[RELEASED] Pla Software Multi Injector

[placido95]

Hi! I made my second secure keylogger (be sure that it can inject ur DLL in the games) In this version; you can select what game do you want; War Rock or Ava; in the next version i will add more games and a Auto detection; but im still working on it!!!

I will post soon the results of Virus Scan!
edited by m_t_h:
virusscans are above; 1/36 and 2/40.
same screenshoot

[XAlterEgoX]

]

Uploaded with ImageShack.us


VirusTotal:Virustotal. MD5: 598951ce62ae8b8a640ccf5e71e7985e Trojan-Downloader.Win32.Pher!IK Trojan-Downloader.Win32.Pher
VirusScan: Multi Injector - Secure Version - Pla Softwre.exe MD5:598951ce62ae8b8a640ccf5e71e7985e - VirSCAN.org 3% Scanner(s) (1/36) found malware!


HERES THE CODE FOR WHO THINK THAT THIS IS A TROJAN:

Public Class Form1

Private TargetProcessHandle As Integer
Private pfnStartAddr As Integer
Private pszLibFileRemote As String
Private TargetBufferSize As Integer

Public Const PROCESS_VM_READ = &H10
Public Const TH32CS_SNAPPROCESS = &H2
Public Const MEM_COMMIT = 4096
Public Const PAGE_READWRITE = 4
Public Const PROCESS_CREATE_THREAD = (&H2)
Public Const PROCESS_VM_OPERATION = (&H8)
Public Const PROCESS_VM_WRITE = (&H20)

Public Declare Function ReadProcessMemory Lib "kernel32" ( _
ByVal hProcess As Integer, _
ByVal lpBaseAddress As Integer, _
ByVal lpBuffer As String, _
ByVal nSize As Integer, _
ByRef lpNumberOfBytesWritten As Integer) As Integer

Public Declare Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" ( _
ByVal lpLibFileName As String) As Integer

Public Declare Function VirtualAllocEx Lib "kernel32" ( _
ByVal hProcess As Integer, _
ByVal lpAddress As Integer, _
ByVal dwSize As Integer, _
ByVal flAllocationType As Integer, _
ByVal flProtect As Integer) As Integer

Public Declare Function WriteProcessMemory Lib "kernel32" ( _
ByVal hProcess As Integer, _
ByVal lpBaseAddress As Integer, _
ByVal lpBuffer As String, _
ByVal nSize As Integer, _
ByRef lpNumberOfBytesWritten As Integer) As Integer

Public Declare Function GetProcAddress Lib "kernel32" ( _
ByVal hModule As Integer, ByVal lpProcName As String) As Integer

Private Declare Function GetModuleHandle Lib "Kernel32" Alias "GetModuleHandleA" ( _
ByVal lpModuleName As String) As Integer

Public Declare Function CreateRemoteThread Lib "kernel32" ( _
ByVal hProcess As Integer, _
ByVal lpThreadAttributes As Integer, _
ByVal dwStackSize As Integer, _
ByVal lpStartAddress As Integer, _
ByVal lpParameter As Integer, _
ByVal dwCreationFlags As Integer, _
ByRef lpThreadId As Integer) As Integer

Public Declare Function OpenProcess Lib "kernel32" ( _
ByVal dwDesiredAccess As Integer, _
ByVal bInheritHandle As Integer, _
ByVal dwProcessId As Integer) As Integer

Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" ( _
ByVal lpClassName As String, _
ByVal lpWindowName As String) As Integer

Private Declare Function CloseHandle Lib "kernel32" Alias "CloseHandleA" ( _
ByVal hObject As Integer) As Integer


Dim ExeName As String = IO.Path.GetFileNameWithoutExtension(Application.Ex ecutablePath)

Private Sub Inject()
Dim app As String
If RadioButton1.Checked = True Then app = "WarRock"
If RadioButton2.Checked = True Then app = "AVA"
On Error GoTo 1
Timer1.Stop()
Dim TargetProcess As Process() = Process.GetProcessesByName(app)
TargetProcessHandle = OpenProcess(PROCESS_CREATE_THREAD Or PROCESS_VM_OPERATION Or PROCESS_VM_WRITE, False, TargetProcess(0).Id)
pszLibFileRemote = Application.StartupPath & "\" + ExeName + ".dll"
pfnStartAddr = GetProcAddress(GetModuleHandle("Kernel32"), "LoadLibraryA")
TargetBufferSize = 1 + Len(pszLibFileRemote)
Dim Rtn As Integer
Dim LoadLibParamAdr As Integer
LoadLibParamAdr = VirtualAllocEx(TargetProcessHandle, 0, TargetBufferSize, MEM_COMMIT, PAGE_READWRITE)
Rtn = WriteProcessMemory(TargetProcessHandle, LoadLibParamAdr, pszLibFileRemote, TargetBufferSize, 0)
CreateRemoteThread(TargetProcessHandle, 0, 0, pfnStartAddr, LoadLibParamAdr, 0, 0)
CloseHandle(TargetProcessHandle)
1: MsgBox("Unable to Inject")
Me.Close()
End Sub

Private Sub Timer1_Tick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Timer1.Tick
Dim app As String
If RadioButton1.Checked = True Then app = "WarRock"
If RadioButton2.Checked = True Then app = "AVA"
If IO.File.Exists(Application.StartupPath & "\" + ExeName + ".dll") Then
Dim TargetProcess As Process() = Process.GetProcessesByName("HSUpdate")
If TargetProcess.Length = 0 Then
Me.TextBox1.Text = ("Waiting for " & app & ".exe")
Me.TextBox2.Text = ("Let´s Hack")
Else
Timer1.Stop()
Me.TextBox1.Text = "Done..."
Call Inject()
End If
Else
Me.TextBox1.Text = ("" + ExeName + ".dll not found")
Me.TextBox2.Text = ("Rename the .dll To " + "" + ExeName)
End If
End Sub

Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
Timer1****terval = 50
Timer1.Start()
End Sub

Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
MsgBox("Wait; the program will automatically inject; only select an option; AVA or WarRock.", MsgBoxStyle****formation, "Info")
End Sub

Private Sub GroupBox1_Enter(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles GroupBox1.Enter

End Sub

Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click
Form2.show()
End Sub
End Class

The status bar say that you have to change the program name to the dll's name!!!

but i dont know why the same antivirus detect a trojan; i think that he detects it because the injection code!

[Drake]

need screenshot,2 VirusScans .

[XAlterEgoX]

Uploaded with ImageShack.us


VirusTotal:Virustotal. MD5: 598951ce62ae8b8a640ccf5e71e7985e Trojan-Downloader.Win32.Pher!IK Trojan-Downloader.Win32.Pher
VirusScan: Multi Injector - Secure Version - Pla Softwre.exe MD5:598951ce62ae8b8a640ccf5e71e7985e - VirSCAN.org 3% Scanner(s) (1/36) found malware!

[/b/oss]

you need at least 1 ScreenShoot and at least 2 virusscans.

hmm its wery simple and this isn't multi injector.

[XAlterEgoX]

-.- see up!!!

look uP!!

[/b/oss]

-.- see up!!!

look uP!!

i already downloaded it. AVIRA find 1 trojan, and look at your VS. accoually would you send me code or do i have to decompile it myself?
edit: no. injection code ins't virus.

[XAlterEgoX]

yeh no problem

er; please; stop using big red word style please!!!

[/b/oss]

ok. /approved
/post resoults

[XAlterEgoX]

-.- T.T well.... can someone test it with some DLL and post the results? i need repair Bugs!!! Thanks

[justint5o4]

Whats the password to inject?

[/b/oss]

-.- T.T well.... can someone test it with some DLL and post the results? i need repair Bugs!!! Thanks

why do you have 2 accounts i mean... you posted with one and now you have another. i don't understand why you typed: i made second KEYLOGGER

[muumimamma]

Whats the password to inject?

Wtf ?
U mean AVA.exe ?

[/b/oss]

Wtf ?
U mean AVA.exe ?

no. he mean RAR pass.

its in comment (when you open .rar there's comment) its his name

[muumimamma]

no. he mean RAR pass.

its in comment (when you open .rar there's comment) its his name

He typed inject . o_o
Lol but ok .