Skip to content
The source code of the Zeus Evolution botnet that used TOR.
C C++ PHP HTML CSS JavaScript
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
bin the lost source files Jan 27, 2017
configs
geobase the lost source files Jan 27, 2017
include
lib
make
output
source Delete crc64.cpp Feb 10, 2017
temp the lost source files Jan 27, 2017
VNC.txt
config.ini
configure.txt
make.cmd
make_debug.cmd
make_default.cmd the lost source files Jan 27, 2017
make_full.cmd the lost source files Jan 27, 2017
manual_en.html the lost source files Jan 27, 2017
manual_ru.html
readme.md Update readme.md Jan 31, 2017
webinjects.txt
webinjects2.txt
win7 2.sdf the lost source files Jan 27, 2017
win7 2.sln the lost source files Jan 27, 2017
win7 2.suo
zeus.opensdf
zeus.sdf

readme.md

Zeus Evolution

A tor based botnet from my private zeus collection.

Vulnerabilities

File Upload Vulnerability example Xyl2k

Different header files:

  • source\common\tor.h <- binary of torrc. Inits inside SocketHook::run_tor.
  • source\client\bank_catch.h <- matches banks to a url, adds and removes any accounts.
  • source\client\globals.h <- part of a removed windows hooker dll used in Carberp.
  • source\client\modulesystem.h <- hide dll and processes also used to manage, load and download.
  • source\client\process_keylogger.h <- keylog certain processes.
  • source\client\usbshadowcpy.h <- copies to usb.
  • todo..

Additional sources seen in unreleased:

  • bin2h <- turns a binary into a byte array steam for internal execution.
  • makeprimelist <- list of prime number generator for dga.
  • findbugs_BeaEngine <- find bugs in disassemblers. Counters for reversing.
  • crc64 <- calculates crc64 of bytes and compares.
  • todo..
You can’t perform that action at this time.