
            Hooker, the intelligent trojan keylogger
            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                      ( 2.52)




     Disclaimer
     ~~~~~~~~~~
           ,
            ,
        ,        .    
        freeware.   ,   
           - -
     ,  ,        
     .    ,  ,  -
          .

         :) 




~~~~~~~~~~
       hooker'a -   ,   
:

        -  ,  ,      
        HookDump
        -       
        -   
        -          
             
        -     Win95/98    NT 4.0/5.0
        -    Windows
	  -    ICQ 99a


       
     ~~~~~~~~~~~~~~~~~~~
              -
  .           
   :

     HKEY_LOCAL_MACHINE -     
     HKEY_CURRENT_USER  -   

     \Software\Microsoft\Windows\CurrentVersoin\,      
      :

     Run                  ,    -
                         Path,    -
                       (NT:  %windir%\system32,      Win95/98:
                     %windir%\system)    Path -
                     .

     RunServices           (-
                         ).     -
                        Win95/98.

     RunOnce             .
                            
                           
                     ,    RunOnce.

     RunServicesOnce    ,    -
                     ,     NT

     - ()       
  ,      
        -
    ,      
Run  RunServices.      -
:   ,          
   RunServices\.exe?        -
      .    
   RunOnce  RunServiceOnce    -
 .     hooker'a   -
           -
  Restart_ID,  ID -     (DWORD,
        -
).



     
     ~~~~~~
      ""       Win32  -
 .      . .. -
  CallBack ,      -
 .       dll.   
 ,       -
    dll.  hooker'e CallBack   -
    ,    -
   .     -
 dll          -
.        dll' -
           -
 .        -
      dll,   -   -
  .       
           
 .      ,   -
     .    
   .    ,  -
  ,   ,  ""  ,
   ,       ,  
 .

     -              -
       ,    ,  -
          ("login", "passw", "term", "" 
       ..)
     -    ,    (SHIFT,  ALT,
       CTRL, TAB, MENU, Caps Lock, Num Lock /etc),   
       , .
     - ,      , ..  -
           ,    "   
          ".       -
       ,  ,     /-
        .      , -
               -?
       ...    :)

               -
  .



       
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          -  ?   -
  ,  ,   .     
 ..    RAS ,      
 .       RASAPI32.DLL,
      , ,  ,
      .       
   LoadLibrary/GetProcAddres.   -
 RASAPI      .   -
      RAS    
         .
   TCP/IP         -
 .   ,     -
   TCP/IP,   hooker     .
             
 .
              -
,  , IP   . -
,         -
.



            web
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     -        
 ?    BO,  NetBus,    DeepThroat,
WinCrash...            
.        :)  -
    Delphi  MS Visual Basic,     -
  Back Orifice.       ,
-      ,  -
 ...   ,      
     .   hooker'a  -
  web        .    
               
.          -
,    ,     ,    
   .  ,    hooker -
  .      
      web.     
  .    web  -
,       .    -
      ,   
 www.myhost.ru/file.exe:8000








          .
:  hooker@mail.ru    shade@beer.com



                   Antipod, Feb 2000