FKWP 2.0
(Backdoor.Win32.BlueEye.c)
(Backdoor.Win32.Agent.ar)

by b1ackh0le

Written in Microsoft Visual C++

Released in July 2004

more versions 


		 		FKWP 2.0
				---------

It is a Firewall bypassing  Key logger ,Web downloader and Protected Storage password sender.
It has a File manager too,ICq notification ,for controlling files in a remote system.
 
 
Features
--------- 
1) Download 2 urls cab files and extracting and executing the inside exes 
2) Protected storage (Outlook, IE stored passes),Cashed Dialup passes Sender 
3) keystrokes ,passes will mail to the email id,daily or the log size is over 
4) firewall bypassing by injecting code into IE and sending mail 
5) No Process visible ,injects into Explorer.exe on startup and exiting 
6) Active Setup Startup 
7) ICQ Notification 
8) logging all keystrokes
9) File manager for controlling remote system 
10) encrypted log file
11) EXE size is 13.6KB

Usage
--------------
The editor wil lcreate the fkwp2.0.exe,

Email ID -ur email id to get the log,pass report

SMTP (MX) -MX server of the domain of ur email id
yahoo - mx4.mail.yahoo.com
hotmail - mx2.hotmail.com
To find the mx servers for another domains go to dnsstuff.com and use DNS lookup .

Log size - the logs will send to ur email id after the log size over ,or the date changed ,

URL1 

now a days free hosts not allowing to upload exes,so just compress ur trojen.exe using makecab 

the steps r 
rename trojen1.exe to aa.exe
goto comamnd prompt type
makecab aa.exe aa.cab
this will compress aa.exe and create aa.cab uplaod it to ur free space
then this program will download  ,extract aa.exe and run that aa.exe

the same think in the cause of URL2

rename trojen2.exe to bb.exe
goto comamnd prompt type
makecab bb.exe bb.cab
upload

this allows facility to downlaod 2 comporessed big trojens on the victim pcs and execute,
no need to upload it first time itself,when u need to run the trojens just upload it ,
this program wil lchek each 3 minutes for that url,and if the file is 
present it wil ldownload,if not present it will not do anything

File manager Settings
-------------------
ICQ no-enter ur no for notification,u wil lget notification when the victim coems online
SRV port-server port
SRV pass- password for server

bye

b1ackh0le


Server:
dropped files:
c:\WINNT\regof1.dll             size: 0 bytes 
c:\WINNT\regof2.dll             size: 0 bytes 
c:\WINNT\system32\msvchost.exe  size: 13.996 bytes 
c:\WINNT\system32\regm64.dll    size: 12.800 bytes 
c:\WINNT\system32\ssvchost.exe  size: 13.996 bytes 

port: 31337 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{KLOPFR-RTYGTYUH6-9TYUIOH} "StubPath"
data: C:\WINNT\system32\ssvchost.exe 

tested on win2000
MegaSecurity