Jump to content
Tuts 4 You

Edit History

Xyl2k

Xyl2k

Someone on telegram intrigued me by telling me about software to read credit card chips, so here are some files that I got from the net.

The first software in question, on which I came across: "EMVStudio" belonging to emvstudio.com
If I look for the files on VT, it communicates with auth.emvstudio.com, I come across these 3 archives:

EMVStudio.rar - 1ba1fac55003d2c966f0071b2c126169254b35a38b4e2b913557c4fb0faadfdb
Contains  8d6dacff8a098b8d02202e8c6a4a65bbe20b332ba58d6165cca6f958187864c4
also a file named 'gp' who seem a config file.

emvstudio_v1.1.1.rar - 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
Contains  emvstudio_v1.1.2.exe - ce9187aa45f3f33e6f87a4dfcfa67308251970ca3d4e187bf9bb675c16942384
Contains also emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33
and card templates for the software.

emvstudio_v1.1.1 (2).rar - eb3e80bdc5d1120123530039c1ffa18bd3453813d78d1b8baf804d3efed1e7d7
Contains emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33


emvstudio_v1.1.3.exe - 7a0a07959f3629cafbcb8827715f931e533ba7894e8a3bc42df95fcfcc0bd584
EMVStudio version 1.1.3.
nB5hPuY.png


ShadeStudio.exe - 40ac2358207f582ee3051748f1b13811cbe9f9d23e78a4052eda847fafbb2f3b
ShadeStudio version 1.0
Telegram: @ShadeStudio
Looks a lot like EMV Studio.
wsKwdPY.png

ARQC TOOL PLUS.exe - e13c0b718728fc30762eb68e59d92308e0e66efa06b70fae1ea1f65e32d4344a
ARQC TOOL PLUS, version 1.0, skin windowsXP style.
telegram: BreezyDumps
mail: ceobreezy13@protonmail.com
Looks a lot like EMV Studio.
rOSxiyF.png

%TEMP%\ARQC TOOL PLUS.exe - 149df4a1412d557706d7c705beda6aa29180dd8a55644a35175c643b02cb9645
ARQC TOOL PLUS, version 1.0, skin windowsXP style, infected with W32/Neshta-A.
Telegram: BreezyDumps
Mail: ceobreezy13@protonmail.com
Looks a lot like EMV Studio.

emvstudio.exe - f8856c821ce0a221a2dffa3bde8f09110ec1c2e8f9c8c75f54b179be462af15e
Bundled file with malware 

ARQC TOOL PLUS..exe - 707570e7469b728ac3f48cd2055bfff92accb36b53a999efe69338dce9fa228b
Bundled file with malware 

emvstudio_v1.1.3cr.exe - 83262e3fbea3a3c373c706ff71864066d52acaf63affafc12b7da6d74b95e302
EMVStudio version 1.1.3, seem a cracked version.

emvstudio_unpacked.fixed1(2).exe - 52c89dbef55bd526def42ab9dbb04a2a02dac17cd4b4c0af7177ac61dd8f4297
EMVStudio version 1.1.3, seem a cracked version.

emvstudio_v1.1.3-cleaned1.exe - 050847f886f9df20c5d99a1cd2edffa478fedacaa433f7b17139fe66ab7b810a
EMVStudio version 1.1.3, seem a cracked version.

---
EXE contained in the above archives:

%HOME%\unpack\EMVStudio\EMVStudio.exe - 8d6dacff8a098b8d02202e8c6a4a65bbe20b332ba58d6165cca6f958187864c4
Can be found inside: (EMVStudio.rar - 1ba1fac55003d2c966f0071b2c126169254b35a38b4e2b913557c4fb0faadfdb)
EMVStudio Trial v1.0.
FxstAhB.png

%HOME%\unpack\emvstudio_v1.1.1\emvstudio_v1.1.1\emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33
Can be found inside: emvstudio_v1.1.1.rar - 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
And also inside: emvstudio_v1.1.1 (2).rar - eb3e80bdc5d1120123530039c1ffa18bd3453813d78d1b8baf804d3efed1e7d7
EMVStudio v1.1.1
mN1U8lC.png

emvstudio_v1.1.2.exe - ce9187aa45f3f33e6f87a4dfcfa67308251970ca3d4e187bf9bb675c16942384
Can be found inside: 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
EMVStudio v1.1.2
XItTlDi.png

After some more research:

Software matrix
matrix.exe - 87678c6dcf0065ffc487a284b9f79bd8c0815c5c621fc92f83df24393bfcc660
Don't ask me how it works.
K19AkNG.png

B.R Smart Card writer v9 Contained in RB4.rar - d290537982669a994598da5dc62b9242571c14d5b6a1f76c46a0e9110d5ac867
Contains a lot of stuff, older versions too.
As well as an X.exe (aea36d94e8a8deb91b0dbf84554e57b59d112c86a9261ac79d5cae9e9cb96bf8) protected by a password interface, which connects to dropbox to verify the pass (hxxps://dl.dropboxusercontent.com/uPASS.36t2211/) This file no longer exists, the only way is to patch the exe to open it.
vNeUAdi.png
8BDbKlY.png

Jcophiro (c0d11ed2eed0fef8d2f53920a1e12f667e03eafdb2d2941473d120e9e6f0e657)
75g4ilW.png
Funny thing on this one, it exfiltrate the infos to a server when you click 'gravar':
a6HKtho.png

X2
Found on a pack 'EMV.rar' ecad77d5394cb14611d8f643e29aa9744a02072b3fd2c9099af08947bc8a5b6e
Contains sub-archives with many files, *infected*

X2.exe - 66bb78f1d9a332522be0a1270b4ef4bb2bd6bba40609630ce63d1d603d19bfe7
Bundled with malware
xz2WuyG.png

X2G.exe - b5547482856a4ea39e4fb8274b2feef6c368f57d11dda77be32c6e4f8eb6d867
X2 Gold, Bundled with malware
pPvMwae.png

B.R Smart Card writer v9, Jcophiro, matrix, et X2, appears to be just GUIs for GPShell.exe (a communication software for smart card readers) 
-> https://github.com/sigma/globalplatform/tree/master/gpshell
GlobalPlatform is a standard for the management of the contents on a smart card.

GPShell.exe (33kb) - ba5e9041668257393ae28413f5099db5d12d7f48c239e8d19e9beda2036b31be

So.. what if we look directly for GPShell.exe?
We come across many archives (100+) we should expect to get X2 and cie. 

Quote

Scanned    Detections    Type    Name
2015-03-03 2015-03-03 20:38:15         RAR    gpshell.rar
2014-12-13 2014-12-13 21:06:03         ZIP    RB 4.0.zip
2015-07-25 2015-07-25 07:11:17         RAR    chip RB 5.rar
2016-07-07 2016-07-07 07:52:12         RAR    recurso.rar
2015-07-29 2015-07-29 19:46:49         ZIP    rb5 - Copy.zip
2015-10-10 2015-10-10 10:42:11         ZIP    Pen Rapaz1.zip
2015-07-03 2015-07-03 01:31:33         RAR    GPShell.rar
2018-11-18 2018-11-18 15:55:27         ZIP    chipset-full.zip
2015-07-03 2015-07-03 01:30:07         RAR    chip to EMV (7).rar
2020-06-06 2020-06-06 08:41:23         RAR    RB.rar
2016-01-06 2016-01-06 22:24:20         RAR    cchipset2.0.rar
2016-03-08 2016-03-08 02:25:48         RAR    chipset_v3.rar
2015-12-11 2015-12-11 16:40:01         ZIP    Conversor EMV chip tools.zip
2017-11-25 2017-11-25 20:32:51         RAR    Chipso.rar
2015-07-11 2015-07-11 17:59:47         RAR    AMEX.rar
2019-03-08 2019-03-08 11:33:51         ZIP    GPShell-1.4.4.zip
2015-07-20 2015-07-20 07:58:36         RAR    last.rar
2014-11-05 2014-11-05 23:26:39         RAR    BURN.rar
2015-11-22 2015-11-22 12:07:56         ZIP    Conversor EMV chip tools.zip
2015-11-03 2015-11-03 14:49:52         ZIP    Nova pasta (4).zip
2016-05-25 2016-05-25 11:00:36         ZIP    c-set.zip
2018-03-31 2018-03-31 07:54:13         RAR    c:\recurso.rar
2015-07-25 2015-07-25 18:43:56         ZIP    rb5.0.zip
2016-05-26 2016-05-26 18:33:54         ZIP    Chipset V2 Cracked.zip
2015-03-10 2015-03-10 02:47:29         RAR    CHANGER.rar
2017-04-23 2017-04-23 09:34:35         Win32 EXE    GPShell.exe
2015-01-27 2015-01-27 15:46:20         RAR    Gravador Caixa.rar
2017-03-02 2017-03-02 23:40:54         RAR    Pack - Especial de 2K Tazaah.rar
2015-08-26 2015-08-26 01:21:29         7ZIP    C:\Users\hp\Downloads\Files MSR2006.7z
2016-02-27 2016-02-27 16:24:07         ZIP    softuri.zip
2016-03-21 2016-03-21 01:22:55         ZIP    script debit (2).zip
2016-07-11 2016-07-11 17:10:36         RAR    Chip.rar
2014-12-12 2014-12-12 19:07:15         ZIP    Bradesco_Express_1.0.zip
2015-09-19 2015-09-19 18:31:21         ZIP    chp.zip
2015-07-22 2015-07-22 15:02:12         ZIP    engine.zip
2015-03-03 2015-03-03 15:40:09         ZIP    CODEX_bY_CODEX.zip
2015-08-03 2015-08-03 05:03:28         RAR    Debito-Cx.rar
2015-12-03 2015-12-03 08:04:11         ZIP    Track2ChipARQC.zip
2016-02-13 2016-02-13 00:32:03         RAR    EMV Writer.rar
2015-11-30 2015-11-30 10:38:23         JAR    /1/c/5/c5d9a9c34674d1feb37efb72601881e21542b63f101a25e1d89f213f2841b479.file
2016-11-08 2016-11-08 14:10:53         ZIP    ChipSoft.zip
2016-05-22 2016-05-22 04:55:27         RAR    FLAMIGO.rar
2016-02-20 2016-02-20 12:21:49         RAR    /1/0/d/0d68113a970e92ba7ceb1afc66c852fc3e3e2c1098643d51466f638c2776a494.file
2016-02-10 2016-02-10 15:45:17         RAR    EMV_Stuff_EMV2016.rar
2015-08-27 2015-08-27 20:57:09         ZIP    R.B. 6.0.zip
2015-06-06 2015-06-06 17:29:46         RAR    Codex.rar
2019-12-12 2019-12-12 01:46:33         ZIP    emv.zip
2015-09-28 2015-09-28 20:31:26         RAR    R.B6.0.rar
2016-05-17 2016-05-17 19:42:33         RAR    Debito X.rar
2015-10-10 2015-10-10 19:07:09         RAR    CODE BB betooooo.rar
2017-03-01 2017-03-01 11:02:06         RAR    R.B. 6.0.rar
2015-11-28 2015-11-28 04:23:45         RAR    ChipSET.rar
2016-02-02 2016-02-02 17:52:35         RAR    EMV CHIP.rar
2016-03-14 2016-03-14 07:33:18         ZIP    CARDING_EMV.zip
2014-11-21 2014-11-21 21:20:34         ZIP    EMV.zip
2015-12-03 2015-12-03 10:25:04         ZIP    chipset2.0.zip
2016-05-09 2016-05-09 19:42:42         RAR    GPShell.rar
2015-07-22 2015-07-22 22:08:58         ZIP    R.B 4.0.zip
2015-03-03 2015-03-03 15:41:07         RAR    GPShell.rar
2020-06-10 2020-06-10 01:43:58         7ZIP    B.R. Smart Card Writer.7z
2016-03-11 2016-03-11 23:41:44         RAR    R B-5.rar
2016-01-31 2016-01-31 05:00:59         RAR    CODEX bY CODEX BRANCO.rar
2016-05-26 2016-05-26 18:39:29         RAR    ChipSET.rar
2016-07-11 2016-07-11 06:43:24         RAR    FLAMIGO.rar
2016-03-14 2016-03-14 02:14:39         RAR    Conversor EMV chip tools.rar
2017-02-24 2017-02-24 03:41:20         ZIP    EMV_encode.zip
2017-07-14 2017-07-14 19:17:34         ZIP    RBXI.zip
2020-09-22 2020-09-22 06:39:06         Win32 EXE    EMV ReaderWriter v8.6.exe
2017-03-12 2017-03-12 13:27:49         RAR    GPShellCHANGER.rar
2020-06-09 2020-06-09 03:35:34         Win32 EXE    RB 4.0 3.exe
2017-03-14 2017-03-14 17:02:50         RAR    codex gp shell e mais cabeças.rar
2020-09-24 2020-09-24 16:15:18         Win32 EXE    braemvxox.exe
2017-05-05 2017-05-05 16:42:45         RAR    Dr.Heisenberg? ?? RB4??.rar
2019-07-22 2019-07-22 21:36:30         Win32 EXE    EMV ReaderWriter v8.6.exe
2017-05-16 2017-05-16 00:47:06         RAR    EMVToolslite.rar
2017-05-21 2017-05-21 14:10:59         ZIP    EMV Software.zip
2017-05-21 2017-05-21 18:10:09         ZIP    RB 4.0.zip
2017-05-21 2017-05-21 18:14:21         ZIP    CHIPSET V 3.7.zip
2017-06-27 2017-06-27 19:55:59         RAR    CHIPSET V 3.7.rar
2017-07-14 2017-07-14 15:34:02         ZIP    X2 5.1 FULL VERSION - Whatsmy1name.zip
2017-07-15 2017-07-15 05:28:21         ZIP    CODEXULTIMO.zip
2017-11-08 2017-11-08 22:46:44         RAR    PACK CARDER PRO-By TalesHacking.rar
2020-11-25 2020-11-25 02:28:30         Win32 EXE    433dfe593fad09f50e88d22b039f8f80.virobj
2018-09-06 2018-09-06 22:52:07         Win32 EXE    8d62e6bef8820d5f36233f33f6dbcfd0.virobj
2017-11-25 2017-11-25 20:20:29         ZIP    X2 certified software.zip
2018-02-27 2018-02-27 06:03:47         ZIP    emvMX.zip
2017-09-29 2017-09-29 15:50:34         RAR    EMV 10.0.rar
2017-10-09 2017-10-09 04:39:42         RAR    CODEX BB.rar
2017-11-10 2017-11-10 00:41:46         Win32 EXE    Y:\_Pro\EMV_enc.exe
2017-10-17 2017-10-17 19:30:07         RAR    /1/e/0/e0f895f7741f20233aafb03669b5a0e686f5b42a86b1d9074d51b681d59cdaef.file
2017-12-30 2017-12-30 10:28:11         ZIP    EMVTRACK2CHIP SOFTWARES LATEST (2).zip
2017-12-30 2017-12-30 18:00:25         ZIP    Attachments-chipset.zip
2018-01-07 2018-01-07 14:52:55         ZIP    Attachments-chipset.zip
2018-01-08 2018-01-08 18:17:39         ZIP    emvMX.zip
2018-01-18 2018-01-18 17:11:13         RAR    GpShell.rar
2020-05-28 2020-05-28 22:37:01         ZIP    Emv Beta.zip
2016-06-25 2016-06-25 22:59:57         RAR    Chipset.rar
2016-06-26 2016-06-26 13:28:35         RAR    RB4.rar
2017-01-12 2017-01-12 02:03:05         RAR    EMV Writer.rar
2016-07-13 2016-07-13 20:29:35         RAR    ICCARD FOR MCR200 10 (1).rar


Randomly:
EMVTRACK2CHIP SOFTWARES LATEST (2).zip - da0e6e265b2f2065e496adbb0102a1ba070346d8cc9a2a2bfbb0559cc8cd6290

Contains a soft pack:
codex-by-codex:

basico.exe - 4315dc7f035defc18fb2ba12d47a8073fcfa4da7669b8d51fe6582c645edcbf5
BUTZ4Wj.png

Completo.exe - 83a640b8433fa5cbfec841e60e3c73ec65446d63a8f00c00143aa3dc1632b786
infected also with W32/Neshta-A.
nty8Afr.png

Debito Caixa.exe - ca949bfcc6a0113e4a5578c9db07f9f144eb42e257ae146879292b3577d14f5b
infected also with W32/Neshta-A.
Version without neshta: 64f245b5dbfc4de66c49234c11bd61643e844fefab689c2b1a5c9373ea31483e
RRQTzyo.png


Edited version of 'jcophiro':

Credit.exe - c23411deeec790e2dba37f4c49c7ecac3c867b7012431c9281ed748519eda65c
ljoogI3.png
exfiltrate also datas🙂

jcopenglish.exe - 1ecfd3755eba578108363c0705c6ec205972080739ed0fbd17439f8139ba7e08
8rn5el7.png
exfiltrate also datas 🙂

SmartCard GoldMetal:
new.exe - 8788ad1a19a4392017a91ed591ed516309234f3dfed4a869a17bd41604f79d7e
YK4vYVc.png

3D files of skimmers (lmao, what's up with that in the archive) 
dieb-frame.stp - 7557b8b24cc02c79f27bf9ba3a0b2b2638033a1e0d6e3891c427cff2d64190f5
new-ncr-flat.stp - e754a6987cb46640cddbce51cd3c757c934632ee5460f5b6bd92ca3e9bf34d68
new-ncr-flat-mouth.stp - fadccaf6f6306d671043702211a015f881a046c74b862c7857795514c2ac5ae7
N SelfServ-PAD.STEP - fc0333a3486f6863c5992b1116afb72a386171c2e0db10016a6316d7398e91aa
Zbqzy81.png


X1
x1.exe - 9df64f5124893961a78282f7e19573406ba19011f6baadac93ec59c93bfda72f
srvajFJ.png

Toronto (A renamed version of x1, protected by password)
here you will have also one jumpy boy to patch.
TorontoCard.exe - e3db277da551621b102ac5ee545e772aa25799fa941c1e06bbc69fe4142af7cf 0/56!
aUKLJUn.png
HRzGyQA.png

One last random archive for fun:
chipset_v3.rar - 4d116757da91009466c5b0f60827d6d2b3fb00e480ebcc01bdd5fb49d3eb8ec2:
Emv ChipSet.exe - cac8aca4f7d2ff399a73531f179691b6a2e2a1b93e957d0a16f75c4818312880
ffgTiX5.png

Voila, u da carder now.

What if we go on youtube, and looks in comments inside emv software videos?:
uDAjTXu.png
lol, seem legit.


Conclusion on this afternoon wasted looking for useless stuff:
Lots of lamers, and for some reason there are quite a few Castilians.
Carders like to do reshacking to rebrand smart-card reading/writing software
Most of emv softs are only used for calculations, many are ultimately only wrappers for GPShell.exe.

edit: just ran across a bigass zip: EMV SOFTWARE.rar - 48b204bd7d264459660054272b881fdf7847c6100c4bcb3a5dfee1603aeac59f (593.56 MB)
x2: 76d11132b4ec7cabbbf1c674d2f52ad2b54ab71bc0567923af686be470fdcff3
ChipSetv1.4: 4725c1a75d4d348299319815a073b141e22bff0ef1ace32f754f4e2946908ef4 *infected*
EMV Break: 01111732e37631bb4da3c3056fe5d750743730532a63bcdd061a2c1c5160b023 *infected*
Matrix: 5d00faaccc0e9a7c3fc1eb16266f33a5c1e99b870e7454c47f42305e2cdfc564 *user: admin, pass: ewqdsacxz*
NFC&EMV Tool: 7f12b489b041ce920bc92cd95cee238a875f8fb9771942adf2d476c2e2d4fda0
R.B. 6.0: 4d02db9e8e4b83665b5bb4b6ad959478d81260706c9a57d68fa44c6b17e2264f
EMV Reader Writer Software V8: dc32698c13de42e87913c6d90939186a56ca4586e0397df52ed85e47443ceef4
X1 4.1: 2b924e13e705ecf9ea9199c6011dc4bd1d9160bffd1d6db0e5b0e0f40c01f47c
X1 v5: 6f24acf9a3ed15b5ef034460850679d7e9df1233386a36fc0a4b787844ee2e2e
X2A: da012c9b8ceceada9eb4db6b2de253cba1b2612ff5dc38c76ab0fd3784fc9640
X2G: 7dca48a66fa1cb27b1bb12b72d2de27580993f71b463bf472fc5e22cc4e15e32

Xyl2k

Xyl2k

Someone on telegram intrigued me by telling me about software to read credit card chips, so here are some files that I got from the net.

The first software in question, on which I came across: "EMVStudio" belonging to emvstudio.com
If I look for the files on VT, it communicates with auth.emvstudio.com, I come across these 3 archives:

EMVStudio.rar - 1ba1fac55003d2c966f0071b2c126169254b35a38b4e2b913557c4fb0faadfdb
Contains  8d6dacff8a098b8d02202e8c6a4a65bbe20b332ba58d6165cca6f958187864c4
also a file named 'gp' who seem a config file.

emvstudio_v1.1.1.rar - 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
Contains  emvstudio_v1.1.2.exe - ce9187aa45f3f33e6f87a4dfcfa67308251970ca3d4e187bf9bb675c16942384
Contains also emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33
and card templates for the software.

emvstudio_v1.1.1 (2).rar - eb3e80bdc5d1120123530039c1ffa18bd3453813d78d1b8baf804d3efed1e7d7
Contains emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33


emvstudio_v1.1.3.exe - 7a0a07959f3629cafbcb8827715f931e533ba7894e8a3bc42df95fcfcc0bd584
EMVStudio version 1.1.3.
nB5hPuY.png


ShadeStudio.exe - 40ac2358207f582ee3051748f1b13811cbe9f9d23e78a4052eda847fafbb2f3b
ShadeStudio version 1.0
Telegram: @ShadeStudio
Looks a lot like EMV Studio.
wsKwdPY.png

ARQC TOOL PLUS.exe - e13c0b718728fc30762eb68e59d92308e0e66efa06b70fae1ea1f65e32d4344a
ARQC TOOL PLUS, version 1.0, skin windowsXP style.
telegram: BreezyDumps
mail: ceobreezy13@protonmail.com
Looks a lot like EMV Studio.
rOSxiyF.png

%TEMP%\ARQC TOOL PLUS.exe - 149df4a1412d557706d7c705beda6aa29180dd8a55644a35175c643b02cb9645
ARQC TOOL PLUS, version 1.0, skin windowsXP style, infected with W32/Neshta-A.
Telegram: BreezyDumps
Mail: ceobreezy13@protonmail.com
Looks a lot like EMV Studio.

emvstudio.exe - f8856c821ce0a221a2dffa3bde8f09110ec1c2e8f9c8c75f54b179be462af15e
Bundled file with malware 

ARQC TOOL PLUS..exe - 707570e7469b728ac3f48cd2055bfff92accb36b53a999efe69338dce9fa228b
Bundled file with malware 

emvstudio_v1.1.3cr.exe - 83262e3fbea3a3c373c706ff71864066d52acaf63affafc12b7da6d74b95e302
EMVStudio version 1.1.3, seem a cracked version.

emvstudio_unpacked.fixed1(2).exe - 52c89dbef55bd526def42ab9dbb04a2a02dac17cd4b4c0af7177ac61dd8f4297
EMVStudio version 1.1.3, seem a cracked version.

emvstudio_v1.1.3-cleaned1.exe - 050847f886f9df20c5d99a1cd2edffa478fedacaa433f7b17139fe66ab7b810a
EMVStudio version 1.1.3, seem a cracked version.

---
EXE contained in the above archives:

%HOME%\unpack\EMVStudio\EMVStudio.exe - 8d6dacff8a098b8d02202e8c6a4a65bbe20b332ba58d6165cca6f958187864c4
Can be found inside: (EMVStudio.rar - 1ba1fac55003d2c966f0071b2c126169254b35a38b4e2b913557c4fb0faadfdb)
EMVStudio Trial v1.0.
FxstAhB.png

%HOME%\unpack\emvstudio_v1.1.1\emvstudio_v1.1.1\emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33
Can be found inside: emvstudio_v1.1.1.rar - 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
And also inside: emvstudio_v1.1.1 (2).rar - eb3e80bdc5d1120123530039c1ffa18bd3453813d78d1b8baf804d3efed1e7d7
EMVStudio v1.1.1
mN1U8lC.png

emvstudio_v1.1.2.exe - ce9187aa45f3f33e6f87a4dfcfa67308251970ca3d4e187bf9bb675c16942384
Can be found inside: 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
EMVStudio v1.1.2
XItTlDi.png

After some more research:

Software matrix
matrix.exe - 87678c6dcf0065ffc487a284b9f79bd8c0815c5c621fc92f83df24393bfcc660
Don't ask me how it works.
K19AkNG.png

B.R Smart Card writer v9 Contained in RB4.rar - d290537982669a994598da5dc62b9242571c14d5b6a1f76c46a0e9110d5ac867
Contains a lot of stuff, older versions too.
As well as an X.exe (aea36d94e8a8deb91b0dbf84554e57b59d112c86a9261ac79d5cae9e9cb96bf8) protected by a password interface, which connects to dropbox to verify the pass (hxxps://dl.dropboxusercontent.com/uPASS.36t2211/) This file no longer exists, the only way is to patch the exe to open it.
vNeUAdi.png
8BDbKlY.png

Jcophiro (c0d11ed2eed0fef8d2f53920a1e12f667e03eafdb2d2941473d120e9e6f0e657)
75g4ilW.png
Funny thing on this one, it exfiltrate the infos to a server when you click 'gravar':
a6HKtho.png

X2
Found on a pack 'EMV.rar' ecad77d5394cb14611d8f643e29aa9744a02072b3fd2c9099af08947bc8a5b6e
Contains sub-archives with many files, *infected*

X2.exe - 66bb78f1d9a332522be0a1270b4ef4bb2bd6bba40609630ce63d1d603d19bfe7
Bundled with malware
xz2WuyG.png

X2G.exe - b5547482856a4ea39e4fb8274b2feef6c368f57d11dda77be32c6e4f8eb6d867
X2 Gold, Bundled with malware
pPvMwae.png

B.R Smart Card writer v9, Jcophiro, matrix, et X2, appears to be just GUIs for GPShell.exe (a communication software for smart card readers) 
-> https://github.com/sigma/globalplatform/tree/master/gpshell
GlobalPlatform is a standard for the management of the contents on a smart card.

GPShell.exe (33kb) - ba5e9041668257393ae28413f5099db5d12d7f48c239e8d19e9beda2036b31be

So.. what if we look directly for GPShell.exe?
We come across many archives (100+) we should expect to get X2 and cie. 

Quote

Scanned    Detections    Type    Name
2015-03-03 2015-03-03 20:38:15         RAR    gpshell.rar
2014-12-13 2014-12-13 21:06:03         ZIP    RB 4.0.zip
2015-07-25 2015-07-25 07:11:17         RAR    chip RB 5.rar
2016-07-07 2016-07-07 07:52:12         RAR    recurso.rar
2015-07-29 2015-07-29 19:46:49         ZIP    rb5 - Copy.zip
2015-10-10 2015-10-10 10:42:11         ZIP    Pen Rapaz1.zip
2015-07-03 2015-07-03 01:31:33         RAR    GPShell.rar
2018-11-18 2018-11-18 15:55:27         ZIP    chipset-full.zip
2015-07-03 2015-07-03 01:30:07         RAR    chip to EMV (7).rar
2020-06-06 2020-06-06 08:41:23         RAR    RB.rar
2016-01-06 2016-01-06 22:24:20         RAR    cchipset2.0.rar
2016-03-08 2016-03-08 02:25:48         RAR    chipset_v3.rar
2015-12-11 2015-12-11 16:40:01         ZIP    Conversor EMV chip tools.zip
2017-11-25 2017-11-25 20:32:51         RAR    Chipso.rar
2015-07-11 2015-07-11 17:59:47         RAR    AMEX.rar
2019-03-08 2019-03-08 11:33:51         ZIP    GPShell-1.4.4.zip
2015-07-20 2015-07-20 07:58:36         RAR    last.rar
2014-11-05 2014-11-05 23:26:39         RAR    BURN.rar
2015-11-22 2015-11-22 12:07:56         ZIP    Conversor EMV chip tools.zip
2015-11-03 2015-11-03 14:49:52         ZIP    Nova pasta (4).zip
2016-05-25 2016-05-25 11:00:36         ZIP    c-set.zip
2018-03-31 2018-03-31 07:54:13         RAR    c:\recurso.rar
2015-07-25 2015-07-25 18:43:56         ZIP    rb5.0.zip
2016-05-26 2016-05-26 18:33:54         ZIP    Chipset V2 Cracked.zip
2015-03-10 2015-03-10 02:47:29         RAR    CHANGER.rar
2017-04-23 2017-04-23 09:34:35         Win32 EXE    GPShell.exe
2015-01-27 2015-01-27 15:46:20         RAR    Gravador Caixa.rar
2017-03-02 2017-03-02 23:40:54         RAR    Pack - Especial de 2K Tazaah.rar
2015-08-26 2015-08-26 01:21:29         7ZIP    C:\Users\hp\Downloads\Files MSR2006.7z
2016-02-27 2016-02-27 16:24:07         ZIP    softuri.zip
2016-03-21 2016-03-21 01:22:55         ZIP    script debit (2).zip
2016-07-11 2016-07-11 17:10:36         RAR    Chip.rar
2014-12-12 2014-12-12 19:07:15         ZIP    Bradesco_Express_1.0.zip
2015-09-19 2015-09-19 18:31:21         ZIP    chp.zip
2015-07-22 2015-07-22 15:02:12         ZIP    engine.zip
2015-03-03 2015-03-03 15:40:09         ZIP    CODEX_bY_CODEX.zip
2015-08-03 2015-08-03 05:03:28         RAR    Debito-Cx.rar
2015-12-03 2015-12-03 08:04:11         ZIP    Track2ChipARQC.zip
2016-02-13 2016-02-13 00:32:03         RAR    EMV Writer.rar
2015-11-30 2015-11-30 10:38:23         JAR    /1/c/5/c5d9a9c34674d1feb37efb72601881e21542b63f101a25e1d89f213f2841b479.file
2016-11-08 2016-11-08 14:10:53         ZIP    ChipSoft.zip
2016-05-22 2016-05-22 04:55:27         RAR    FLAMIGO.rar
2016-02-20 2016-02-20 12:21:49         RAR    /1/0/d/0d68113a970e92ba7ceb1afc66c852fc3e3e2c1098643d51466f638c2776a494.file
2016-02-10 2016-02-10 15:45:17         RAR    EMV_Stuff_EMV2016.rar
2015-08-27 2015-08-27 20:57:09         ZIP    R.B. 6.0.zip
2015-06-06 2015-06-06 17:29:46         RAR    Codex.rar
2019-12-12 2019-12-12 01:46:33         ZIP    emv.zip
2015-09-28 2015-09-28 20:31:26         RAR    R.B6.0.rar
2016-05-17 2016-05-17 19:42:33         RAR    Debito X.rar
2015-10-10 2015-10-10 19:07:09         RAR    CODE BB betooooo.rar
2017-03-01 2017-03-01 11:02:06         RAR    R.B. 6.0.rar
2015-11-28 2015-11-28 04:23:45         RAR    ChipSET.rar
2016-02-02 2016-02-02 17:52:35         RAR    EMV CHIP.rar
2016-03-14 2016-03-14 07:33:18         ZIP    CARDING_EMV.zip
2014-11-21 2014-11-21 21:20:34         ZIP    EMV.zip
2015-12-03 2015-12-03 10:25:04         ZIP    chipset2.0.zip
2016-05-09 2016-05-09 19:42:42         RAR    GPShell.rar
2015-07-22 2015-07-22 22:08:58         ZIP    R.B 4.0.zip
2015-03-03 2015-03-03 15:41:07         RAR    GPShell.rar
2020-06-10 2020-06-10 01:43:58         7ZIP    B.R. Smart Card Writer.7z
2016-03-11 2016-03-11 23:41:44         RAR    R B-5.rar
2016-01-31 2016-01-31 05:00:59         RAR    CODEX bY CODEX BRANCO.rar
2016-05-26 2016-05-26 18:39:29         RAR    ChipSET.rar
2016-07-11 2016-07-11 06:43:24         RAR    FLAMIGO.rar
2016-03-14 2016-03-14 02:14:39         RAR    Conversor EMV chip tools.rar
2017-02-24 2017-02-24 03:41:20         ZIP    EMV_encode.zip
2017-07-14 2017-07-14 19:17:34         ZIP    RBXI.zip
2020-09-22 2020-09-22 06:39:06         Win32 EXE    EMV ReaderWriter v8.6.exe
2017-03-12 2017-03-12 13:27:49         RAR    GPShellCHANGER.rar
2020-06-09 2020-06-09 03:35:34         Win32 EXE    RB 4.0 3.exe
2017-03-14 2017-03-14 17:02:50         RAR    codex gp shell e mais cabeças.rar
2020-09-24 2020-09-24 16:15:18         Win32 EXE    braemvxox.exe
2017-05-05 2017-05-05 16:42:45         RAR    Dr.Heisenberg? ?? RB4??.rar
2019-07-22 2019-07-22 21:36:30         Win32 EXE    EMV ReaderWriter v8.6.exe
2017-05-16 2017-05-16 00:47:06         RAR    EMVToolslite.rar
2017-05-21 2017-05-21 14:10:59         ZIP    EMV Software.zip
2017-05-21 2017-05-21 18:10:09         ZIP    RB 4.0.zip
2017-05-21 2017-05-21 18:14:21         ZIP    CHIPSET V 3.7.zip
2017-06-27 2017-06-27 19:55:59         RAR    CHIPSET V 3.7.rar
2017-07-14 2017-07-14 15:34:02         ZIP    X2 5.1 FULL VERSION - Whatsmy1name.zip
2017-07-15 2017-07-15 05:28:21         ZIP    CODEXULTIMO.zip
2017-11-08 2017-11-08 22:46:44         RAR    PACK CARDER PRO-By TalesHacking.rar
2020-11-25 2020-11-25 02:28:30         Win32 EXE    433dfe593fad09f50e88d22b039f8f80.virobj
2018-09-06 2018-09-06 22:52:07         Win32 EXE    8d62e6bef8820d5f36233f33f6dbcfd0.virobj
2017-11-25 2017-11-25 20:20:29         ZIP    X2 certified software.zip
2018-02-27 2018-02-27 06:03:47         ZIP    emvMX.zip
2017-09-29 2017-09-29 15:50:34         RAR    EMV 10.0.rar
2017-10-09 2017-10-09 04:39:42         RAR    CODEX BB.rar
2017-11-10 2017-11-10 00:41:46         Win32 EXE    Y:\_Pro\EMV_enc.exe
2017-10-17 2017-10-17 19:30:07         RAR    /1/e/0/e0f895f7741f20233aafb03669b5a0e686f5b42a86b1d9074d51b681d59cdaef.file
2017-12-30 2017-12-30 10:28:11         ZIP    EMVTRACK2CHIP SOFTWARES LATEST (2).zip
2017-12-30 2017-12-30 18:00:25         ZIP    Attachments-chipset.zip
2018-01-07 2018-01-07 14:52:55         ZIP    Attachments-chipset.zip
2018-01-08 2018-01-08 18:17:39         ZIP    emvMX.zip
2018-01-18 2018-01-18 17:11:13         RAR    GpShell.rar
2020-05-28 2020-05-28 22:37:01         ZIP    Emv Beta.zip
2016-06-25 2016-06-25 22:59:57         RAR    Chipset.rar
2016-06-26 2016-06-26 13:28:35         RAR    RB4.rar
2017-01-12 2017-01-12 02:03:05         RAR    EMV Writer.rar
2016-07-13 2016-07-13 20:29:35         RAR    ICCARD FOR MCR200 10 (1).rar


Randomly:
EMVTRACK2CHIP SOFTWARES LATEST (2).zip - da0e6e265b2f2065e496adbb0102a1ba070346d8cc9a2a2bfbb0559cc8cd6290

Contains a soft pack:
codex-by-codex:

basico.exe - 4315dc7f035defc18fb2ba12d47a8073fcfa4da7669b8d51fe6582c645edcbf5
BUTZ4Wj.png

Completo.exe - 83a640b8433fa5cbfec841e60e3c73ec65446d63a8f00c00143aa3dc1632b786
infected also with W32/Neshta-A.
nty8Afr.png

Debito Caixa.exe - ca949bfcc6a0113e4a5578c9db07f9f144eb42e257ae146879292b3577d14f5b
infected also with W32/Neshta-A.
Version without neshta: 64f245b5dbfc4de66c49234c11bd61643e844fefab689c2b1a5c9373ea31483e
RRQTzyo.png


Edited version of 'jcophiro':

Credit.exe - c23411deeec790e2dba37f4c49c7ecac3c867b7012431c9281ed748519eda65c
ljoogI3.png
exfiltrate also datas🙂

jcopenglish.exe - 1ecfd3755eba578108363c0705c6ec205972080739ed0fbd17439f8139ba7e08
8rn5el7.png
exfiltrate also datas 🙂

SmartCard GoldMetal:
new.exe - 8788ad1a19a4392017a91ed591ed516309234f3dfed4a869a17bd41604f79d7e
YK4vYVc.png

3D files of skimmers (lmao, what's up with that in the archive) 
dieb-frame.stp - 7557b8b24cc02c79f27bf9ba3a0b2b2638033a1e0d6e3891c427cff2d64190f5
new-ncr-flat.stp - e754a6987cb46640cddbce51cd3c757c934632ee5460f5b6bd92ca3e9bf34d68
new-ncr-flat-mouth.stp - fadccaf6f6306d671043702211a015f881a046c74b862c7857795514c2ac5ae7
N SelfServ-PAD.STEP - fc0333a3486f6863c5992b1116afb72a386171c2e0db10016a6316d7398e91aa
Zbqzy81.png


X1
x1.exe - 9df64f5124893961a78282f7e19573406ba19011f6baadac93ec59c93bfda72f
srvajFJ.png

Toronto (A renamed version of x1, protected by password)
here you will have also one jumpy boy to patch.
TorontoCard.exe - e3db277da551621b102ac5ee545e772aa25799fa941c1e06bbc69fe4142af7cf 0/56!
aUKLJUn.png
HRzGyQA.png

One last random archive for fun:
chipset_v3.rar - 4d116757da91009466c5b0f60827d6d2b3fb00e480ebcc01bdd5fb49d3eb8ec2:
Emv ChipSet.exe - cac8aca4f7d2ff399a73531f179691b6a2e2a1b93e957d0a16f75c4818312880
ffgTiX5.png

Voila, u da carder now.

What if we go on youtube, and looks in comments inside emv software videos?:
uDAjTXu.png
lol, seem legit.


Conclusion on this afternoon wasted looking for useless stuff:
Lots of lamers, and for some reason there are quite a few Castilians.
Carders like to do reshacking to rebrand smart-card reading/writing software
Most of emv softs are only used for calculations, many are ultimately only wrappers for GPShell.exe.

edit: just ran across a bigass zip: EMV SOFTWARE.rar - 48b204bd7d264459660054272b881fdf7847c6100c4bcb3a5dfee1603aeac59f (593.56 MB)

Xyl2k

Xyl2k

Someone on telegram intrigued me by telling me about software to read credit card chips, so here are some files that I got from the net.

The first software in question, on which I came across: "EMVStudio" belonging to emvstudio.com
If I look for the files on VT, it communicates with auth.emvstudio.com, I come across these 3 archives:

EMVStudio.rar - 1ba1fac55003d2c966f0071b2c126169254b35a38b4e2b913557c4fb0faadfdb
Contains  8d6dacff8a098b8d02202e8c6a4a65bbe20b332ba58d6165cca6f958187864c4
also a file named 'gp' who seem a config file.

emvstudio_v1.1.1.rar - 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
Contains  emvstudio_v1.1.2.exe - ce9187aa45f3f33e6f87a4dfcfa67308251970ca3d4e187bf9bb675c16942384
Contains also emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33
and card templates for the software.

emvstudio_v1.1.1 (2).rar - eb3e80bdc5d1120123530039c1ffa18bd3453813d78d1b8baf804d3efed1e7d7
Contains emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33


emvstudio_v1.1.3.exe - 7a0a07959f3629cafbcb8827715f931e533ba7894e8a3bc42df95fcfcc0bd584
EMVStudio version 1.1.3.
nB5hPuY.png


ShadeStudio.exe - 40ac2358207f582ee3051748f1b13811cbe9f9d23e78a4052eda847fafbb2f3b
ShadeStudio version 1.0
Telegram: @ShadeStudio
Looks a lot like EMV Studio.
wsKwdPY.png

ARQC TOOL PLUS.exe - e13c0b718728fc30762eb68e59d92308e0e66efa06b70fae1ea1f65e32d4344a
ARQC TOOL PLUS, version 1.0, skin windowsXP style.
telegram: BreezyDumps
mail: ceobreezy13@protonmail.com
Looks a lot like EMV Studio.
rOSxiyF.png

%TEMP%\ARQC TOOL PLUS.exe - 149df4a1412d557706d7c705beda6aa29180dd8a55644a35175c643b02cb9645
ARQC TOOL PLUS, version 1.0, skin windowsXP style, infected with W32/Neshta-A.
Telegram: BreezyDumps
Mail: ceobreezy13@protonmail.com
Looks a lot like EMV Studio.

emvstudio.exe - f8856c821ce0a221a2dffa3bde8f09110ec1c2e8f9c8c75f54b179be462af15e
Bundled file with malware 

ARQC TOOL PLUS..exe - 707570e7469b728ac3f48cd2055bfff92accb36b53a999efe69338dce9fa228b
Bundled file with malware 

emvstudio_v1.1.3cr.exe - 83262e3fbea3a3c373c706ff71864066d52acaf63affafc12b7da6d74b95e302
EMVStudio version 1.1.3, seem a cracked version.

emvstudio_unpacked.fixed1(2).exe - 52c89dbef55bd526def42ab9dbb04a2a02dac17cd4b4c0af7177ac61dd8f4297
EMVStudio version 1.1.3, seem a cracked version.

emvstudio_v1.1.3-cleaned1.exe - 050847f886f9df20c5d99a1cd2edffa478fedacaa433f7b17139fe66ab7b810a
EMVStudio version 1.1.3, seem a cracked version.

---
EXE contained in the above archives:

%HOME%\unpack\EMVStudio\EMVStudio.exe - 8d6dacff8a098b8d02202e8c6a4a65bbe20b332ba58d6165cca6f958187864c4
Can be found inside: (EMVStudio.rar - 1ba1fac55003d2c966f0071b2c126169254b35a38b4e2b913557c4fb0faadfdb)
EMVStudio Trial v1.0.
FxstAhB.png

%HOME%\unpack\emvstudio_v1.1.1\emvstudio_v1.1.1\emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33
Can be found inside: emvstudio_v1.1.1.rar - 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
And also inside: emvstudio_v1.1.1 (2).rar - eb3e80bdc5d1120123530039c1ffa18bd3453813d78d1b8baf804d3efed1e7d7
EMVStudio v1.1.1
mN1U8lC.png

emvstudio_v1.1.2.exe - ce9187aa45f3f33e6f87a4dfcfa67308251970ca3d4e187bf9bb675c16942384
Can be found inside: 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
EMVStudio v1.1.2
XItTlDi.png

After some more research:

Software matrix
matrix.exe - 87678c6dcf0065ffc487a284b9f79bd8c0815c5c621fc92f83df24393bfcc660
Don't ask me how it works.
K19AkNG.png

B.R Smart Card writer v9 Contained in RB4.rar - d290537982669a994598da5dc62b9242571c14d5b6a1f76c46a0e9110d5ac867
Contains a lot of stuff, older versions too.
As well as an X.exe (aea36d94e8a8deb91b0dbf84554e57b59d112c86a9261ac79d5cae9e9cb96bf8) protected by a password interface, which connects to dropbox to verify the pass (hxxps://dl.dropboxusercontent.com/uPASS.36t2211/) This file no longer exists, the only way is to patch the exe to open it.
vNeUAdi.png
8BDbKlY.png

Jcophiro (c0d11ed2eed0fef8d2f53920a1e12f667e03eafdb2d2941473d120e9e6f0e657)
75g4ilW.png
Funny thing on this one, it exfiltrate the infos to a server when you click 'gravar':
a6HKtho.png

X2
Found on a pack 'EMV.rar' ecad77d5394cb14611d8f643e29aa9744a02072b3fd2c9099af08947bc8a5b6e
Contains sub-archives with many files, *infected*

X2.exe - 66bb78f1d9a332522be0a1270b4ef4bb2bd6bba40609630ce63d1d603d19bfe7
Bundled with malware
xz2WuyG.png

X2G.exe - b5547482856a4ea39e4fb8274b2feef6c368f57d11dda77be32c6e4f8eb6d867
X2 Gold, Bundled with malware
pPvMwae.png

B.R Smart Card writer v9, Jcophiro, matrix, et X2, appears to be just GUIs for GPShell.exe (a communication software for smart card readers) 
-> https://github.com/sigma/globalplatform/tree/master/gpshell
GlobalPlatform is a standard for the management of the contents on a smart card.

GPShell.exe (33kb) - ba5e9041668257393ae28413f5099db5d12d7f48c239e8d19e9beda2036b31be

So.. what if we look directly for GPShell.exe?
We come across many archives (100+) we should expect to get X2 and cie. 

Quote

Scanned    Detections    Type    Name
2015-03-03 2015-03-03 20:38:15         RAR    gpshell.rar
2014-12-13 2014-12-13 21:06:03         ZIP    RB 4.0.zip
2015-07-25 2015-07-25 07:11:17         RAR    chip RB 5.rar
2016-07-07 2016-07-07 07:52:12         RAR    recurso.rar
2015-07-29 2015-07-29 19:46:49         ZIP    rb5 - Copy.zip
2015-10-10 2015-10-10 10:42:11         ZIP    Pen Rapaz1.zip
2015-07-03 2015-07-03 01:31:33         RAR    GPShell.rar
2018-11-18 2018-11-18 15:55:27         ZIP    chipset-full.zip
2015-07-03 2015-07-03 01:30:07         RAR    chip to EMV (7).rar
2020-06-06 2020-06-06 08:41:23         RAR    RB.rar
2016-01-06 2016-01-06 22:24:20         RAR    cchipset2.0.rar
2016-03-08 2016-03-08 02:25:48         RAR    chipset_v3.rar
2015-12-11 2015-12-11 16:40:01         ZIP    Conversor EMV chip tools.zip
2017-11-25 2017-11-25 20:32:51         RAR    Chipso.rar
2015-07-11 2015-07-11 17:59:47         RAR    AMEX.rar
2019-03-08 2019-03-08 11:33:51         ZIP    GPShell-1.4.4.zip
2015-07-20 2015-07-20 07:58:36         RAR    last.rar
2014-11-05 2014-11-05 23:26:39         RAR    BURN.rar
2015-11-22 2015-11-22 12:07:56         ZIP    Conversor EMV chip tools.zip
2015-11-03 2015-11-03 14:49:52         ZIP    Nova pasta (4).zip
2016-05-25 2016-05-25 11:00:36         ZIP    c-set.zip
2018-03-31 2018-03-31 07:54:13         RAR    c:\recurso.rar
2015-07-25 2015-07-25 18:43:56         ZIP    rb5.0.zip
2016-05-26 2016-05-26 18:33:54         ZIP    Chipset V2 Cracked.zip
2015-03-10 2015-03-10 02:47:29         RAR    CHANGER.rar
2017-04-23 2017-04-23 09:34:35         Win32 EXE    GPShell.exe
2015-01-27 2015-01-27 15:46:20         RAR    Gravador Caixa.rar
2017-03-02 2017-03-02 23:40:54         RAR    Pack - Especial de 2K Tazaah.rar
2015-08-26 2015-08-26 01:21:29         7ZIP    C:\Users\hp\Downloads\Files MSR2006.7z
2016-02-27 2016-02-27 16:24:07         ZIP    softuri.zip
2016-03-21 2016-03-21 01:22:55         ZIP    script debit (2).zip
2016-07-11 2016-07-11 17:10:36         RAR    Chip.rar
2014-12-12 2014-12-12 19:07:15         ZIP    Bradesco_Express_1.0.zip
2015-09-19 2015-09-19 18:31:21         ZIP    chp.zip
2015-07-22 2015-07-22 15:02:12         ZIP    engine.zip
2015-03-03 2015-03-03 15:40:09         ZIP    CODEX_bY_CODEX.zip
2015-08-03 2015-08-03 05:03:28         RAR    Debito-Cx.rar
2015-12-03 2015-12-03 08:04:11         ZIP    Track2ChipARQC.zip
2016-02-13 2016-02-13 00:32:03         RAR    EMV Writer.rar
2015-11-30 2015-11-30 10:38:23         JAR    /1/c/5/c5d9a9c34674d1feb37efb72601881e21542b63f101a25e1d89f213f2841b479.file
2016-11-08 2016-11-08 14:10:53         ZIP    ChipSoft.zip
2016-05-22 2016-05-22 04:55:27         RAR    FLAMIGO.rar
2016-02-20 2016-02-20 12:21:49         RAR    /1/0/d/0d68113a970e92ba7ceb1afc66c852fc3e3e2c1098643d51466f638c2776a494.file
2016-02-10 2016-02-10 15:45:17         RAR    EMV_Stuff_EMV2016.rar
2015-08-27 2015-08-27 20:57:09         ZIP    R.B. 6.0.zip
2015-06-06 2015-06-06 17:29:46         RAR    Codex.rar
2019-12-12 2019-12-12 01:46:33         ZIP    emv.zip
2015-09-28 2015-09-28 20:31:26         RAR    R.B6.0.rar
2016-05-17 2016-05-17 19:42:33         RAR    Debito X.rar
2015-10-10 2015-10-10 19:07:09         RAR    CODE BB betooooo.rar
2017-03-01 2017-03-01 11:02:06         RAR    R.B. 6.0.rar
2015-11-28 2015-11-28 04:23:45         RAR    ChipSET.rar
2016-02-02 2016-02-02 17:52:35         RAR    EMV CHIP.rar
2016-03-14 2016-03-14 07:33:18         ZIP    CARDING_EMV.zip
2014-11-21 2014-11-21 21:20:34         ZIP    EMV.zip
2015-12-03 2015-12-03 10:25:04         ZIP    chipset2.0.zip
2016-05-09 2016-05-09 19:42:42         RAR    GPShell.rar
2015-07-22 2015-07-22 22:08:58         ZIP    R.B 4.0.zip
2015-03-03 2015-03-03 15:41:07         RAR    GPShell.rar
2020-06-10 2020-06-10 01:43:58         7ZIP    B.R. Smart Card Writer.7z
2016-03-11 2016-03-11 23:41:44         RAR    R B-5.rar
2016-01-31 2016-01-31 05:00:59         RAR    CODEX bY CODEX BRANCO.rar
2016-05-26 2016-05-26 18:39:29         RAR    ChipSET.rar
2016-07-11 2016-07-11 06:43:24         RAR    FLAMIGO.rar
2016-03-14 2016-03-14 02:14:39         RAR    Conversor EMV chip tools.rar
2017-02-24 2017-02-24 03:41:20         ZIP    EMV_encode.zip
2017-07-14 2017-07-14 19:17:34         ZIP    RBXI.zip
2020-09-22 2020-09-22 06:39:06         Win32 EXE    EMV ReaderWriter v8.6.exe
2017-03-12 2017-03-12 13:27:49         RAR    GPShellCHANGER.rar
2020-06-09 2020-06-09 03:35:34         Win32 EXE    RB 4.0 3.exe
2017-03-14 2017-03-14 17:02:50         RAR    codex gp shell e mais cabeças.rar
2020-09-24 2020-09-24 16:15:18         Win32 EXE    braemvxox.exe
2017-05-05 2017-05-05 16:42:45         RAR    Dr.Heisenberg? ?? RB4??.rar
2019-07-22 2019-07-22 21:36:30         Win32 EXE    EMV ReaderWriter v8.6.exe
2017-05-16 2017-05-16 00:47:06         RAR    EMVToolslite.rar
2017-05-21 2017-05-21 14:10:59         ZIP    EMV Software.zip
2017-05-21 2017-05-21 18:10:09         ZIP    RB 4.0.zip
2017-05-21 2017-05-21 18:14:21         ZIP    CHIPSET V 3.7.zip
2017-06-27 2017-06-27 19:55:59         RAR    CHIPSET V 3.7.rar
2017-07-14 2017-07-14 15:34:02         ZIP    X2 5.1 FULL VERSION - Whatsmy1name.zip
2017-07-15 2017-07-15 05:28:21         ZIP    CODEXULTIMO.zip
2017-11-08 2017-11-08 22:46:44         RAR    PACK CARDER PRO-By TalesHacking.rar
2020-11-25 2020-11-25 02:28:30         Win32 EXE    433dfe593fad09f50e88d22b039f8f80.virobj
2018-09-06 2018-09-06 22:52:07         Win32 EXE    8d62e6bef8820d5f36233f33f6dbcfd0.virobj
2017-11-25 2017-11-25 20:20:29         ZIP    X2 certified software.zip
2018-02-27 2018-02-27 06:03:47         ZIP    emvMX.zip
2017-09-29 2017-09-29 15:50:34         RAR    EMV 10.0.rar
2017-10-09 2017-10-09 04:39:42         RAR    CODEX BB.rar
2017-11-10 2017-11-10 00:41:46         Win32 EXE    Y:\_Pro\EMV_enc.exe
2017-10-17 2017-10-17 19:30:07         RAR    /1/e/0/e0f895f7741f20233aafb03669b5a0e686f5b42a86b1d9074d51b681d59cdaef.file
2017-12-30 2017-12-30 10:28:11         ZIP    EMVTRACK2CHIP SOFTWARES LATEST (2).zip
2017-12-30 2017-12-30 18:00:25         ZIP    Attachments-chipset.zip
2018-01-07 2018-01-07 14:52:55         ZIP    Attachments-chipset.zip
2018-01-08 2018-01-08 18:17:39         ZIP    emvMX.zip
2018-01-18 2018-01-18 17:11:13         RAR    GpShell.rar
2020-05-28 2020-05-28 22:37:01         ZIP    Emv Beta.zip
2016-06-25 2016-06-25 22:59:57         RAR    Chipset.rar
2016-06-26 2016-06-26 13:28:35         RAR    RB4.rar
2017-01-12 2017-01-12 02:03:05         RAR    EMV Writer.rar
2016-07-13 2016-07-13 20:29:35         RAR    ICCARD FOR MCR200 10 (1).rar


Randomly:
EMVTRACK2CHIP SOFTWARES LATEST (2).zip - da0e6e265b2f2065e496adbb0102a1ba070346d8cc9a2a2bfbb0559cc8cd6290

Contains a soft pack:
codex-by-codex:

basico.exe - 4315dc7f035defc18fb2ba12d47a8073fcfa4da7669b8d51fe6582c645edcbf5
BUTZ4Wj.png

Completo.exe - 83a640b8433fa5cbfec841e60e3c73ec65446d63a8f00c00143aa3dc1632b786
infected also with W32/Neshta-A.
nty8Afr.png

Debito Caixa.exe - ca949bfcc6a0113e4a5578c9db07f9f144eb42e257ae146879292b3577d14f5b
infected also with W32/Neshta-A.
Version without neshta: 64f245b5dbfc4de66c49234c11bd61643e844fefab689c2b1a5c9373ea31483e
RRQTzyo.png


Edited version of 'jcophiro':

Credit.exe - c23411deeec790e2dba37f4c49c7ecac3c867b7012431c9281ed748519eda65c
ljoogI3.png
exfiltrate also datas🙂

jcopenglish.exe - 1ecfd3755eba578108363c0705c6ec205972080739ed0fbd17439f8139ba7e08
8rn5el7.png
exfiltrate also datas 🙂

SmartCard GoldMetal:
new.exe - 8788ad1a19a4392017a91ed591ed516309234f3dfed4a869a17bd41604f79d7e
YK4vYVc.png

3D files of skimmers (lmao, what's up with that in the archive) 
dieb-frame.stp - 7557b8b24cc02c79f27bf9ba3a0b2b2638033a1e0d6e3891c427cff2d64190f5
new-ncr-flat.stp - e754a6987cb46640cddbce51cd3c757c934632ee5460f5b6bd92ca3e9bf34d68
new-ncr-flat-mouth.stp - fadccaf6f6306d671043702211a015f881a046c74b862c7857795514c2ac5ae7
N SelfServ-PAD.STEP - fc0333a3486f6863c5992b1116afb72a386171c2e0db10016a6316d7398e91aa
Zbqzy81.png


X1
x1.exe - 9df64f5124893961a78282f7e19573406ba19011f6baadac93ec59c93bfda72f
srvajFJ.png

Toronto (A renamed version of x1, protected by password)
here you will have also one jumpy boy to patch.
TorontoCard.exe - e3db277da551621b102ac5ee545e772aa25799fa941c1e06bbc69fe4142af7cf 0/56!
aUKLJUn.png
HRzGyQA.png

One last random archive for fun:
chipset_v3.rar - 4d116757da91009466c5b0f60827d6d2b3fb00e480ebcc01bdd5fb49d3eb8ec2:
Emv ChipSet.exe - cac8aca4f7d2ff399a73531f179691b6a2e2a1b93e957d0a16f75c4818312880
ffgTiX5.png

Voila, u da carder now.

What if we go on youtube, and looks in comments inside emv software videos?:
uDAjTXu.png
lol, seem legit.


Conclusion on this afternoon wasted looking for useless stuff:
Lots of lamers, and for some reason there are quite a few Castilians.
Carders like to do reshacking to rebrand smart-card reading/writing software
Most of emv softs are only used for calculations, many are ultimately only wrappers for GPShell.exe.

Xyl2k

Xyl2k

Someone on telegram intrigued me by telling me about software to read credit card chips, so here are some files that I got from the net.

The first software in question, on which I came across: "EMVStudio" belonging to emvstudio.com
If I look for the files on VT, it communicates with auth.emvstudio.com, I come across these 3 archives:

EMVStudio.rar - 1ba1fac55003d2c966f0071b2c126169254b35a38b4e2b913557c4fb0faadfdb
Contains  8d6dacff8a098b8d02202e8c6a4a65bbe20b332ba58d6165cca6f958187864c4
also a file named 'gp' who seem a config file.

emvstudio_v1.1.1.rar - 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
Contains  emvstudio_v1.1.2.exe - ce9187aa45f3f33e6f87a4dfcfa67308251970ca3d4e187bf9bb675c16942384
Contains also emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33
and card templates for the software.

emvstudio_v1.1.1 (2).rar - eb3e80bdc5d1120123530039c1ffa18bd3453813d78d1b8baf804d3efed1e7d7
Contains emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33


emvstudio_v1.1.3.exe - 7a0a07959f3629cafbcb8827715f931e533ba7894e8a3bc42df95fcfcc0bd584
EMVStudio version 1.1.3.
nB5hPuY.png


ShadeStudio.exe - 40ac2358207f582ee3051748f1b13811cbe9f9d23e78a4052eda847fafbb2f3b
ShadeStudio version 1.0
Telegram: @ShadeStudio
Looks a lot like EMV Studio.
wsKwdPY.png

ARQC TOOL PLUS.exe - e13c0b718728fc30762eb68e59d92308e0e66efa06b70fae1ea1f65e32d4344a
ARQC TOOL PLUS, version 1.0, skin windowsXP style.
telegram: BreezyDumps
mail: ceobreezy13@protonmail.com
Looks a lot like EMV Studio.
rOSxiyF.png

%TEMP%\ARQC TOOL PLUS.exe - 149df4a1412d557706d7c705beda6aa29180dd8a55644a35175c643b02cb9645
ARQC TOOL PLUS, version 1.0, skin windowsXP style, infected with W32/Neshta-A.
Telegram: BreezyDumps
Mail: ceobreezy13@protonmail.com
Looks a lot like EMV Studio.

emvstudio.exe - f8856c821ce0a221a2dffa3bde8f09110ec1c2e8f9c8c75f54b179be462af15e
Bundled file with malware 

ARQC TOOL PLUS..exe - 707570e7469b728ac3f48cd2055bfff92accb36b53a999efe69338dce9fa228b
Bundled file with malware 

emvstudio_v1.1.3cr.exe - 83262e3fbea3a3c373c706ff71864066d52acaf63affafc12b7da6d74b95e302
EMVStudio version 1.1.3, seem a cracked version.

emvstudio_unpacked.fixed1(2).exe - 52c89dbef55bd526def42ab9dbb04a2a02dac17cd4b4c0af7177ac61dd8f4297
EMVStudio version 1.1.3, seem a cracked version.

emvstudio_v1.1.3-cleaned1.exe - 050847f886f9df20c5d99a1cd2edffa478fedacaa433f7b17139fe66ab7b810a
EMVStudio version 1.1.3, seem a cracked version.

---
EXE contained in the above archives:

%HOME%\unpack\EMVStudio\EMVStudio.exe - 8d6dacff8a098b8d02202e8c6a4a65bbe20b332ba58d6165cca6f958187864c4
Can be found inside: (EMVStudio.rar - 1ba1fac55003d2c966f0071b2c126169254b35a38b4e2b913557c4fb0faadfdb)
EMVStudio Trial v1.0.
FxstAhB.png

%HOME%\unpack\emvstudio_v1.1.1\emvstudio_v1.1.1\emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33
Can be found inside: emvstudio_v1.1.1.rar - 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
And also inside: emvstudio_v1.1.1 (2).rar - eb3e80bdc5d1120123530039c1ffa18bd3453813d78d1b8baf804d3efed1e7d7
EMVStudio v1.1.1, no trace of Neshta-A in this one, but i don't guarantly the cleanliness of the file.
mN1U8lC.png

emvstudio_v1.1.2.exe - ce9187aa45f3f33e6f87a4dfcfa67308251970ca3d4e187bf9bb675c16942384
Can be found inside: 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
EMVStudio v1.1.2, no trace of Neshta-A in this one too.
XItTlDi.png

After some more research:

Software matrix
matrix.exe - 87678c6dcf0065ffc487a284b9f79bd8c0815c5c621fc92f83df24393bfcc660
Don't ask me how it works.
K19AkNG.png

B.R Smart Card writer v9 Contained in RB4.rar - d290537982669a994598da5dc62b9242571c14d5b6a1f76c46a0e9110d5ac867
Contains a lot of stuff, older versions too.
As well as an X.exe (aea36d94e8a8deb91b0dbf84554e57b59d112c86a9261ac79d5cae9e9cb96bf8) protected by a password interface, which connects to dropbox to verify the pass (hxxps://dl.dropboxusercontent.com/uPASS.36t2211/) This file no longer exists, the only way is to patch the exe to open it.
vNeUAdi.png
8BDbKlY.png

Jcophiro (c0d11ed2eed0fef8d2f53920a1e12f667e03eafdb2d2941473d120e9e6f0e657)
75g4ilW.png
Funny thing on this one, it exfiltrate the infos to a server when you click 'gravar':
a6HKtho.png

X2
Found on a pack 'EMV.rar' ecad77d5394cb14611d8f643e29aa9744a02072b3fd2c9099af08947bc8a5b6e
Contains sub-archives with many files, *infected*

X2.exe - 66bb78f1d9a332522be0a1270b4ef4bb2bd6bba40609630ce63d1d603d19bfe7
Bundled with malware
xz2WuyG.png

X2G.exe - b5547482856a4ea39e4fb8274b2feef6c368f57d11dda77be32c6e4f8eb6d867
X2 Gold, Bundled with malware
pPvMwae.png

B.R Smart Card writer v9, Jcophiro, matrix, et X2, appears to be just GUIs for GPShell.exe (a communication software for smart card readers) 
-> https://github.com/sigma/globalplatform/tree/master/gpshell
GlobalPlatform is a standard for the management of the contents on a smart card.

GPShell.exe (33kb) - ba5e9041668257393ae28413f5099db5d12d7f48c239e8d19e9beda2036b31be

So.. what if we look directly for GPShell.exe?
We come across many archives (100+) we should expect to get X2 and cie. 

Quote

Scanned    Detections    Type    Name
2015-03-03 2015-03-03 20:38:15         RAR    gpshell.rar
2014-12-13 2014-12-13 21:06:03         ZIP    RB 4.0.zip
2015-07-25 2015-07-25 07:11:17         RAR    chip RB 5.rar
2016-07-07 2016-07-07 07:52:12         RAR    recurso.rar
2015-07-29 2015-07-29 19:46:49         ZIP    rb5 - Copy.zip
2015-10-10 2015-10-10 10:42:11         ZIP    Pen Rapaz1.zip
2015-07-03 2015-07-03 01:31:33         RAR    GPShell.rar
2018-11-18 2018-11-18 15:55:27         ZIP    chipset-full.zip
2015-07-03 2015-07-03 01:30:07         RAR    chip to EMV (7).rar
2020-06-06 2020-06-06 08:41:23         RAR    RB.rar
2016-01-06 2016-01-06 22:24:20         RAR    cchipset2.0.rar
2016-03-08 2016-03-08 02:25:48         RAR    chipset_v3.rar
2015-12-11 2015-12-11 16:40:01         ZIP    Conversor EMV chip tools.zip
2017-11-25 2017-11-25 20:32:51         RAR    Chipso.rar
2015-07-11 2015-07-11 17:59:47         RAR    AMEX.rar
2019-03-08 2019-03-08 11:33:51         ZIP    GPShell-1.4.4.zip
2015-07-20 2015-07-20 07:58:36         RAR    last.rar
2014-11-05 2014-11-05 23:26:39         RAR    BURN.rar
2015-11-22 2015-11-22 12:07:56         ZIP    Conversor EMV chip tools.zip
2015-11-03 2015-11-03 14:49:52         ZIP    Nova pasta (4).zip
2016-05-25 2016-05-25 11:00:36         ZIP    c-set.zip
2018-03-31 2018-03-31 07:54:13         RAR    c:\recurso.rar
2015-07-25 2015-07-25 18:43:56         ZIP    rb5.0.zip
2016-05-26 2016-05-26 18:33:54         ZIP    Chipset V2 Cracked.zip
2015-03-10 2015-03-10 02:47:29         RAR    CHANGER.rar
2017-04-23 2017-04-23 09:34:35         Win32 EXE    GPShell.exe
2015-01-27 2015-01-27 15:46:20         RAR    Gravador Caixa.rar
2017-03-02 2017-03-02 23:40:54         RAR    Pack - Especial de 2K Tazaah.rar
2015-08-26 2015-08-26 01:21:29         7ZIP    C:\Users\hp\Downloads\Files MSR2006.7z
2016-02-27 2016-02-27 16:24:07         ZIP    softuri.zip
2016-03-21 2016-03-21 01:22:55         ZIP    script debit (2).zip
2016-07-11 2016-07-11 17:10:36         RAR    Chip.rar
2014-12-12 2014-12-12 19:07:15         ZIP    Bradesco_Express_1.0.zip
2015-09-19 2015-09-19 18:31:21         ZIP    chp.zip
2015-07-22 2015-07-22 15:02:12         ZIP    engine.zip
2015-03-03 2015-03-03 15:40:09         ZIP    CODEX_bY_CODEX.zip
2015-08-03 2015-08-03 05:03:28         RAR    Debito-Cx.rar
2015-12-03 2015-12-03 08:04:11         ZIP    Track2ChipARQC.zip
2016-02-13 2016-02-13 00:32:03         RAR    EMV Writer.rar
2015-11-30 2015-11-30 10:38:23         JAR    /1/c/5/c5d9a9c34674d1feb37efb72601881e21542b63f101a25e1d89f213f2841b479.file
2016-11-08 2016-11-08 14:10:53         ZIP    ChipSoft.zip
2016-05-22 2016-05-22 04:55:27         RAR    FLAMIGO.rar
2016-02-20 2016-02-20 12:21:49         RAR    /1/0/d/0d68113a970e92ba7ceb1afc66c852fc3e3e2c1098643d51466f638c2776a494.file
2016-02-10 2016-02-10 15:45:17         RAR    EMV_Stuff_EMV2016.rar
2015-08-27 2015-08-27 20:57:09         ZIP    R.B. 6.0.zip
2015-06-06 2015-06-06 17:29:46         RAR    Codex.rar
2019-12-12 2019-12-12 01:46:33         ZIP    emv.zip
2015-09-28 2015-09-28 20:31:26         RAR    R.B6.0.rar
2016-05-17 2016-05-17 19:42:33         RAR    Debito X.rar
2015-10-10 2015-10-10 19:07:09         RAR    CODE BB betooooo.rar
2017-03-01 2017-03-01 11:02:06         RAR    R.B. 6.0.rar
2015-11-28 2015-11-28 04:23:45         RAR    ChipSET.rar
2016-02-02 2016-02-02 17:52:35         RAR    EMV CHIP.rar
2016-03-14 2016-03-14 07:33:18         ZIP    CARDING_EMV.zip
2014-11-21 2014-11-21 21:20:34         ZIP    EMV.zip
2015-12-03 2015-12-03 10:25:04         ZIP    chipset2.0.zip
2016-05-09 2016-05-09 19:42:42         RAR    GPShell.rar
2015-07-22 2015-07-22 22:08:58         ZIP    R.B 4.0.zip
2015-03-03 2015-03-03 15:41:07         RAR    GPShell.rar
2020-06-10 2020-06-10 01:43:58         7ZIP    B.R. Smart Card Writer.7z
2016-03-11 2016-03-11 23:41:44         RAR    R B-5.rar
2016-01-31 2016-01-31 05:00:59         RAR    CODEX bY CODEX BRANCO.rar
2016-05-26 2016-05-26 18:39:29         RAR    ChipSET.rar
2016-07-11 2016-07-11 06:43:24         RAR    FLAMIGO.rar
2016-03-14 2016-03-14 02:14:39         RAR    Conversor EMV chip tools.rar
2017-02-24 2017-02-24 03:41:20         ZIP    EMV_encode.zip
2017-07-14 2017-07-14 19:17:34         ZIP    RBXI.zip
2020-09-22 2020-09-22 06:39:06         Win32 EXE    EMV ReaderWriter v8.6.exe
2017-03-12 2017-03-12 13:27:49         RAR    GPShellCHANGER.rar
2020-06-09 2020-06-09 03:35:34         Win32 EXE    RB 4.0 3.exe
2017-03-14 2017-03-14 17:02:50         RAR    codex gp shell e mais cabeças.rar
2020-09-24 2020-09-24 16:15:18         Win32 EXE    braemvxox.exe
2017-05-05 2017-05-05 16:42:45         RAR    Dr.Heisenberg? ?? RB4??.rar
2019-07-22 2019-07-22 21:36:30         Win32 EXE    EMV ReaderWriter v8.6.exe
2017-05-16 2017-05-16 00:47:06         RAR    EMVToolslite.rar
2017-05-21 2017-05-21 14:10:59         ZIP    EMV Software.zip
2017-05-21 2017-05-21 18:10:09         ZIP    RB 4.0.zip
2017-05-21 2017-05-21 18:14:21         ZIP    CHIPSET V 3.7.zip
2017-06-27 2017-06-27 19:55:59         RAR    CHIPSET V 3.7.rar
2017-07-14 2017-07-14 15:34:02         ZIP    X2 5.1 FULL VERSION - Whatsmy1name.zip
2017-07-15 2017-07-15 05:28:21         ZIP    CODEXULTIMO.zip
2017-11-08 2017-11-08 22:46:44         RAR    PACK CARDER PRO-By TalesHacking.rar
2020-11-25 2020-11-25 02:28:30         Win32 EXE    433dfe593fad09f50e88d22b039f8f80.virobj
2018-09-06 2018-09-06 22:52:07         Win32 EXE    8d62e6bef8820d5f36233f33f6dbcfd0.virobj
2017-11-25 2017-11-25 20:20:29         ZIP    X2 certified software.zip
2018-02-27 2018-02-27 06:03:47         ZIP    emvMX.zip
2017-09-29 2017-09-29 15:50:34         RAR    EMV 10.0.rar
2017-10-09 2017-10-09 04:39:42         RAR    CODEX BB.rar
2017-11-10 2017-11-10 00:41:46         Win32 EXE    Y:\_Pro\EMV_enc.exe
2017-10-17 2017-10-17 19:30:07         RAR    /1/e/0/e0f895f7741f20233aafb03669b5a0e686f5b42a86b1d9074d51b681d59cdaef.file
2017-12-30 2017-12-30 10:28:11         ZIP    EMVTRACK2CHIP SOFTWARES LATEST (2).zip
2017-12-30 2017-12-30 18:00:25         ZIP    Attachments-chipset.zip
2018-01-07 2018-01-07 14:52:55         ZIP    Attachments-chipset.zip
2018-01-08 2018-01-08 18:17:39         ZIP    emvMX.zip
2018-01-18 2018-01-18 17:11:13         RAR    GpShell.rar
2020-05-28 2020-05-28 22:37:01         ZIP    Emv Beta.zip
2016-06-25 2016-06-25 22:59:57         RAR    Chipset.rar
2016-06-26 2016-06-26 13:28:35         RAR    RB4.rar
2017-01-12 2017-01-12 02:03:05         RAR    EMV Writer.rar
2016-07-13 2016-07-13 20:29:35         RAR    ICCARD FOR MCR200 10 (1).rar


Randomly:
EMVTRACK2CHIP SOFTWARES LATEST (2).zip - da0e6e265b2f2065e496adbb0102a1ba070346d8cc9a2a2bfbb0559cc8cd6290

Contains a soft pack:
codex-by-codex:

basico.exe - 4315dc7f035defc18fb2ba12d47a8073fcfa4da7669b8d51fe6582c645edcbf5
BUTZ4Wj.png

Completo.exe - 83a640b8433fa5cbfec841e60e3c73ec65446d63a8f00c00143aa3dc1632b786
infected also with W32/Neshta-A.
nty8Afr.png

Debito Caixa.exe - ca949bfcc6a0113e4a5578c9db07f9f144eb42e257ae146879292b3577d14f5b
infected also with W32/Neshta-A.
Version without neshta: 64f245b5dbfc4de66c49234c11bd61643e844fefab689c2b1a5c9373ea31483e
RRQTzyo.png


Edited version of 'jcophiro':

Credit.exe - c23411deeec790e2dba37f4c49c7ecac3c867b7012431c9281ed748519eda65c
ljoogI3.png
exfiltrate also datas🙂

jcopenglish.exe - 1ecfd3755eba578108363c0705c6ec205972080739ed0fbd17439f8139ba7e08
8rn5el7.png
exfiltrate also datas 🙂

SmartCard GoldMetal:
new.exe - 8788ad1a19a4392017a91ed591ed516309234f3dfed4a869a17bd41604f79d7e
YK4vYVc.png

3D files of skimmers (lmao, what's up with that in the archive) 
dieb-frame.stp - 7557b8b24cc02c79f27bf9ba3a0b2b2638033a1e0d6e3891c427cff2d64190f5
new-ncr-flat.stp - e754a6987cb46640cddbce51cd3c757c934632ee5460f5b6bd92ca3e9bf34d68
new-ncr-flat-mouth.stp - fadccaf6f6306d671043702211a015f881a046c74b862c7857795514c2ac5ae7
N SelfServ-PAD.STEP - fc0333a3486f6863c5992b1116afb72a386171c2e0db10016a6316d7398e91aa
Zbqzy81.png


X1
x1.exe - 9df64f5124893961a78282f7e19573406ba19011f6baadac93ec59c93bfda72f
srvajFJ.png

Toronto (A renamed version of x1, protected by password)
here you will have also one jumpy boy to patch.
TorontoCard.exe - e3db277da551621b102ac5ee545e772aa25799fa941c1e06bbc69fe4142af7cf 0/56!
aUKLJUn.png
HRzGyQA.png

One last random archive for fun:
chipset_v3.rar - 4d116757da91009466c5b0f60827d6d2b3fb00e480ebcc01bdd5fb49d3eb8ec2:
Emv ChipSet.exe - cac8aca4f7d2ff399a73531f179691b6a2e2a1b93e957d0a16f75c4818312880
ffgTiX5.png

Voila, u da carder now.

What if we go on youtube, and looks in comments inside emv software videos?:
uDAjTXu.png
lol, seem legit.


Conclusion on this afternoon wasted looking for useless stuff:
Lots of lamers, and for some reason there are quite a few Castilians.
Carders like to do reshacking to rebrand smart-card reading/writing software
Most of emv softs are only used for calculations, many are ultimately only wrappers for GPShell.exe.

Xyl2k

Xyl2k

Someone on telegram intrigued me by telling me about software to read credit card chips, so here are some files that I got from the net.

The first software in question, on which I came across: "EMVStudio" belonging to emvstudio.com
If I look for the files on VT, it communicates with auth.emvstudio.com, I come across these 3 archives:

EMVStudio.rar - 1ba1fac55003d2c966f0071b2c126169254b35a38b4e2b913557c4fb0faadfdb
Contains  8d6dacff8a098b8d02202e8c6a4a65bbe20b332ba58d6165cca6f958187864c4
also a file named 'gp' who seem a config file.

emvstudio_v1.1.1.rar - 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
Contains  emvstudio_v1.1.2.exe - ce9187aa45f3f33e6f87a4dfcfa67308251970ca3d4e187bf9bb675c16942384
Contains also emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33
and card templates for the software.

emvstudio_v1.1.1 (2).rar - eb3e80bdc5d1120123530039c1ffa18bd3453813d78d1b8baf804d3efed1e7d7
Contains emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33


emvstudio_v1.1.3.exe - 7a0a07959f3629cafbcb8827715f931e533ba7894e8a3bc42df95fcfcc0bd584
EMVStudio version 1.1.3, infected with W32/Neshta-A.
nB5hPuY.png


ShadeStudio.exe - 40ac2358207f582ee3051748f1b13811cbe9f9d23e78a4052eda847fafbb2f3b
ShadeStudio version 1.0, infected with W32/Neshta-A.
Telegram: @ShadeStudio
Looks a lot like EMV Studio.
wsKwdPY.png

ARQC TOOL PLUS.exe - e13c0b718728fc30762eb68e59d92308e0e66efa06b70fae1ea1f65e32d4344a
ARQC TOOL PLUS, version 1.0, skin windowsXP style, infected with W32/Neshta-A.
telegram: BreezyDumps
mail: ceobreezy13@protonmail.com
Looks a lot like EMV Studio.
rOSxiyF.png

%TEMP%\ARQC TOOL PLUS.exe - 149df4a1412d557706d7c705beda6aa29180dd8a55644a35175c643b02cb9645
ARQC TOOL PLUS, version 1.0, skin windowsXP style, infected with W32/Neshta-A.
Telegram: BreezyDumps
Mail: ceobreezy13@protonmail.com
Looks a lot like EMV Studio.

emvstudio.exe - f8856c821ce0a221a2dffa3bde8f09110ec1c2e8f9c8c75f54b179be462af15e
Bundled file with malware 

ARQC TOOL PLUS..exe - 707570e7469b728ac3f48cd2055bfff92accb36b53a999efe69338dce9fa228b
Bundled file with malware 

emvstudio_v1.1.3cr.exe - 83262e3fbea3a3c373c706ff71864066d52acaf63affafc12b7da6d74b95e302
EMVStudio version 1.1.3, seem a cracked version, infected also with W32/Neshta-A, drop fd43aef88e169c718a93920b35b4d62131372b66793f05ea756fce7645812435

emvstudio_unpacked.fixed1(2).exe - 52c89dbef55bd526def42ab9dbb04a2a02dac17cd4b4c0af7177ac61dd8f4297
EMVStudio version 1.1.3, seem a cracked version, infected also with W32/Neshta-A.

emvstudio_v1.1.3-cleaned1.exe - 050847f886f9df20c5d99a1cd2edffa478fedacaa433f7b17139fe66ab7b810a
EMVStudio version 1.1.3, seem a cracked version, infected also with W32/Neshta-A.

---
EXE contained in the above archives:

%HOME%\unpack\EMVStudio\EMVStudio.exe - 8d6dacff8a098b8d02202e8c6a4a65bbe20b332ba58d6165cca6f958187864c4
Can be found inside: (EMVStudio.rar - 1ba1fac55003d2c966f0071b2c126169254b35a38b4e2b913557c4fb0faadfdb)
EMVStudio Trial v1.0, infected also with W32/Neshta-A.
FxstAhB.png

%HOME%\unpack\emvstudio_v1.1.1\emvstudio_v1.1.1\emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33
Can be found inside: emvstudio_v1.1.1.rar - 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
And also inside: emvstudio_v1.1.1 (2).rar - eb3e80bdc5d1120123530039c1ffa18bd3453813d78d1b8baf804d3efed1e7d7
EMVStudio v1.1.1, no trace of Neshta-A in this one, but i don't guarantly the cleanliness of the file.
mN1U8lC.png

emvstudio_v1.1.2.exe - ce9187aa45f3f33e6f87a4dfcfa67308251970ca3d4e187bf9bb675c16942384
Can be found inside: 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
EMVStudio v1.1.2, no trace of Neshta-A in this one too.
XItTlDi.png

After some more research:

Software matrix
matrix.exe - 87678c6dcf0065ffc487a284b9f79bd8c0815c5c621fc92f83df24393bfcc660
Don't ask me how it works.
K19AkNG.png

B.R Smart Card writer v9 Contained in RB4.rar - d290537982669a994598da5dc62b9242571c14d5b6a1f76c46a0e9110d5ac867
Contains a lot of stuff, older versions too.
As well as an X.exe (aea36d94e8a8deb91b0dbf84554e57b59d112c86a9261ac79d5cae9e9cb96bf8) protected by a password interface, which connects to dropbox to verify the pass (hxxps://dl.dropboxusercontent.com/uPASS.36t2211/) This file no longer exists, the only way is to patch the exe to open it.
vNeUAdi.png
8BDbKlY.png

Jcophiro (c0d11ed2eed0fef8d2f53920a1e12f667e03eafdb2d2941473d120e9e6f0e657)
75g4ilW.png
Funny thing on this one, it exfiltrate the infos to a server when you click 'gravar':
a6HKtho.png

X2
Found on a pack 'EMV.rar' ecad77d5394cb14611d8f643e29aa9744a02072b3fd2c9099af08947bc8a5b6e
Contains sub-archives with many files, *infected*

X2.exe - 66bb78f1d9a332522be0a1270b4ef4bb2bd6bba40609630ce63d1d603d19bfe7
Bundled with malware
xz2WuyG.png

X2G.exe - b5547482856a4ea39e4fb8274b2feef6c368f57d11dda77be32c6e4f8eb6d867
X2 Gold, Bundled with malware
pPvMwae.png

B.R Smart Card writer v9, Jcophiro, matrix, et X2, appears to be just GUIs for GPShell.exe (a communication software for smart card readers) 
-> https://github.com/sigma/globalplatform/tree/master/gpshell
GlobalPlatform is a standard for the management of the contents on a smart card.

GPShell.exe (33kb) - ba5e9041668257393ae28413f5099db5d12d7f48c239e8d19e9beda2036b31be

So.. what if we look directly for GPShell.exe?
We come across many archives (100+) we should expect to get X2 and cie. 

Quote

Scanned    Detections    Type    Name
2015-03-03 2015-03-03 20:38:15         RAR    gpshell.rar
2014-12-13 2014-12-13 21:06:03         ZIP    RB 4.0.zip
2015-07-25 2015-07-25 07:11:17         RAR    chip RB 5.rar
2016-07-07 2016-07-07 07:52:12         RAR    recurso.rar
2015-07-29 2015-07-29 19:46:49         ZIP    rb5 - Copy.zip
2015-10-10 2015-10-10 10:42:11         ZIP    Pen Rapaz1.zip
2015-07-03 2015-07-03 01:31:33         RAR    GPShell.rar
2018-11-18 2018-11-18 15:55:27         ZIP    chipset-full.zip
2015-07-03 2015-07-03 01:30:07         RAR    chip to EMV (7).rar
2020-06-06 2020-06-06 08:41:23         RAR    RB.rar
2016-01-06 2016-01-06 22:24:20         RAR    cchipset2.0.rar
2016-03-08 2016-03-08 02:25:48         RAR    chipset_v3.rar
2015-12-11 2015-12-11 16:40:01         ZIP    Conversor EMV chip tools.zip
2017-11-25 2017-11-25 20:32:51         RAR    Chipso.rar
2015-07-11 2015-07-11 17:59:47         RAR    AMEX.rar
2019-03-08 2019-03-08 11:33:51         ZIP    GPShell-1.4.4.zip
2015-07-20 2015-07-20 07:58:36         RAR    last.rar
2014-11-05 2014-11-05 23:26:39         RAR    BURN.rar
2015-11-22 2015-11-22 12:07:56         ZIP    Conversor EMV chip tools.zip
2015-11-03 2015-11-03 14:49:52         ZIP    Nova pasta (4).zip
2016-05-25 2016-05-25 11:00:36         ZIP    c-set.zip
2018-03-31 2018-03-31 07:54:13         RAR    c:\recurso.rar
2015-07-25 2015-07-25 18:43:56         ZIP    rb5.0.zip
2016-05-26 2016-05-26 18:33:54         ZIP    Chipset V2 Cracked.zip
2015-03-10 2015-03-10 02:47:29         RAR    CHANGER.rar
2017-04-23 2017-04-23 09:34:35         Win32 EXE    GPShell.exe
2015-01-27 2015-01-27 15:46:20         RAR    Gravador Caixa.rar
2017-03-02 2017-03-02 23:40:54         RAR    Pack - Especial de 2K Tazaah.rar
2015-08-26 2015-08-26 01:21:29         7ZIP    C:\Users\hp\Downloads\Files MSR2006.7z
2016-02-27 2016-02-27 16:24:07         ZIP    softuri.zip
2016-03-21 2016-03-21 01:22:55         ZIP    script debit (2).zip
2016-07-11 2016-07-11 17:10:36         RAR    Chip.rar
2014-12-12 2014-12-12 19:07:15         ZIP    Bradesco_Express_1.0.zip
2015-09-19 2015-09-19 18:31:21         ZIP    chp.zip
2015-07-22 2015-07-22 15:02:12         ZIP    engine.zip
2015-03-03 2015-03-03 15:40:09         ZIP    CODEX_bY_CODEX.zip
2015-08-03 2015-08-03 05:03:28         RAR    Debito-Cx.rar
2015-12-03 2015-12-03 08:04:11         ZIP    Track2ChipARQC.zip
2016-02-13 2016-02-13 00:32:03         RAR    EMV Writer.rar
2015-11-30 2015-11-30 10:38:23         JAR    /1/c/5/c5d9a9c34674d1feb37efb72601881e21542b63f101a25e1d89f213f2841b479.file
2016-11-08 2016-11-08 14:10:53         ZIP    ChipSoft.zip
2016-05-22 2016-05-22 04:55:27         RAR    FLAMIGO.rar
2016-02-20 2016-02-20 12:21:49         RAR    /1/0/d/0d68113a970e92ba7ceb1afc66c852fc3e3e2c1098643d51466f638c2776a494.file
2016-02-10 2016-02-10 15:45:17         RAR    EMV_Stuff_EMV2016.rar
2015-08-27 2015-08-27 20:57:09         ZIP    R.B. 6.0.zip
2015-06-06 2015-06-06 17:29:46         RAR    Codex.rar
2019-12-12 2019-12-12 01:46:33         ZIP    emv.zip
2015-09-28 2015-09-28 20:31:26         RAR    R.B6.0.rar
2016-05-17 2016-05-17 19:42:33         RAR    Debito X.rar
2015-10-10 2015-10-10 19:07:09         RAR    CODE BB betooooo.rar
2017-03-01 2017-03-01 11:02:06         RAR    R.B. 6.0.rar
2015-11-28 2015-11-28 04:23:45         RAR    ChipSET.rar
2016-02-02 2016-02-02 17:52:35         RAR    EMV CHIP.rar
2016-03-14 2016-03-14 07:33:18         ZIP    CARDING_EMV.zip
2014-11-21 2014-11-21 21:20:34         ZIP    EMV.zip
2015-12-03 2015-12-03 10:25:04         ZIP    chipset2.0.zip
2016-05-09 2016-05-09 19:42:42         RAR    GPShell.rar
2015-07-22 2015-07-22 22:08:58         ZIP    R.B 4.0.zip
2015-03-03 2015-03-03 15:41:07         RAR    GPShell.rar
2020-06-10 2020-06-10 01:43:58         7ZIP    B.R. Smart Card Writer.7z
2016-03-11 2016-03-11 23:41:44         RAR    R B-5.rar
2016-01-31 2016-01-31 05:00:59         RAR    CODEX bY CODEX BRANCO.rar
2016-05-26 2016-05-26 18:39:29         RAR    ChipSET.rar
2016-07-11 2016-07-11 06:43:24         RAR    FLAMIGO.rar
2016-03-14 2016-03-14 02:14:39         RAR    Conversor EMV chip tools.rar
2017-02-24 2017-02-24 03:41:20         ZIP    EMV_encode.zip
2017-07-14 2017-07-14 19:17:34         ZIP    RBXI.zip
2020-09-22 2020-09-22 06:39:06         Win32 EXE    EMV ReaderWriter v8.6.exe
2017-03-12 2017-03-12 13:27:49         RAR    GPShellCHANGER.rar
2020-06-09 2020-06-09 03:35:34         Win32 EXE    RB 4.0 3.exe
2017-03-14 2017-03-14 17:02:50         RAR    codex gp shell e mais cabeças.rar
2020-09-24 2020-09-24 16:15:18         Win32 EXE    braemvxox.exe
2017-05-05 2017-05-05 16:42:45         RAR    Dr.Heisenberg? ?? RB4??.rar
2019-07-22 2019-07-22 21:36:30         Win32 EXE    EMV ReaderWriter v8.6.exe
2017-05-16 2017-05-16 00:47:06         RAR    EMVToolslite.rar
2017-05-21 2017-05-21 14:10:59         ZIP    EMV Software.zip
2017-05-21 2017-05-21 18:10:09         ZIP    RB 4.0.zip
2017-05-21 2017-05-21 18:14:21         ZIP    CHIPSET V 3.7.zip
2017-06-27 2017-06-27 19:55:59         RAR    CHIPSET V 3.7.rar
2017-07-14 2017-07-14 15:34:02         ZIP    X2 5.1 FULL VERSION - Whatsmy1name.zip
2017-07-15 2017-07-15 05:28:21         ZIP    CODEXULTIMO.zip
2017-11-08 2017-11-08 22:46:44         RAR    PACK CARDER PRO-By TalesHacking.rar
2020-11-25 2020-11-25 02:28:30         Win32 EXE    433dfe593fad09f50e88d22b039f8f80.virobj
2018-09-06 2018-09-06 22:52:07         Win32 EXE    8d62e6bef8820d5f36233f33f6dbcfd0.virobj
2017-11-25 2017-11-25 20:20:29         ZIP    X2 certified software.zip
2018-02-27 2018-02-27 06:03:47         ZIP    emvMX.zip
2017-09-29 2017-09-29 15:50:34         RAR    EMV 10.0.rar
2017-10-09 2017-10-09 04:39:42         RAR    CODEX BB.rar
2017-11-10 2017-11-10 00:41:46         Win32 EXE    Y:\_Pro\EMV_enc.exe
2017-10-17 2017-10-17 19:30:07         RAR    /1/e/0/e0f895f7741f20233aafb03669b5a0e686f5b42a86b1d9074d51b681d59cdaef.file
2017-12-30 2017-12-30 10:28:11         ZIP    EMVTRACK2CHIP SOFTWARES LATEST (2).zip
2017-12-30 2017-12-30 18:00:25         ZIP    Attachments-chipset.zip
2018-01-07 2018-01-07 14:52:55         ZIP    Attachments-chipset.zip
2018-01-08 2018-01-08 18:17:39         ZIP    emvMX.zip
2018-01-18 2018-01-18 17:11:13         RAR    GpShell.rar
2020-05-28 2020-05-28 22:37:01         ZIP    Emv Beta.zip
2016-06-25 2016-06-25 22:59:57         RAR    Chipset.rar
2016-06-26 2016-06-26 13:28:35         RAR    RB4.rar
2017-01-12 2017-01-12 02:03:05         RAR    EMV Writer.rar
2016-07-13 2016-07-13 20:29:35         RAR    ICCARD FOR MCR200 10 (1).rar


Randomly:
EMVTRACK2CHIP SOFTWARES LATEST (2).zip - da0e6e265b2f2065e496adbb0102a1ba070346d8cc9a2a2bfbb0559cc8cd6290

Contains a soft pack:
codex-by-codex:

basico.exe - 4315dc7f035defc18fb2ba12d47a8073fcfa4da7669b8d51fe6582c645edcbf5
BUTZ4Wj.png

Completo.exe - 83a640b8433fa5cbfec841e60e3c73ec65446d63a8f00c00143aa3dc1632b786
nty8Afr.png

Debito Caixa.exe - ca949bfcc6a0113e4a5578c9db07f9f144eb42e257ae146879292b3577d14f5b
RRQTzyo.png


Edited version of 'jcophiro':

Credit.exe - c23411deeec790e2dba37f4c49c7ecac3c867b7012431c9281ed748519eda65c
ljoogI3.png
exfiltrate also datas🙂

jcopenglish.exe - 1ecfd3755eba578108363c0705c6ec205972080739ed0fbd17439f8139ba7e08
8rn5el7.png
exfiltrate also datas 🙂

SmartCard GoldMetal:
new.exe - 8788ad1a19a4392017a91ed591ed516309234f3dfed4a869a17bd41604f79d7e
YK4vYVc.png

3D files of skimmers (lmao, what's up with that in the archive) 
dieb-frame.stp - 7557b8b24cc02c79f27bf9ba3a0b2b2638033a1e0d6e3891c427cff2d64190f5
new-ncr-flat.stp - e754a6987cb46640cddbce51cd3c757c934632ee5460f5b6bd92ca3e9bf34d68
new-ncr-flat-mouth.stp - fadccaf6f6306d671043702211a015f881a046c74b862c7857795514c2ac5ae7
N SelfServ-PAD.STEP - fc0333a3486f6863c5992b1116afb72a386171c2e0db10016a6316d7398e91aa
Zbqzy81.png


X1
x1.exe - 9df64f5124893961a78282f7e19573406ba19011f6baadac93ec59c93bfda72f
srvajFJ.png

Toronto (A renamed version of x1, protected by password)
here you will have also one jumpy boy to patch.
TorontoCard.exe - e3db277da551621b102ac5ee545e772aa25799fa941c1e06bbc69fe4142af7cf 0/56!
aUKLJUn.png
HRzGyQA.png

One last random archive for fun:
chipset_v3.rar - 4d116757da91009466c5b0f60827d6d2b3fb00e480ebcc01bdd5fb49d3eb8ec2:
Emv ChipSet.exe - cac8aca4f7d2ff399a73531f179691b6a2e2a1b93e957d0a16f75c4818312880
ffgTiX5.png

Voila, u da carder now.

What if we go on youtube, and looks in comments inside emv software videos?:
uDAjTXu.png
lol, seem legit.


Conclusion on this afternoon wasted looking for useless stuff:
Lots of lamers, and for some reason there are quite a few Castilians.
Carders like to do reshacking to rebrand smart-card reading/writing software
Most of emv softs are only used for calculations, many are ultimately only wrappers for GPShell.exe.

Xyl2k

Xyl2k

Someone on telegram intrigued me by telling me about software to read credit card chips, so here are some files that I got from the net.

The first software in question, on which I came across: "EMVStudio" belonging to emvstudio.com
If I look for the files on VT, it communicates with auth.emvstudio.com, I come across these 3 archives:

EMVStudio.rar - 1ba1fac55003d2c966f0071b2c126169254b35a38b4e2b913557c4fb0faadfdb
Contains  8d6dacff8a098b8d02202e8c6a4a65bbe20b332ba58d6165cca6f958187864c4
also a file named 'gp' who seem a config file.

emvstudio_v1.1.1.rar - 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
Contains  emvstudio_v1.1.2.exe - ce9187aa45f3f33e6f87a4dfcfa67308251970ca3d4e187bf9bb675c16942384
Contains also emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33
and card templates for the software.

emvstudio_v1.1.1 (2).rar - eb3e80bdc5d1120123530039c1ffa18bd3453813d78d1b8baf804d3efed1e7d7
Contains emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33


emvstudio_v1.1.3.exe - 7a0a07959f3629cafbcb8827715f931e533ba7894e8a3bc42df95fcfcc0bd584
EMVStudio version 1.1.3, infected with W32/Neshta-A.
nB5hPuY.png


ShadeStudio.exe - 40ac2358207f582ee3051748f1b13811cbe9f9d23e78a4052eda847fafbb2f3b
ShadeStudio version 1.0, infected with W32/Neshta-A.
Telegram: @ShadeStudio
Looks a lot like EMV Studio.
wsKwdPY.png

ARQC TOOL PLUS.exe - e13c0b718728fc30762eb68e59d92308e0e66efa06b70fae1ea1f65e32d4344a
ARQC TOOL PLUS, version 1.0, skin windowsXP style, infected with W32/Neshta-A.
telegram: BreezyDumps
mail: ceobreezy13@protonmail.com
Looks a lot like EMV Studio.
rOSxiyF.png

%TEMP%\ARQC TOOL PLUS.exe - 149df4a1412d557706d7c705beda6aa29180dd8a55644a35175c643b02cb9645
ARQC TOOL PLUS, version 1.0, skin windowsXP style, infected with W32/Neshta-A.
Telegram: BreezyDumps
Mail: ceobreezy13@protonmail.com
Looks a lot like EMV Studio.

emvstudio.exe - f8856c821ce0a221a2dffa3bde8f09110ec1c2e8f9c8c75f54b179be462af15e
Bundled file with malware 

ARQC TOOL PLUS..exe - 707570e7469b728ac3f48cd2055bfff92accb36b53a999efe69338dce9fa228b
Bundled file with malware 

emvstudio_v1.1.3cr.exe - 83262e3fbea3a3c373c706ff71864066d52acaf63affafc12b7da6d74b95e302
EMVStudio version 1.1.3, seem a cracked version, infected also with W32/Neshta-A, drop fd43aef88e169c718a93920b35b4d62131372b66793f05ea756fce7645812435

emvstudio_unpacked.fixed1(2).exe - 52c89dbef55bd526def42ab9dbb04a2a02dac17cd4b4c0af7177ac61dd8f4297
EMVStudio version 1.1.3, seem a cracked version, infected also with W32/Neshta-A.

emvstudio_v1.1.3-cleaned1.exe - 050847f886f9df20c5d99a1cd2edffa478fedacaa433f7b17139fe66ab7b810a
EMVStudio version 1.1.3, seem a cracked version, infected also with W32/Neshta-A.

---
EXE contained in the above archives:

%HOME%\unpack\EMVStudio\EMVStudio.exe - 8d6dacff8a098b8d02202e8c6a4a65bbe20b332ba58d6165cca6f958187864c4
Can be found inside: (EMVStudio.rar - 1ba1fac55003d2c966f0071b2c126169254b35a38b4e2b913557c4fb0faadfdb)
EMVStudio Trial v1.0
FxstAhB.png

%HOME%\unpack\emvstudio_v1.1.1\emvstudio_v1.1.1\emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33
Can be found inside: emvstudio_v1.1.1.rar - 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
And also inside: emvstudio_v1.1.1 (2).rar - eb3e80bdc5d1120123530039c1ffa18bd3453813d78d1b8baf804d3efed1e7d7
EMVStudio v1.1.1
mN1U8lC.png

emvstudio_v1.1.2.exe - ce9187aa45f3f33e6f87a4dfcfa67308251970ca3d4e187bf9bb675c16942384
Can be found inside: 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
EMVStudio v1.1.2
XItTlDi.png

After some more research:

Software matrix
matrix.exe - 87678c6dcf0065ffc487a284b9f79bd8c0815c5c621fc92f83df24393bfcc660
Don't ask me how it works.
K19AkNG.png

B.R Smart Card writer v9 Contained in RB4.rar - d290537982669a994598da5dc62b9242571c14d5b6a1f76c46a0e9110d5ac867
Contains a lot of stuff, older versions too.
As well as an X.exe (aea36d94e8a8deb91b0dbf84554e57b59d112c86a9261ac79d5cae9e9cb96bf8) protected by a password interface, which connects to dropbox to verify the pass (hxxps://dl.dropboxusercontent.com/uPASS.36t2211/) This file no longer exists, the only way is to patch the exe to open it.
vNeUAdi.png
8BDbKlY.png

Jcophiro (c0d11ed2eed0fef8d2f53920a1e12f667e03eafdb2d2941473d120e9e6f0e657)
75g4ilW.png
Funny thing on this one, it exfiltrate the infos to a server when you click 'gravar':
a6HKtho.png

X2
Found on a pack 'EMV.rar' ecad77d5394cb14611d8f643e29aa9744a02072b3fd2c9099af08947bc8a5b6e
Contains sub-archives with many files, *infected*

X2.exe - 66bb78f1d9a332522be0a1270b4ef4bb2bd6bba40609630ce63d1d603d19bfe7
Bundled with malware
xz2WuyG.png

X2G.exe - b5547482856a4ea39e4fb8274b2feef6c368f57d11dda77be32c6e4f8eb6d867
X2 Gold, Bundled with malware
pPvMwae.png

B.R Smart Card writer v9, Jcophiro, matrix, et X2, appears to be just GUIs for GPShell.exe (a communication software for smart card readers) 
-> https://github.com/sigma/globalplatform/tree/master/gpshell
GlobalPlatform is a standard for the management of the contents on a smart card.

GPShell.exe (33kb) - ba5e9041668257393ae28413f5099db5d12d7f48c239e8d19e9beda2036b31be

So.. what if we look directly for GPShell.exe?
We come across many archives (100+) we should expect to get X2 and cie. 

Quote

Scanned    Detections    Type    Name
2015-03-03 2015-03-03 20:38:15         RAR    gpshell.rar
2014-12-13 2014-12-13 21:06:03         ZIP    RB 4.0.zip
2015-07-25 2015-07-25 07:11:17         RAR    chip RB 5.rar
2016-07-07 2016-07-07 07:52:12         RAR    recurso.rar
2015-07-29 2015-07-29 19:46:49         ZIP    rb5 - Copy.zip
2015-10-10 2015-10-10 10:42:11         ZIP    Pen Rapaz1.zip
2015-07-03 2015-07-03 01:31:33         RAR    GPShell.rar
2018-11-18 2018-11-18 15:55:27         ZIP    chipset-full.zip
2015-07-03 2015-07-03 01:30:07         RAR    chip to EMV (7).rar
2020-06-06 2020-06-06 08:41:23         RAR    RB.rar
2016-01-06 2016-01-06 22:24:20         RAR    cchipset2.0.rar
2016-03-08 2016-03-08 02:25:48         RAR    chipset_v3.rar
2015-12-11 2015-12-11 16:40:01         ZIP    Conversor EMV chip tools.zip
2017-11-25 2017-11-25 20:32:51         RAR    Chipso.rar
2015-07-11 2015-07-11 17:59:47         RAR    AMEX.rar
2019-03-08 2019-03-08 11:33:51         ZIP    GPShell-1.4.4.zip
2015-07-20 2015-07-20 07:58:36         RAR    last.rar
2014-11-05 2014-11-05 23:26:39         RAR    BURN.rar
2015-11-22 2015-11-22 12:07:56         ZIP    Conversor EMV chip tools.zip
2015-11-03 2015-11-03 14:49:52         ZIP    Nova pasta (4).zip
2016-05-25 2016-05-25 11:00:36         ZIP    c-set.zip
2018-03-31 2018-03-31 07:54:13         RAR    c:\recurso.rar
2015-07-25 2015-07-25 18:43:56         ZIP    rb5.0.zip
2016-05-26 2016-05-26 18:33:54         ZIP    Chipset V2 Cracked.zip
2015-03-10 2015-03-10 02:47:29         RAR    CHANGER.rar
2017-04-23 2017-04-23 09:34:35         Win32 EXE    GPShell.exe
2015-01-27 2015-01-27 15:46:20         RAR    Gravador Caixa.rar
2017-03-02 2017-03-02 23:40:54         RAR    Pack - Especial de 2K Tazaah.rar
2015-08-26 2015-08-26 01:21:29         7ZIP    C:\Users\hp\Downloads\Files MSR2006.7z
2016-02-27 2016-02-27 16:24:07         ZIP    softuri.zip
2016-03-21 2016-03-21 01:22:55         ZIP    script debit (2).zip
2016-07-11 2016-07-11 17:10:36         RAR    Chip.rar
2014-12-12 2014-12-12 19:07:15         ZIP    Bradesco_Express_1.0.zip
2015-09-19 2015-09-19 18:31:21         ZIP    chp.zip
2015-07-22 2015-07-22 15:02:12         ZIP    engine.zip
2015-03-03 2015-03-03 15:40:09         ZIP    CODEX_bY_CODEX.zip
2015-08-03 2015-08-03 05:03:28         RAR    Debito-Cx.rar
2015-12-03 2015-12-03 08:04:11         ZIP    Track2ChipARQC.zip
2016-02-13 2016-02-13 00:32:03         RAR    EMV Writer.rar
2015-11-30 2015-11-30 10:38:23         JAR    /1/c/5/c5d9a9c34674d1feb37efb72601881e21542b63f101a25e1d89f213f2841b479.file
2016-11-08 2016-11-08 14:10:53         ZIP    ChipSoft.zip
2016-05-22 2016-05-22 04:55:27         RAR    FLAMIGO.rar
2016-02-20 2016-02-20 12:21:49         RAR    /1/0/d/0d68113a970e92ba7ceb1afc66c852fc3e3e2c1098643d51466f638c2776a494.file
2016-02-10 2016-02-10 15:45:17         RAR    EMV_Stuff_EMV2016.rar
2015-08-27 2015-08-27 20:57:09         ZIP    R.B. 6.0.zip
2015-06-06 2015-06-06 17:29:46         RAR    Codex.rar
2019-12-12 2019-12-12 01:46:33         ZIP    emv.zip
2015-09-28 2015-09-28 20:31:26         RAR    R.B6.0.rar
2016-05-17 2016-05-17 19:42:33         RAR    Debito X.rar
2015-10-10 2015-10-10 19:07:09         RAR    CODE BB betooooo.rar
2017-03-01 2017-03-01 11:02:06         RAR    R.B. 6.0.rar
2015-11-28 2015-11-28 04:23:45         RAR    ChipSET.rar
2016-02-02 2016-02-02 17:52:35         RAR    EMV CHIP.rar
2016-03-14 2016-03-14 07:33:18         ZIP    CARDING_EMV.zip
2014-11-21 2014-11-21 21:20:34         ZIP    EMV.zip
2015-12-03 2015-12-03 10:25:04         ZIP    chipset2.0.zip
2016-05-09 2016-05-09 19:42:42         RAR    GPShell.rar
2015-07-22 2015-07-22 22:08:58         ZIP    R.B 4.0.zip
2015-03-03 2015-03-03 15:41:07         RAR    GPShell.rar
2020-06-10 2020-06-10 01:43:58         7ZIP    B.R. Smart Card Writer.7z
2016-03-11 2016-03-11 23:41:44         RAR    R B-5.rar
2016-01-31 2016-01-31 05:00:59         RAR    CODEX bY CODEX BRANCO.rar
2016-05-26 2016-05-26 18:39:29         RAR    ChipSET.rar
2016-07-11 2016-07-11 06:43:24         RAR    FLAMIGO.rar
2016-03-14 2016-03-14 02:14:39         RAR    Conversor EMV chip tools.rar
2017-02-24 2017-02-24 03:41:20         ZIP    EMV_encode.zip
2017-07-14 2017-07-14 19:17:34         ZIP    RBXI.zip
2020-09-22 2020-09-22 06:39:06         Win32 EXE    EMV ReaderWriter v8.6.exe
2017-03-12 2017-03-12 13:27:49         RAR    GPShellCHANGER.rar
2020-06-09 2020-06-09 03:35:34         Win32 EXE    RB 4.0 3.exe
2017-03-14 2017-03-14 17:02:50         RAR    codex gp shell e mais cabeças.rar
2020-09-24 2020-09-24 16:15:18         Win32 EXE    braemvxox.exe
2017-05-05 2017-05-05 16:42:45         RAR    Dr.Heisenberg? ?? RB4??.rar
2019-07-22 2019-07-22 21:36:30         Win32 EXE    EMV ReaderWriter v8.6.exe
2017-05-16 2017-05-16 00:47:06         RAR    EMVToolslite.rar
2017-05-21 2017-05-21 14:10:59         ZIP    EMV Software.zip
2017-05-21 2017-05-21 18:10:09         ZIP    RB 4.0.zip
2017-05-21 2017-05-21 18:14:21         ZIP    CHIPSET V 3.7.zip
2017-06-27 2017-06-27 19:55:59         RAR    CHIPSET V 3.7.rar
2017-07-14 2017-07-14 15:34:02         ZIP    X2 5.1 FULL VERSION - Whatsmy1name.zip
2017-07-15 2017-07-15 05:28:21         ZIP    CODEXULTIMO.zip
2017-11-08 2017-11-08 22:46:44         RAR    PACK CARDER PRO-By TalesHacking.rar
2020-11-25 2020-11-25 02:28:30         Win32 EXE    433dfe593fad09f50e88d22b039f8f80.virobj
2018-09-06 2018-09-06 22:52:07         Win32 EXE    8d62e6bef8820d5f36233f33f6dbcfd0.virobj
2017-11-25 2017-11-25 20:20:29         ZIP    X2 certified software.zip
2018-02-27 2018-02-27 06:03:47         ZIP    emvMX.zip
2017-09-29 2017-09-29 15:50:34         RAR    EMV 10.0.rar
2017-10-09 2017-10-09 04:39:42         RAR    CODEX BB.rar
2017-11-10 2017-11-10 00:41:46         Win32 EXE    Y:\_Pro\EMV_enc.exe
2017-10-17 2017-10-17 19:30:07         RAR    /1/e/0/e0f895f7741f20233aafb03669b5a0e686f5b42a86b1d9074d51b681d59cdaef.file
2017-12-30 2017-12-30 10:28:11         ZIP    EMVTRACK2CHIP SOFTWARES LATEST (2).zip
2017-12-30 2017-12-30 18:00:25         ZIP    Attachments-chipset.zip
2018-01-07 2018-01-07 14:52:55         ZIP    Attachments-chipset.zip
2018-01-08 2018-01-08 18:17:39         ZIP    emvMX.zip
2018-01-18 2018-01-18 17:11:13         RAR    GpShell.rar
2020-05-28 2020-05-28 22:37:01         ZIP    Emv Beta.zip
2016-06-25 2016-06-25 22:59:57         RAR    Chipset.rar
2016-06-26 2016-06-26 13:28:35         RAR    RB4.rar
2017-01-12 2017-01-12 02:03:05         RAR    EMV Writer.rar
2016-07-13 2016-07-13 20:29:35         RAR    ICCARD FOR MCR200 10 (1).rar


Randomly:
EMVTRACK2CHIP SOFTWARES LATEST (2).zip - da0e6e265b2f2065e496adbb0102a1ba070346d8cc9a2a2bfbb0559cc8cd6290

Contains a soft pack:
codex-by-codex:

basico.exe - 4315dc7f035defc18fb2ba12d47a8073fcfa4da7669b8d51fe6582c645edcbf5
BUTZ4Wj.png

Completo.exe - 83a640b8433fa5cbfec841e60e3c73ec65446d63a8f00c00143aa3dc1632b786
nty8Afr.png

Debito Caixa.exe - ca949bfcc6a0113e4a5578c9db07f9f144eb42e257ae146879292b3577d14f5b
RRQTzyo.png


Edited version of 'jcophiro':

Credit.exe - c23411deeec790e2dba37f4c49c7ecac3c867b7012431c9281ed748519eda65c
ljoogI3.png
exfiltrate also datas🙂

jcopenglish.exe - 1ecfd3755eba578108363c0705c6ec205972080739ed0fbd17439f8139ba7e08
8rn5el7.png
exfiltrate also datas 🙂

SmartCard GoldMetal:
new.exe - 8788ad1a19a4392017a91ed591ed516309234f3dfed4a869a17bd41604f79d7e
YK4vYVc.png

3D files of skimmers (lmao, what's up with that in the archive) 
dieb-frame.stp - 7557b8b24cc02c79f27bf9ba3a0b2b2638033a1e0d6e3891c427cff2d64190f5
new-ncr-flat.stp - e754a6987cb46640cddbce51cd3c757c934632ee5460f5b6bd92ca3e9bf34d68
new-ncr-flat-mouth.stp - fadccaf6f6306d671043702211a015f881a046c74b862c7857795514c2ac5ae7
N SelfServ-PAD.STEP - fc0333a3486f6863c5992b1116afb72a386171c2e0db10016a6316d7398e91aa
Zbqzy81.png


X1
x1.exe - 9df64f5124893961a78282f7e19573406ba19011f6baadac93ec59c93bfda72f
srvajFJ.png

Toronto (A renamed version of x1, protected by password)
here you will have also one jumpy boy to patch.
TorontoCard.exe - e3db277da551621b102ac5ee545e772aa25799fa941c1e06bbc69fe4142af7cf 0/56!
aUKLJUn.png
HRzGyQA.png

One last random archive for fun:
chipset_v3.rar - 4d116757da91009466c5b0f60827d6d2b3fb00e480ebcc01bdd5fb49d3eb8ec2:
Emv ChipSet.exe - cac8aca4f7d2ff399a73531f179691b6a2e2a1b93e957d0a16f75c4818312880
ffgTiX5.png

Voila, u da carder now.

What if we go on youtube, and looks in comments inside emv software videos?:
uDAjTXu.png
lol, seem legit.


Conclusion on this afternoon wasted looking for useless stuff:
Lots of lamers, and for some reason there are quite a few Castilians.
Carders like to do reshacking to rebrand smart-card reading/writing software
Most of emv softs are only used for calculations, many are ultimately only wrappers for GPShell.exe.

Xyl2k

Xyl2k

Someone on telegram intrigued me by telling me about software to read credit card chips, so here are some files that I got from the net.

The first software in question, on which I came across: "EMVStudio" belonging to emvstudio.com
If I look for the files on VT, it communicates with auth.emvstudio.com, I come across these 3 archives:

EMVStudio.rar - 1ba1fac55003d2c966f0071b2c126169254b35a38b4e2b913557c4fb0faadfdb
Contains  8d6dacff8a098b8d02202e8c6a4a65bbe20b332ba58d6165cca6f958187864c4
also a file named 'gp' who seem a config file.

emvstudio_v1.1.1.rar - 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
Contains  emvstudio_v1.1.2.exe - ce9187aa45f3f33e6f87a4dfcfa67308251970ca3d4e187bf9bb675c16942384
Contains also emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33
and card templates for the software.

emvstudio_v1.1.1 (2).rar - eb3e80bdc5d1120123530039c1ffa18bd3453813d78d1b8baf804d3efed1e7d7
Contains emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33


emvstudio_v1.1.3.exe - 7a0a07959f3629cafbcb8827715f931e533ba7894e8a3bc42df95fcfcc0bd584
EMVStudio version 1.1.3
nB5hPuY.png


ShadeStudio.exe - 40ac2358207f582ee3051748f1b13811cbe9f9d23e78a4052eda847fafbb2f3b
ShadeStudio version 1.0
Telegram: @ShadeStudio
Looks a lot like EMV Studio.
wsKwdPY.png

ARQC TOOL PLUS.exe - e13c0b718728fc30762eb68e59d92308e0e66efa06b70fae1ea1f65e32d4344a
ARQC TOOL PLUS, version 1.0, skin windowsXP style
telegram: BreezyDumps
mail: ceobreezy13@protonmail.com
Looks a lot like EMV Studio.
rOSxiyF.png

%TEMP%\ARQC TOOL PLUS.exe - 149df4a1412d557706d7c705beda6aa29180dd8a55644a35175c643b02cb9645
ARQC TOOL PLUS, version 1.0, skin windowsXP style
Telegram: BreezyDumps
Mail: ceobreezy13@protonmail.com
Looks a lot like EMV Studio.

emvstudio.exe - f8856c821ce0a221a2dffa3bde8f09110ec1c2e8f9c8c75f54b179be462af15e
Bundled file with malware 

ARQC TOOL PLUS..exe - 707570e7469b728ac3f48cd2055bfff92accb36b53a999efe69338dce9fa228b
Bundled file with malware 

emvstudio_v1.1.3cr.exe - 83262e3fbea3a3c373c706ff71864066d52acaf63affafc12b7da6d74b95e302
EMVStudio version 1.1.3, seem a cracked version, infected also with W32/Neshta-A, drop fd43aef88e169c718a93920b35b4d62131372b66793f05ea756fce7645812435

emvstudio_unpacked.fixed1(2).exe - 52c89dbef55bd526def42ab9dbb04a2a02dac17cd4b4c0af7177ac61dd8f4297
EMVStudio version 1.1.3, seem a cracked version, infected also with W32/Neshta-A.

emvstudio_v1.1.3-cleaned1.exe - 050847f886f9df20c5d99a1cd2edffa478fedacaa433f7b17139fe66ab7b810a
EMVStudio version 1.1.3, seem a cracked version, infected also with W32/Neshta-A.

---
EXE contained in the above archives:

%HOME%\unpack\EMVStudio\EMVStudio.exe - 8d6dacff8a098b8d02202e8c6a4a65bbe20b332ba58d6165cca6f958187864c4
Can be found inside: (EMVStudio.rar - 1ba1fac55003d2c966f0071b2c126169254b35a38b4e2b913557c4fb0faadfdb)
EMVStudio Trial v1.0
FxstAhB.png

%HOME%\unpack\emvstudio_v1.1.1\emvstudio_v1.1.1\emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33
Can be found inside: emvstudio_v1.1.1.rar - 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
And also inside: emvstudio_v1.1.1 (2).rar - eb3e80bdc5d1120123530039c1ffa18bd3453813d78d1b8baf804d3efed1e7d7
EMVStudio v1.1.1
mN1U8lC.png

emvstudio_v1.1.2.exe - ce9187aa45f3f33e6f87a4dfcfa67308251970ca3d4e187bf9bb675c16942384
Can be found inside: 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
EMVStudio v1.1.2
XItTlDi.png

After some more research:

Software matrix
matrix.exe - 87678c6dcf0065ffc487a284b9f79bd8c0815c5c621fc92f83df24393bfcc660
Don't ask me how it works.
K19AkNG.png

B.R Smart Card writer v9 Contained in RB4.rar - d290537982669a994598da5dc62b9242571c14d5b6a1f76c46a0e9110d5ac867
Contains a lot of stuff, older versions too.
As well as an X.exe (aea36d94e8a8deb91b0dbf84554e57b59d112c86a9261ac79d5cae9e9cb96bf8) protected by a password interface, which connects to dropbox to verify the pass (hxxps://dl.dropboxusercontent.com/uPASS.36t2211/) This file no longer exists, the only way is to patch the exe to open it.
vNeUAdi.png
8BDbKlY.png

Jcophiro (c0d11ed2eed0fef8d2f53920a1e12f667e03eafdb2d2941473d120e9e6f0e657)
75g4ilW.png
Funny thing on this one, it exfiltrate the infos to a server when you click 'gravar':
a6HKtho.png

X2
Found on a pack 'EMV.rar' ecad77d5394cb14611d8f643e29aa9744a02072b3fd2c9099af08947bc8a5b6e
Contains sub-archives with many files, *infected*

X2.exe - 66bb78f1d9a332522be0a1270b4ef4bb2bd6bba40609630ce63d1d603d19bfe7
Bundled with malware
xz2WuyG.png

X2G.exe - b5547482856a4ea39e4fb8274b2feef6c368f57d11dda77be32c6e4f8eb6d867
X2 Gold, Bundled with malware
pPvMwae.png

B.R Smart Card writer v9, Jcophiro, matrix, et X2, appears to be just GUIs for GPShell.exe (a communication software for smart card readers) 
-> https://github.com/sigma/globalplatform/tree/master/gpshell
GlobalPlatform is a standard for the management of the contents on a smart card.

GPShell.exe (33kb) - ba5e9041668257393ae28413f5099db5d12d7f48c239e8d19e9beda2036b31be

So.. what if we look directly for GPShell.exe?
We come across many archives (100+) we should expect to get X2 and cie. 

Quote

Scanned    Detections    Type    Name
2015-03-03 2015-03-03 20:38:15         RAR    gpshell.rar
2014-12-13 2014-12-13 21:06:03         ZIP    RB 4.0.zip
2015-07-25 2015-07-25 07:11:17         RAR    chip RB 5.rar
2016-07-07 2016-07-07 07:52:12         RAR    recurso.rar
2015-07-29 2015-07-29 19:46:49         ZIP    rb5 - Copy.zip
2015-10-10 2015-10-10 10:42:11         ZIP    Pen Rapaz1.zip
2015-07-03 2015-07-03 01:31:33         RAR    GPShell.rar
2018-11-18 2018-11-18 15:55:27         ZIP    chipset-full.zip
2015-07-03 2015-07-03 01:30:07         RAR    chip to EMV (7).rar
2020-06-06 2020-06-06 08:41:23         RAR    RB.rar
2016-01-06 2016-01-06 22:24:20         RAR    cchipset2.0.rar
2016-03-08 2016-03-08 02:25:48         RAR    chipset_v3.rar
2015-12-11 2015-12-11 16:40:01         ZIP    Conversor EMV chip tools.zip
2017-11-25 2017-11-25 20:32:51         RAR    Chipso.rar
2015-07-11 2015-07-11 17:59:47         RAR    AMEX.rar
2019-03-08 2019-03-08 11:33:51         ZIP    GPShell-1.4.4.zip
2015-07-20 2015-07-20 07:58:36         RAR    last.rar
2014-11-05 2014-11-05 23:26:39         RAR    BURN.rar
2015-11-22 2015-11-22 12:07:56         ZIP    Conversor EMV chip tools.zip
2015-11-03 2015-11-03 14:49:52         ZIP    Nova pasta (4).zip
2016-05-25 2016-05-25 11:00:36         ZIP    c-set.zip
2018-03-31 2018-03-31 07:54:13         RAR    c:\recurso.rar
2015-07-25 2015-07-25 18:43:56         ZIP    rb5.0.zip
2016-05-26 2016-05-26 18:33:54         ZIP    Chipset V2 Cracked.zip
2015-03-10 2015-03-10 02:47:29         RAR    CHANGER.rar
2017-04-23 2017-04-23 09:34:35         Win32 EXE    GPShell.exe
2015-01-27 2015-01-27 15:46:20         RAR    Gravador Caixa.rar
2017-03-02 2017-03-02 23:40:54         RAR    Pack - Especial de 2K Tazaah.rar
2015-08-26 2015-08-26 01:21:29         7ZIP    C:\Users\hp\Downloads\Files MSR2006.7z
2016-02-27 2016-02-27 16:24:07         ZIP    softuri.zip
2016-03-21 2016-03-21 01:22:55         ZIP    script debit (2).zip
2016-07-11 2016-07-11 17:10:36         RAR    Chip.rar
2014-12-12 2014-12-12 19:07:15         ZIP    Bradesco_Express_1.0.zip
2015-09-19 2015-09-19 18:31:21         ZIP    chp.zip
2015-07-22 2015-07-22 15:02:12         ZIP    engine.zip
2015-03-03 2015-03-03 15:40:09         ZIP    CODEX_bY_CODEX.zip
2015-08-03 2015-08-03 05:03:28         RAR    Debito-Cx.rar
2015-12-03 2015-12-03 08:04:11         ZIP    Track2ChipARQC.zip
2016-02-13 2016-02-13 00:32:03         RAR    EMV Writer.rar
2015-11-30 2015-11-30 10:38:23         JAR    /1/c/5/c5d9a9c34674d1feb37efb72601881e21542b63f101a25e1d89f213f2841b479.file
2016-11-08 2016-11-08 14:10:53         ZIP    ChipSoft.zip
2016-05-22 2016-05-22 04:55:27         RAR    FLAMIGO.rar
2016-02-20 2016-02-20 12:21:49         RAR    /1/0/d/0d68113a970e92ba7ceb1afc66c852fc3e3e2c1098643d51466f638c2776a494.file
2016-02-10 2016-02-10 15:45:17         RAR    EMV_Stuff_EMV2016.rar
2015-08-27 2015-08-27 20:57:09         ZIP    R.B. 6.0.zip
2015-06-06 2015-06-06 17:29:46         RAR    Codex.rar
2019-12-12 2019-12-12 01:46:33         ZIP    emv.zip
2015-09-28 2015-09-28 20:31:26         RAR    R.B6.0.rar
2016-05-17 2016-05-17 19:42:33         RAR    Debito X.rar
2015-10-10 2015-10-10 19:07:09         RAR    CODE BB betooooo.rar
2017-03-01 2017-03-01 11:02:06         RAR    R.B. 6.0.rar
2015-11-28 2015-11-28 04:23:45         RAR    ChipSET.rar
2016-02-02 2016-02-02 17:52:35         RAR    EMV CHIP.rar
2016-03-14 2016-03-14 07:33:18         ZIP    CARDING_EMV.zip
2014-11-21 2014-11-21 21:20:34         ZIP    EMV.zip
2015-12-03 2015-12-03 10:25:04         ZIP    chipset2.0.zip
2016-05-09 2016-05-09 19:42:42         RAR    GPShell.rar
2015-07-22 2015-07-22 22:08:58         ZIP    R.B 4.0.zip
2015-03-03 2015-03-03 15:41:07         RAR    GPShell.rar
2020-06-10 2020-06-10 01:43:58         7ZIP    B.R. Smart Card Writer.7z
2016-03-11 2016-03-11 23:41:44         RAR    R B-5.rar
2016-01-31 2016-01-31 05:00:59         RAR    CODEX bY CODEX BRANCO.rar
2016-05-26 2016-05-26 18:39:29         RAR    ChipSET.rar
2016-07-11 2016-07-11 06:43:24         RAR    FLAMIGO.rar
2016-03-14 2016-03-14 02:14:39         RAR    Conversor EMV chip tools.rar
2017-02-24 2017-02-24 03:41:20         ZIP    EMV_encode.zip
2017-07-14 2017-07-14 19:17:34         ZIP    RBXI.zip
2020-09-22 2020-09-22 06:39:06         Win32 EXE    EMV ReaderWriter v8.6.exe
2017-03-12 2017-03-12 13:27:49         RAR    GPShellCHANGER.rar
2020-06-09 2020-06-09 03:35:34         Win32 EXE    RB 4.0 3.exe
2017-03-14 2017-03-14 17:02:50         RAR    codex gp shell e mais cabeças.rar
2020-09-24 2020-09-24 16:15:18         Win32 EXE    braemvxox.exe
2017-05-05 2017-05-05 16:42:45         RAR    Dr.Heisenberg? ?? RB4??.rar
2019-07-22 2019-07-22 21:36:30         Win32 EXE    EMV ReaderWriter v8.6.exe
2017-05-16 2017-05-16 00:47:06         RAR    EMVToolslite.rar
2017-05-21 2017-05-21 14:10:59         ZIP    EMV Software.zip
2017-05-21 2017-05-21 18:10:09         ZIP    RB 4.0.zip
2017-05-21 2017-05-21 18:14:21         ZIP    CHIPSET V 3.7.zip
2017-06-27 2017-06-27 19:55:59         RAR    CHIPSET V 3.7.rar
2017-07-14 2017-07-14 15:34:02         ZIP    X2 5.1 FULL VERSION - Whatsmy1name.zip
2017-07-15 2017-07-15 05:28:21         ZIP    CODEXULTIMO.zip
2017-11-08 2017-11-08 22:46:44         RAR    PACK CARDER PRO-By TalesHacking.rar
2020-11-25 2020-11-25 02:28:30         Win32 EXE    433dfe593fad09f50e88d22b039f8f80.virobj
2018-09-06 2018-09-06 22:52:07         Win32 EXE    8d62e6bef8820d5f36233f33f6dbcfd0.virobj
2017-11-25 2017-11-25 20:20:29         ZIP    X2 certified software.zip
2018-02-27 2018-02-27 06:03:47         ZIP    emvMX.zip
2017-09-29 2017-09-29 15:50:34         RAR    EMV 10.0.rar
2017-10-09 2017-10-09 04:39:42         RAR    CODEX BB.rar
2017-11-10 2017-11-10 00:41:46         Win32 EXE    Y:\_Pro\EMV_enc.exe
2017-10-17 2017-10-17 19:30:07         RAR    /1/e/0/e0f895f7741f20233aafb03669b5a0e686f5b42a86b1d9074d51b681d59cdaef.file
2017-12-30 2017-12-30 10:28:11         ZIP    EMVTRACK2CHIP SOFTWARES LATEST (2).zip
2017-12-30 2017-12-30 18:00:25         ZIP    Attachments-chipset.zip
2018-01-07 2018-01-07 14:52:55         ZIP    Attachments-chipset.zip
2018-01-08 2018-01-08 18:17:39         ZIP    emvMX.zip
2018-01-18 2018-01-18 17:11:13         RAR    GpShell.rar
2020-05-28 2020-05-28 22:37:01         ZIP    Emv Beta.zip
2016-06-25 2016-06-25 22:59:57         RAR    Chipset.rar
2016-06-26 2016-06-26 13:28:35         RAR    RB4.rar
2017-01-12 2017-01-12 02:03:05         RAR    EMV Writer.rar
2016-07-13 2016-07-13 20:29:35         RAR    ICCARD FOR MCR200 10 (1).rar


Randomly:
EMVTRACK2CHIP SOFTWARES LATEST (2).zip - da0e6e265b2f2065e496adbb0102a1ba070346d8cc9a2a2bfbb0559cc8cd6290

Contains a soft pack:
codex-by-codex:

basico.exe - 4315dc7f035defc18fb2ba12d47a8073fcfa4da7669b8d51fe6582c645edcbf5
BUTZ4Wj.png

Completo.exe - 83a640b8433fa5cbfec841e60e3c73ec65446d63a8f00c00143aa3dc1632b786
nty8Afr.png

Debito Caixa.exe - ca949bfcc6a0113e4a5578c9db07f9f144eb42e257ae146879292b3577d14f5b
RRQTzyo.png


Edited version of 'jcophiro':

Credit.exe - c23411deeec790e2dba37f4c49c7ecac3c867b7012431c9281ed748519eda65c
ljoogI3.png
exfiltrate also datas🙂

jcopenglish.exe - 1ecfd3755eba578108363c0705c6ec205972080739ed0fbd17439f8139ba7e08
8rn5el7.png
exfiltrate also datas 🙂

SmartCard GoldMetal:
new.exe - 8788ad1a19a4392017a91ed591ed516309234f3dfed4a869a17bd41604f79d7e
YK4vYVc.png

3D files of skimmers (lmao, what's up with that in the archive) 
dieb-frame.stp - 7557b8b24cc02c79f27bf9ba3a0b2b2638033a1e0d6e3891c427cff2d64190f5
new-ncr-flat.stp - e754a6987cb46640cddbce51cd3c757c934632ee5460f5b6bd92ca3e9bf34d68
new-ncr-flat-mouth.stp - fadccaf6f6306d671043702211a015f881a046c74b862c7857795514c2ac5ae7
N SelfServ-PAD.STEP - fc0333a3486f6863c5992b1116afb72a386171c2e0db10016a6316d7398e91aa
Zbqzy81.png


X1
x1.exe - 9df64f5124893961a78282f7e19573406ba19011f6baadac93ec59c93bfda72f
srvajFJ.png

Toronto (A renamed version of x1, protected by password)
here you will have also one jumpy boy to patch.
TorontoCard.exe - e3db277da551621b102ac5ee545e772aa25799fa941c1e06bbc69fe4142af7cf 0/56!
aUKLJUn.png
HRzGyQA.png

One last random archive for fun:
chipset_v3.rar - 4d116757da91009466c5b0f60827d6d2b3fb00e480ebcc01bdd5fb49d3eb8ec2:
Emv ChipSet.exe - cac8aca4f7d2ff399a73531f179691b6a2e2a1b93e957d0a16f75c4818312880
ffgTiX5.png

Voila, u da carder now.

What if we go on youtube, and looks in comments inside emv software videos?:
uDAjTXu.png
lol, seem legit.


Conclusion on this afternoon wasted looking for useless stuff:
Lots of lamers, and for some reason there are quite a few Castilians.
Carders like to do reshacking to rebrand smart-card reading/writing software
Most of emv softs are only used for calculations, many are ultimately only wrappers for GPShell.exe.

Xyl2k

Xyl2k

Someone on telegram intrigued me by telling me about software to read credit card chips, so here are some files that I got from the net.

The first software in question, on which I came across: "EMVStudio" belonging to emvstudio.com
If I look for the files on VT, it communicates with auth.emvstudio.com, I come across these 3 archives:

EMVStudio.rar - 1ba1fac55003d2c966f0071b2c126169254b35a38b4e2b913557c4fb0faadfdb
Contains  8d6dacff8a098b8d02202e8c6a4a65bbe20b332ba58d6165cca6f958187864c4
also a file named 'gp' who seem a config file.

emvstudio_v1.1.1.rar - 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
Contains  emvstudio_v1.1.2.exe - ce9187aa45f3f33e6f87a4dfcfa67308251970ca3d4e187bf9bb675c16942384
Contains also emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33
and card templates for the software.

emvstudio_v1.1.1 (2).rar - eb3e80bdc5d1120123530039c1ffa18bd3453813d78d1b8baf804d3efed1e7d7
Contains emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33


emvstudio_v1.1.3.exe - 7a0a07959f3629cafbcb8827715f931e533ba7894e8a3bc42df95fcfcc0bd584
EMVStudio version 1.1.3
nB5hPuY.png


ShadeStudio.exe - 40ac2358207f582ee3051748f1b13811cbe9f9d23e78a4052eda847fafbb2f3b
ShadeStudio version 1.0
Telegram: @ShadeStudio
Looks a lot like EMV Studio.
wsKwdPY.png

ARQC TOOL PLUS.exe - e13c0b718728fc30762eb68e59d92308e0e66efa06b70fae1ea1f65e32d4344a
ARQC TOOL PLUS, version 1.0, skin windowsXP style
telegram: BreezyDumps
mail: ceobreezy13@protonmail.com
Looks a lot like EMV Studio.
rOSxiyF.png

%TEMP%\ARQC TOOL PLUS.exe - 149df4a1412d557706d7c705beda6aa29180dd8a55644a35175c643b02cb9645
ARQC TOOL PLUS, version 1.0, skin windowsXP style
Telegram: BreezyDumps
Mail: ceobreezy13@protonmail.com
Looks a lot like EMV Studio.

emvstudio.exe - f8856c821ce0a221a2dffa3bde8f09110ec1c2e8f9c8c75f54b179be462af15e
Bundled file with malware 

ARQC TOOL PLUS..exe - 707570e7469b728ac3f48cd2055bfff92accb36b53a999efe69338dce9fa228b
Bundled file with malware 

emvstudio_v1.1.3cr.exe - 83262e3fbea3a3c373c706ff71864066d52acaf63affafc12b7da6d74b95e302
EMVStudio version 1.1.3, seem a cracked version

emvstudio_unpacked.fixed1(2).exe - 52c89dbef55bd526def42ab9dbb04a2a02dac17cd4b4c0af7177ac61dd8f4297
EMVStudio version 1.1.3, seem a cracked version

emvstudio_v1.1.3-cleaned1.exe - 050847f886f9df20c5d99a1cd2edffa478fedacaa433f7b17139fe66ab7b810a
EMVStudio version 1.1.3, seem a cracked version

---
EXE contained in the above archives:

%HOME%\unpack\EMVStudio\EMVStudio.exe - 8d6dacff8a098b8d02202e8c6a4a65bbe20b332ba58d6165cca6f958187864c4
Can be found inside: (EMVStudio.rar - 1ba1fac55003d2c966f0071b2c126169254b35a38b4e2b913557c4fb0faadfdb)
EMVStudio Trial v1.0
FxstAhB.png

%HOME%\unpack\emvstudio_v1.1.1\emvstudio_v1.1.1\emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33
Can be found inside: emvstudio_v1.1.1.rar - 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
And also inside: emvstudio_v1.1.1 (2).rar - eb3e80bdc5d1120123530039c1ffa18bd3453813d78d1b8baf804d3efed1e7d7
EMVStudio v1.1.1
mN1U8lC.png

emvstudio_v1.1.2.exe - ce9187aa45f3f33e6f87a4dfcfa67308251970ca3d4e187bf9bb675c16942384
Can be found inside: 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
EMVStudio v1.1.2
XItTlDi.png

After some more research:

Software matrix
matrix.exe - 87678c6dcf0065ffc487a284b9f79bd8c0815c5c621fc92f83df24393bfcc660
Don't ask me how it works.
K19AkNG.png

B.R Smart Card writer v9 Contained in RB4.rar - d290537982669a994598da5dc62b9242571c14d5b6a1f76c46a0e9110d5ac867
Contains a lot of stuff, older versions too.
As well as an X.exe (aea36d94e8a8deb91b0dbf84554e57b59d112c86a9261ac79d5cae9e9cb96bf8) protected by a password interface, which connects to dropbox to verify the pass (hxxps://dl.dropboxusercontent.com/uPASS.36t2211/) This file no longer exists, the only way is to patch the exe to open it.
vNeUAdi.png
8BDbKlY.png

Jcophiro (c0d11ed2eed0fef8d2f53920a1e12f667e03eafdb2d2941473d120e9e6f0e657)
75g4ilW.png
Funny thing on this one, it exfiltrate the infos to a server when you click 'gravar':
a6HKtho.png

X2
Found on a pack 'EMV.rar' ecad77d5394cb14611d8f643e29aa9744a02072b3fd2c9099af08947bc8a5b6e
Contains sub-archives with many files, *infected*

X2.exe - 66bb78f1d9a332522be0a1270b4ef4bb2bd6bba40609630ce63d1d603d19bfe7
Bundled with malware
xz2WuyG.png

X2G.exe - b5547482856a4ea39e4fb8274b2feef6c368f57d11dda77be32c6e4f8eb6d867
X2 Gold, Bundled with malware
pPvMwae.png

B.R Smart Card writer v9, Jcophiro, matrix, et X2, appears to be just GUIs for GPShell.exe (a communication software for smart card readers) 
-> https://github.com/sigma/globalplatform/tree/master/gpshell
GlobalPlatform is a standard for the management of the contents on a smart card.

GPShell.exe (33kb) - ba5e9041668257393ae28413f5099db5d12d7f48c239e8d19e9beda2036b31be

So.. what if we look directly for GPShell.exe?
We come across many archives (100+) we should expect to get X2 and cie. 

Quote

Scanned    Detections    Type    Name
2015-03-03 2015-03-03 20:38:15         RAR    gpshell.rar
2014-12-13 2014-12-13 21:06:03         ZIP    RB 4.0.zip
2015-07-25 2015-07-25 07:11:17         RAR    chip RB 5.rar
2016-07-07 2016-07-07 07:52:12         RAR    recurso.rar
2015-07-29 2015-07-29 19:46:49         ZIP    rb5 - Copy.zip
2015-10-10 2015-10-10 10:42:11         ZIP    Pen Rapaz1.zip
2015-07-03 2015-07-03 01:31:33         RAR    GPShell.rar
2018-11-18 2018-11-18 15:55:27         ZIP    chipset-full.zip
2015-07-03 2015-07-03 01:30:07         RAR    chip to EMV (7).rar
2020-06-06 2020-06-06 08:41:23         RAR    RB.rar
2016-01-06 2016-01-06 22:24:20         RAR    cchipset2.0.rar
2016-03-08 2016-03-08 02:25:48         RAR    chipset_v3.rar
2015-12-11 2015-12-11 16:40:01         ZIP    Conversor EMV chip tools.zip
2017-11-25 2017-11-25 20:32:51         RAR    Chipso.rar
2015-07-11 2015-07-11 17:59:47         RAR    AMEX.rar
2019-03-08 2019-03-08 11:33:51         ZIP    GPShell-1.4.4.zip
2015-07-20 2015-07-20 07:58:36         RAR    last.rar
2014-11-05 2014-11-05 23:26:39         RAR    BURN.rar
2015-11-22 2015-11-22 12:07:56         ZIP    Conversor EMV chip tools.zip
2015-11-03 2015-11-03 14:49:52         ZIP    Nova pasta (4).zip
2016-05-25 2016-05-25 11:00:36         ZIP    c-set.zip
2018-03-31 2018-03-31 07:54:13         RAR    c:\recurso.rar
2015-07-25 2015-07-25 18:43:56         ZIP    rb5.0.zip
2016-05-26 2016-05-26 18:33:54         ZIP    Chipset V2 Cracked.zip
2015-03-10 2015-03-10 02:47:29         RAR    CHANGER.rar
2017-04-23 2017-04-23 09:34:35         Win32 EXE    GPShell.exe
2015-01-27 2015-01-27 15:46:20         RAR    Gravador Caixa.rar
2017-03-02 2017-03-02 23:40:54         RAR    Pack - Especial de 2K Tazaah.rar
2015-08-26 2015-08-26 01:21:29         7ZIP    C:\Users\hp\Downloads\Files MSR2006.7z
2016-02-27 2016-02-27 16:24:07         ZIP    softuri.zip
2016-03-21 2016-03-21 01:22:55         ZIP    script debit (2).zip
2016-07-11 2016-07-11 17:10:36         RAR    Chip.rar
2014-12-12 2014-12-12 19:07:15         ZIP    Bradesco_Express_1.0.zip
2015-09-19 2015-09-19 18:31:21         ZIP    chp.zip
2015-07-22 2015-07-22 15:02:12         ZIP    engine.zip
2015-03-03 2015-03-03 15:40:09         ZIP    CODEX_bY_CODEX.zip
2015-08-03 2015-08-03 05:03:28         RAR    Debito-Cx.rar
2015-12-03 2015-12-03 08:04:11         ZIP    Track2ChipARQC.zip
2016-02-13 2016-02-13 00:32:03         RAR    EMV Writer.rar
2015-11-30 2015-11-30 10:38:23         JAR    /1/c/5/c5d9a9c34674d1feb37efb72601881e21542b63f101a25e1d89f213f2841b479.file
2016-11-08 2016-11-08 14:10:53         ZIP    ChipSoft.zip
2016-05-22 2016-05-22 04:55:27         RAR    FLAMIGO.rar
2016-02-20 2016-02-20 12:21:49         RAR    /1/0/d/0d68113a970e92ba7ceb1afc66c852fc3e3e2c1098643d51466f638c2776a494.file
2016-02-10 2016-02-10 15:45:17         RAR    EMV_Stuff_EMV2016.rar
2015-08-27 2015-08-27 20:57:09         ZIP    R.B. 6.0.zip
2015-06-06 2015-06-06 17:29:46         RAR    Codex.rar
2019-12-12 2019-12-12 01:46:33         ZIP    emv.zip
2015-09-28 2015-09-28 20:31:26         RAR    R.B6.0.rar
2016-05-17 2016-05-17 19:42:33         RAR    Debito X.rar
2015-10-10 2015-10-10 19:07:09         RAR    CODE BB betooooo.rar
2017-03-01 2017-03-01 11:02:06         RAR    R.B. 6.0.rar
2015-11-28 2015-11-28 04:23:45         RAR    ChipSET.rar
2016-02-02 2016-02-02 17:52:35         RAR    EMV CHIP.rar
2016-03-14 2016-03-14 07:33:18         ZIP    CARDING_EMV.zip
2014-11-21 2014-11-21 21:20:34         ZIP    EMV.zip
2015-12-03 2015-12-03 10:25:04         ZIP    chipset2.0.zip
2016-05-09 2016-05-09 19:42:42         RAR    GPShell.rar
2015-07-22 2015-07-22 22:08:58         ZIP    R.B 4.0.zip
2015-03-03 2015-03-03 15:41:07         RAR    GPShell.rar
2020-06-10 2020-06-10 01:43:58         7ZIP    B.R. Smart Card Writer.7z
2016-03-11 2016-03-11 23:41:44         RAR    R B-5.rar
2016-01-31 2016-01-31 05:00:59         RAR    CODEX bY CODEX BRANCO.rar
2016-05-26 2016-05-26 18:39:29         RAR    ChipSET.rar
2016-07-11 2016-07-11 06:43:24         RAR    FLAMIGO.rar
2016-03-14 2016-03-14 02:14:39         RAR    Conversor EMV chip tools.rar
2017-02-24 2017-02-24 03:41:20         ZIP    EMV_encode.zip
2017-07-14 2017-07-14 19:17:34         ZIP    RBXI.zip
2020-09-22 2020-09-22 06:39:06         Win32 EXE    EMV ReaderWriter v8.6.exe
2017-03-12 2017-03-12 13:27:49         RAR    GPShellCHANGER.rar
2020-06-09 2020-06-09 03:35:34         Win32 EXE    RB 4.0 3.exe
2017-03-14 2017-03-14 17:02:50         RAR    codex gp shell e mais cabeças.rar
2020-09-24 2020-09-24 16:15:18         Win32 EXE    braemvxox.exe
2017-05-05 2017-05-05 16:42:45         RAR    Dr.Heisenberg? ?? RB4??.rar
2019-07-22 2019-07-22 21:36:30         Win32 EXE    EMV ReaderWriter v8.6.exe
2017-05-16 2017-05-16 00:47:06         RAR    EMVToolslite.rar
2017-05-21 2017-05-21 14:10:59         ZIP    EMV Software.zip
2017-05-21 2017-05-21 18:10:09         ZIP    RB 4.0.zip
2017-05-21 2017-05-21 18:14:21         ZIP    CHIPSET V 3.7.zip
2017-06-27 2017-06-27 19:55:59         RAR    CHIPSET V 3.7.rar
2017-07-14 2017-07-14 15:34:02         ZIP    X2 5.1 FULL VERSION - Whatsmy1name.zip
2017-07-15 2017-07-15 05:28:21         ZIP    CODEXULTIMO.zip
2017-11-08 2017-11-08 22:46:44         RAR    PACK CARDER PRO-By TalesHacking.rar
2020-11-25 2020-11-25 02:28:30         Win32 EXE    433dfe593fad09f50e88d22b039f8f80.virobj
2018-09-06 2018-09-06 22:52:07         Win32 EXE    8d62e6bef8820d5f36233f33f6dbcfd0.virobj
2017-11-25 2017-11-25 20:20:29         ZIP    X2 certified software.zip
2018-02-27 2018-02-27 06:03:47         ZIP    emvMX.zip
2017-09-29 2017-09-29 15:50:34         RAR    EMV 10.0.rar
2017-10-09 2017-10-09 04:39:42         RAR    CODEX BB.rar
2017-11-10 2017-11-10 00:41:46         Win32 EXE    Y:\_Pro\EMV_enc.exe
2017-10-17 2017-10-17 19:30:07         RAR    /1/e/0/e0f895f7741f20233aafb03669b5a0e686f5b42a86b1d9074d51b681d59cdaef.file
2017-12-30 2017-12-30 10:28:11         ZIP    EMVTRACK2CHIP SOFTWARES LATEST (2).zip
2017-12-30 2017-12-30 18:00:25         ZIP    Attachments-chipset.zip
2018-01-07 2018-01-07 14:52:55         ZIP    Attachments-chipset.zip
2018-01-08 2018-01-08 18:17:39         ZIP    emvMX.zip
2018-01-18 2018-01-18 17:11:13         RAR    GpShell.rar
2020-05-28 2020-05-28 22:37:01         ZIP    Emv Beta.zip
2016-06-25 2016-06-25 22:59:57         RAR    Chipset.rar
2016-06-26 2016-06-26 13:28:35         RAR    RB4.rar
2017-01-12 2017-01-12 02:03:05         RAR    EMV Writer.rar
2016-07-13 2016-07-13 20:29:35         RAR    ICCARD FOR MCR200 10 (1).rar


Randomly:
EMVTRACK2CHIP SOFTWARES LATEST (2).zip - da0e6e265b2f2065e496adbb0102a1ba070346d8cc9a2a2bfbb0559cc8cd6290

Contains a soft pack:
codex-by-codex:

basico.exe - 4315dc7f035defc18fb2ba12d47a8073fcfa4da7669b8d51fe6582c645edcbf5
BUTZ4Wj.png

Completo.exe - 83a640b8433fa5cbfec841e60e3c73ec65446d63a8f00c00143aa3dc1632b786
nty8Afr.png

Debito Caixa.exe - ca949bfcc6a0113e4a5578c9db07f9f144eb42e257ae146879292b3577d14f5b
RRQTzyo.png


Edited version of 'jcophiro':

Credit.exe - c23411deeec790e2dba37f4c49c7ecac3c867b7012431c9281ed748519eda65c
ljoogI3.png
exfiltrate also datas🙂

jcopenglish.exe - 1ecfd3755eba578108363c0705c6ec205972080739ed0fbd17439f8139ba7e08
8rn5el7.png
exfiltrate also datas 🙂

SmartCard GoldMetal:
new.exe - 8788ad1a19a4392017a91ed591ed516309234f3dfed4a869a17bd41604f79d7e
YK4vYVc.png

3D files of skimmers (lmao, what's up with that in the archive) 
dieb-frame.stp - 7557b8b24cc02c79f27bf9ba3a0b2b2638033a1e0d6e3891c427cff2d64190f5
new-ncr-flat.stp - e754a6987cb46640cddbce51cd3c757c934632ee5460f5b6bd92ca3e9bf34d68
new-ncr-flat-mouth.stp - fadccaf6f6306d671043702211a015f881a046c74b862c7857795514c2ac5ae7
N SelfServ-PAD.STEP - fc0333a3486f6863c5992b1116afb72a386171c2e0db10016a6316d7398e91aa
Zbqzy81.png


X1
x1.exe - 9df64f5124893961a78282f7e19573406ba19011f6baadac93ec59c93bfda72f
srvajFJ.png

Toronto (A renamed version of x1, protected by password)
here you will have also one jumpy boy to patch.
TorontoCard.exe - e3db277da551621b102ac5ee545e772aa25799fa941c1e06bbc69fe4142af7cf 0/56!
aUKLJUn.png
HRzGyQA.png

One last random archive for fun:
chipset_v3.rar - 4d116757da91009466c5b0f60827d6d2b3fb00e480ebcc01bdd5fb49d3eb8ec2:
Emv ChipSet.exe - cac8aca4f7d2ff399a73531f179691b6a2e2a1b93e957d0a16f75c4818312880
ffgTiX5.png

Voila, u da carder now.

What if we go on youtube, and looks in comments inside emv software videos?:
uDAjTXu.png
lol, seem legit.


Conclusion on this afternoon wasted looking for useless stuff:
Lots of lamers, and for some reason there are quite a few Castilians.
Carders like to do reshacking to rebrand smart-card reading/writing software
Most of emv softs are only used for calculations, many are ultimately only wrappers for GPShell.exe.

Xyl2k

Xyl2k

Someone on telegram intrigued me by telling me about software to read credit card chips, so here are some files that I got from the net.

The first software in question, on which I came across: "EMVStudio" belonging to emvstudio.com
If I look for the files on VT, it communicates with auth.emvstudio.com, I come across these 3 archives:

EMVStudio.rar - 1ba1fac55003d2c966f0071b2c126169254b35a38b4e2b913557c4fb0faadfdb
Contains  8d6dacff8a098b8d02202e8c6a4a65bbe20b332ba58d6165cca6f958187864c4
also a file named 'gp' who seem a config file.

emvstudio_v1.1.1.rar - 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
Contains  emvstudio_v1.1.2.exe - ce9187aa45f3f33e6f87a4dfcfa67308251970ca3d4e187bf9bb675c16942384
Contains also emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33
and card templates for the software.

emvstudio_v1.1.1 (2).rar - eb3e80bdc5d1120123530039c1ffa18bd3453813d78d1b8baf804d3efed1e7d7
Contains emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33


emvstudio_v1.1.3.exe - 7a0a07959f3629cafbcb8827715f931e533ba7894e8a3bc42df95fcfcc0bd584
EMVStudio version 1.1.3
nB5hPuY.png


ShadeStudio.exe - 40ac2358207f582ee3051748f1b13811cbe9f9d23e78a4052eda847fafbb2f3b
ShadeStudio version 1.0
Telegram: @ShadeStudio
Looks a lot like EMV Studio.
wsKwdPY.png

ARQC TOOL PLUS.exe - e13c0b718728fc30762eb68e59d92308e0e66efa06b70fae1ea1f65e32d4344a
ARQC TOOL PLUS, version 1.0, skin windowsXP style
telegram: BreezyDumps
mail: ceobreezy13@protonmail.com
Looks a lot like EMV Studio.
rOSxiyF.png

%TEMP%\ARQC TOOL PLUS.exe - 149df4a1412d557706d7c705beda6aa29180dd8a55644a35175c643b02cb9645
ARQC TOOL PLUS, version 1.0, skin windowsXP style
Telegram: BreezyDumps
Mail: ceobreezy13@protonmail.com
Looks a lot like EMV Studio.

emvstudio.exe - f8856c821ce0a221a2dffa3bde8f09110ec1c2e8f9c8c75f54b179be462af15e
Bundled file with malware 

ARQC TOOL PLUS..exe - 707570e7469b728ac3f48cd2055bfff92accb36b53a999efe69338dce9fa228b
Bundled file with malware 

emvstudio_v1.1.3cr.exe - 83262e3fbea3a3c373c706ff71864066d52acaf63affafc12b7da6d74b95e302
EMVStudio version 1.1.3, seem a cracked version

emvstudio_unpacked.fixed1(2).exe - 52c89dbef55bd526def42ab9dbb04a2a02dac17cd4b4c0af7177ac61dd8f4297
EMVStudio version 1.1.3, seem a cracked version

emvstudio_v1.1.3-cleaned1.exe - 050847f886f9df20c5d99a1cd2edffa478fedacaa433f7b17139fe66ab7b810a
EMVStudio version 1.1.3, seem a cracked version

---
EXE contained in the above archives:

%HOME%\unpack\EMVStudio\EMVStudio.exe - 8d6dacff8a098b8d02202e8c6a4a65bbe20b332ba58d6165cca6f958187864c4
Can be found inside: (EMVStudio.rar - 1ba1fac55003d2c966f0071b2c126169254b35a38b4e2b913557c4fb0faadfdb)
EMVStudio Trial v1.0
FxstAhB.png

%HOME%\unpack\emvstudio_v1.1.1\emvstudio_v1.1.1\emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33
Can be found inside: emvstudio_v1.1.1.rar - 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
And also inside: emvstudio_v1.1.1 (2).rar - eb3e80bdc5d1120123530039c1ffa18bd3453813d78d1b8baf804d3efed1e7d7
EMVStudio v1.1.1
mN1U8lC.png

emvstudio_v1.1.2.exe - ce9187aa45f3f33e6f87a4dfcfa67308251970ca3d4e187bf9bb675c16942384
Can be found inside: 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
EMVStudio v1.1.2
XItTlDi.png

After some more research:

Software matrix
matrix.exe - 87678c6dcf0065ffc487a284b9f79bd8c0815c5c621fc92f83df24393bfcc660
Don't ask me how it works.
K19AkNG.png

B.R Smart Card writer v9 Contained in RB4.rar - d290537982669a994598da5dc62b9242571c14d5b6a1f76c46a0e9110d5ac867
Contains a lot of stuff, older versions too.
As well as an X.exe (aea36d94e8a8deb91b0dbf84554e57b59d112c86a9261ac79d5cae9e9cb96bf8) protected by a password interface, which connects to dropbox to verify the pass (hxxps://dl.dropboxusercontent.com/uPASS.36t2211/) This file no longer exists, the only way is to patch the exe to open it.
vNeUAdi.png
8BDbKlY.png

Jcophiro (c0d11ed2eed0fef8d2f53920a1e12f667e03eafdb2d2941473d120e9e6f0e657)
75g4ilW.png
Funny thing on this one, it exfiltrate the infos to a server when you click 'gravar':
a6HKtho.png

X2
Found on a pack 'EMV.rar' ecad77d5394cb14611d8f643e29aa9744a02072b3fd2c9099af08947bc8a5b6e
Contains sub-archives with many files, *infected*

X2.exe - 66bb78f1d9a332522be0a1270b4ef4bb2bd6bba40609630ce63d1d603d19bfe7
Bundled with malware

 

753×642 png
50 kB
xz2WuyG.png

X2G.exe - b5547482856a4ea39e4fb8274b2feef6c368f57d11dda77be32c6e4f8eb6d867
X2 Gold, Bundled with malware
pPvMwae.png

B.R Smart Card writer v9, Jcophiro, matrix, et X2, appears to be just GUIs for GPShell.exe (a communication software for smart card readers) 
-> https://github.com/sigma/globalplatform/tree/master/gpshell
GlobalPlatform is a standard for the management of the contents on a smart card.

GPShell.exe (33kb) - ba5e9041668257393ae28413f5099db5d12d7f48c239e8d19e9beda2036b31be

So.. what if we look directly for GPShell.exe?
We come across many archives (100+) we should expect to get X2 and cie. 
Quote

Scanned    Detections    Type    Name
2015-03-03 2015-03-03 20:38:15         RAR    gpshell.rar
2014-12-13 2014-12-13 21:06:03         ZIP    RB 4.0.zip
2015-07-25 2015-07-25 07:11:17         RAR    chip RB 5.rar
2016-07-07 2016-07-07 07:52:12         RAR    recurso.rar
2015-07-29 2015-07-29 19:46:49         ZIP    rb5 - Copy.zip
2015-10-10 2015-10-10 10:42:11         ZIP    Pen Rapaz1.zip
2015-07-03 2015-07-03 01:31:33         RAR    GPShell.rar
2018-11-18 2018-11-18 15:55:27         ZIP    chipset-full.zip
2015-07-03 2015-07-03 01:30:07         RAR    chip to EMV (7).rar
2020-06-06 2020-06-06 08:41:23         RAR    RB.rar
2016-01-06 2016-01-06 22:24:20         RAR    cchipset2.0.rar
2016-03-08 2016-03-08 02:25:48         RAR    chipset_v3.rar
2015-12-11 2015-12-11 16:40:01         ZIP    Conversor EMV chip tools.zip
2017-11-25 2017-11-25 20:32:51         RAR    Chipso.rar
2015-07-11 2015-07-11 17:59:47         RAR    AMEX.rar
2019-03-08 2019-03-08 11:33:51         ZIP    GPShell-1.4.4.zip
2015-07-20 2015-07-20 07:58:36         RAR    last.rar
2014-11-05 2014-11-05 23:26:39         RAR    BURN.rar
2015-11-22 2015-11-22 12:07:56         ZIP    Conversor EMV chip tools.zip
2015-11-03 2015-11-03 14:49:52         ZIP    Nova pasta (4).zip
2016-05-25 2016-05-25 11:00:36         ZIP    c-set.zip
2018-03-31 2018-03-31 07:54:13         RAR    c:\recurso.rar
2015-07-25 2015-07-25 18:43:56         ZIP    rb5.0.zip
2016-05-26 2016-05-26 18:33:54         ZIP    Chipset V2 Cracked.zip
2015-03-10 2015-03-10 02:47:29         RAR    CHANGER.rar
2017-04-23 2017-04-23 09:34:35         Win32 EXE    GPShell.exe
2015-01-27 2015-01-27 15:46:20         RAR    Gravador Caixa.rar
2017-03-02 2017-03-02 23:40:54         RAR    Pack - Especial de 2K Tazaah.rar
2015-08-26 2015-08-26 01:21:29         7ZIP    C:\Users\hp\Downloads\Files MSR2006.7z
2016-02-27 2016-02-27 16:24:07         ZIP    softuri.zip
2016-03-21 2016-03-21 01:22:55         ZIP    script debit (2).zip
2016-07-11 2016-07-11 17:10:36         RAR    Chip.rar
2014-12-12 2014-12-12 19:07:15         ZIP    Bradesco_Express_1.0.zip
2015-09-19 2015-09-19 18:31:21         ZIP    chp.zip
2015-07-22 2015-07-22 15:02:12         ZIP    engine.zip
2015-03-03 2015-03-03 15:40:09         ZIP    CODEX_bY_CODEX.zip
2015-08-03 2015-08-03 05:03:28         RAR    Debito-Cx.rar
2015-12-03 2015-12-03 08:04:11         ZIP    Track2ChipARQC.zip
2016-02-13 2016-02-13 00:32:03         RAR    EMV Writer.rar
2015-11-30 2015-11-30 10:38:23         JAR    /1/c/5/c5d9a9c34674d1feb37efb72601881e21542b63f101a25e1d89f213f2841b479.file
2016-11-08 2016-11-08 14:10:53         ZIP    ChipSoft.zip
2016-05-22 2016-05-22 04:55:27         RAR    FLAMIGO.rar
2016-02-20 2016-02-20 12:21:49         RAR    /1/0/d/0d68113a970e92ba7ceb1afc66c852fc3e3e2c1098643d51466f638c2776a494.file
2016-02-10 2016-02-10 15:45:17         RAR    EMV_Stuff_EMV2016.rar
2015-08-27 2015-08-27 20:57:09         ZIP    R.B. 6.0.zip
2015-06-06 2015-06-06 17:29:46         RAR    Codex.rar
2019-12-12 2019-12-12 01:46:33         ZIP    emv.zip
2015-09-28 2015-09-28 20:31:26         RAR    R.B6.0.rar
2016-05-17 2016-05-17 19:42:33         RAR    Debito X.rar
2015-10-10 2015-10-10 19:07:09         RAR    CODE BB betooooo.rar
2017-03-01 2017-03-01 11:02:06         RAR    R.B. 6.0.rar
2015-11-28 2015-11-28 04:23:45         RAR    ChipSET.rar
2016-02-02 2016-02-02 17:52:35         RAR    EMV CHIP.rar
2016-03-14 2016-03-14 07:33:18         ZIP    CARDING_EMV.zip
2014-11-21 2014-11-21 21:20:34         ZIP    EMV.zip
2015-12-03 2015-12-03 10:25:04         ZIP    chipset2.0.zip
2016-05-09 2016-05-09 19:42:42         RAR    GPShell.rar
2015-07-22 2015-07-22 22:08:58         ZIP    R.B 4.0.zip
2015-03-03 2015-03-03 15:41:07         RAR    GPShell.rar
2020-06-10 2020-06-10 01:43:58         7ZIP    B.R. Smart Card Writer.7z
2016-03-11 2016-03-11 23:41:44         RAR    R B-5.rar
2016-01-31 2016-01-31 05:00:59         RAR    CODEX bY CODEX BRANCO.rar
2016-05-26 2016-05-26 18:39:29         RAR    ChipSET.rar
2016-07-11 2016-07-11 06:43:24         RAR    FLAMIGO.rar
2016-03-14 2016-03-14 02:14:39         RAR    Conversor EMV chip tools.rar
2017-02-24 2017-02-24 03:41:20         ZIP    EMV_encode.zip
2017-07-14 2017-07-14 19:17:34         ZIP    RBXI.zip
2020-09-22 2020-09-22 06:39:06         Win32 EXE    EMV ReaderWriter v8.6.exe
2017-03-12 2017-03-12 13:27:49         RAR    GPShellCHANGER.rar
2020-06-09 2020-06-09 03:35:34         Win32 EXE    RB 4.0 3.exe
2017-03-14 2017-03-14 17:02:50         RAR    codex gp shell e mais cabeças.rar
2020-09-24 2020-09-24 16:15:18         Win32 EXE    braemvxox.exe
2017-05-05 2017-05-05 16:42:45         RAR    Dr.Heisenberg? ?? RB4??.rar
2019-07-22 2019-07-22 21:36:30         Win32 EXE    EMV ReaderWriter v8.6.exe
2017-05-16 2017-05-16 00:47:06         RAR    EMVToolslite.rar
2017-05-21 2017-05-21 14:10:59         ZIP    EMV Software.zip
2017-05-21 2017-05-21 18:10:09         ZIP    RB 4.0.zip
2017-05-21 2017-05-21 18:14:21         ZIP    CHIPSET V 3.7.zip
2017-06-27 2017-06-27 19:55:59         RAR    CHIPSET V 3.7.rar
2017-07-14 2017-07-14 15:34:02         ZIP    X2 5.1 FULL VERSION - Whatsmy1name.zip
2017-07-15 2017-07-15 05:28:21         ZIP    CODEXULTIMO.zip
2017-11-08 2017-11-08 22:46:44         RAR    PACK CARDER PRO-By TalesHacking.rar
2020-11-25 2020-11-25 02:28:30         Win32 EXE    433dfe593fad09f50e88d22b039f8f80.virobj
2018-09-06 2018-09-06 22:52:07         Win32 EXE    8d62e6bef8820d5f36233f33f6dbcfd0.virobj
2017-11-25 2017-11-25 20:20:29         ZIP    X2 certified software.zip
2018-02-27 2018-02-27 06:03:47         ZIP    emvMX.zip
2017-09-29 2017-09-29 15:50:34         RAR    EMV 10.0.rar
2017-10-09 2017-10-09 04:39:42         RAR    CODEX BB.rar
2017-11-10 2017-11-10 00:41:46         Win32 EXE    Y:\_Pro\EMV_enc.exe
2017-10-17 2017-10-17 19:30:07         RAR    /1/e/0/e0f895f7741f20233aafb03669b5a0e686f5b42a86b1d9074d51b681d59cdaef.file
2017-12-30 2017-12-30 10:28:11         ZIP    EMVTRACK2CHIP SOFTWARES LATEST (2).zip
2017-12-30 2017-12-30 18:00:25         ZIP    Attachments-chipset.zip
2018-01-07 2018-01-07 14:52:55         ZIP    Attachments-chipset.zip
2018-01-08 2018-01-08 18:17:39         ZIP    emvMX.zip
2018-01-18 2018-01-18 17:11:13         RAR    GpShell.rar
2020-05-28 2020-05-28 22:37:01         ZIP    Emv Beta.zip
2016-06-25 2016-06-25 22:59:57         RAR    Chipset.rar
2016-06-26 2016-06-26 13:28:35         RAR    RB4.rar
2017-01-12 2017-01-12 02:03:05         RAR    EMV Writer.rar
2016-07-13 2016-07-13 20:29:35         RAR    ICCARD FOR MCR200 10 (1).rar


Randomly:
EMVTRACK2CHIP SOFTWARES LATEST (2).zip - da0e6e265b2f2065e496adbb0102a1ba070346d8cc9a2a2bfbb0559cc8cd6290

Contains a soft pack:
codex-by-codex:

basico.exe - 4315dc7f035defc18fb2ba12d47a8073fcfa4da7669b8d51fe6582c645edcbf5
BUTZ4Wj.png

Completo.exe - 83a640b8433fa5cbfec841e60e3c73ec65446d63a8f00c00143aa3dc1632b786
nty8Afr.png

Debito Caixa.exe - ca949bfcc6a0113e4a5578c9db07f9f144eb42e257ae146879292b3577d14f5b
RRQTzyo.png


Edited version of 'jcophiro':

Credit.exe - c23411deeec790e2dba37f4c49c7ecac3c867b7012431c9281ed748519eda65c
ljoogI3.png

jcopenglish.exe - 1ecfd3755eba578108363c0705c6ec205972080739ed0fbd17439f8139ba7e08
8rn5el7.png


SmartCard GoldMetal:
new.exe - 8788ad1a19a4392017a91ed591ed516309234f3dfed4a869a17bd41604f79d7e
YK4vYVc.png

3D files of skimmers (lmao, what's up with that in the archive) 
dieb-frame.stp - 7557b8b24cc02c79f27bf9ba3a0b2b2638033a1e0d6e3891c427cff2d64190f5
new-ncr-flat.stp - e754a6987cb46640cddbce51cd3c757c934632ee5460f5b6bd92ca3e9bf34d68
new-ncr-flat-mouth.stp - fadccaf6f6306d671043702211a015f881a046c74b862c7857795514c2ac5ae7
N SelfServ-PAD.STEP - fc0333a3486f6863c5992b1116afb72a386171c2e0db10016a6316d7398e91aa
Zbqzy81.png


X1
x1.exe - 9df64f5124893961a78282f7e19573406ba19011f6baadac93ec59c93bfda72f
srvajFJ.png

Toronto (A renamed version of x1, protected by password)
here you will have also one jumpy boy to patch.
TorontoCard.exe - e3db277da551621b102ac5ee545e772aa25799fa941c1e06bbc69fe4142af7cf 0/56!
aUKLJUn.png
HRzGyQA.png

One last random archive for fun:
chipset_v3.rar - 4d116757da91009466c5b0f60827d6d2b3fb00e480ebcc01bdd5fb49d3eb8ec2:
Emv ChipSet.exe - cac8aca4f7d2ff399a73531f179691b6a2e2a1b93e957d0a16f75c4818312880
ffgTiX5.png

Voila, u da carder now.

What if we go on youtube, and looks in comments inside emv software videos?:
uDAjTXu.png
lol, seem legit.


Conclusion on this afternoon wasted looking for useless stuff:
Lots of lamers, and for some reason there are quite a few Castilians.
Carders like to do reshacking to rebrand smart-card reading/writing software
Most of emv softs are only used for calculations, many are ultimately only wrappers for GPShell.exe.

Xyl2k

Xyl2k

Someone on telegram intrigued me by telling me about software to read credit card chips, so here are some files that I got from the net.

The first software in question, on which I came across: "EMVStudio" belonging to emvstudio.com
If I look for the files on VT, it communicates with auth.emvstudio.com, I come across these 3 archives:

EMVStudio.rar - 1ba1fac55003d2c966f0071b2c126169254b35a38b4e2b913557c4fb0faadfdb
Contains  8d6dacff8a098b8d02202e8c6a4a65bbe20b332ba58d6165cca6f958187864c4
also a file named 'gp' who seem a config file.

emvstudio_v1.1.1.rar - 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
Contains  emvstudio_v1.1.2.exe - ce9187aa45f3f33e6f87a4dfcfa67308251970ca3d4e187bf9bb675c16942384
Contains also emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33
and card templates for the software.

emvstudio_v1.1.1 (2).rar - eb3e80bdc5d1120123530039c1ffa18bd3453813d78d1b8baf804d3efed1e7d7
Contains emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33


emvstudio_v1.1.3.exe - 7a0a07959f3629cafbcb8827715f931e533ba7894e8a3bc42df95fcfcc0bd584
EMVStudio version 1.1.3
nB5hPuY.png


ShadeStudio.exe - 40ac2358207f582ee3051748f1b13811cbe9f9d23e78a4052eda847fafbb2f3b
ShadeStudio version 1.0
Telegram: @ShadeStudio
Looks a lot like EMV Studio.
wsKwdPY.png

ARQC TOOL PLUS.exe - e13c0b718728fc30762eb68e59d92308e0e66efa06b70fae1ea1f65e32d4344a
ARQC TOOL PLUS, version 1.0, skin windowsXP style
telegram: BreezyDumps
mail: ceobreezy13@protonmail.com
Looks a lot like EMV Studio.
rOSxiyF.png

%TEMP%\ARQC TOOL PLUS.exe - 149df4a1412d557706d7c705beda6aa29180dd8a55644a35175c643b02cb9645
ARQC TOOL PLUS, version 1.0, skin windowsXP style
Telegram: BreezyDumps
Mail: ceobreezy13@protonmail.com
Looks a lot like EMV Studio.

emvstudio.exe - f8856c821ce0a221a2dffa3bde8f09110ec1c2e8f9c8c75f54b179be462af15e
Bundled file with malware 

ARQC TOOL PLUS..exe - 707570e7469b728ac3f48cd2055bfff92accb36b53a999efe69338dce9fa228b
Bundled file with malware 

emvstudio_v1.1.3cr.exe - 83262e3fbea3a3c373c706ff71864066d52acaf63affafc12b7da6d74b95e302
EMVStudio version 1.1.3, seem a cracked version

emvstudio_unpacked.fixed1(2).exe - 52c89dbef55bd526def42ab9dbb04a2a02dac17cd4b4c0af7177ac61dd8f4297
EMVStudio version 1.1.3, seem a cracked version

emvstudio_v1.1.3-cleaned1.exe - 050847f886f9df20c5d99a1cd2edffa478fedacaa433f7b17139fe66ab7b810a
EMVStudio version 1.1.3, seem a cracked version

---
EXE contained in the above archives:

%HOME%\unpack\EMVStudio\EMVStudio.exe - 8d6dacff8a098b8d02202e8c6a4a65bbe20b332ba58d6165cca6f958187864c4
Can be found inside: (EMVStudio.rar - 1ba1fac55003d2c966f0071b2c126169254b35a38b4e2b913557c4fb0faadfdb)
EMVStudio Trial v1.0
FxstAhB.png

%HOME%\unpack\emvstudio_v1.1.1\emvstudio_v1.1.1\emvstudio_v1.1.1.exe - 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33
Can be found inside: emvstudio_v1.1.1.rar - 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
And also inside: emvstudio_v1.1.1 (2).rar - eb3e80bdc5d1120123530039c1ffa18bd3453813d78d1b8baf804d3efed1e7d7
EMVStudio v1.1.1
mN1U8lC.png

emvstudio_v1.1.2.exe - ce9187aa45f3f33e6f87a4dfcfa67308251970ca3d4e187bf9bb675c16942384
Can be found inside: 0bd11f024845c07e0df8fe2f080f4925dc44a289e4e59b079be0a68ed2fc42a6
EMVStudio v1.1.2
XItTlDi.png

After some more research:

Software matrix
matrix.exe - 87678c6dcf0065ffc487a284b9f79bd8c0815c5c621fc92f83df24393bfcc660
Don't ask me how it works.
K19AkNG.png

B.R Smart Card writer v9 Contained in RB4.rar - d290537982669a994598da5dc62b9242571c14d5b6a1f76c46a0e9110d5ac867
Contains a lot of stuff, older versions too.
As well as an X.exe (aea36d94e8a8deb91b0dbf84554e57b59d112c86a9261ac79d5cae9e9cb96bf8) protected by a password interface, which connects to dropbox to verify the pass (hxxps://dl.dropboxusercontent.com/uPASS.36t2211/) This file no longer exists, the only way is to patch the exe to open it.
vNeUAdi.png
8BDbKlY.png

Jcophiro (c0d11ed2eed0fef8d2f53920a1e12f667e03eafdb2d2941473d120e9e6f0e657)
75g4ilW.png


X2
Found on a pack 'EMV.rar' ecad77d5394cb14611d8f643e29aa9744a02072b3fd2c9099af08947bc8a5b6e
Contains sub-archives with many files, *infected*

X2.exe - 66bb78f1d9a332522be0a1270b4ef4bb2bd6bba40609630ce63d1d603d19bfe7
Bundled with malware
xz2WuyG.png

X2G.exe - b5547482856a4ea39e4fb8274b2feef6c368f57d11dda77be32c6e4f8eb6d867
X2 Gold, Bundled with malware
pPvMwae.png

B.R Smart Card writer v9, Jcophiro, matrix, et X2, appears to be just GUIs for GPShell.exe (a communication software for smart card readers) 
-> https://github.com/sigma/globalplatform/tree/master/gpshell
GlobalPlatform is a standard for the management of the contents on a smart card.

GPShell.exe (33kb) - ba5e9041668257393ae28413f5099db5d12d7f48c239e8d19e9beda2036b31be

So.. what if we look directly for GPShell.exe?
We come across many archives (100+) we should expect to get X2 and cie. 

Quote

Scanned    Detections    Type    Name
2015-03-03 2015-03-03 20:38:15         RAR    gpshell.rar
2014-12-13 2014-12-13 21:06:03         ZIP    RB 4.0.zip
2015-07-25 2015-07-25 07:11:17         RAR    chip RB 5.rar
2016-07-07 2016-07-07 07:52:12         RAR    recurso.rar
2015-07-29 2015-07-29 19:46:49         ZIP    rb5 - Copy.zip
2015-10-10 2015-10-10 10:42:11         ZIP    Pen Rapaz1.zip
2015-07-03 2015-07-03 01:31:33         RAR    GPShell.rar
2018-11-18 2018-11-18 15:55:27         ZIP    chipset-full.zip
2015-07-03 2015-07-03 01:30:07         RAR    chip to EMV (7).rar
2020-06-06 2020-06-06 08:41:23         RAR    RB.rar
2016-01-06 2016-01-06 22:24:20         RAR    cchipset2.0.rar
2016-03-08 2016-03-08 02:25:48         RAR    chipset_v3.rar
2015-12-11 2015-12-11 16:40:01         ZIP    Conversor EMV chip tools.zip
2017-11-25 2017-11-25 20:32:51         RAR    Chipso.rar
2015-07-11 2015-07-11 17:59:47         RAR    AMEX.rar
2019-03-08 2019-03-08 11:33:51         ZIP    GPShell-1.4.4.zip
2015-07-20 2015-07-20 07:58:36         RAR    last.rar
2014-11-05 2014-11-05 23:26:39         RAR    BURN.rar
2015-11-22 2015-11-22 12:07:56         ZIP    Conversor EMV chip tools.zip
2015-11-03 2015-11-03 14:49:52         ZIP    Nova pasta (4).zip
2016-05-25 2016-05-25 11:00:36         ZIP    c-set.zip
2018-03-31 2018-03-31 07:54:13         RAR    c:\recurso.rar
2015-07-25 2015-07-25 18:43:56         ZIP    rb5.0.zip
2016-05-26 2016-05-26 18:33:54         ZIP    Chipset V2 Cracked.zip
2015-03-10 2015-03-10 02:47:29         RAR    CHANGER.rar
2017-04-23 2017-04-23 09:34:35         Win32 EXE    GPShell.exe
2015-01-27 2015-01-27 15:46:20         RAR    Gravador Caixa.rar
2017-03-02 2017-03-02 23:40:54         RAR    Pack - Especial de 2K Tazaah.rar
2015-08-26 2015-08-26 01:21:29         7ZIP    C:\Users\hp\Downloads\Files MSR2006.7z
2016-02-27 2016-02-27 16:24:07         ZIP    softuri.zip
2016-03-21 2016-03-21 01:22:55         ZIP    script debit (2).zip
2016-07-11 2016-07-11 17:10:36         RAR    Chip.rar
2014-12-12 2014-12-12 19:07:15         ZIP    Bradesco_Express_1.0.zip
2015-09-19 2015-09-19 18:31:21         ZIP    chp.zip
2015-07-22 2015-07-22 15:02:12         ZIP    engine.zip
2015-03-03 2015-03-03 15:40:09         ZIP    CODEX_bY_CODEX.zip
2015-08-03 2015-08-03 05:03:28         RAR    Debito-Cx.rar
2015-12-03 2015-12-03 08:04:11         ZIP    Track2ChipARQC.zip
2016-02-13 2016-02-13 00:32:03         RAR    EMV Writer.rar
2015-11-30 2015-11-30 10:38:23         JAR    /1/c/5/c5d9a9c34674d1feb37efb72601881e21542b63f101a25e1d89f213f2841b479.file
2016-11-08 2016-11-08 14:10:53         ZIP    ChipSoft.zip
2016-05-22 2016-05-22 04:55:27         RAR    FLAMIGO.rar
2016-02-20 2016-02-20 12:21:49         RAR    /1/0/d/0d68113a970e92ba7ceb1afc66c852fc3e3e2c1098643d51466f638c2776a494.file
2016-02-10 2016-02-10 15:45:17         RAR    EMV_Stuff_EMV2016.rar
2015-08-27 2015-08-27 20:57:09         ZIP    R.B. 6.0.zip
2015-06-06 2015-06-06 17:29:46         RAR    Codex.rar
2019-12-12 2019-12-12 01:46:33         ZIP    emv.zip
2015-09-28 2015-09-28 20:31:26         RAR    R.B6.0.rar
2016-05-17 2016-05-17 19:42:33         RAR    Debito X.rar
2015-10-10 2015-10-10 19:07:09         RAR    CODE BB betooooo.rar
2017-03-01 2017-03-01 11:02:06         RAR    R.B. 6.0.rar
2015-11-28 2015-11-28 04:23:45         RAR    ChipSET.rar
2016-02-02 2016-02-02 17:52:35         RAR    EMV CHIP.rar
2016-03-14 2016-03-14 07:33:18         ZIP    CARDING_EMV.zip
2014-11-21 2014-11-21 21:20:34         ZIP    EMV.zip
2015-12-03 2015-12-03 10:25:04         ZIP    chipset2.0.zip
2016-05-09 2016-05-09 19:42:42         RAR    GPShell.rar
2015-07-22 2015-07-22 22:08:58         ZIP    R.B 4.0.zip
2015-03-03 2015-03-03 15:41:07         RAR    GPShell.rar
2020-06-10 2020-06-10 01:43:58         7ZIP    B.R. Smart Card Writer.7z
2016-03-11 2016-03-11 23:41:44         RAR    R B-5.rar
2016-01-31 2016-01-31 05:00:59         RAR    CODEX bY CODEX BRANCO.rar
2016-05-26 2016-05-26 18:39:29         RAR    ChipSET.rar
2016-07-11 2016-07-11 06:43:24         RAR    FLAMIGO.rar
2016-03-14 2016-03-14 02:14:39         RAR    Conversor EMV chip tools.rar
2017-02-24 2017-02-24 03:41:20         ZIP    EMV_encode.zip
2017-07-14 2017-07-14 19:17:34         ZIP    RBXI.zip
2020-09-22 2020-09-22 06:39:06         Win32 EXE    EMV ReaderWriter v8.6.exe
2017-03-12 2017-03-12 13:27:49         RAR    GPShellCHANGER.rar
2020-06-09 2020-06-09 03:35:34         Win32 EXE    RB 4.0 3.exe
2017-03-14 2017-03-14 17:02:50         RAR    codex gp shell e mais cabeças.rar
2020-09-24 2020-09-24 16:15:18         Win32 EXE    braemvxox.exe
2017-05-05 2017-05-05 16:42:45         RAR    Dr.Heisenberg? ?? RB4??.rar
2019-07-22 2019-07-22 21:36:30         Win32 EXE    EMV ReaderWriter v8.6.exe
2017-05-16 2017-05-16 00:47:06         RAR    EMVToolslite.rar
2017-05-21 2017-05-21 14:10:59         ZIP    EMV Software.zip
2017-05-21 2017-05-21 18:10:09         ZIP    RB 4.0.zip
2017-05-21 2017-05-21 18:14:21         ZIP    CHIPSET V 3.7.zip
2017-06-27 2017-06-27 19:55:59         RAR    CHIPSET V 3.7.rar
2017-07-14 2017-07-14 15:34:02         ZIP    X2 5.1 FULL VERSION - Whatsmy1name.zip
2017-07-15 2017-07-15 05:28:21         ZIP    CODEXULTIMO.zip
2017-11-08 2017-11-08 22:46:44         RAR    PACK CARDER PRO-By TalesHacking.rar
2020-11-25 2020-11-25 02:28:30         Win32 EXE    433dfe593fad09f50e88d22b039f8f80.virobj
2018-09-06 2018-09-06 22:52:07         Win32 EXE    8d62e6bef8820d5f36233f33f6dbcfd0.virobj
2017-11-25 2017-11-25 20:20:29         ZIP    X2 certified software.zip
2018-02-27 2018-02-27 06:03:47         ZIP    emvMX.zip
2017-09-29 2017-09-29 15:50:34         RAR    EMV 10.0.rar
2017-10-09 2017-10-09 04:39:42         RAR    CODEX BB.rar
2017-11-10 2017-11-10 00:41:46         Win32 EXE    Y:\_Pro\EMV_enc.exe
2017-10-17 2017-10-17 19:30:07         RAR    /1/e/0/e0f895f7741f20233aafb03669b5a0e686f5b42a86b1d9074d51b681d59cdaef.file
2017-12-30 2017-12-30 10:28:11         ZIP    EMVTRACK2CHIP SOFTWARES LATEST (2).zip
2017-12-30 2017-12-30 18:00:25         ZIP    Attachments-chipset.zip
2018-01-07 2018-01-07 14:52:55         ZIP    Attachments-chipset.zip
2018-01-08 2018-01-08 18:17:39         ZIP    emvMX.zip
2018-01-18 2018-01-18 17:11:13         RAR    GpShell.rar
2020-05-28 2020-05-28 22:37:01         ZIP    Emv Beta.zip
2016-06-25 2016-06-25 22:59:57         RAR    Chipset.rar
2016-06-26 2016-06-26 13:28:35         RAR    RB4.rar
2017-01-12 2017-01-12 02:03:05         RAR    EMV Writer.rar
2016-07-13 2016-07-13 20:29:35         RAR    ICCARD FOR MCR200 10 (1).rar


Randomly:
EMVTRACK2CHIP SOFTWARES LATEST (2).zip - da0e6e265b2f2065e496adbb0102a1ba070346d8cc9a2a2bfbb0559cc8cd6290

Contains a soft pack:
codex-by-codex:

basico.exe - 4315dc7f035defc18fb2ba12d47a8073fcfa4da7669b8d51fe6582c645edcbf5
BUTZ4Wj.png

Completo.exe - 83a640b8433fa5cbfec841e60e3c73ec65446d63a8f00c00143aa3dc1632b786
nty8Afr.png

Debito Caixa.exe - ca949bfcc6a0113e4a5578c9db07f9f144eb42e257ae146879292b3577d14f5b
RRQTzyo.png


Edited version of 'jcophiro':

Credit.exe - c23411deeec790e2dba37f4c49c7ecac3c867b7012431c9281ed748519eda65c
ljoogI3.png

jcopenglish.exe - 1ecfd3755eba578108363c0705c6ec205972080739ed0fbd17439f8139ba7e08
8rn5el7.png


SmartCard GoldMetal:
new.exe - 8788ad1a19a4392017a91ed591ed516309234f3dfed4a869a17bd41604f79d7e
YK4vYVc.png

3D files of skimmers (lmao, what's up with that in the archive) 
dieb-frame.stp - 7557b8b24cc02c79f27bf9ba3a0b2b2638033a1e0d6e3891c427cff2d64190f5
new-ncr-flat.stp - e754a6987cb46640cddbce51cd3c757c934632ee5460f5b6bd92ca3e9bf34d68
new-ncr-flat-mouth.stp - fadccaf6f6306d671043702211a015f881a046c74b862c7857795514c2ac5ae7
N SelfServ-PAD.STEP - fc0333a3486f6863c5992b1116afb72a386171c2e0db10016a6316d7398e91aa
Zbqzy81.png


X1
x1.exe - 9df64f5124893961a78282f7e19573406ba19011f6baadac93ec59c93bfda72f
srvajFJ.png

Toronto (A renamed version of x1, protected by password)
here you will have also one jumpy boy to patch.
TorontoCard.exe - e3db277da551621b102ac5ee545e772aa25799fa941c1e06bbc69fe4142af7cf 0/56!
aUKLJUn.png
HRzGyQA.png

One last random archive for fun:
chipset_v3.rar - 4d116757da91009466c5b0f60827d6d2b3fb00e480ebcc01bdd5fb49d3eb8ec2:
Emv ChipSet.exe - cac8aca4f7d2ff399a73531f179691b6a2e2a1b93e957d0a16f75c4818312880
ffgTiX5.png

Voila, u da carder now.

What if we go on youtube, and looks in comments inside emv software videos?:
uDAjTXu.png
lol, seem legit.


Conclusion on this afternoon wasted looking for useless stuff:
Lots of lamers, and for some reason there are quite a few Castilians.
Carders like to do reshacking to rebrand smart-card reading/writing software
Most of emv softs are only used for calculations, many are ultimately only wrappers for GPShell.exe.

×
×
  • Create New...