This Project Contains XWorm V5.2 Source Codes
It is the latest version of private RAT Xworm.
I share this one for free, so leave the star⭐ to this repository
Download all source files, launch builder and fill in all gaps
Enjoy!
-
Drag And Drop Files
- File Manager
- Monitor
- HVNC
-
Run HVNC In Memory
-
Copy / Paste Text (HVNC)
-
Extract Video Thumbnail (File manager)
-
Recovery Plugins Updated
-
Vulnerability Fixed
-
Support All Systems
-
Change Group Name
-
Multi screen support
-
Bypass UAC Fixed + Fodhelper method
-
You can scroll up/down on some apps (Monitor - HVNC)
-
Recovery Plugins Updated
-
File Manager Updated
-
Hidden Apps
-
Hidden Browser
-
HVNC Fixed
- Information
- TCP Connections
- ActiveWindows
- StartupManager
- Registry Editor
- Process Manager
- Clipboard Manager
- Shell
- Installed Programs
- DDos Attack
- VB.Net Compiler
- File Manager
- WebCam (AutoSave)
- Microphone
- System Sound
-
RunFile
- Disk: Run Directly on Disc
- Link: Run with Link
- Memory:
- RunPE:
-
Open Url
- Visible
- Invisible
-
Location Manager
- GPS
- IP
-
Client
- Restart
- Close
- Uninstall
- Update
- Block
- Note
-
Power
- Shutdown
- Restart
- Logoff
-
Options
- BlankScreen (Enable - Disable)
- TaskMgr (Enable - Disable)
- Regedit (Enable - Disable)
- UAC (Enable - Disable)
- Firewall (Enable - Disable)
- Windows Update (Enable - Disable)
- Invoke-BSOD
- ResetScale
- .Net 3.5 Install
- RemovePlugins
- DeleteRestore
-
Password Recovery
- Passwords
- Cookies
- CreditCards
- Bookmarks
- Downloads
- Keywords
- History
- Autofill
- All-In-One
- Discord Tokens
- TelegramSession
- ProductKey
- MetaMask
- InternetExplorer
- FileZilla
- Wifi Keys
-
Pastime
-
CD ROOM (Open - Close)
-
DesktopIcons (Show - Hide)
-
SwapMouse (Swap - Normal)
-
TaskBar (Show - Hide)
-
Screen (ON - OFF)
-
Volume (Up - Down - MUTE)
-
Start (Show - Hide)
-
Clock [Show - Hide]
-
Text Speak
-
Explorer (Start - Kill)
-
TrayNotify (Show - Hide)
-
-
Extra 1
-
ReportWindow
-
Performance
-
Edit Hosts
-
KeyLogger (Offline - Online)
-
Client Chat
-
FileSeacher
-
Commands
-
MessageBox / BallonTooltip
-
UAC Bypass (RunAs - Cmstp - Fodhelper)
-
-
Extra 2
-
Ransomware [Encrypt - Decrypt]
-
Reverse Proxy
-
Ngrok Installer
-
HVNC | CommandPrompt - PowerShell - explorer | | EdgeBrowser - BraveBrowser - FireFoxBrowser - ChromeBrowser | [CloneProfile]
-
Hidden RDP
-
Hidden Apps
-
Hidden Browser
-
Bot killer
-
WDKiller
-
WDDisable
-
WDExclusion
-
-
Tasks
- GetKeylogger
- Open Url (Visible - Invisible)
- Recovery
- Run File (Disk - Link - Memory)
- DiscordToken
- TelegramSession
- MetaMask
- WDExclusion
- Update All Clients
-
Schtasks
-
Startup
-
Registry (Change Path)
-
Multi Dns
-
TBotNotify
-
AntiKill
-
WDEX
-
Keylogger
-
Clipper
-
Sleep
-
Obfuscator
-
AntiAnalysis
-
USB Spread
-
Icon
-
Assembly
-
Icon Pack
- Stable Connection
- Encrypted Connection
- Encrypted Strings
- Fud Downloader (HTA)
- Check Port
- Icon Changer
- Multi Binder (Icon - Assembly - Obfuscator)
.Net Framework 4.5 [Controller]
.Net Framework 4.0 [Client]
Size : 49.0 KB [Full Features]
Best Software Quality Ever
- This code is provided for learning and experimentation purposes only.
-
HRDP - Hidden Remote Desktop Protocol
- Remote Desktop Protocol (RDP) is a protocol that allows a computer user to access another computer remotely. HRDP refers to stealthy or disguised versions of Remote Desktop Protocol.
-
HVNC - Hidden Virtual Network Computing
- It stands for "Hidden Virtual Network Computers" and refers to a type of remote access tool that usually operates covertly or secretly. This software allows secret access to target systems. By providing remote access to the target system, it has functions such as seeing the hidden screen, controlling mouse and keyboard inputs.
-
VNC - Virtual Network Computing
- Software used for remote access and control.
-
RunPE - Run Process in Execution
-
RunPE is the part of the code responsible for injecting the functional portion of the virus into the memory of a selected process. Injection, which is placing the Payload in the memory of the chosen process, is the process itself.
-
The most commonly injected processes include:
- svchost.exe
- Regasm.exe
- explorer.exe
- Default browsers (chrome.exe, opera.exe, firefox.exe, iexplorer.exe)
- Itself (meaning the Payload is injected into a running process)
- vbc.exe
- cvtres.exe
-
Explaining to beginners, Payload refers to the file you've chosen to encrypt (i.e., a virus).
-
-
Encryption
- Encryption is the algorithm responsible for 'protecting' data by converting the bytes of a selected file, rendering them unrecognizable and completely different from the original file's bytes.
-
Stub
- A Stub refers to a program designed to contain the encrypted file and inject it into memory upon startup.
-
Mutex
- A very useful feature to make sure that your file does not work more than once at the same time.
-
Melt file
- Deletes / Deletes a file after it has been successfully launched.
-
File Pumper
- Adds a certain number of bytes (with a value of 0) at the end of the file, increasing its size, but does not violate any procedures at run time.
-
USG - Unique Stub Generator
-
WDEX - Web Data Extraction
ETC.
This content is provided for learning and testing purposes only. The information presented is for general information purposes and does not address any specific situation. No warranty is given as to the timeliness, accuracy or completeness of the information contained in the content. In connection with the use of these materials, no liability is accepted for any consequences or damages that may result from the use of the information or recommendations contained in the content.
This project is licensed under the MIT License. For more information, see the LICENSE file.