However, He had closed the Dark Comet project, when the Syrian government found to be using it to track down and to spy on their people. After that DarkCoderSc started working under a new banner 'Phrozen Software' to develop many new security softwares and penetration testing tools.
Just yesterday, Jean-Pierre and his team-mate Fabio Pinto from French University, have released a new tool called 'Rakabulle', a file binder with some cool features for penetration testers and malware researchers.
File binder is an application that allows a user to bind multiple files together, resulting in a single executable file. When you execute that single application, all previous merged files will be extracted to a temporary location, and will be executed normally.
"The builder Rakabulle application will create a stub and inject in its resource the target files to extract and execute. The stub is the little generate part of the program which is designed to extract from its resource the target files to a temporary location and execute. In our application the stub also got a part to inject in Explorer or Internet Explorer process and load custom made plugins.
Listed features are:
- File binder, auto file extractor and executor.
- REM (Remote Code Execution), Execute code (Plugins) in target process (Explorer or Internet Explorer)
- Support 32 and 64 Process.
- The application is a 32bit Application (Soon we will compile the 64bit version)
- Support UPX compression for the stub (Without compression stub size is about 38KiB using pure Windows API no extra libraries; with compression stub size is approximately 16KiB) The UPX compression doesn’t change the way the application work only the final size.
- Support Windows startup.
- Doesn’t require administrative privileges.
- Plugins and File list support drag and drop.
- Support plugins with an open source example.
- The stub and the builder are coded using Unicode encoding.
The file binder application is available for Free to download from Rakabulle website.