be destroyed features have been removed (a private encrypter will be used in every case when creating the Kodex Ransomware v2.0 agent, with the binder as an option).
  • Support for Kodex Ransomware v1.0 has been discontinued, and agents created using Kodex Ransomware v1.0 will no longer function with this update. We strongly recommend updating your software.
  • Kodex Ransomware video has been updated.
  • For RAT, when ‘Kill’ is right-clicked during the connection to the target system, the connection will be completely terminated (and the persistence feature will be removed). This way, you can completely eliminate any unwanted connections. (Customer suggestion)
  • All errors in the Persistence modules have been fixed, and their infrastructures have been revamped (UAC silently bypassed for the next reboot, fixed major issues).
  • For older cameras, a 2-second cooldown has been added to the webcam section of the Screenshot & Webcam Extractor, resolving the issue with capturing camshots.
  • In the Rat Shell, a border has been added, and a menu has been added to the top right corner in the RAT section. Also, all the fonts completely redesigned.
  • To address potential connection issues, FTP and RAT listening are now configured not to run at the same time (major bug fixes).
  • The infrastructure for both normal agent creation and Private Encrypter & Binder agent creation has been completely overhauled, resulting in faster agent generation and bug fixes. (With this update, please be aware that the installation of the Private Encrypter may take some time. Kindly wait patiently and refrain from clicking on the GUI during the download. Note that this waiting period is a one-time occurrence after the Private Encrypter update.)
  • Private Encrypter method updated, detection values decreased to 1/40. [View KleenScan results]

v4.2 • June 14, 2023

  • Added new AVs to KleenScan system, and the “something went wrong” error has been completely resolved
  • Kodex ransomware agent will now be able to perform self-debugging and automatically stop functioning when an unexpected event occurs (to prevent the deletion of files on the target system before they are encrypted)
  • Minor bug fixes (new software security system)

v4.1 • June 9, 2023

  • Added a note system for RAT Mode (Customer suggestion, you can now take notes about the target system)
  • Resolved the issue of RAT Mode freezing unexpectedly
  • RAT Mode’s execute URL section has been updated to use HTTPS and fixed errors
  • The issue of having a new tray icon appear for each notification in RAT Mode has been resolved, and a menu has been added to the tray icon
  • Errors in persistence agents have been fixed
  • WD Bypass feature has been improved
  • Fixed minor issues in RAT Mode’s Upload & Execute functionality
  • In the FTP Server System, the issue of connection dropping when it remained open for an extended period has been resolved by enhancing the ‘Refresh’ option. Users can now click the Refresh option to automatically reconnect in case of connection loss
  • Fixed the issue of screen shifting for Screen & Webcam Extractor (screenshot is now centered)
  • The problem of not being able to upload images and webcam footage for the Screen & Webcam extractor to FTP has been completely resolved (this issue was only present for Screen & Webcam Extractor in normal agent creation)
  • GUI automatic resizing has been reconfigured
  • Minor GUI improvements (Checkbox, pop-up issue, etc.)
  • GUI icon resolution issue has been fixed
  • Implemented new security measures for the software’s safety
  • Fixed small bugs in File Extractor and Kodex Ransomware
  • Made minor bug fixes in normal agent creation and private encrypter & binder

v4.0 (RAT) • May 1, 2023

  • Single Bullet & RAT Mode has been added:
  • Evil Extractor now offers two modes of operation: Single Bullet and RAT. Users can combine these modes for more advanced attacks. With RAT mode, you can establish a live connection with the target system, giving you the ability to upload, delete, download files, take screenshots, send fake error messages and perform many other actions. On the other hand, Single Bullet mode provides six primary attack types, each with unique features that work through FTP service.
  • A notification system has been added to notify the user when a target machine connects to the RAT.
  • With v4.0, the GUI resizing will be done automatically according to the screen size.
  • GUI scrollbar appearance has been changed.
  • VM setup requirement has been removed since no one was using it (although it is still recommended and those who wish can still install/use it on a VM).
  • Private Encrypter & Binder bug has been fixed.
  • Screen and webcam image counting issue has been resolved.
  • Private Encrypter and Normal Agent Creation methods updated. Detection values decreased to 1/40 -> Click here to view
  • Keylogger feature has been removed from Evil Extractor to focus on further development and a new software will be released in the future. All Evil Extractor customers will benefit from this new software.
  • Persistence modules have been improved (UAC notification bypassed).
  • PDFs have been updated to explain RAT mode.

v3.6 • March 22, 2023

  • Minor Bug Fixes (Ransomware, Screen & Webcam Extractor, Password & Cookie Extractor, Keylogger). Those features will not work properly in the old version (v3.5.5), we strongly recommend updating your software.
  • Password & Cookie Extractor improved (Added cooldown for: computers with saved a lot of information in browsers).
  • Keylogger improved (some typos fixed).
  • Screen & Webcam resolution fixed for webcam feature.

v3.5.5 • March 17, 2023

  • Minor Bug Fixes (Persistence Modules).
  • Password & Cookie feature has been improved. Password & Cookie Extractor may not work properly in the old version (v3.5), we strongly recommend updating your software.
  • Anti-VM feature has been extremely strengthened and most well-known virtual machines have been added to the blacklist (Your agent will no longer run inside machines such as JOHN-PC, ANNA-PC etc. and you will no longer see these names on your FTP server).

v3.5 • March 8, 2023

  • Minor Bug Fixes (GUI, Private Encrypter & Binder).
  • The Keylogger feature has been rewritten from scratch and is now much more detailed like -> “[ENTER]hello world![F5].”
  • All features have been renewed/updated. Old features may not work properly in the old version (v3.4), we strongly recommend updating your software.
  • Anti VM feature has been strengthened (No more sandboxies).
  • No Tracking feature has been improved.
  • Private Encrypter method updated (Detection values decreased to -> 0/34)
  • Antivirus Scan Results for All In One Extractor (With Extra Features) -> Click here to view
  • Note: Detection values may change person to person (for more information, please take a look at v2.2 update notes).

v3.4 • February 25, 2023

  • Password & Cookie, Screen & Webcam Extractor, Keylogger and Kodex Ransomware infrastructure has been completely changed (These features have been accelerated and strengthened). Those features will not work properly in the old version (v3.4 below), we strongly recommend updating your software.
  • Screen & Webcam infrastructure has been changed, also improved image quality for webcam (1920×1080).
  • Browser History removed from Credentials, added to Password & Cookie Extractor (Now, browser history detailed like: URL, Visit Time, Title).
  • Credentials Extractor completely renewed (Incoming logs will be organized in one txt file). Also, added Real-Time location, GPU, CPU, RAM and many other things to Credentials Extractor.
  • Password & Cookie Extraction infrastructure has been completely changed/renewed. Now all cookie information will be delivered in JSON format (Customer suggestion), some less popular browsers have been removed and removed Outlook & Thunderbird password extracting feature (resulting in 99% faster performance).
  • Private Video “Bypass Youtube & G-Mail 2FA” renewed (JSON Format).

v3.3 • February 18, 2023

  • Minor Bug Fixes (GUI fonts + GUI pop-up issue + License system will be work more stable from now + persistence modules)
  • Added KleenScan agent scan system (Now, you can scan your agents’ detection value through Evil Extractor)
  • Added “Select Area for Encryption” for Kodex Ransomware (Now, you have 2 option: Full Encryption, Important Documents Encryption). (Customer suggestion)
  • Added screenshot feature for Kodex Ransomware (You’ll get a single screenshot after encryption). (Customer suggestion)
  • UAC Bypass feature has been strengthened.
  • Anti-VM feature has been strengthened.
  • Added Extension Spoofing video to private videos. (Customer suggestion)
  • Private Encrypter method completely renewed (Detection values decreased to -> 0/34)
  • Antivirus Scan Results for All In One Extractor (With Extra Features) -> Click here to view
  • Note: Detection values may change person to person (for more information, please take a look at v2.2 update notes).

v3.1 • February 7, 2023

  • Minor bug fixes (GUI + Message Box + Keylogger).
  • The Keylogger infrastructure has been changed (now it’s better). This feature (Keylogger) may not work properly in the old version (v3.0), we strongly recommend updating your software.
  • Added Private Video (Bypass Youtube 2FA). (Customer suggestion)

v3.0 (GUI) • January 24, 2023

  • Evil Extractor GUI released (Evil Extractor completely renewed). Now you can follow your targets via Evil Extractor server system.
  • Added Keylogger (Persistence). Also integrated with All-in-one Extractor (Customer suggestion)
  • Minor bug fixes (Password & Cookie Extractor)
  • Private Encrypter Method Updated. Detection values decreased to -> 1/26 (All in one Extractor with extra features)
  • Added 6 hours time range option to Keylogger + Screen & Webcam Extractor
  • Kodex Ransomware instrafacture has been extremely strengthened.
  • Now, Kodex Ransomware feature will be also encrypt Downloads folder on target system too (Now: Desktop + Downloads)
  • Also, license system has been completely changed; Now, you don’t have to download Evil Extractor License Generator to use Evil Extractor. All the system is fully automated with license keys.

v2.3 • January 4, 2023

  • Minor bug fixes
  • Added contact information for Kodex Ransomware (Customer suggestion)
  • Added Opera Stable, Microsoft Edge cookie grabber for Password & Cookie Extractor
  • Added File Extractor instead of Desktop Extractor (Now, File Extractor will extract files from Downloads and Desktop folders). Now, you will only be able to receive files with certain extensions (to avoid uploading unnecessary files in FTP area).
  • Files with these extensions will be extracted: jpg, png, jpeg, mp4, mpeg, mp3, avi, txt, rtf, xlsx, docx, pptx, pdf, rar, zip, 7z, csv, xml, html

v2.2 • December 25, 2022

  • Added anti VM
  • Added agent icon selection for every agent (Now, can be used without extra features)
  • Added Private Encrypter. Now, each customer will have their own encrypter. No one will be effected by the behavior of others (like uploading agent to virustotal or automatic sample submission etc.). Detection values may change person to person.

v2.1 • December 13, 2022

  • Added live countdown (Read_me.html) to Kodex Ransomware feature.

v2.0 • December 10, 2022

  • Transfer queue completely changed (File loss is minimized in case of a possible internet loss on the target system).
  • Can’t be destroyed feature added.
  • Kodex Ransomware added.

v1.9 • December 6, 2022

  • Target location and hostname added (Now, incoming files will be more organized like: [United States]DESKTOP-XXXX). (Customer suggestion)
  • With v1.9, a single Evil Extractor agent can run at (at the same time) many different computers.

v1.8 • December 4, 2022

  • Windows Defender Bypass Method added (Evil Extractor agent will add itself to exclusions once it executes.)
  • UAC Bypass added (Evil Extractor agent will always run as administrator.)

v1.7 • December 1, 2022

  • Added Password & Cookie Extractor
  • (Now, Evil Extractor can grab passwords from 27 different browsers. Including mail softwares like: Thunderbird and Outlook)
  • Firefox table bug fixed on Password & Cookie Extractor

v1.6 • November 27, 2022

  • Minor bug fixes on Extra Features
  • Added “cookies.html” (table) for Cookie Extractor (Cookies now more organized: Expiration date, cookie value etc.)
  • Added Free FTP plans to all packages

v1.5 • November 16, 2022

  • Extra Features (Encrypter and Binder)
  • Icon change selection for agent
  • Firefox cookie grabber for Cookie Extractor
  • Time range selection for Screen & Webcam Extractor
  • Public IP information for Credentials Extractor
  • Edge browser history for Credentials Extractor

v1.4 • October 7, 2022

  • Added Screen & Webcam Extractor (Persistence)

v1.3 • October 1, 2022

  • Screenshot Extractor (Persistence)
  • x64 & x86 selection added

v1.2 • September 14, 2022

  • All in one
  • No-console (target-side console output is no longer shown)
  • No traces (leaves no traces on the target system)

v1.1 • September 12, 2022

  • Interface updated

v1.0 • September 10, 2022

  • First public release of Evil Extractor:
    • Added Credentials Extractor
    • Added Desktop Extractor
    • Added Cookie Extractor