== Zorenium ==
HTTPC.cpp = HTTP BotClient (Control system)
IRC.cpp = IRC BotClient (control system)
NixScanner = TCP/UDP IPScanner (SSH-Brute Uses sql for passwords)
fMysql = HookedMysql Client to store victims personal.information
Mysql = sql BotClient (Control system)
Config = Bot Configuration
fIRCD = Hooked (Fake IRC Daemon)
fmSoftBuff = Fake windows notifier program Hooked.
fService = Fake Service for the notifier and other fake apps
fWuaclt = Fake Hooked notifier & /incl ws2 Hook for irc.
apiload = ApiLoad function(Mainly for dll)
fChr = Recoded microsoft functions i.e (memcmp,strstr)
Utilities = Functions required for usage with the zorenium core
Utils2 = Functions required for usage with microsoft dhcp
Wincrypt = Startup(Reg) Gets encrypted with this, as does hidden strings
Threadsys = Thread store
ZMain = Main File where the byusiness happens
ControlJac = DNS/PORT Hijack, Required for sending fake commands to eset
uHookKerne = Hooks zorenium.dll to ekrn.exe all versions(Modifys exclude directorys _ dns)
BSSGrabber = BSS Bank Grabber function
Chrome = Paypal/HSBC/LLOYDSTSB Bank/Site logger
gChrome = Hooked functions needed for the chrome.cpp's core, Also contains a function to log seperate sites within the configurls.h
ApiGrab = Used to grab Api + POST/GET Form data
Inject3 = Injects microsoftProc's into running microsoft proc Also trys to replace existing file.
inject4 = Hook+Inject botcore/zorenium.dll into memory & svchost.exe
ApiMonitor = Monitors all hooks/injections/form data/dns edits to mysql/irc/http
CoreInject = Core function Bots Injection x2 with TDL3 (Based on zeroaccess's rootkit)
Debugger = File/Proc/Memory debugger
DNSChanger = Changes dns & dns cache via dhcp service & registry (trick explained on google FBI.DNSChanger.Expl)
FakeFile = FakeTrojan Replicating md5 hash's api calls The main (scene) Bots use ( Hopefully helps our file become less detectable as avs should be pointing on files displaying fingerprints they already have discovered)
PortForwar = For fIrcd/IRC/HTTP/SQL/ESET/Microsoft functions, Will forward client / Service's to random ports
Screenshot = Takes Webcam&Window(Proc)&Video screenshot update to hidden root dir.
sysinfo = Displays process/system & user & netinformation
Hooker = Core Hook functions For win32api (dlls)
ws2Hook = Core Hook for the IRC(Winsock) Lib
LoadDll = Loads the zorenium.dll into seperate process if required(command sent via http IRC)
If you need more information on the files on what they do, let me know, If not,
ill leave it to you to write up the documentation.
All they need to know is
Version 1 contains what they see above,.
And version 2 will contain
[04:12:54] <switch> bot got any cool features?
[04:12:56] <switch> ddos, spread etc?
[04:13:31] <rex> Atm no got them coded but not implemented no this version.
[04:15:18] <rex> but i plan to release a bin of this version for a nice price, for november(start of) which will contain a BSS bank grabber(Possibly miner) mailworm which wiht the header/legitimate videos/pictures i have, it should spread nice for users paying for the service.
[04:15:40] <switch> a formgrabber/webinjects on an irc bot?
[04:15:51] <rex> indeed,
[04:15:58] <rex> you can use 2 protocols on the beta or 1.
[04:16:06] <rex> IRC + http
[04:16:14] <rex> or just use http + fakeirc/ircd
[04:16:30] <switch> hmm, ur irc bot got ssl support?
[04:17:04] <rex> theres also sql under the cnc, only thing is this feature only prints logs from irc/fakeircd/ports open to a sql database, this way you can monitor your victims connections and what not.
[04:17:16] <rex> SSL is not supported but will be in the next version upcoming new years.
[04:17:29] <switch> hmm
[04:17:41] <rex> which should contain the facebookapi worm i wrote for a differbot, a skype worm,gmail _ mail worm, and a hidden banking service application
[04:19:47] <rex> which will be sending data over the p2p network i wrote for version 2 so if the bot is ever detected in the future, you can still receive banking information unless discovered, there is no functions sent between the bot & p2pnetwork as i stated above, this is all sent through the banking app. which hooks onto the victims av updating (Stealing) there outgoing connections where this will be replaced with the p2p connections( disallowing avs to update, which means we can monitor packets and send fake updates possibly in the version 3) sorry going on about :) Cig time
[04:20:04] <rex> ask any question ill reply when back, if i have not explained anything to how you need it be, let me know pretty high atm.
[04:20:21] <switch> you should inform your local jobs and benefits office immediately
[04:20:22] <switch> and update your cv
[04:20:30] <switch> :)
[04:31:24] <rex> lol what made you say that.
Hopefully void bro, The text above, Will help you write your description on what version 2 will contain, They only need to know small features what will be in there,
not the full dir lol :) Remove + Add what you need be, and what you wish others to see,
you have image of the source tree if need they need to see it,
Bins ill let you read rules and work out a price which will profit us both 50/50
Jabber i have if needed :) you need to setup also
*Msg me when ure back ** REX