Guest User

BETABOT SOURCE CODE

a guest
Dec 21st, 2013
1,538
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ________ ______ .______ _______ .__ __. __ __ __ .___ ___.
  2. | / / __ \ | _ \ | ____|| \ | | | | | | | | | \/ |
  3. `---/ / | | | | | |_) | | |__ | \| | | | | | | | | \ / |
  4. / / | | | | | / | __| | . ` | | | | | | | | |\/| |
  5. / /----.| `--' | | |\ \----.| |____ | |\ | | | | `--' | | | | |
  6. /________| \______/ | _| `._____||_______||__| \__| |__| \______/ |__| |__|
  7. ==Zorenium v2 Beta (2014 - Est(Release data January 4th)==
  8. {{{{{{{{{{{{{{{{{{{{{{{{{{ ---- APPLY FOR BETA TESTING VIA THE CONTACT INFORMATIONG ---- }}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}
  9.  
  10. :::SOURCE DIR IMAGE (http://i.imgur.com/KBn0ECM.png) - Picture taken on November 15th::
  11. Compiled with Microsoft Visual Studio 2010 using the Microsoft compiler, cl.exe.
  12. Zorenium is written in C++, C++0x & C
  13. Development for Zorenium started on December the 4th 2012, Day and night
  14. `I` Alone worked hard to make sure the list of functioning features & stability was 100%
  15.  
  16. Everything your reading, And will no doubt go on to testing,
  17. Works very effectively and efficiently..
  18. ---------*
  19.  
  20.  
  21. Zorenium is a simple & stable Banking, DDoS & Worm spreading malware bot with abilities to
  22. Hook and terminate the popular AVs and top 10 latest malware & worms,
  23. Zorenium is built with pre-generated 256 bit AES keys with Separate keys for the ssh features
  24. Strings are hashed with a custom string hasher then encrypted using stenography.
  25. The bot Can be managed with the following protocols: IRC , HTTP & i2p.
  26.  
  27. AntiAv:
  28. Zorenium uses multiple methods of removal and can now shut down and restart over 40 different
  29. AntiVirus / Smart security & Firewall systems.
  30.  
  31. Persistence:
  32. All bot resources (Process, Files & Start up) Are protected from termination or removal.
  33. With over 5 different kinds of protection modules.
  34. Automatic restart is enabled & Protection on this feature is also enforced.
  35.  
  36. Inject:
  37. Zorenium uses 5 types of injection methods,
  38. For security reasons, I Can not display the method of injection.
  39.  
  40. DDOS:
  41. 5 Different methods using randomized headers in HTTP DoS,
  42. UDP, Mass Reconnect, HTTPGet, Slowloris & ACK
  43.  
  44. FormGrabbing:
  45. When defined sites are picked out Zorenium will save only needed forms before they are sent out.
  46. Data will then be displayed via the Chosen C&C feature.
  47. FormGrabber grabs from the following browsers::
  48. ---Firefox(W/Without SSL)
  49. ---Iexplorer(W/Without SSL)
  50. ---Chrome(W/Without SSL)
  51.  
  52.  
  53. Bot Killer.
  54. Zoreniums kill methods will remove the top ten 2013 list of malwares & Soon to protect against
  55. All major malware you have come across.
  56. The BKiller scans process on start up and on registry start up for suspicious entries
  57. All code injected other then the bot and installed AV (Including crypted files using PE Methods) Will be terminated.
  58.  
  59. Banking:
  60. At the moment Zorenium as of (December the 18th) Only uses bank stealing modules against
  61. BSS Banking But towards 2014 we promise to deliver at least 10 Different banking modules & 2 Different methods of Stealing that important information.
  62.  
  63.  
  64.  
  65. --Contact--
  66. Project: Zorenium
  67. Contact Info: E-MAIL Or Jabber Available Upon Request!!!
  68. OR IRC For help/Questions: irc.voidptr.cz:6667 (+6697 SSL) Channel Name: #Z
  69.  
  70.  
  71.  
  72. -------------------------------------------
  73. =+Recent updates+= December 18th(2013);
  74.  
  75. **Added support for ipv6
  76. **Added Another method for UACBypassing, we now support windows 8 all versions.
  77. **Added HTTPGet & SlowLaris.
  78. **Added AntiDebug Module & OSDetect Features for injection method(3).
  79. **Added unique UserID Storing & Retrieving methods for HTTP & p2p Control.
  80. **Modified EnumWindows Function to be its own module,
  81. ----We can now log what the user is running and virtually read what the user reads & sees,
  82. ------Screenshots can also be taken via this method also.
  83. **Modified the bitCoin Miner to use less CPU usage.
  84.  
  85.  
  86.  
  87. =+November 20+ 2013 Updates+=
  88.  
  89. **Added DDoS and Spread capability
  90.  
  91. **Added BTC miner
  92.  
  93. **Added Mailworm with spoofed header
  94. **Added Facebook API worm,
  95. **Added Skype worm
  96. **Added Dreambox/Cisco Router Scanner (each ip vuln will be put into the sql database,
  97. where then you can control your ip lists via your designated C&C Protocol)
  98.  
  99. **Added hidden banking service application & Dropper for BSS Offline (mysql(Hooked))
  100.  
  101. **Added SelfINitFunction
  102. (if operating system higher then windows 7 Zorenium.exe
  103. will drop a dll bypassing UAC and AV, After doing so,
  104. Bot will Inject the coreDll into defined proccess,
  105. After Writing/Memory mapping its self to available processes(<- For the anti(system) Module))
  106.  
  107. **Added New (Eset SmartSecurity & Eset AntiVirus AntiModules)
  108. **Added AntiBot Module (Searches mapped processes & Memory for malware)
  109. **Added botkiller module for top 10 listed malware, Such names as (BetaBot,Zeus and kavos)
  110.  
  111. **Added Registry monitoring (For the rootkit)
  112. **Added RootKit Install/Extract & Start
  113. **Added Userkit Install & Starter
  114. **Added Created New injection system for the UserKit
  115.  
  116. **Added Base64 / Sha256 & RC4/6 Encryption.
  117.  
  118. **Fixes to HTTP System ** Was a bug on the HookConnectEx() Function when os restarted and loaded the bot by dll.
  119. **Fixes to the Nix scanner ** Bug when defining more then 30 Threads with os 7
  120. **Fixes to the antiSystem ** Bot would still load certain functions when being ran via sandboxed,
  121. ** Bot will now stdout a fake microsoft windows update notifier BIN(Service,Program Before self deleting the bots core bins)
  122.  
  123. **Fixes to the BSSGrabber
  124. *Data for the banking service application will now be sent over a secure p2p network
  125. *Bare in mind!! No data apart from the banking & BTC Data are sent between the bot and p2p network.
  126. The Binary file for this module will attempt to use the CoreAntiAV System to inject its way into
  127. Running av/firewalls adding itself to exception lists,
  128.  
  129. Bin With i2p for command & control = Extra 100GBP
  130. Bin With tor & p2p For command & control = Extra 5000GBP
  131.  
  132. Zorenium(Bin) Price: With rootkit, Miner & Banking modules 2000GBP
  133. Without The rootkit, Miner & Banking modules: 350GBP
  134. _________Please note increase/decrease in price plans may vary.
  135. ---------BitCoins are accepted!!!!!----------------------------
  136.  
  137. **************NOTE***************
  138. IRC MODULES ARE NOT A REQUIREMENT, AND CAN BE DROPPED ON REQUEST, SAME GOES FOR THE OTHER PROTOCOLS.
  139. =======================V2 Files
  140. DNSQuery.cpp
  141. ZoreniumMain.cpp
  142. ZeusKill.cpp
  143. ws2Hook.cpp
  144. WinCrypt.cpp
  145. Utils2.cpp
  146. utils.cpp
  147. Utilities.cpp
  148. UserkitInstaller.cpp
  149. Unhook.cpp
  150. uHookKernel.cpp
  151. UACBypass.cpp
  152. Threadsystem.cpp
  153. ThreadKill.cpp
  154. TaskManager.cpp
  155. Sysinfo.cpp
  156. SHA256.cpp
  157. Service.cpp
  158. Screenshot.cpp
  159. RootkitInstaller.cpp
  160. RootKitExtract.cpp
  161. Registry.cpp
  162. PrinterExploit.cpp
  163. PortForward.cpp
  164. NOD32.cpp
  165. Nixscanner.cpp
  166. Mysql.cpp
  167. MemoryMap.cpp
  168. irc.cpp
  169. IPV6Tools.cpp
  170. CoreInject.cpp
  171. Inject4.cpp
  172. Inject3.cpp
  173. Inject2.cpp
  174. HTTPC.cpp
  175. Hooker.cpp
  176. SectionConfigData.cpp
  177. ring0ToRing3.cpp
  178. BMPConvertor.cpp
  179. Compiling...
  180. GChrome.cpp
  181. fWuaclt.cpp
  182. fMicrosoftBuff.cpp
  183. fChr.cpp
  184. fApiLoad.cpp
  185. fService.cpp
  186. FormGrabber.cpp
  187. fMySQL.cpp
  188. IRCDaemon.cpp
  189. Fakefile.cpp
  190. EnumWindows.cpp
  191. DRWeb.cpp
  192. DriverUtilitys.cpp
  193. Dreambox.cpp
  194. DNSChanger.cpp
  195. dllloader.cpp
  196. dInject.cpp
  197. Debugger.cpp
  198. Controljack.cpp
  199. Config.cpp
  200. Chrome.cpp
  201. BSSOffline.cpp
  202. BSSG.cpp
  203. BotSearch.cpp
  204. bootcrypt.cpp
  205. BootApi.cpp
  206. BKiller.cpp
  207. BitCoinMiner.cpp
  208. Base64.cpp
  209. APIMonitor.cpp
  210. ApiGrabber.cpp
  211. AntiDebug.cpp
  212. AntiAv.cpp
  213. ========================================================
  214. ========================================================
  215. ========================================================
  216. ========================================================
  217. --
RAW Paste Data