Guest User

Zorenium 1.0

a guest
Dec 1st, 2013
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. == Zorenium ==
  3. HTTPC.cpp = HTTP BotClient (Control system)
  4. IRC.cpp = IRC BotClient (control system)
  5. NixScanner = TCP/UDP IPScanner (SSH-Brute Uses sql for passwords)
  6. fMysql = HookedMysql Client to store victims personal.information
  7. Mysql = sql BotClient (Control system)
  8. Config = Bot Configuration
  9. fIRCD = Hooked (Fake IRC Daemon)
  10. fmSoftBuff = Fake windows notifier program Hooked.
  11. fService = Fake Service for the notifier and other fake apps
  12. fWuaclt = Fake Hooked notifier & /incl ws2 Hook for irc.
  13. apiload = ApiLoad function(Mainly for dll)
  14. fChr = Recoded microsoft functions i.e (memcmp,strstr)
  15. Utilities = Functions required for usage with the zorenium core
  16. Utils2 = Functions required for usage with microsoft dhcp
  17. Wincrypt = Startup(Reg) Gets encrypted with this, as does hidden strings
  18. Threadsys = Thread store
  19. ZMain = Main File where the byusiness happens
  20. ControlJac = DNS/PORT Hijack, Required for sending fake commands to eset
  21. uHookKerne = Hooks zorenium.dll to ekrn.exe all versions(Modifys exclude directorys _ dns)
  22. BSSGrabber = BSS Bank Grabber function
  23. Chrome = Paypal/HSBC/LLOYDSTSB Bank/Site logger
  24. gChrome = Hooked functions needed for the chrome.cpp's core, Also contains a function to log seperate sites within the configurls.h
  25. ApiGrab = Used to grab Api + POST/GET Form data
  26. Inject3 = Injects microsoftProc's into running microsoft proc Also trys to replace existing file.
  27. inject4 = Hook+Inject botcore/zorenium.dll into memory & svchost.exe
  28. ApiMonitor = Monitors all hooks/injections/form data/dns edits to mysql/irc/http
  29. CoreInject = Core function Bots Injection x2 with TDL3 (Based on zeroaccess's rootkit)
  30. Debugger = File/Proc/Memory debugger
  31. DNSChanger = Changes dns & dns cache via dhcp service & registry (trick explained on google FBI.DNSChanger.Expl)
  32. FakeFile = FakeTrojan Replicating md5 hash's api calls The main (scene) Bots use ( Hopefully helps our file become less detectable as avs should be pointing on files displaying fingerprints they already have discovered)
  33. PortForwar = For fIrcd/IRC/HTTP/SQL/ESET/Microsoft functions, Will forward client / Service's to random ports
  34. Screenshot = Takes Webcam&Window(Proc)&Video screenshot update to hidden root dir.
  35. sysinfo = Displays process/system & user & netinformation
  36. Hooker = Core Hook functions For win32api (dlls)
  37. ws2Hook = Core Hook for the IRC(Winsock) Lib
  38. LoadDll = Loads the zorenium.dll into seperate process if required(command sent via http IRC)
  41. If you need more information on the files on what they do, let me know, If not,
  42. ill leave it to you to write up the documentation.
  43. All they need to know is
  44. Version 1 contains what they see above,.
  45. And version 2 will contain
  47. [04:12:54] <switch> bot got any cool features?
  48. [04:12:56] <switch> ddos, spread etc?
  49. [04:13:31] <rex> Atm no got them coded but not implemented no this version.
  50. [04:15:18] <rex> but i plan to release a bin of this version for a nice price, for november(start of) which will contain a BSS bank grabber(Possibly miner) mailworm which wiht the header/legitimate videos/pictures i have, it should spread nice for users paying for the service.
  51. [04:15:40] <switch> a formgrabber/webinjects on an irc bot?
  52. [04:15:51] <rex> indeed,
  53. [04:15:58] <rex> you can use 2 protocols on the beta or 1.
  54. [04:16:06] <rex> IRC + http
  55. [04:16:14] <rex> or just use http + fakeirc/ircd
  56. [04:16:30] <switch> hmm, ur irc bot got ssl support?
  57. [04:17:04] <rex> theres also sql under the cnc, only thing is this feature only prints logs from irc/fakeircd/ports open to a sql database, this way you can monitor your victims connections and what not.
  58. [04:17:16] <rex> SSL is not supported but will be in the next version upcoming new years.
  59. [04:17:29] <switch> hmm
  60. [04:17:41] <rex> which should contain the facebookapi worm i wrote for a differbot, a skype worm,gmail _ mail worm, and a hidden banking service application
  61. [04:19:47] <rex> which will be sending data over the p2p network i wrote for version 2 so if the bot is ever detected in the future, you can still receive banking information unless discovered, there is no functions sent between the bot & p2pnetwork as i stated above, this is all sent through the banking app. which hooks onto the victims av updating (Stealing) there outgoing connections where this will be replaced with the p2p connections( disallowing avs to update, which means we can monitor packets and send fake updates possibly in the version 3) sorry going on about :) Cig time
  62. [04:20:04] <rex> ask any question ill reply when back, if i have not explained anything to how you need it be, let me know pretty high atm.
  63. [04:20:21] <switch> you should inform your local jobs and benefits office immediately
  64. [04:20:22] <switch> and update your cv
  65. [04:20:30] <switch> :)
  66. [04:31:24] <rex> lol what made you say that.
  69. Hopefully void bro, The text above, Will help you write your description on what version 2 will contain, They only need to know small features what will be in there,
  70. not the full dir lol :) Remove + Add what you need be, and what you wish others to see,
  71. you have image of the source tree if need they need to see it,
  72. Bins ill let you read rules and work out a price which will profit us both 50/50
  74. BTC ONLY
  76. Jabber i have if needed :) you need to setup also
  79. *Msg me when ure back ** REX
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add to your ad blocker whitelist or disable your adblocking software.