Pinch 1.0
Released 21 years, 1 month ago. October 2003
Copyright © MegaSecurity
By Coban2k
Informations
| From | Russia |
| Author | Coban2k |
| Family | Pinch |
| Category | Information Stealer |
| Version | Pinch 1.0 |
| Released Date | Oct 2003, 21 years, 1 month ago. |
| Language | Assembly, Source included |
Additional Information
Server:
dropped file:
c:\WINDOWS\PINCH.EXE
size: 8.944 bytes
startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "putil"
Author Information / Description
Features:
- ICQ99b-2003a/Lite/ICQ2003Pro
- Miranda-icq
- Trillian ICQ&AIM
- &RQ
- The Bat!, The Bat! 2 (mailer)
- Outlook/Outlook Express (pop3/imap)
- IE autocomplete & protected sites & ftp (9x/Me/2k/xp supported)
- FAR Manager (ftp)
- Win/Total Commander (ftp)
- RAS (9x/Me/2k/xp supported)
- System info: OS, memory, CPU, hard drives, logged user, host name, IP
- Key-log
- Remote console
- Firewall bypass
- Sends e-mail using SMTP server
- E-mail messages are encrypted (if an attacker will steal your e-mail account he will not be able to see received passwords)
- Deleting itself (optional)
- HTML/Text reports
- Size of executable about 10Kb (don't tell me that it's impossible :P)
- Module system, some modules can be excluded to reduce the output size
- More features on your request
-------------------------------------------------------------------------------
Directory list:
1. Sources\HTTP - sources of cgi-gate which let you build an exe file from
web (w32 + Apache required). HTML page sources are in Russian language,
also it was configured to run on my machine (paths, etc), so you have to
modify sources manually.
2. Sources\ParserOnly - sources of pinch parser (decryptor) w/o configurator.
3. Pinch - main asm sources + masm32 compilator
4. Sources\PinchBuilder - sources of pinch parser + configurator.
5. Sources\TB! - parsing plugin for The Bat 2! (mailer) (it decrypts messages on the fly, while receiving).
6. Sources\Script - a script which is used on the HTTP server, required for bypassing firewalls.
-------------------------------------------------------------------------------
Run PinchBuilder.exe to compile a new version of trojan, always check SMTP server
before compilation.
Run Parser.exe to decrypt incoming messages.
-------------------------------------------------------------------------------
Q: Why it's so small?
A: Pinch doesn't actually decrypts passwords, it just retrieves hashes, after
they are decrypted using Pinch Parser (Parser.exe).
-------------------------------------------------------------------------------
Q: Bypassing firewalls (zonealarm, outpost, etc)?
A: There's a posibility to bypass firewalls using hidden IE window. In this
case Pinch will require an additional HTTP server to send passwords to. You have
to build Pinch with 'HTTP protocol' option enabled, take a look at view.php file
from 'script' folder for a script example.
Coban2kIf you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.