Jump to content
Tuts 4 You

EMV Softwares


Xyl2k

Recommended Posts

Someone on telegram intrigued me by telling me about software to read credit card chips, so here are some files that I got from the net.

The first software in question, on which I came across: "EMVStudio" belonging to emvstudio.com
If I look for the files on VT, it communicates with auth.emvstudio.com, I come across these 3 archives:

EMVStudio.rar - 1ba1fac55003d2c966f0071b2c126169254b35a38b4e2b913557c4fb0faadfdb
Contains  8d6dacff8a098b8d02202e8c6a4a65bbe20b332ba58d6165cca6f958187864c4
also a file named 'gp' who seem a config file.

emvstudio_v1.1.1.rar - 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
Contains  emvstudio_v1.1.2.exe - ce9187aa45f3f33e6f87a4dfcfa67308251970ca3d4e187bf9bb675c16942384
Contains also emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33
and card templates for the software.

emvstudio_v1.1.1 (2).rar - eb3e80bdc5d1120123530039c1ffa18bd3453813d78d1b8baf804d3efed1e7d7
Contains emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33


emvstudio_v1.1.3.exe - 7a0a07959f3629cafbcb8827715f931e533ba7894e8a3bc42df95fcfcc0bd584
EMVStudio version 1.1.3.
nB5hPuY.png


ShadeStudio.exe - 40ac2358207f582ee3051748f1b13811cbe9f9d23e78a4052eda847fafbb2f3b
ShadeStudio version 1.0
Telegram: @ShadeStudio
Looks a lot like EMV Studio.
wsKwdPY.png

ARQC TOOL PLUS.exe - e13c0b718728fc30762eb68e59d92308e0e66efa06b70fae1ea1f65e32d4344a
ARQC TOOL PLUS, version 1.0, skin windowsXP style.
telegram: BreezyDumps
mail: ceobreezy13@protonmail.com
Looks a lot like EMV Studio.
rOSxiyF.png

%TEMP%\ARQC TOOL PLUS.exe - 149df4a1412d557706d7c705beda6aa29180dd8a55644a35175c643b02cb9645
ARQC TOOL PLUS, version 1.0, skin windowsXP style, infected with W32/Neshta-A.
Telegram: BreezyDumps
Mail: ceobreezy13@protonmail.com
Looks a lot like EMV Studio.

emvstudio.exe - f8856c821ce0a221a2dffa3bde8f09110ec1c2e8f9c8c75f54b179be462af15e
Bundled file with malware 

ARQC TOOL PLUS..exe - 707570e7469b728ac3f48cd2055bfff92accb36b53a999efe69338dce9fa228b
Bundled file with malware 

emvstudio_v1.1.3cr.exe - 83262e3fbea3a3c373c706ff71864066d52acaf63affafc12b7da6d74b95e302
EMVStudio version 1.1.3, seem a cracked version.

emvstudio_unpacked.fixed1(2).exe - 52c89dbef55bd526def42ab9dbb04a2a02dac17cd4b4c0af7177ac61dd8f4297
EMVStudio version 1.1.3, seem a cracked version.

emvstudio_v1.1.3-cleaned1.exe - 050847f886f9df20c5d99a1cd2edffa478fedacaa433f7b17139fe66ab7b810a
EMVStudio version 1.1.3, seem a cracked version.

---
EXE contained in the above archives:

%HOME%\unpack\EMVStudio\EMVStudio.exe - 8d6dacff8a098b8d02202e8c6a4a65bbe20b332ba58d6165cca6f958187864c4
Can be found inside: (EMVStudio.rar - 1ba1fac55003d2c966f0071b2c126169254b35a38b4e2b913557c4fb0faadfdb)
EMVStudio Trial v1.0.
FxstAhB.png

%HOME%\unpack\emvstudio_v1.1.1\emvstudio_v1.1.1\emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33
Can be found inside: emvstudio_v1.1.1.rar - 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
And also inside: emvstudio_v1.1.1 (2).rar - eb3e80bdc5d1120123530039c1ffa18bd3453813d78d1b8baf804d3efed1e7d7
EMVStudio v1.1.1
mN1U8lC.png

emvstudio_v1.1.2.exe - ce9187aa45f3f33e6f87a4dfcfa67308251970ca3d4e187bf9bb675c16942384
Can be found inside: 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
EMVStudio v1.1.2
XItTlDi.png

After some more research:

Software matrix
matrix.exe - 87678c6dcf0065ffc487a284b9f79bd8c0815c5c621fc92f83df24393bfcc660
Don't ask me how it works.
K19AkNG.png

B.R Smart Card writer v9 Contained in RB4.rar - d290537982669a994598da5dc62b9242571c14d5b6a1f76c46a0e9110d5ac867
Contains a lot of stuff, older versions too.
As well as an X.exe (aea36d94e8a8deb91b0dbf84554e57b59d112c86a9261ac79d5cae9e9cb96bf8) protected by a password interface, which connects to dropbox to verify the pass (hxxps://dl.dropboxusercontent.com/uPASS.36t2211/) This file no longer exists, the only way is to patch the exe to open it.
vNeUAdi.png
8BDbKlY.png

Jcophiro (c0d11ed2eed0fef8d2f53920a1e12f667e03eafdb2d2941473d120e9e6f0e657)
75g4ilW.png
Funny thing on this one, it exfiltrate the infos to a server when you click 'gravar':
a6HKtho.png

X2
Found on a pack 'EMV.rar' ecad77d5394cb14611d8f643e29aa9744a02072b3fd2c9099af08947bc8a5b6e
Contains sub-archives with many files, *infected*

X2.exe - 66bb78f1d9a332522be0a1270b4ef4bb2bd6bba40609630ce63d1d603d19bfe7
Bundled with malware
xz2WuyG.png

X2G.exe - b5547482856a4ea39e4fb8274b2feef6c368f57d11dda77be32c6e4f8eb6d867
X2 Gold, Bundled with malware
pPvMwae.png

B.R Smart Card writer v9, Jcophiro, matrix, et X2, appears to be just GUIs for GPShell.exe (a communication software for smart card readers) 
-> https://github.com/sigma/globalplatform/tree/master/gpshell
GlobalPlatform is a standard for the management of the contents on a smart card.

GPShell.exe (33kb) - ba5e9041668257393ae28413f5099db5d12d7f48c239e8d19e9beda2036b31be

So.. what if we look directly for GPShell.exe?
We come across many archives (100+) we should expect to get X2 and cie. 

Quote

Scanned    Detections    Type    Name
2015-03-03 2015-03-03 20:38:15         RAR    gpshell.rar
2014-12-13 2014-12-13 21:06:03         ZIP    RB 4.0.zip
2015-07-25 2015-07-25 07:11:17         RAR    chip RB 5.rar
2016-07-07 2016-07-07 07:52:12         RAR    recurso.rar
2015-07-29 2015-07-29 19:46:49         ZIP    rb5 - Copy.zip
2015-10-10 2015-10-10 10:42:11         ZIP    Pen Rapaz1.zip
2015-07-03 2015-07-03 01:31:33         RAR    GPShell.rar
2018-11-18 2018-11-18 15:55:27         ZIP    chipset-full.zip
2015-07-03 2015-07-03 01:30:07         RAR    chip to EMV (7).rar
2020-06-06 2020-06-06 08:41:23         RAR    RB.rar
2016-01-06 2016-01-06 22:24:20         RAR    cchipset2.0.rar
2016-03-08 2016-03-08 02:25:48         RAR    chipset_v3.rar
2015-12-11 2015-12-11 16:40:01         ZIP    Conversor EMV chip tools.zip
2017-11-25 2017-11-25 20:32:51         RAR    Chipso.rar
2015-07-11 2015-07-11 17:59:47         RAR    AMEX.rar
2019-03-08 2019-03-08 11:33:51         ZIP    GPShell-1.4.4.zip
2015-07-20 2015-07-20 07:58:36         RAR    last.rar
2014-11-05 2014-11-05 23:26:39         RAR    BURN.rar
2015-11-22 2015-11-22 12:07:56         ZIP    Conversor EMV chip tools.zip
2015-11-03 2015-11-03 14:49:52         ZIP    Nova pasta (4).zip
2016-05-25 2016-05-25 11:00:36         ZIP    c-set.zip
2018-03-31 2018-03-31 07:54:13         RAR    c:\recurso.rar
2015-07-25 2015-07-25 18:43:56         ZIP    rb5.0.zip
2016-05-26 2016-05-26 18:33:54         ZIP    Chipset V2 Cracked.zip
2015-03-10 2015-03-10 02:47:29         RAR    CHANGER.rar
2017-04-23 2017-04-23 09:34:35         Win32 EXE    GPShell.exe
2015-01-27 2015-01-27 15:46:20         RAR    Gravador Caixa.rar
2017-03-02 2017-03-02 23:40:54         RAR    Pack - Especial de 2K Tazaah.rar
2015-08-26 2015-08-26 01:21:29         7ZIP    C:\Users\hp\Downloads\Files MSR2006.7z
2016-02-27 2016-02-27 16:24:07         ZIP    softuri.zip
2016-03-21 2016-03-21 01:22:55         ZIP    script debit (2).zip
2016-07-11 2016-07-11 17:10:36         RAR    Chip.rar
2014-12-12 2014-12-12 19:07:15         ZIP    Bradesco_Express_1.0.zip
2015-09-19 2015-09-19 18:31:21         ZIP    chp.zip
2015-07-22 2015-07-22 15:02:12         ZIP    engine.zip
2015-03-03 2015-03-03 15:40:09         ZIP    CODEX_bY_CODEX.zip
2015-08-03 2015-08-03 05:03:28         RAR    Debito-Cx.rar
2015-12-03 2015-12-03 08:04:11         ZIP    Track2ChipARQC.zip
2016-02-13 2016-02-13 00:32:03         RAR    EMV Writer.rar
2015-11-30 2015-11-30 10:38:23         JAR    /1/c/5/c5d9a9c34674d1feb37efb72601881e21542b63f101a25e1d89f213f2841b479.file
2016-11-08 2016-11-08 14:10:53         ZIP    ChipSoft.zip
2016-05-22 2016-05-22 04:55:27         RAR    FLAMIGO.rar
2016-02-20 2016-02-20 12:21:49         RAR    /1/0/d/0d68113a970e92ba7ceb1afc66c852fc3e3e2c1098643d51466f638c2776a494.file
2016-02-10 2016-02-10 15:45:17         RAR    EMV_Stuff_EMV2016.rar
2015-08-27 2015-08-27 20:57:09         ZIP    R.B. 6.0.zip
2015-06-06 2015-06-06 17:29:46         RAR    Codex.rar
2019-12-12 2019-12-12 01:46:33         ZIP    emv.zip
2015-09-28 2015-09-28 20:31:26         RAR    R.B6.0.rar
2016-05-17 2016-05-17 19:42:33         RAR    Debito X.rar
2015-10-10 2015-10-10 19:07:09         RAR    CODE BB betooooo.rar
2017-03-01 2017-03-01 11:02:06         RAR    R.B. 6.0.rar
2015-11-28 2015-11-28 04:23:45         RAR    ChipSET.rar
2016-02-02 2016-02-02 17:52:35         RAR    EMV CHIP.rar
2016-03-14 2016-03-14 07:33:18         ZIP    CARDING_EMV.zip
2014-11-21 2014-11-21 21:20:34         ZIP    EMV.zip
2015-12-03 2015-12-03 10:25:04         ZIP    chipset2.0.zip
2016-05-09 2016-05-09 19:42:42         RAR    GPShell.rar
2015-07-22 2015-07-22 22:08:58         ZIP    R.B 4.0.zip
2015-03-03 2015-03-03 15:41:07         RAR    GPShell.rar
2020-06-10 2020-06-10 01:43:58         7ZIP    B.R. Smart Card Writer.7z
2016-03-11 2016-03-11 23:41:44         RAR    R B-5.rar
2016-01-31 2016-01-31 05:00:59         RAR    CODEX bY CODEX BRANCO.rar
2016-05-26 2016-05-26 18:39:29         RAR    ChipSET.rar
2016-07-11 2016-07-11 06:43:24         RAR    FLAMIGO.rar
2016-03-14 2016-03-14 02:14:39         RAR    Conversor EMV chip tools.rar
2017-02-24 2017-02-24 03:41:20         ZIP    EMV_encode.zip
2017-07-14 2017-07-14 19:17:34         ZIP    RBXI.zip
2020-09-22 2020-09-22 06:39:06         Win32 EXE    EMV ReaderWriter v8.6.exe
2017-03-12 2017-03-12 13:27:49         RAR    GPShellCHANGER.rar
2020-06-09 2020-06-09 03:35:34         Win32 EXE    RB 4.0 3.exe
2017-03-14 2017-03-14 17:02:50         RAR    codex gp shell e mais cabeças.rar
2020-09-24 2020-09-24 16:15:18         Win32 EXE    braemvxox.exe
2017-05-05 2017-05-05 16:42:45         RAR    Dr.Heisenberg? ?? RB4??.rar
2019-07-22 2019-07-22 21:36:30         Win32 EXE    EMV ReaderWriter v8.6.exe
2017-05-16 2017-05-16 00:47:06         RAR    EMVToolslite.rar
2017-05-21 2017-05-21 14:10:59         ZIP    EMV Software.zip
2017-05-21 2017-05-21 18:10:09         ZIP    RB 4.0.zip
2017-05-21 2017-05-21 18:14:21         ZIP    CHIPSET V 3.7.zip
2017-06-27 2017-06-27 19:55:59         RAR    CHIPSET V 3.7.rar
2017-07-14 2017-07-14 15:34:02         ZIP    X2 5.1 FULL VERSION - Whatsmy1name.zip
2017-07-15 2017-07-15 05:28:21         ZIP    CODEXULTIMO.zip
2017-11-08 2017-11-08 22:46:44         RAR    PACK CARDER PRO-By TalesHacking.rar
2020-11-25 2020-11-25 02:28:30         Win32 EXE    433dfe593fad09f50e88d22b039f8f80.virobj
2018-09-06 2018-09-06 22:52:07         Win32 EXE    8d62e6bef8820d5f36233f33f6dbcfd0.virobj
2017-11-25 2017-11-25 20:20:29         ZIP    X2 certified software.zip
2018-02-27 2018-02-27 06:03:47         ZIP    emvMX.zip
2017-09-29 2017-09-29 15:50:34         RAR    EMV 10.0.rar
2017-10-09 2017-10-09 04:39:42         RAR    CODEX BB.rar
2017-11-10 2017-11-10 00:41:46         Win32 EXE    Y:\_Pro\EMV_enc.exe
2017-10-17 2017-10-17 19:30:07         RAR    /1/e/0/e0f895f7741f20233aafb03669b5a0e686f5b42a86b1d9074d51b681d59cdaef.file
2017-12-30 2017-12-30 10:28:11         ZIP    EMVTRACK2CHIP SOFTWARES LATEST (2).zip
2017-12-30 2017-12-30 18:00:25         ZIP    Attachments-chipset.zip
2018-01-07 2018-01-07 14:52:55         ZIP    Attachments-chipset.zip
2018-01-08 2018-01-08 18:17:39         ZIP    emvMX.zip
2018-01-18 2018-01-18 17:11:13         RAR    GpShell.rar
2020-05-28 2020-05-28 22:37:01         ZIP    Emv Beta.zip
2016-06-25 2016-06-25 22:59:57         RAR    Chipset.rar
2016-06-26 2016-06-26 13:28:35         RAR    RB4.rar
2017-01-12 2017-01-12 02:03:05         RAR    EMV Writer.rar
2016-07-13 2016-07-13 20:29:35         RAR    ICCARD FOR MCR200 10 (1).rar


Randomly:
EMVTRACK2CHIP SOFTWARES LATEST (2).zip - da0e6e265b2f2065e496adbb0102a1ba070346d8cc9a2a2bfbb0559cc8cd6290

Contains a soft pack:
codex-by-codex:

basico.exe - 4315dc7f035defc18fb2ba12d47a8073fcfa4da7669b8d51fe6582c645edcbf5
BUTZ4Wj.png

Completo.exe - 83a640b8433fa5cbfec841e60e3c73ec65446d63a8f00c00143aa3dc1632b786
infected also with W32/Neshta-A.
nty8Afr.png

Debito Caixa.exe - ca949bfcc6a0113e4a5578c9db07f9f144eb42e257ae146879292b3577d14f5b
infected also with W32/Neshta-A.
Version without neshta: 64f245b5dbfc4de66c49234c11bd61643e844fefab689c2b1a5c9373ea31483e
RRQTzyo.png


Edited version of 'jcophiro':

Credit.exe - c23411deeec790e2dba37f4c49c7ecac3c867b7012431c9281ed748519eda65c
ljoogI3.png
exfiltrate also datas🙂

jcopenglish.exe - 1ecfd3755eba578108363c0705c6ec205972080739ed0fbd17439f8139ba7e08
8rn5el7.png
exfiltrate also datas 🙂

SmartCard GoldMetal:
new.exe - 8788ad1a19a4392017a91ed591ed516309234f3dfed4a869a17bd41604f79d7e
YK4vYVc.png

3D files of skimmers (lmao, what's up with that in the archive) 
dieb-frame.stp - 7557b8b24cc02c79f27bf9ba3a0b2b2638033a1e0d6e3891c427cff2d64190f5
new-ncr-flat.stp - e754a6987cb46640cddbce51cd3c757c934632ee5460f5b6bd92ca3e9bf34d68
new-ncr-flat-mouth.stp - fadccaf6f6306d671043702211a015f881a046c74b862c7857795514c2ac5ae7
N SelfServ-PAD.STEP - fc0333a3486f6863c5992b1116afb72a386171c2e0db10016a6316d7398e91aa
Zbqzy81.png


X1
x1.exe - 9df64f5124893961a78282f7e19573406ba19011f6baadac93ec59c93bfda72f
srvajFJ.png

Toronto (A renamed version of x1, protected by password)
here you will have also one jumpy boy to patch.
TorontoCard.exe - e3db277da551621b102ac5ee545e772aa25799fa941c1e06bbc69fe4142af7cf 0/56!
aUKLJUn.png
HRzGyQA.png

One last random archive for fun:
chipset_v3.rar - 4d116757da91009466c5b0f60827d6d2b3fb00e480ebcc01bdd5fb49d3eb8ec2:
Emv ChipSet.exe - cac8aca4f7d2ff399a73531f179691b6a2e2a1b93e957d0a16f75c4818312880
ffgTiX5.png

Voila, u da carder now.

What if we go on youtube, and looks in comments inside emv software videos?:
uDAjTXu.png
lol, seem legit.


Conclusion on this afternoon wasted looking for useless stuff:
Lots of lamers, and for some reason there are quite a few Castilians.
Carders like to do reshacking to rebrand smart-card reading/writing software
Most of emv softs are only used for calculations, many are ultimately only wrappers for GPShell.exe.

edit: just ran across a bigass zip: EMV SOFTWARE.rar - 48b204bd7d264459660054272b881fdf7847c6100c4bcb3a5dfee1603aeac59f (593.56 MB)
x2: 76d11132b4ec7cabbbf1c674d2f52ad2b54ab71bc0567923af686be470fdcff3
ChipSetv1.4: 4725c1a75d4d348299319815a073b141e22bff0ef1ace32f754f4e2946908ef4 *infected*
EMV Break: 01111732e37631bb4da3c3056fe5d750743730532a63bcdd061a2c1c5160b023 *infected*
Matrix: 5d00faaccc0e9a7c3fc1eb16266f33a5c1e99b870e7454c47f42305e2cdfc564 *user: admin, pass: ewqdsacxz*
NFC&EMV Tool: 7f12b489b041ce920bc92cd95cee238a875f8fb9771942adf2d476c2e2d4fda0
R.B. 6.0: 4d02db9e8e4b83665b5bb4b6ad959478d81260706c9a57d68fa44c6b17e2264f
EMV Reader Writer Software V8: dc32698c13de42e87913c6d90939186a56ca4586e0397df52ed85e47443ceef4
X1 4.1: 2b924e13e705ecf9ea9199c6011dc4bd1d9160bffd1d6db0e5b0e0f40c01f47c
X1 v5: 6f24acf9a3ed15b5ef034460850679d7e9df1233386a36fc0a4b787844ee2e2e
X2A: da012c9b8ceceada9eb4db6b2de253cba1b2612ff5dc38c76ab0fd3784fc9640
X2G: 7dca48a66fa1cb27b1bb12b72d2de27580993f71b463bf472fc5e22cc4e15e32

Edited by Xyl2k
  • Like 1
  • Confused 1
Link to comment
Share on other sites

  • 1 month later...
  • 4 weeks later...

At first it was just about one harmful program, but the more i digged the more i found these, in the end i ended-up building a list with corresponding hashes and what does they looks like.
one can datamine the files to build a landscape, find similarities, dates, graph the thing, find more, etc.. i haven't yet tried to do it.
kinda what i did for global atm malware wall with http://atm.cybercrime-tracker.net/

Link to comment
Share on other sites

  • 8 months later...
On 2/13/2021 at 10:19 PM, Xyl2k said:

Someone on telegram intrigued me by telling me about software to read credit card chips, so here are some files that I got from the net.

The first software in question, on which I came across: "EMVStudio" belonging to emvstudio.com
If I look for the files on VT, it communicates with auth.emvstudio.com, I come across these 3 archives:

EMVStudio.rar - 1ba1fac55003d2c966f0071b2c126169254b35a38b4e2b913557c4fb0faadfdb
Contains  8d6dacff8a098b8d02202e8c6a4a65bbe20b332ba58d6165cca6f958187864c4
also a file named 'gp' who seem a config file.

emvstudio_v1.1.1.rar - 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
Contains  emvstudio_v1.1.2.exe - ce9187aa45f3f33e6f87a4dfcfa67308251970ca3d4e187bf9bb675c16942384
Contains also emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33
and card templates for the software.

emvstudio_v1.1.1 (2).rar - eb3e80bdc5d1120123530039c1ffa18bd3453813d78d1b8baf804d3efed1e7d7
Contains emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33


emvstudio_v1.1.3.exe - 7a0a07959f3629cafbcb8827715f931e533ba7894e8a3bc42df95fcfcc0bd584
EMVStudio version 1.1.3.
nB5hPuY.png


ShadeStudio.exe - 40ac2358207f582ee3051748f1b13811cbe9f9d23e78a4052eda847fafbb2f3b
ShadeStudio version 1.0
Telegram: @ShadeStudio
Looks a lot like EMV Studio.
wsKwdPY.png

ARQC TOOL PLUS.exe - e13c0b718728fc30762eb68e59d92308e0e66efa06b70fae1ea1f65e32d4344a
ARQC TOOL PLUS, version 1.0, skin windowsXP style.
telegram: BreezyDumps
mail: ceobreezy13@protonmail.com
Looks a lot like EMV Studio.
rOSxiyF.png

%TEMP%\ARQC TOOL PLUS.exe - 149df4a1412d557706d7c705beda6aa29180dd8a55644a35175c643b02cb9645
ARQC TOOL PLUS, version 1.0, skin windowsXP style, infected with W32/Neshta-A.
Telegram: BreezyDumps
Mail: ceobreezy13@protonmail.com
Looks a lot like EMV Studio.

emvstudio.exe - f8856c821ce0a221a2dffa3bde8f09110ec1c2e8f9c8c75f54b179be462af15e
Bundled file with malware 

ARQC TOOL PLUS..exe - 707570e7469b728ac3f48cd2055bfff92accb36b53a999efe69338dce9fa228b
Bundled file with malware 

emvstudio_v1.1.3cr.exe - 83262e3fbea3a3c373c706ff71864066d52acaf63affafc12b7da6d74b95e302
EMVStudio version 1.1.3, seem a cracked version.

emvstudio_unpacked.fixed1(2).exe - 52c89dbef55bd526def42ab9dbb04a2a02dac17cd4b4c0af7177ac61dd8f4297
EMVStudio version 1.1.3, seem a cracked version.

emvstudio_v1.1.3-cleaned1.exe - 050847f886f9df20c5d99a1cd2edffa478fedacaa433f7b17139fe66ab7b810a
EMVStudio version 1.1.3, seem a cracked version.

---
EXE contained in the above archives:

%HOME%\unpack\EMVStudio\EMVStudio.exe - 8d6dacff8a098b8d02202e8c6a4a65bbe20b332ba58d6165cca6f958187864c4
Can be found inside: (EMVStudio.rar - 1ba1fac55003d2c966f0071b2c126169254b35a38b4e2b913557c4fb0faadfdb)
EMVStudio Trial v1.0.
FxstAhB.png

%HOME%\unpack\emvstudio_v1.1.1\emvstudio_v1.1.1\emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33
Can be found inside: emvstudio_v1.1.1.rar - 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
And also inside: emvstudio_v1.1.1 (2).rar - eb3e80bdc5d1120123530039c1ffa18bd3453813d78d1b8baf804d3efed1e7d7
EMVStudio v1.1.1
mN1U8lC.png

emvstudio_v1.1.2.exe - ce9187aa45f3f33e6f87a4dfcfa67308251970ca3d4e187bf9bb675c16942384
Can be found inside: 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
EMVStudio v1.1.2
XItTlDi.png

After some more research:

Software matrix
matrix.exe - 87678c6dcf0065ffc487a284b9f79bd8c0815c5c621fc92f83df24393bfcc660
Don't ask me how it works.
K19AkNG.png

B.R Smart Card writer v9 Contained in RB4.rar - d290537982669a994598da5dc62b9242571c14d5b6a1f76c46a0e9110d5ac867
Contains a lot of stuff, older versions too.
As well as an X.exe (aea36d94e8a8deb91b0dbf84554e57b59d112c86a9261ac79d5cae9e9cb96bf8) protected by a password interface, which connects to dropbox to verify the pass (hxxps://dl.dropboxusercontent.com/uPASS.36t2211/) This file no longer exists, the only way is to patch the exe to open it.
vNeUAdi.png
8BDbKlY.png

Jcophiro (c0d11ed2eed0fef8d2f53920a1e12f667e03eafdb2d2941473d120e9e6f0e657)
75g4ilW.png
Funny thing on this one, it exfiltrate the infos to a server when you click 'gravar':
a6HKtho.png

X2
Found on a pack 'EMV.rar' ecad77d5394cb14611d8f643e29aa9744a02072b3fd2c9099af08947bc8a5b6e
Contains sub-archives with many files, *infected*

X2.exe - 66bb78f1d9a332522be0a1270b4ef4bb2bd6bba40609630ce63d1d603d19bfe7
Bundled with malware
xz2WuyG.png

X2G.exe - b5547482856a4ea39e4fb8274b2feef6c368f57d11dda77be32c6e4f8eb6d867
X2 Gold, Bundled with malware
pPvMwae.png

B.R Smart Card writer v9, Jcophiro, matrix, et X2, appears to be just GUIs for GPShell.exe (a communication software for smart card readers) 
-> https://github.com/sigma/globalplatform/tree/master/gpshell
GlobalPlatform is a standard for the management of the contents on a smart card.

GPShell.exe (33kb) - ba5e9041668257393ae28413f5099db5d12d7f48c239e8d19e9beda2036b31be

So.. what if we look directly for GPShell.exe?
We come across many archives (100+) we should expect to get X2 and cie. 


Randomly:
EMVTRACK2CHIP SOFTWARES LATEST (2).zip - da0e6e265b2f2065e496adbb0102a1ba070346d8cc9a2a2bfbb0559cc8cd6290

Contains a soft pack:
codex-by-codex:

basico.exe - 4315dc7f035defc18fb2ba12d47a8073fcfa4da7669b8d51fe6582c645edcbf5
BUTZ4Wj.png

Completo.exe - 83a640b8433fa5cbfec841e60e3c73ec65446d63a8f00c00143aa3dc1632b786
infected also with W32/Neshta-A.
nty8Afr.png

Debito Caixa.exe - ca949bfcc6a0113e4a5578c9db07f9f144eb42e257ae146879292b3577d14f5b
infected also with W32/Neshta-A.
Version without neshta: 64f245b5dbfc4de66c49234c11bd61643e844fefab689c2b1a5c9373ea31483e
RRQTzyo.png


Edited version of 'jcophiro':

Credit.exe - c23411deeec790e2dba37f4c49c7ecac3c867b7012431c9281ed748519eda65c
ljoogI3.png
exfiltrate also datas🙂

jcopenglish.exe - 1ecfd3755eba578108363c0705c6ec205972080739ed0fbd17439f8139ba7e08
8rn5el7.png
exfiltrate also datas 🙂

SmartCard GoldMetal:
new.exe - 8788ad1a19a4392017a91ed591ed516309234f3dfed4a869a17bd41604f79d7e
YK4vYVc.png

3D files of skimmers (lmao, what's up with that in the archive) 
dieb-frame.stp - 7557b8b24cc02c79f27bf9ba3a0b2b2638033a1e0d6e3891c427cff2d64190f5
new-ncr-flat.stp - e754a6987cb46640cddbce51cd3c757c934632ee5460f5b6bd92ca3e9bf34d68
new-ncr-flat-mouth.stp - fadccaf6f6306d671043702211a015f881a046c74b862c7857795514c2ac5ae7
N SelfServ-PAD.STEP - fc0333a3486f6863c5992b1116afb72a386171c2e0db10016a6316d7398e91aa
Zbqzy81.png


X1
x1.exe - 9df64f5124893961a78282f7e19573406ba19011f6baadac93ec59c93bfda72f
srvajFJ.png

Toronto (A renamed version of x1, protected by password)
here you will have also one jumpy boy to patch.
TorontoCard.exe - e3db277da551621b102ac5ee545e772aa25799fa941c1e06bbc69fe4142af7cf 0/56!
aUKLJUn.png
HRzGyQA.png

One last random archive for fun:
chipset_v3.rar - 4d116757da91009466c5b0f60827d6d2b3fb00e480ebcc01bdd5fb49d3eb8ec2:
Emv ChipSet.exe - cac8aca4f7d2ff399a73531f179691b6a2e2a1b93e957d0a16f75c4818312880
ffgTiX5.png

Voila, u da carder now.

What if we go on youtube, and looks in comments inside emv software videos?:
uDAjTXu.png
lol, seem legit.


Conclusion on this afternoon wasted looking for useless stuff:
Lots of lamers, and for some reason there are quite a few Castilians.
Carders like to do reshacking to rebrand smart-card reading/writing software
Most of emv softs are only used for calculations, many are ultimately only wrappers for GPShell.exe.

edit: just ran across a bigass zip: EMV SOFTWARE.rar - 48b204bd7d264459660054272b881fdf7847c6100c4bcb3a5dfee1603aeac59f (593.56 MB)
x2: 76d11132b4ec7cabbbf1c674d2f52ad2b54ab71bc0567923af686be470fdcff3
ChipSetv1.4: 4725c1a75d4d348299319815a073b141e22bff0ef1ace32f754f4e2946908ef4 *infected*
EMV Break: 01111732e37631bb4da3c3056fe5d750743730532a63bcdd061a2c1c5160b023 *infected*
Matrix: 5d00faaccc0e9a7c3fc1eb16266f33a5c1e99b870e7454c47f42305e2cdfc564 *user: admin, pass: ewqdsacxz*
NFC&EMV Tool: 7f12b489b041ce920bc92cd95cee238a875f8fb9771942adf2d476c2e2d4fda0
R.B. 6.0: 4d02db9e8e4b83665b5bb4b6ad959478d81260706c9a57d68fa44c6b17e2264f
EMV Reader Writer Software V8: dc32698c13de42e87913c6d90939186a56ca4586e0397df52ed85e47443ceef4
X1 4.1: 2b924e13e705ecf9ea9199c6011dc4bd1d9160bffd1d6db0e5b0e0f40c01f47c
X1 v5: 6f24acf9a3ed15b5ef034460850679d7e9df1233386a36fc0a4b787844ee2e2e
X2A: da012c9b8ceceada9eb4db6b2de253cba1b2612ff5dc38c76ab0fd3784fc9640
X2G: 7dca48a66fa1cb27b1bb12b72d2de27580993f71b463bf472fc5e22cc4e15e32

 

Link to comment
Share on other sites

  • 1 month later...

Hi, how do I download files in cybercrime? Thanks. But when I want to download. A window pops up that requires me to enter a user and password.

Link to comment
Share on other sites

  • 2 months later...
  • 1 year later...

So not even a download link for us to check It too for what you talking about..?? 🤨

Link to comment
Share on other sites

MarcElBichon
8 hours ago, DELvEK said:

So not even a download link for us to check It too for what you talking about..?? 🤨

 

You have all SHA-256 hashes -_- [VirusTotal]

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...