Ehks 2.1
(Trojan.Spy.Ehks.21)

by expl0it_shad0w

Released in november 2002

more versions


ehks v2.1 is simply a keylogger which lets you check
the log files remotely via a web browser (e.g, Internet Explorer)
Connect to there machine on port 80 with an Internet browser.
This version is 100% Different, ive completely re-built it.

Supported Version of Windows,
* win9x - Ive only tested on a 9x box, so if you guys are gonna test on a
different machine, let me know im uncertain as to weather or nto it works win XP,
some beta testers say yes, some say no, im looking, into this for the next version.
The keylogger doesnt run under NT, I have tried, but feel free to try
for your selfs, and give me feedback on the result.

Features/Misc

Ehks has been 100% re-built. Heres whats been added/changed in version 2.1.

* Better Stealthing code - hopefully wont crash.
* Changed Keylogging code - you can now see the windows handle.
* Changed HTML log file - alot better, so people have said anyway.
* Added Anti-firewall/Anti-AntiVirus - this will stop most firewalls and AVS's
* Added Function to get dialup, share, and other chached passwords.
* Added Function to get Machine Info
* Multi-Log File Support - all log files have there own unique filename
* Added Mutex usegae, to stop cant write to file error's hopefully

expl0it_shad0w


Server:
c:\WINDOWS\SYSTEM\SpooI32.exe 

size: 185.856 bytes 

port: 80 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "SpoolerSubSystemProcess" 

added:
c:\WINDOWS\SYSTEM\EVO_12-11-22_11-20.html 
c:\WINDOWS\SYSTEM\index.html 

MegaSecurity