.: Ehks 2.0 beta :.

Released 20 years, 2 months ago. Sep 2002

By expl0it_shad0w

Additional Details

  • Coded by: expl0it_shad0w
  • Version: Ehks 2.0 beta
  • Released date: Sep 2002, 20 years, 2 months ago.
  • Family: Ehks
  • Category: Information Stealer

MegaSecurity Notes

Server:
c:\WINDOWS\SYSTEM\YMUpdater.exe 

size: 177.152 bytes
 
port: 80 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "YMUpdater" 

added:
c:\WINDOWS\SYSTEM\ehks2.htm

Author Words

-= ev0luti0n HTTP keylogger 2.0 beta =-  
                ._                    _.
                   ~ expl0it_shad0w ~
 
-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-

o0 - Table Of Contents - 0o

-= Section 1 =-

A> Introduction
B> Instructions
C> Features/Misc
D> Contacting Me



-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-

-= Section 1,A =-

-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-

Introduction

Hey again all, im back with ehks v2beta. Ive changed this version alot. It seems by the feedback you guys gave
me last time, that v1 wasent good. Most of the feedback was negative and it didnt work. 
And alot of you infected your selfs and asked me about where to find the missing (.dll).
 There was never a missing (.dll), it was a fake
error meesage, like I stated in the readme file. Anyway Ive took out the fake error message this time, so you
might have to bind it with another application/jpeg or whatever.

NOTE: DONT OPEN SERVER.EXE unless you want to infect your self....



-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-

-= Section 1,B =-

-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-

Instructions

Follow these instructions.

1. Rename "Sever.exe" to what ever you want, make it convincing, not like "TROJAN.exe" or "KEYLOGGER.exe".

2. Send it to them and tell them its a new hacking tool, NOTE: Try binding it with a real one. If you know how.

(  Once the victim opens it, it hides in memory and records all the key stokes on the computer, so you can view
them with an Internet Browser like MSIE. )

3> Connect to there machine on port 80 with an Internet browser, as stated above. Type in there IP address into
it and just hit Enter. For example if the victims IP address was 127.0.0.1 you type in --/URL REDACTED BY SUB7CREW.ORG FOR YOUR SAFETY\-- or
just 127.0.0.1. There IP WONT be 127.0.0.1.

(or)

If you have Physical Machine Access, rather than remote, you can just opne up an internet browser on there 
machine and type in --/URL REDACTED BY SUB7CREW.ORG FOR YOUR SAFETY\-- and this should bring it up.



-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-

-= Section 1,C =-

-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-

Features/Misc

Heres whats been added in version 2beta.

* Better Stealthing code - hopefully wont crash.
* Better Keylogging code - you can now see the windows handle and what they are typing in it.
* Better HTML log file - much more user friendly.
* Added Anti-firewall/Anti-AntiVirus - this will hopefully stop most firewalls and anti-viruses.


expl0it_shad0w

URL's and mails were automatically redacted (filtered) for reader's safety. However the filter is not perfect and can't find all harmful elements. If you find something dangerous including file link, website, mail address, profanity... contact me immediately at sub7crew@protonmail.com, thank you in advance.