for anyone who's bored...

[AudioPro]

So here's a little "hacking" project for anybody who's bored...

I've attached a file that is currently being run on some public access computers that I know of. It's probably some kind of a monitor application. Can anyone pull any info out of it or tell me more about what it is/does? I haven't been able to run it (too many dependencies) but I ran it through ResHacker without finding anything useful. Thanks to anybody who wants to take a crack at it!

 

[FortiTude]

i tried to get that running, i had to add 4 dlls (filemon said these weren't found, now it just says runtime error 13 type mismatch
and i don't know how to solve that ...
FortiTude

 

[AudioPro]

yeah, it needs the winsock ActiveX control for sure... I think some novell dlls too. thanks for trying!

 

[FortiTude]

i'll try to disassemble and debug it after my next reboot, need to change some softice settings ...
FortiTude

 

[VIPER_1069]

u can view a lot of the text in winhex forti i dont know a lot about stuff but enuff to read english text lol

appears to be some sort of trojan monitor tool for admins or lans !?

 

[AudioPro]

I will be posting some screenshots and a few other things later tonight, I'm also going to run the executable through a hex editor. Thanks VIPER and FortiTude.

 

[AudioPro]

here's a screenshot of the tray icon the application uses and the tooltip

 

[AudioPro]

and here's the screen you get when you double right-click on the tray icon

 

[AudioPro]

here's some "activity log" that I found...

 

[AudioPro]

ok, here's the log...

 

[AudioPro]

and finally, some other associated executable I found. I guess what I'd really like to know is, does this program do keystroke logging, screen shots, etc? If so, it probably violates some policies... anyways, thanks for anyone who tries this little project!