{ "id": "abc4e9e0-9b8c-4a32-a20d-ee16f1d2b48b", "created_at": "2026-04-06T00:15:57.118489Z", "updated_at": "2026-04-10T03:30:57.055191Z", "deleted_at": null, "sha1_hash": "884c38834080cd8ec879ab3cf343dfda82eebde4", "title": "Gaudox - HTTP Bot (1.1.0.1) | C++/ASM | Ring3 Rootkit | Watchdog | Antis |", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 44528, "plain_text": "Gaudox - HTTP Bot (1.1.0.1) | C++/ASM | Ring3 Rootkit |\r\nWatchdog | Antis |\r\nBy YOUR-NAME\r\nArchived: 2026-04-05 23:02:23 UTC\r\n[Image: acb1430.jpg]\r\n[Image: bb2c161.png]\r\n[Image: 3194cfd.png]\r\nBuilder\r\n[Image: 251b9fb.jpg]\r\n[Image: 27a48f1.jpg]\r\n[Image: 29caf7e.jpg]\r\n[Image: 2c55ddc.jpg]\r\n[Image: a91d043.jpg]\r\nDon't ask me what crypters to use, I cannot give feedback for any crypter as I have never bought one. If you find a\r\nnative crypter, ask the developer if his crypter is compatible with Gaudox. don't use crypters with dependencies. I\r\nwill code a native crypter soon.\r\nGaudox HTTP\r\nGaudox is a HTTP loader completely coded from scratch in C/C++ language with a few lines of Assembly, which\r\nmeans that it does not require of any dependencies ( C-Runtime, NET Framework, Java VM ). The bot has been\r\nfully tested and working on all Windows versions from Windows XP SP2 to Windows 10 (32/64-bit). It is also\r\nworth mentioning that I coded this bot with very efficient and stable designed code to handle thousands of\r\nconnections at once.\r\nFeatures:\r\nUsermode Rootkit\r\nBot has Rootkit functionality which hides all bot resources and prevents from being accessed from explorer\r\nprocess. This feature does not drop any to disk, the code is internally embedded in the bot file and injected in the\r\ntarget process from memory. It is also has self-protection that prevents the hooks from being removed by third-party programs or any security tool. This feature is currently working on 32-bit systems.\r\nPersistence/Watchdog\r\nhttp://nettoolz.blogspot.ch/2016/03/gaudox-http-bot-1101-casm-ring3-rootkit.html\r\nPage 1 of 4\n\nBot prevents it from being removed from the system by bot killers, security tools or user actions. This feature is\r\ncurrently supporting process protection and working on both 32/64-bit systems but its maximum compatibility is\r\nin 32-bit.\r\nTraffic Encrypted\r\nThe communication between the bot and the control panel is obfuscated. This prevents middle attacks.\r\nAnti-Analysis/Research\r\nBot contains several methods for preventing from being analyzed by researchers or unauthorized users. some\r\nmethods are from preventing static analysis by obfuscating code, data up to detect the presence of debuggers,\r\navoid running the bot in virtualized environments, etc. some methods may not be mentioned.\r\nCommands:\r\n[+] Download and execute (Drop\u0026Exec)\r\n[+] Visit Website (Visible)\r\n[+] Update Client\r\n[+] Uninstall Client\r\nPanel\r\n[Image: 627e2d4.jpg]\r\n[Image: acb1430.jpg]\r\n[Image: bb2c161.png]\r\n[Image: 3194cfd.png]\r\nBuilder\r\n[Image: 251b9fb.jpg]\r\n[Image: 27a48f1.jpg]\r\n[Image: 29caf7e.jpg]\r\n[Image: 2c55ddc.jpg]\r\n[Image: a91d043.jpg]\r\nDownload (latest version 1.1.0.1)\r\nYou must reply to this thread to see the hidden content. \r\nAny feedback is welcome.\r\nhttp://nettoolz.blogspot.ch/2016/03/gaudox-http-bot-1101-casm-ring3-rootkit.html\r\nPage 2 of 4\n\nGaudox v1.1.0.1.exe\r\nMD5: 1AF2E1B11B1D7543A19662F7291856F4\r\nSHA-1: DE5BD976FB5A4B50D8C8739E6B9F286F5B1A4798\r\n1.1.0.1.rar\r\nMD5: F99A3FBDEB1B0CD12BB1E6ED700ADE90\r\nSHA-1: A00A2B6D6C5806C75C5551073283D1218AC017C8\r\nMirror\r\nYou must reply to this thread to see the hidden content. \r\nHow to install:\r\n1) Open the Builder and create a new profile, you will use these values KEY #1 and KEY #2 in the panel.\r\n2) Create a new database (recommended)\r\n2) Open setup.php with browser and complete the form.\r\n3) Delete setup.php and open login.php with browser.\r\n5) When creating the bot clients do not forget to use the same profile you used to install the panel, otherwise the\r\nbots will not connect to the panel.\r\nNotes:\r\n1) I highly recommend disabling strict mode in MySQL.\r\n2) I f you test the bot from a local server, the panel may be showing \"US\" in location, it's not an error, the panel\r\nexpects to always get an external IP. \r\nTut by Jar1: http://hackforums.net/showthread.php?tid=5084324\r\nHow to update:\r\n1.1.0.0 to 1.1.0.1+\r\nYou will need to install the panel again, sorry for the inconvenience. The database is now the final version and it\r\nwould be compatible with all future versions ( I hope, unless I have forgotten something or want to add a new\r\nfeature, in any case I will code a script to update the database ).\r\nTweet\r\nShare\r\nShare\r\nShare\r\nhttp://nettoolz.blogspot.ch/2016/03/gaudox-http-bot-1101-casm-ring3-rootkit.html\r\nPage 3 of 4\n\nShare\r\nSource: http://nettoolz.blogspot.ch/2016/03/gaudox-http-bot-1101-casm-ring3-rootkit.html\r\nhttp://nettoolz.blogspot.ch/2016/03/gaudox-http-bot-1101-casm-ring3-rootkit.html\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "references": [ "http://nettoolz.blogspot.ch/2016/03/gaudox-http-bot-1101-casm-ring3-rootkit.html" ], "report_names": [ "gaudox-http-bot-1101-casm-ring3-rootkit.html" ], "threat_actors": [ { "id": "f9806b99-e392-46f1-9c13-885e376b239f", "created_at": "2023-01-06T13:46:39.431871Z", "updated_at": "2026-04-10T02:00:03.325163Z", "deleted_at": null, "main_name": "Watchdog", "aliases": [ "Thief Libra" ], "source_name": "MISPGALAXY:Watchdog", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434557, "ts_updated_at": 1775791857, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/884c38834080cd8ec879ab3cf343dfda82eebde4.pdf", "text": "https://archive.orkl.eu/884c38834080cd8ec879ab3cf343dfda82eebde4.txt", "img": "https://archive.orkl.eu/884c38834080cd8ec879ab3cf343dfda82eebde4.jpg" } }