Guest User


a guest
Nov 8th, 2013
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.28 KB | None | 0 0
  1. == Zorenium ==
  2. HTTPC.cpp = HTTP BotClient (Control system)
  3. IRC.cpp = IRC BotClient (control system)
  4. NixScanner= TCP/UDP IPScanner (SSH-Brute Uses sql for passwords)
  5. fMysql = HookedMysql Client to store victims personal.information
  6. Mysql = sql BotClient (Control system)
  7. Config = Bot Configuration
  8. fIRCD = Hooked (Fake IRC Daemon)
  9. fmSoftBuff= Fake windows notifier program Hooked.
  10. fService = Fake Service for the notifier and other fake apps
  11. fWuaclt = Fake Hooked notifier & /incl ws2 Hook for irc.
  12. apiload = ApiLoad function(Mainly for dll)
  13. fChr = Recoded microsoft functions i.e (memcmp,strstr)
  14. Utilities = Functions required for usage with the zorenium core
  15. Utils2 = Functions required for usage with microsoft dhcp
  16. Wincrypt = Startup(Reg) Gets encrypted with this, as does hidden strings
  17. Threadsys = Thread store
  18. ZMain = Main File where the byusiness happens
  19. ControlJac= DNS/PORT Hijack, Required for sending fake commands to eset
  20. uHookKerne= Hooks zorenium.dll to ekrn.exe all versions(Modifys exclude directorys _ dns)
  21. BSSGrabber= BSS Bank Grabber function
  22. Chrome = Paypal/HSBC/LLOYDSTSB Bank/Site logger
  23. gChrome = Hooked functions needed for the chrome.cpp's core, Also contains a function to log seperate sites within the configurls.h
  24. ApiGrab = Used to grab Api + POST/GET Form data
  25. Inject3 = Injects microsoftProc's into running microsoft proc Also trys to replace existing file.
  26. inject4 = Hook+Inject botcore/zorenium.dll into memory & svchost.exe
  27. ApiMonitor= Monitors all hooks/injections/form data/dns edits to mysql/irc/http
  28. CoreInject= Core function Bots Injection x2 with TDL3 (Based on zeroaccess's rootkit)
  29. Debugger = File/Proc/Memory debugger
  30. DNSChanger= Changes dns & dns cache via dhcp service & registry (trick explained on google FBI.DNSChanger.Expl)
  31. FakeFile = FakeTrojan Replicating md5 hash's api calls The main (scene) Bots use ( Hopefully helps our file become less detectable as avs should be pointing on files displaying fingerprints they already have discovered)
  32. PortForwar= For fIrcd/IRC/HTTP/SQL/ESET/Microsoft functions, Will forward client / Service's to random ports
  33. Screenshot= Takes Webcam&Window(Proc)&Video screenshot update to hidden root dir.
  34. sysinfo = Displays process/system & user & netinformation
  35. Hooker = Core Hook functions For win32api (dlls)
  36. ws2Hook = Core Hook for the IRC(Winsock) Lib
  37. LoadDll = Loads the zorenium.dll into seperate process if required(command sent via http IRC)
  43. If you need more information on the files on what they do, let me know, If not,
  44. ill leave it to you to write up the documentation.
  45. All they need to know is
  46. Version 1 contains what they see above,.
  47. And version 2 will contain
  49. [04:12:54] <switch> bot got any cool features?
  50. [04:12:56] <switch> ddos, spread etc?
  51. [04:13:31] <rex> Atm no got them coded but not implemented no this version.
  52. [04:15:18] <rex> but i plan to release a bin of this version for a nice price, for november(start of) which will contain a BSS bank grabber(Possibly miner) mailworm which wiht the header/legitimate videos/pictures i have, it should spread nice for users paying for the service.
  53. [04:15:40] <switch> a formgrabber/webinjects on an irc bot?
  54. [04:15:51] <rex> indeed,
  55. [04:15:58] <rex> you can use 2 protocols on the beta or 1.
  56. [04:16:06] <rex> IRC + http
  57. [04:16:14] <rex> or just use http + fakeirc/ircd
  58. [04:16:30] <switch> hmm, ur irc bot got ssl support?
  59. [04:17:04] <rex> theres also sql under the cnc, only thing is this feature only prints logs from irc/fakeircd/ports open to a sql database, this way you can monitor your victims connections and what not.
  60. [04:17:16] <rex> SSL is not supported but will be in the next version upcoming new years.
  61. [04:17:29] <switch> hmm
  62. [04:17:41] <rex> which should contain the facebookapi worm i wrote for a differbot, a skype worm,gmail _ mail worm, and a hidden banking service application
  63. [04:19:47] <rex> which will be sending data over the p2p network i wrote for version 2 so if the bot is ever detected in the future, you can still receive banking information unless discovered, there is no functions sent between the bot & p2pnetwork as i stated above, this is all sent through the banking app. which hooks onto the victims av updating (Stealing) there outgoing connections where this will be replaced with the p2p connections( disallowing avs to update, which means we can monitor packets and send fake updates possibly in the version 3) sorry going on about :) Cig time
  64. [04:20:04] <rex> ask any question ill reply when back, if i have not explained anything to how you need it be, let me know pretty high atm.
  65. [04:20:21] <switch> you should inform your local jobs and benefits office immediately
  66. [04:20:22] <switch> and update your cv
  67. [04:20:30] <switch> :)
  68. [04:31:24] <rex> lol what made you say that.
  71. Hopefully void bro, The text above, Will help you write your description on what version 2 will contain, They only need to know small features what will be in there,
  72. not the full dir lol :) Remove + Add what you need be, and what you wish others to see,
  73. you have image of the source tree if need they need to see it,
  74. Bins ill let you read rules and work out a price which will profit us both 50/50
  76. BTC ONLY
  78. Jabber i have if needed :) you need to setup also
  81. *Msg me when ure back ** REX
Add Comment
Please, Sign In to add comment