/EMV-Softwares-malware-list

A non-exhaustive list of hacktools related to EMV fraud

Hacktool:Win32/EMVSoft malware list

Gallery with hashes of samples related to fraud softwares who aim to clone credit card datas on EMV chip.

Who is this page aimed at?

Myself:

I wasted a whole week-end building this list to see what look like the 'emv fraud landscape' for fun, and also to have a trace of which name correspond to which hash.

Malware Analysts / RE / Security people:

If you are curious about how that kind of things work (how they handle smart cards, code similarities, etc..), you have here a list of +100 hashes to beggin your investigations. There is before each hash a quick link access to their virustotal scan report, and also a hybrid-analysis and any.run link. (HA and AR may return 404 error if they haven't already stumbled across the sample of interest.)

May hopefully someone find one or two useful gems, but i doubt (just my two cents, i already analyzed them and most of theses 'softs' are mostly copycat if not 'ressource hacked' of each others relying on GPShield and a 'macgyver.cap'. You may want to have a look on @fboldewin presentation: MacGyver's return - An EMV Chip cloning case who basically explain "why?" and "how?"

Who is this page NOT aimed at?

Carders / Lamers:

No download here, don't ask and move along, this is merely for information purposes only.

Anyone else:

If somehow you ran across a sample listed here ❗ DO NOT EXECUTE IT ❗ consider yourself infected if you did.

EMVStudio:

alt text

hashes:

  • [HA] [VT] [AR] 7a0a07959f3629cafbcb8827715f931e533ba7894e8a3bc42df95fcfcc0bd584 EMVStudio v1.1.3
  • [HA] [VT] [AR] 83262e3fbea3a3c373c706ff71864066d52acaf63affafc12b7da6d74b95e302 EMVStudio v1.1.3, cracked ver
  • [HA] [VT] [AR] 52c89dbef55bd526def42ab9dbb04a2a02dac17cd4b4c0af7177ac61dd8f4297 EMVStudio v1.1.3, cracked ver
  • [HA] [VT] [AR] 050847f886f9df20c5d99a1cd2edffa478fedacaa433f7b17139fe66ab7b810a EMVStudio v1.1.3, cracked ver
  • [HA] [VT] [AR] ce9187aa45f3f33e6f87a4dfcfa67308251970ca3d4e187bf9bb675c16942384 EMVStudio v1.1.2
  • [HA] [VT] [AR] 469786c4420d1316287d13f959c65e7eedd396e2d28d49a81e17f843f7dd3d33 EMVStudio v1.1.1
  • [HA] [VT] [AR] 8d6dacff8a098b8d02202e8c6a4a65bbe20b332ba58d6165cca6f958187864c4 EMVStudio Trial v1.0

ShadeStudio:

alt text

hash:

  • [HA] [VT] [AR] 40ac2358207f582ee3051748f1b13811cbe9f9d23e78a4052eda847fafbb2f3b ShadeStudio v1.0

ARQC TOOL PLUS:

alt text

hash:

  • [HA] [VT] [AR] e13c0b718728fc30762eb68e59d92308e0e66efa06b70fae1ea1f65e32d4344a ARQC TOOL PLUS v1.0

Matrix:

alt text

hashes:

  • [HA] [VT] [AR] fee2dd31e457776e501049191811f208d2b02bfd4071a801664ffd4ee2bac80c matrix v? (pass: 1qa2ws3ed4rf)
  • [HA] [VT] [AR] 87678c6dcf0065ffc487a284b9f79bd8c0815c5c621fc92f83df24393bfcc660 matrix v? cracked ver

Matrix Alternate (1):

alt text

hash:

  • [HA] [VT] [AR] 5d00faaccc0e9a7c3fc1eb16266f33a5c1e99b870e7454c47f42305e2cdfc564 matrix v? (user: admin, pass: ewqdsacxz)

Matrix Alternate (2):

alt text

hash:

  • [HA] [VT] [AR] e7c0a5985f067e319248127643e3d2b3ea72401717c9357db706c84afca44ebd matrix alternate(2)

B.R Smart Card writer v9:

alt text

hashes:

  • [HA] [VT] [AR] aea36d94e8a8deb91b0dbf84554e57b59d112c86a9261ac79d5cae9e9cb96bf8 X.exe
  • [HA] [VT] [AR] d88921df9456682cfcbad03991fdb2d60eade3bd1d81d97616761fceef74625d "v9"
  • [HA] [VT] [AR] 4d02db9e8e4b83665b5bb4b6ad959478d81260706c9a57d68fa44c6b17e2264f B.R v6.0
  • [HA] [VT] [AR] 737b5f8110634e4bbd06834bd2f2e3f5c139c548def54007daa2c433ae682ba2 B.R v5.0
  • [HA] [VT] [AR] 50edc7d9458e34802dc5e62a942b66fd801c338a643e33afe66a3e314d5be096 B.R v2.0
  • [HA] [VT] [AR] 77a8f671bf8bdccd3ee8682469ec0bc098b096398745c8b0bf084fa293f13c59 EMV Mexico 2018

Jcophiro:

alt text

hashes:

  • [HA] [VT] [AR] c0d11ed2eed0fef8d2f53920a1e12f667e03eafdb2d2941473d120e9e6f0e657 base version
  • [HA] [VT] [AR] 1ecfd3755eba578108363c0705c6ec205972080739ed0fbd17439f8139ba7e08 reshacked english version
  • [HA] [VT] [AR] c23411deeec790e2dba37f4c49c7ecac3c867b7012431c9281ed748519eda65c reshacked version 'flamigo'
  • [HA] [VT] [AR] 04f0c9904675c7cf80ff1962bec5ef465ccf8c29e668f3158ec262414a6cc6eb flamingo reshack 'UK 2018'
  • [HA] [VT] [AR] c23411deeec790e2dba37f4c49c7ecac3c867b7012431c9281ed748519eda65c flamingo reshack 'credit UK'
  • [HA] [VT] [AR] 1cc8a2f3ce12f4b8356bda8b4aaf61d510d1078112af1c14cf4583090e062fbe flamingo reshack 'China'
  • [HA] [VT] [AR] 247484124f4879bfacaae73ea32267e2c1e89773986df70a5f3456b1fb944c58 flamingo reshack 'Canada'
  • [HA] [VT] [AR] 7335cd56a9ac08c200cca7e25b939e9c4ffa4d508207e68bee01904bf20a6528 flamingo reshack 'Argentina'
  • [HA] [VT] [AR] af542ccb415647dbd80df902858a3d150a85f37992a35f29999eed76ac01a12b flamingo reshack 'Japan'
  • [HA] [VT] [AR] bb828eb0bbebabbcb51f490f4a0c08dd798b1f350dddddb6c00abcb6f750069f flamingo reshack 'USA'

X2:

alt text

hashes:

  • [HA] [VT] [AR] 76d11132b4ec7cabbbf1c674d2f52ad2b54ab71bc0567923af686be470fdcff3 X2
  • [HA] [VT] [AR] 1265a4c2248049fa1cb6303760295ac2a12f60f921ffc9a565350440933337d1 X2 5.1
  • [HA] [VT] [AR] f5bf73b9308232aa7afd5730dfc2b7b0169884abe6df02c5768165ae5ea3bee6 X2 "2021 emv_alpha"
  • [HA] [VT] [AR] 08e54f245fdf449f538439c71e53253572ff8066ed862cedab065d858630fefe X2 "2020 emv_alpha trial"
  • [HA] [VT] [AR] 10d8998094e9bdd9951a2edcc9cec3540628712b325682b21dba02b6650d97c9 X2 "2021 emv_alpha" cracked

X2Gold:

alt text

hash:

  • [HA] [VT] [AR] 7dca48a66fa1cb27b1bb12b72d2de27580993f71b463bf472fc5e22cc4e15e32 X2G

X2A:

alt text

hashes:

  • [HA] [VT] [AR] da012c9b8ceceada9eb4db6b2de253cba1b2612ff5dc38c76ab0fd3784fc9640 X2A
  • [HA] [VT] [AR] fffc5da33ab43a787a1126db58901913b0019107c9bcaf4c7cd40a793787691d X2A (nfc design)
  • [HA] [VT] [AR] 6cb6a3e75965ebacf1f6d72096a90e9d80be6d1c9d6ebd7dd9453992140a9d5c X2A (mr_emv trial)

X1:

alt text

hashes:

  • [HA] [VT] [AR] 6f24acf9a3ed15b5ef034460850679d7e9df1233386a36fc0a4b787844ee2e2e X1 v5.0
  • [HA] [VT] [AR] 2b924e13e705ecf9ea9199c6011dc4bd1d9160bffd1d6db0e5b0e0f40c01f47c X1 v4.1
  • [HA] [VT] [AR] bbfaf2eeeaedb9a9010e8f063a1a9a7f6b40f4d5b2ad5a62c649ab1d56edffa7 X1 v1.1
  • [HA] [VT] [AR] e3db277da551621b102ac5ee545e772aa25799fa941c1e06bbc69fe4142af7cf X1 'Toronto' (reshacked X1 v1.1)

coded-by-codex Basico:

alt text

hash:

  • [HA] [VT] [AR] 4315dc7f035defc18fb2ba12d47a8073fcfa4da7669b8d51fe6582c645edcbf5 Basico

coded-by-codex Completo:

alt text

hash:

  • [HA] [VT] [AR] bfffe52e3e3c03449b003389bacaedd5b73b4ebe8137a0b525a463d784281a7b Completo

coded-by-codex Debito Caixa:

alt text

hash:

  • [HA] [VT] [AR] 64f245b5dbfc4de66c49234c11bd61643e844fefab689c2b1a5c9373ea31483e Debito Caixa

coded-by-codex amex:

alt text

hash:

  • [HA] [VT] [AR] c528271ecf4c638775c1bc8ae296f8c515dcd09aaa7f5f152f11c219a80489ae Amex

coded-by-codex ultimation:

alt text

hash:

  • [HA] [VT] [AR] 0f05f83c8c028592206a05a70cfb525f3d303ee42fa3d38ddd6b537c017cd101 ultimation

Gravador HSBC:

alt text

hash:

  • [HA] [VT] [AR] 18fc278be0fd43a63f3418c9c8c6f6819cbd95554bf6eaf6168d6c9685ebbfcf Gravador HSBC

SmartCard GoldMetal:

alt text

hash:

  • [HA] [VT] [AR] 8788ad1a19a4392017a91ed591ed516309234f3dfed4a869a17bd41604f79d7e main exe

ChipSet:

alt text

hashes:

  • [HA] [VT] [AR] cac8aca4f7d2ff399a73531f179691b6a2e2a1b93e957d0a16f75c4818312880 ChipSet v3.7

alt text

  • [HA] [VT] [AR] 93aa356e2212799dbe1d6f260c5bb17d1912857a8e0a3c058ff6382d62e7c7df ChipSet v2.0
  • [HA] [VT] [AR] 4725c1a75d4d348299319815a073b141e22bff0ef1ace32f754f4e2946908ef4 ChipSet v1.4

NFC&EMV Tool:

alt text

hash:

  • [HA] [VT] [AR] 7f12b489b041ce920bc92cd95cee238a875f8fb9771942adf2d476c2e2d4fda0 NFC&EMV Tool

EMV Break:

alt text

hash:

  • [HA] [VT] [AR] 01111732e37631bb4da3c3056fe5d750743730532a63bcdd061a2c1c5160b023 EMV Break

EMV Reader Writer Software:

alt text

hashes:

  • [HA] [VT] [AR] fa0b96585c598c5601ed557d5917033b918d98eb53ddf7b9e7c71e34f99b0449 EMV Reader Software v8.6
  • [HA] [VT] [AR] 8bd2de3a163f9643431328a81b09b9f1fa6d8fd38af09286e8ff74d52da4e60c EMV Reader Software v8.6
  • [HA] [VT] [AR] 2d74fae5d29f1cd8bb9a95414a44a4b0ed8729d7cd8644312a7ca559b1fc5a0a EMV Reader Software v8.6 source

alt text

hash:

  • [HA] [VT] [AR] dc32698c13de42e87913c6d90939186a56ca4586e0397df52ed85e47443ceef4 EMV Reader Writer Software v8

MSR 2006 Chip Recorder:

alt text

hashes:

  • [HA] [VT] [AR] 68d123933092cf18657978600eb390f0a407f4c71bb6db4eda657d1a23ac2e67 MSR 2006 Chip Recorder
  • [HA] [VT] [AR] d8ef05240595fce54791516bcf9dc683b9fc1c2e9aa9886909525678d139b4fd component
  • [HA] [VT] [AR] b0d2623d6ea35fbfa1195f3cb28339ad040aa9e2cf012f00b93668bb4ae1240b MSR 2006 Chip Recorder
  • [HA] [VT] [AR] 456925d8dc4b450c6f17a372cccc4ee3db54734ce20bf4fb60c69b98f270b7dd MSR 2006 Chip Recorder

Bradesco Express:

alt text

hash:

  • [HA] [VT] [AR] 901254cd4a8a9ecd87403f7297e66a372ead8927806157ac3baf606587a5a0aa Bradesco Express 1.0

Gravador GÃMA BR:

alt text

hash:

  • [HA] [VT] [AR] 91765b49db91ed82c1be406f840eef0388260b69a8f0eb18fd7a365de014fd05 Gravador GÃMA BR v2.4.1 build 1

Conversor CodexCoderBr:

alt text

hash:

  • [HA] [VT] [AR] ad0cb70ff91a6d57abf85b0366cda6275dfc0ce6ace0552d8f9f4c6ef869ef79 Conversor CodexCoderBr, (infected)

Booster Chip Recorder:

alt text

hash:

  • [HA] [VT] [AR] 954d15d0e1610577ebb0bce826be7cf19876f52ffd207323714dbcc9fac8aa27 Booster Chip Recorder

ToRra Writer:

alt text

hashes:

  • [HA] [VT] [AR] 58694247857b3046eadb9a3601e1b5d8ce0dfedec8f3a9d8555021ea16e202a5 ToRra Writer v2.0
  • [HA] [VT] [AR] 463282e7826735dd78c1333316d92cf61261b7a17474f8b3f3f13df22a4716ab ToRra Writer v1.0
  • [HA] [VT] [AR] 796820869c84b330818ec817bef7e3ef3b4c4046bbe6ae359d6922f1c0499c72 ToRra Writer v1.0 source

Gravador caixa:

alt text

hash:

  • [HA] [VT] [AR] 93376dbad75fdbc3db631fed30bc31e6e2a7616aefbf6a0d90048d8f5160d609 Gravador caixa 1.6b

Chipso emv solution:

alt text

hashes:

  • [HA] [VT] [AR] 23c8685dd5c34b5411e7f49f9ef52f234e76d4343aef9ee80410ab1013fc7f40 Chipso emv solution v1.0
  • [HA] [VT] [AR] 99617961d69b524ad07987e1cd0b477fef6360266a8d5759805677732cdc0b7e Chipso emv solution v1.0 cracked ver

Chips:

alt text

hash:

  • [HA] [VT] [AR] ba04e63944653a69adf4cd74cf24e08dac96c010145cef6c5a10b6f52b3778cf Chips, (pass: juNior24)

CATR:

alt text

hashes:

  • [HA] [VT] [AR] 062ddcade243591785e01576605bdb4e2fe9618b76ef60d91bf30c9589f9132d CATR v0.6
  • [HA] [VT] [AR] 2b42443253532b5b3ed05c3e8c8809d03c3a22950ee36b8b68b881cadb708b7a CATR v1.3
  • [HA] [VT] [AR] 7b8d4b10da193ea0c7da143b22d37f901ccdb8368f8b3598957717433bc34d19 CATR v2.7
  • [HA] [VT] [AR] 9fc04ee9e6ff5f71f1a796faa250699da9582c512f4703570d4c3ae9da757ed3 CATR v2.8
  • [HA] [VT] [AR] 1e2ebeda666bc0dda2e9cdf08275ecc818dee9252309930a6142b759bf135c8d CATR v2.9
  • [HA] [VT] [AR] 06d54f7942a9f03472e484ab35b7dada387aff1d4924588974c0ec437e7eb246 CATR v3.1
  • [HA] [VT] [AR] 435e897f8bcfceaa0fbb1a4b0feab3ff9c6bea686b01cd4075061e06a07cc45e CATR v3.2
  • [HA] [VT] [AR] c422beb6fda49e3de3d63ee21f3051010a9ad95fd8b9d318c2f316123e956619 CATR v3.3
  • [HA] [VT] [AR] 515bbf3df2b64ee47cf1fa1d941071ecb146129ad51e1cc7bbd9c12b605fa04d CATR v3.4
  • [HA] [VT] [AR] 06a284b3ac5d648edf2fc7c9053207046705bea1d88811898b2367ca4978ae39 CATR v3.5
  • [HA] [VT] [AR] 1a488d456efb1ce742ecc24ebadc46a262c751cbec58e673087c25581134b5bf CATR v3.5.3
  • [HA] [VT] [AR] ce8714dcf9abf17bfc7781cd48502c5c9edf40c9b6aefbd7bcac17e4aa289859 CATR v3.5.4
  • [HA] [VT] [AR] ce9468d43785fb9c8fc4c007d89312fb1dc5afcb495ef6d4c1cd2b4a5347c9c5 CATR v3.6.1
  • [HA] [VT] [AR] 0dd2f67eebadeb44160412e8ff67991551f27c8801fad381f2261df9288188a7 CATR v3.6.2
  • [HA] [VT] [AR] f1073b97ef17fbda139e883aa234e843359a71fe80a4d2389d129ec80511ad8f CATR v3.6.5
  • [HA] [VT] [AR] 73b7f65be1873b03300f370b7da2ae695ac47ed028fdabb726d46d6787593d09 CATR v3.6.6
  • [HA] [VT] [AR] a75415c8b085247e59ed34efed3fb9b4f250bf331af816558521886416dc9f64 CATR v3.7.4
  • [HA] [VT] [AR] 965547e45fd4964ae19dedcadf70cfc4201a0b949e2be3ae35b45e88b867b1b9 CATR v3.7.5
  • [HA] [VT] [AR] 0b6fc7b1ffd0dad8550b8cb8e1d182bc1cb60bf983f67e896b26b4df1b479919 CATR v3.7.9
  • [HA] [VT] [AR] d809ae9cf65c3ccfe6e4870768b516d48a0758458bc1840159aff4602730b153 CATR v3.8.0
  • [HA] [VT] [AR] 8b641002f7abb02bc412b838c44bd6ec89d5f814869ca6fe2c74c03d2f15a9f6 CATR v3.8.2
  • [HA] [VT] [AR] 926aa04a90b50b7789e83c6dc10e13dfbc3219915977561350ace843a4cbe72a CATR v3.8.3

ARQC gen:

alt text

hash:

  • [HA] [VT] [AR] e8adb2af6bd57c0ed2f5bc06891acb370a29d0b7e791c9061e8e3765104aaf23 ARQC gen
  • [HA] [VT] [AR] f7fc2dc47c089ede31b9842bcb793710a0e8bb03bd1861f612df5e518ce2d905 source

Create Code:

alt text

hash:

  • [HA] [VT] [AR] c09640cb1067bbf9cb22ae1dd943e0f864a45411924637b81270be9fe38c6ef9 Create Code

Banco do brasil:

alt text

hashes:

  • [HA] [VT] [AR] 413bff46889644ce99ccb4c2e9b65a6f757bd5925a457ea6b4f165e1b2835457 Banco do brasil

alt text

  • [HA] [VT] [AR] 55741435ead26e8ba8ce023eed9d50612e97d8bb1ae5ef23607633a567b84ad2 Banco do brasil Alternate

Converter em Chipada:

alt text

hash:

  • [HA] [VT] [AR] f6e5968e556e88fd224c692d9c20263d7f0cfce565fffdfd0ea1940d255a64bf Converter em chipada

Systema de gravacao:

alt text

hashes:

  • [HA] [VT] [AR] 0e61aa8f5c5fde5ae4242f85f7ce49d5d86cc1ae8a45b0c39598938946fb8f7b Systema de gravacao
  • [HA] [VT] [AR] 2ad2b6bde18b2a251eece6c2c5e992874245c0fefa5aaf1e207514940d9d9327 Systema de gravacao, pass: silvano123
  • [HA] [VT] [AR] 1db0904982376a95443eec17aa270b19709a09227c99213aaf10f03c0eb97920 Systema de gravacao

jeff conversor:

alt text

hashes:

  • [HA] [VT] [AR] 07485136d4e532a4ca85ddab3eec1a37185b55e025906f308872bfd91026cf4b jeff conversor v0.05a
  • [HA] [VT] [AR] 820f45fe41b012555bb59f18458d9a23363cb9fa79afd49dec8503e70ecf27e2 jeff conversor v0.002

Gravador jeff:

alt text

hashes:

  • [HA] [VT] [AR] bb39afcce00747197e0332ca1e69b18488ea40e62b083a499fb53795e1ef0989 Gravador jeff v0.06

Hiper Beta:

alt text

hashes:

  • [HA] [VT] [AR] fff9b5e85c4eb0620d01c596760049aae9db7999cacad8d3bc9adb27aef0b5f2 Hiper Beta
  • [HA] [VT] [AR] 4b263db682c1d33d7b8fe9a29343241194f4c1ca38727a8b493ede23b1294b0d Amex Beta

JCOPTool:

alt text

hashes:

  • [HA] [VT] [AR] 3726dabfa9cb8401d81330b09f7782f04d790ec959168c3a4b56c1d14f160e28 JCOPTool 1.0 (pass: 123456)
  • [HA] [VT] [AR] 6eb913a880274b95173780d68eab2b34608a0da41a4892b018227f51d4970978 JCOPTool 1.0 (pass: 123456)

Gravando sistema:

alt text

hash:

  • [HA] [VT] [AR] 2e59998b8491bbcddf8c16b40183ccf57925a542943073b6ff09fb561f0fa970 gravando sistema

Changer:

alt text

hashes:

  • [HA] [VT] [AR] 9011bb674b1aa58b19a2bf55e6b2d9a09a534a08de4c53f0588a92eb03340d67 Changer

alt text

  • [HA] [VT] [AR] cfe99e9acc84ea36edc4a39b551d297e4524c202b06b9d4224b227960b4b0ad0 Changer v3

vMaster:

alt text

hash:

  • [HA] [VT] [AR] 6e7197ab639f41e088abe6154f6a1e8c154d5ab8a20c7d2e0db9de95783f0103 vMaster 1.0

Smart:

alt text

hash:

  • [HA] [VT] [AR] aded5e925cdb61c57a10ea7a05e1eaededf6f0c9902d0e7b30798d661af81e38 Smart 3.2

SmartProg:

alt text

hash:

  • [HA] [VT] [AR] 75e4bb528163d41e54716264854d5cd4d8d3c458bf2e975ecbb1efb707c03a9b SmartProg, pass: " " (just press spacebar one time.)

EMV Writer:

alt text

hash:

  • [HA] [VT] [AR] d0e9851bbb3a250c0404d461a7a71a53dddcba14f5be29b6e09ff2919f5b8800 EMV Writer
  • [HA] [VT] [AR] 305c0d9264d0411a5a3845055280eea86f9929d165359409153bbe7f0dddc92b EMV Writer cleaned

ATRToolUltimate:

alt text

hash:

  • [HA] [VT] [AR] b3b6085b6706ef90eadba2e48877677d06fa3a6df7c2df5c94773aa7e8b8c1df ATRToolUltimate 1.0

ISTTool:

hash:

  • [HA] [VT] [AR] c7d734e0c68b8b9b1ffea02df78de177c104b10085f730273aa9063cb2117bfa ISTTool 1.1

ATRtool:

hashes:

  • [HA] [VT] [AR] 331fc48d8c73d53568e5f9f62692fea9bb82c016a7af5b8b02b4d4a678503b77 ATRtool v3.0
  • [HA] [VT] [AR] 8a3a3358eb344235a7948179bdea5e1f5df26a8dd15762e691cc8b0d3f0a39d8 ATRtool v2.0
  • [HA] [VT] [AR] 3e8c1e150ce6955174edb0b9e82bef5a6004982469caad0722e0ade0ff93ecb8 ATRtool v1.0

Smart Card System:

hash:

  • [HA] [VT] [AR] 203fa494de8b4902d9b62904c73c9f55b6af213805ebf2193da3ee8d1b798092 Smart Card System

POS Simulator:

hash:

  • [HA] [VT] [AR] 0e9d86abcff00a7f235f1d9c4fd65b2f9bef514e549f24fafaa087ee93e604a6 POS Simulator 2.0