Zorenium

1. == Zorenium ==
2. HTTPC.cpp = HTTP BotClient (Control system)
3. IRC.cpp = IRC BotClient (control system)
4. NixScanner= TCP/UDP IPScanner (SSH-Brute Uses sql for passwords)
5. fMysql = HookedMysql Client to store victims personal.information
6. Mysql = sql BotClient (Control system)
7. Config = Bot Configuration
8. fIRCD = Hooked (Fake IRC Daemon)
9. fmSoftBuff= Fake windows notifier program Hooked.
10. fService = Fake Service for the notifier and other fake apps
11. fWuaclt = Fake Hooked notifier & /incl ws2 Hook for irc.
12. apiload = ApiLoad function(Mainly for dll)
13. fChr = Recoded microsoft functions i.e (memcmp,strstr)
14. Utilities = Functions required for usage with the zorenium core
15. Utils2 = Functions required for usage with microsoft dhcp
16. Wincrypt = Startup(Reg) Gets encrypted with this, as does hidden strings
17. Threadsys = Thread store
18. ZMain = Main File where the byusiness happens
19. ControlJac= DNS/PORT Hijack, Required for sending fake commands to eset
20. uHookKerne= Hooks zorenium.dll to ekrn.exe all versions(Modifys exclude directorys _ dns)
21. BSSGrabber= BSS Bank Grabber function
22. Chrome = Paypal/HSBC/LLOYDSTSB Bank/Site logger
23. gChrome = Hooked functions needed for the chrome.cpp's core, Also contains a function to log seperate sites within the configurls.h
24. ApiGrab = Used to grab Api + POST/GET Form data
25. Inject3 = Injects microsoftProc's into running microsoft proc Also trys to replace existing file.
26. inject4 = Hook+Inject botcore/zorenium.dll into memory & svchost.exe
27. ApiMonitor= Monitors all hooks/injections/form data/dns edits to mysql/irc/http
28. CoreInject= Core function Bots Injection x2 with TDL3 (Based on zeroaccess's rootkit)
29. Debugger = File/Proc/Memory debugger
30. DNSChanger= Changes dns & dns cache via dhcp service & registry (trick explained on google FBI.DNSChanger.Expl)
31. FakeFile = FakeTrojan Replicating md5 hash's api calls The main (scene) Bots use ( Hopefully helps our file become less detectable as avs should be pointing on files displaying fingerprints they already have discovered)
32. PortForwar= For fIrcd/IRC/HTTP/SQL/ESET/Microsoft functions, Will forward client / Service's to random ports
33. Screenshot= Takes Webcam&Window(Proc)&Video screenshot update to hidden root dir.
34. sysinfo = Displays process/system & user & netinformation
35. Hooker = Core Hook functions For win32api (dlls)
36. ws2Hook = Core Hook for the IRC(Winsock) Lib
37. LoadDll = Loads the zorenium.dll into seperate process if required(command sent via http IRC)
38.  
39.  
40.  
41.  
42.  
43. If you need more information on the files on what they do, let me know, If not,
44. ill leave it to you to write up the documentation.
45. All they need to know is
46. Version 1 contains what they see above,.
47. And version 2 will contain
48.  
49. [04:12:54] <switch> bot got any cool features?
50. [04:12:56] <switch> ddos, spread etc?
51. [04:13:31] <rex> Atm no got them coded but not implemented no this version.
52. [04:15:18] <rex> but i plan to release a bin of this version for a nice price, for november(start of) which will contain a BSS bank grabber(Possibly miner) mailworm which wiht the header/legitimate videos/pictures i have, it should spread nice for users paying for the service.
53. [04:15:40] <switch> a formgrabber/webinjects on an irc bot?
54. [04:15:51] <rex> indeed,
55. [04:15:58] <rex> you can use 2 protocols on the beta or 1.
56. [04:16:06] <rex> IRC + http
57. [04:16:14] <rex> or just use http + fakeirc/ircd
58. [04:16:30] <switch> hmm, ur irc bot got ssl support?
59. [04:17:04] <rex> theres also sql under the cnc, only thing is this feature only prints logs from irc/fakeircd/ports open to a sql database, this way you can monitor your victims connections and what not.
60. [04:17:16] <rex> SSL is not supported but will be in the next version upcoming new years.
61. [04:17:29] <switch> hmm
62. [04:17:41] <rex> which should contain the facebookapi worm i wrote for a differbot, a skype worm,gmail _ mail worm, and a hidden banking service application
63. [04:19:47] <rex> which will be sending data over the p2p network i wrote for version 2 so if the bot is ever detected in the future, you can still receive banking information unless discovered, there is no functions sent between the bot & p2pnetwork as i stated above, this is all sent through the banking app. which hooks onto the victims av updating (Stealing) there outgoing connections where this will be replaced with the p2p connections( disallowing avs to update, which means we can monitor packets and send fake updates possibly in the version 3) sorry going on about :) Cig time
64. [04:20:04] <rex> ask any question ill reply when back, if i have not explained anything to how you need it be, let me know pretty high atm.
65. [04:20:21] <switch> you should inform your local jobs and benefits office immediately
66. [04:20:22] <switch> and update your cv
67. [04:20:30] <switch> :)
68. [04:31:24] <rex> lol what made you say that.
69.  
70.  
71. Hopefully void bro, The text above, Will help you write your description on what version 2 will contain, They only need to know small features what will be in there,
72. not the full dir lol :) Remove + Add what you need be, and what you wish others to see,
73. you have image of the source tree if need they need to see it,
74. Bins ill let you read rules and work out a price which will profit us both 50/50
75.  
76. BTC ONLY
77.  
78. Jabber i have if needed :) you need to setup also
79.  
80.  
81. *Msg me when ure back ** REX