Kodex Softwares

Kodex Softwares
1st Year Anniversary!

Evil Extractor

Evil Extractor is an attack software developed against Windows-Based operating systems. It offers two modes of operation: Single Bullet and RAT. Users can combine these modes for more advanced attacks. With RAT mode, you can establish a live connection with the target system, giving you the ability to upload, delete, download files, take screenshots, send fake error messages and perform many other actions. On the other hand, Single Bullet mode provides six primary attack types, each with unique features that work through FTP service.
Purchase

EVIL EXTRACTOR MAIN FEATURES

Password & Cookie Extractor

Access passwords, cookies and browser histories from popular browsers

Screen & Webcam Extractor

Take screen and webcam images from the target system

Credentials Extractor

Retrieve PC information like public IP, real-time location, PC Name etc.

File Extractor

Get important files from popular locations like desktop and downloads folder

All In One Extractor

Combine all the other attack types in all in one method

Ransomware
Silently lock all the files on the target system and leave a custom note
Private Encrypter & Binder

Encrypt your agent with private encrypter & bind your agent with pdf, exe or txt files

RAT Mode

Upload, delete, download files, take screenshots, send fake error messages and perform many other actions in real-time connection

EVIL EXTRACTOR OTHER FEATURES

FTP Server System

Connect to your FTP server through Evil Extractor, monitor and download the logs in real-time

Agent Scan System

Evil Extractor has been integrated with the KleenScan service that displays the detection values of your agent

Can't be Destroyed

Evil Extractor agent keep works in the background, even if it is forcibly closed after it executes (works with extra features)

Windows Defender Bypass

Evil Extractor agent will add itself to exclusions once it executes

UAC Bypass

Evil Extractor agent will always run as administrator and silently bypass UAC

Silent

Evil Extractor agent will be fully silent in the background once it executes

Anti-VM

Evil Extractor agent will not run inside virtual machines

No Traces

Evil Extractor agent leaves no trace on the target system

SINGLE BULLET MODE Password & Cookie Extraction

With the password & cookie extraction method, you can reach passwords (for popular browsers such as Chrome, Opera, Firefox, Microsoft Edge etc.) and cookies (for Chrome, Firefox, Opera Stable and Microsoft Edge in JSON format) on target system and you can access these values remotely via ftp. Additionally, it will retrieve browser histories. You can directly login with passwords or you can replace your cookies with new ones and hijack the all target user sessions (Bypass 2FA).

SINGLE BULLET MODE Screen & Webcam Extraction

In this method, you’ll get screen and webcam images (at the same time) from target system in the time range you choose and it’s also persistence on target system. You can reach these screen and webcam images via your ftp service.

Note: The Screen & Webcam Extractor, when used with the all-in-one attack method, does not provide persistence on the target system.

SINGLE BULLET MODE Credentials Extraction

With the credentials extraction method, Evil Extractor agent bring us a lot of information about target system. These are: Public IP, real-time location, computer username, RAM, GPU, CPU and many other things. It also brings us the target system’s all the wireless networks that target system has ever connected to (with passwords).

SINGLE BULLET MODE File Extraction

Everyone knows, people keeps important documents (like pictures, passwords and other stuffs) on their computer. With file extracting attack, you’ll receive Downloads and Desktop files from target system. Be sure to set your ftp server’s storage well when trying this method. May be too many files on the target system.

Files with these extensions will be extracted: jpg, png, jpeg, mp4, mpeg, mp3, avi, txt, rtf, xlsx, docx, pptx, pdf, rar, zip, 7z, csv, xml, html

SINGLE BULLET MODE All In One Extraction

With the all-in-one option, you combine all the other attack types (Screen & Webcam Extractor + Credentials Extractor + File Extractor + Password & Cookie Extractor) together. When the target system executes Evil Extractor agent, you’ll get passwords, cookies, credentials, important files, screen and webcam images.

SINGLE BULLET MODE Kodex Ransomware v2.0

The Kodex Ransomware attack option silently encrypts files on the target system using a unique encryption method based on the area selected by the user. You can reach information about encrypted files through your FTP service. You will also get a one-time screenshot when the encryption process is completed on the target system. The only way to access encrypted files is to enter a randomly generated 50 character key. Otherwise, encrypted files will remain locked forever.

Note: Kodex Ransomware feature is not included in all-in-one.

Sıngle bullet & RAT MODE Extra Features

Evil Extractor has binder and private encrypter inside itself (Each customer have their own encrypter. No one will be effected by the behavior of others). You can bind your agent with exe, pdf or txt files (size limited with: 500 mb). With the extra features option, agent will be encrypt itself (file size will increase). Also, this encrypter can updates itself online.

Happy Note: This binder also integrated with persistence module(s). If you bind any file with one of our persistence module(s), our agent will be work successfully but additional file will not open at windows startup.

RAT MODE Explained: RAT Connection

With RAT mode, you can establish a live connection with the target system, giving you the ability to upload, delete, download files, take screenshots, send fake error messages and perform many other actions in real-time connection.

FAQs Frequently Asked Questions

If you don’t know what to do, don’t worry! We will send a detailed documentation for you. 

• Windows 10 (x64)

• Windows 11 (x64)

In addition, virtual machine is recommended for a clean setup.

Evil Extractor is designed for the next-generation Windows operating systems, ensuring smooth functionality on these platforms.

• Agents are fully integrated with Windows 10 & 11 (x64 and x86)

• Also, works on all Windows-Based operating systems (x64 and x86) based on PowerShell 5.1 & 5.1 higher.

You can check the full list from here.

• Ftp Server is required for Single Bullet Mode (We will provide a free FTP Server for 1 month to all customers)

• Port Forwarding is required for RAT Mode

No .net framework or extra dependencies required.

When a new version gets released, you will get the download link automatically after entering your license key.

When you create your agent without using extra features, the size is between 100-300 KB, but when you use extra features, it will be 5 MB+

Evil Extractor can only be installed on one computer. Don’t worry, you can reset your HWID once a month if you want to (limited to 2 HWID resets).