.: Fearless Key Spy 1.0 :.

Released 18 years, 6 months ago. Apr 2003

By Ghirai
Fearless Key Spy 1.0

Additional Details

  • Coded by: Ghirai
  • Version: Fearless Key Spy 1.0
  • Released date: Apr 2003, 18 years, 6 months ago.
  • Coded in: Visual Basic
  • Family: Fearless
  • Category: Information Stealer

MegaSecurity Notes

Server:
c:\WINDOWS\SYSTEM\ouleaut32.exe 

size: 18.189 bytes 

startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ouleaut32" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "ouleaut32" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "ouleaut32" 
HKEY_CURRENT_USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run "Path" 

added:
c:\WINDOWS\SYSTEM\TheHook.dll

Author Words

Description:

FKS is a keylogger, that will upload the logs to the root folder of a ftp server you specify,
when the log reaches a certain size. It will start everytime with windows.
It will log *all* keys, and the window caption (between >>> <<< chars,
like ">>> Yahoo! Mail - Microsoft Internet Explorer <<<") they were typed in.
Date and time when system starts/stops will also be logged.
The logs will be uploaded with the name "FKSlog_[time].log", like FKSlog_10-23-15.log
(10 o'clock, 23 mins and 15 secs).
When reading the log, "<RET>" means enter (return), "<BS>" is backspace,
"<ESC>" is escape, "<TAB>" is the tab key, "<DEL>" is the delete key.
Compatible with 9*/Me/2K/XP.

Configuring the server:

It should be easy to set up if you ever used a trojan before; run FKS.exe.

First, the server options tab:
-> In the "Server Name" field, enter a new for the server after installation, 
something unsuspicious would be better (use your imagination).
Note that if you specify a filanem that exists on the host computer(in the sys dir), it will be overwritten!
-> The Registry Key field: same as above, enter something "normal" ;)

The Logging Option tab:
-> The ftp address fileld: enter the hostanme of your ftp server, like "ftp.myhost.com", 
    or "myhost.com". You should know that... The server will connect to port 21 (default for ftp).
-> Ftp username: type in your username
-> ftp password: enter your ftp password
-> "When log gets..." filed: the size of the logfile when it sould get uploaded;
 you have to think here a little, depending on what you're after: if you want a quick log,
  enter a small filesize (5-10000 bytes). If not, 500000 bytes (50KB) should be ok.
  Note that some ftp servers have a size limit, but that's your problem.
-> Logfile name fileld: enter a filename, any extension, or no extension, etc.
 Note that you shouldn't type system filenames, cause they will get overwritten...

That's it, hit "Build Server", and you're done. The editor will make a "server.exe" file, 
in the patch where you have the editor. DON'T compress/encrypt or otherwise tamper with the server file!
Now all you have to do is make your victim run "server.exe"...

Ghirai

URL's and mails were automatically redacted (filtered) for reader's safety. However the filter is not perfect and can't find all harmful elements. If you find something dangerous including file link, website, mail address, profanity... contact me immediately at sub7crew@protonmail.com, thank you in advance.