- == Zorenium ==
- HTTPC.cpp = HTTP BotClient (Control system)
- IRC.cpp = IRC BotClient (control system)
- NixScanner = TCP/UDP IPScanner (SSH-Brute Uses sql for passwords)
- fMysql = HookedMysql Client to store victims personal.information
- Mysql = sql BotClient (Control system)
- Config = Bot Configuration
- fIRCD = Hooked (Fake IRC Daemon)
- fmSoftBuff = Fake windows notifier program Hooked.
- fService = Fake Service for the notifier and other fake apps
- fWuaclt = Fake Hooked notifier & /incl ws2 Hook for irc.
- apiload = ApiLoad function(Mainly for dll)
- fChr = Recoded microsoft functions i.e (memcmp,strstr)
- Utilities = Functions required for usage with the zorenium core
- Utils2 = Functions required for usage with microsoft dhcp
- Wincrypt = Startup(Reg) Gets encrypted with this, as does hidden strings
- Threadsys = Thread store
- ZMain = Main File where the byusiness happens
- ControlJac = DNS/PORT Hijack, Required for sending fake commands to eset
- uHookKerne = Hooks zorenium.dll to ekrn.exe all versions(Modifys exclude directorys _ dns)
- BSSGrabber = BSS Bank Grabber function
- Chrome = Paypal/HSBC/LLOYDSTSB Bank/Site logger
- gChrome = Hooked functions needed for the chrome.cpp's core, Also contains a function to log seperate sites within the configurls.h
- ApiGrab = Used to grab Api + POST/GET Form data
- Inject3 = Injects microsoftProc's into running microsoft proc Also trys to replace existing file.
- inject4 = Hook+Inject botcore/zorenium.dll into memory & svchost.exe
- ApiMonitor = Monitors all hooks/injections/form data/dns edits to mysql/irc/http
- CoreInject = Core function Bots Injection x2 with TDL3 (Based on zeroaccess's rootkit)
- Debugger = File/Proc/Memory debugger
- DNSChanger = Changes dns & dns cache via dhcp service & registry (trick explained on google FBI.DNSChanger.Expl)
- FakeFile = FakeTrojan Replicating md5 hash's api calls The main (scene) Bots use ( Hopefully helps our file become less detectable as avs should be pointing on files displaying fingerprints they already have discovered)
- PortForwar = For fIrcd/IRC/HTTP/SQL/ESET/Microsoft functions, Will forward client / Service's to random ports
- Screenshot = Takes Webcam&Window(Proc)&Video screenshot update to hidden root dir.
- sysinfo = Displays process/system & user & netinformation
- Hooker = Core Hook functions For win32api (dlls)
- ws2Hook = Core Hook for the IRC(Winsock) Lib
- LoadDll = Loads the zorenium.dll into seperate process if required(command sent via http IRC)
- If you need more information on the files on what they do, let me know, If not,
- ill leave it to you to write up the documentation.
- All they need to know is
- Version 1 contains what they see above,.
- And version 2 will contain
- [04:12:54] <switch> bot got any cool features?
- [04:12:56] <switch> ddos, spread etc?
- [04:13:31] <rex> Atm no got them coded but not implemented no this version.
- [04:15:18] <rex> but i plan to release a bin of this version for a nice price, for november(start of) which will contain a BSS bank grabber(Possibly miner) mailworm which wiht the header/legitimate videos/pictures i have, it should spread nice for users paying for the service.
- [04:15:40] <switch> a formgrabber/webinjects on an irc bot?
- [04:15:51] <rex> indeed,
- [04:15:58] <rex> you can use 2 protocols on the beta or 1.
- [04:16:06] <rex> IRC + http
- [04:16:14] <rex> or just use http + fakeirc/ircd
- [04:16:30] <switch> hmm, ur irc bot got ssl support?
- [04:17:04] <rex> theres also sql under the cnc, only thing is this feature only prints logs from irc/fakeircd/ports open to a sql database, this way you can monitor your victims connections and what not.
- [04:17:16] <rex> SSL is not supported but will be in the next version upcoming new years.
- [04:17:29] <switch> hmm
- [04:17:41] <rex> which should contain the facebookapi worm i wrote for a differbot, a skype worm,gmail _ mail worm, and a hidden banking service application
- [04:19:47] <rex> which will be sending data over the p2p network i wrote for version 2 so if the bot is ever detected in the future, you can still receive banking information unless discovered, there is no functions sent between the bot & p2pnetwork as i stated above, this is all sent through the banking app. which hooks onto the victims av updating (Stealing) there outgoing connections where this will be replaced with the p2p connections( disallowing avs to update, which means we can monitor packets and send fake updates possibly in the version 3) sorry going on about :) Cig time
- [04:20:04] <rex> ask any question ill reply when back, if i have not explained anything to how you need it be, let me know pretty high atm.
- [04:20:21] <switch> you should inform your local jobs and benefits office immediately
- [04:20:22] <switch> and update your cv
- [04:20:30] <switch> :)
- [04:31:24] <rex> lol what made you say that.
- Hopefully void bro, The text above, Will help you write your description on what version 2 will contain, They only need to know small features what will be in there,
- not the full dir lol :) Remove + Add what you need be, and what you wish others to see,
- you have image of the source tree if need they need to see it,
- Bins ill let you read rules and work out a price which will profit us both 50/50
- BTC ONLY
- Jabber i have if needed :) you need to setup also
- *Msg me when ure back ** REX
a guest Dec 1st, 2013 1,094 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
RAW Paste Data
Pastebin PRO Summer Special!
Get 60% OFF on Pastebin PRO accounts!
Get 60% OFF on Pastebin PRO accounts!