Ehks 2.1
Released 22 years ago. November 2002
Copyright © MegaSecurity
By expl0it_shad0w
Informations
| Author | expl0it_shad0w |
| Family | Ehks |
| Category | Information Stealer |
| Version | Ehks 2.1 |
| Released Date | Nov 2002, 22 years ago. |
Additional Information
Server:
c:\WINDOWS\SYSTEM\SpooI32.exe
size: 185.856 bytes
port: 80 TCP
startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "SpoolerSubSystemProcess"
added:
c:\WINDOWS\SYSTEM\EVO_12-11-22_11-20.html
c:\WINDOWS\SYSTEM\index.html
Author Information / Description
ehks v2.1 is simply a keylogger which lets you check
the log files remotely via a web browser (e.g, Internet Explorer)
Connect to there machine on port 80 with an Internet browser.
This version is 100% Different, ive completely re-built it.
Supported Version of Windows,
* win9x - Ive only tested on a 9x box, so if you guys are gonna test on a
different machine, let me know im uncertain as to weather or nto it works win XP,
some beta testers say yes, some say no, im looking, into this for the next version.
The keylogger doesnt run under NT, I have tried, but feel free to try
for your selfs, and give me feedback on the result.
Features/Misc
Ehks has been 100% re-built. Heres whats been added/changed in version 2.1.
* Better Stealthing code - hopefully wont crash.
* Changed Keylogging code - you can now see the windows handle.
* Changed HTML log file - alot better, so people have said anyway.
* Added Anti-firewall/Anti-AntiVirus - this will stop most firewalls and AVS's
* Added Function to get dialup, share, and other chached passwords.
* Added Function to get Machine Info
* Multi-Log File Support - all log files have there own unique filename
* Added Mutex usegae, to stop cant write to file error's hopefully
expl0it_shad0wIf you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.