"Leaked" in this case refers to the fact that 2 RAR archives were uploaded to Virus Total. Certain security researchers are bestowed access to VT raw uploads.
Carbanak is a piece of malware originally used to rob banks in Ukraine and Russia by jackpotting ATMs and changing the account balances. Since then the malware has lived on to be used to target US companies such as Chipotle, Ruby Tuesday, Baja Fresh, casinos and so many more. This malware was held tight by the hackers and not shared but now, you can have it too.
The podcast Darknet Diaries Ep 35 does a good job explaining it. Very fascinating.
...and it will be gone really soon, grab it while you can. This thing was really dangerous; it is great that it is now available for researchers.
From a quick look to the code it looks professional and no obvious WTFs are there. However, it is strange that comments in Russian are all in Cp1251, while Visual Studio supports UTF-8 from long ago. Perhaps the old project, and authors never bothered to convert it?
I don't know about Russians, but Shift-JIS/cp932 is still popular in Japan as if Windows never supported UTF-8, so perhaps something similar is happening there.
if the hash changes [because you append KILROY WAS HERE into a readmefile] then the file cant be tracked as easily. this technique usually involves large padding structures so file size isnt an easy clue to the new file hash. Its a way of evading filters and packet sniffers so the file get from A to B without C stomping on it.
