diff --git a/malware.cpp b/malware.cpp new file mode 100644 index 0000000000000000000000000000000000000000..05242e245d9b84f7c4a1a268e6d3d997f961355c --- /dev/null +++ b/malware.cpp @@ -0,0 +1,211 @@ +// Projet.cpp : d�finit le point d'entr�e pour l'application console. +#include "stdafx.h" +#include "string.h" +#include <Windows.h> +#include <winternl.h> +#include <errno.h> +#include <bcrypt.h> +#include <stdio.h> +#include <stdlib.h> + + +#define MAX_INPUT_LEN 64 +#define SHIFT 5 + + + +typedef int (*type_strcmp) (const char*,const char*,...); +typedef int (*type_printf) (const char*,...); +typedef int (*type_debug)(); +typedef BOOL (*type_check)(HANDLE ,PBOOL,...); +typedef HANDLE (*type_process)(); +typedef int (*type_int)(); + +char *encrypt(char *plaintext, int shift) +{ + char *ciphertext = (char*) malloc(sizeof(char) * (strlen(plaintext) + 1)); + int i; + for (i = 0; plaintext[i] != '\0'; i++) { + if (plaintext[i] >= 'A' && plaintext[i] <= 'Z') + ciphertext[i] = ((plaintext[i] - 'A') + shift + i) % 26 + 'A'; + else if (plaintext[i] >= 'a' && plaintext[i] <= 'z') + ciphertext[i] = ((plaintext[i] - 'a') + shift + i) % 26 + 'a'; + else if (plaintext[i] >= '0' && plaintext[i] <= '9') + ciphertext[i] = ((plaintext[i] - '0') + shift + i) % 10 + '0'; + else + ciphertext[i] = plaintext[i]; + } + ciphertext[i] = '\0'; + return ciphertext; +} + + + +void vigenereEnc(const char * text, const char * key, char * ciphertext){ + unsigned int i, size = strlen(key); + + for(i = 0; text[i] != '\0'; i++){ + if( (text[i] >= 'a') && (text[i] <= 'z') ){ + int rang = (text[i] + key[i % size] - 2 * 'a') % 26; + ciphertext[i] = 'a' + rang; + } + else if( (text[i] >= 'A') && (text[i] <= 'Z') ){ + int rang = (text[i] + key[i % size] - 'a' - 'A') % 26; + ciphertext[i] = 'A' + rang; + } + else{ + ciphertext[i] = text[i]; + } + } + ciphertext[i] = '\0'; +} + +void vigenereDec(const char * ciphertext, const char * key, char * text){ + + unsigned int i, size = strlen(key); + char keytemp[64]; + + for(i = 0; key[i] != 0; i++){ + int rang = (26 - (key[i] - 'a')) % 26; + keytemp[i] = rang + 'a'; + } + keytemp[i] = '\0'; + vigenereEnc(ciphertext, keytemp, text); +} + + + + +int is_valid_input(char *input) { + int input_len = strlen(input); + if (input_len > MAX_INPUT_LEN) { + return 0; + } + for (int i = 0; i < input_len; i++) { + char c = input[i]; + if ((c < '0' || c > '9') && (c < 'a' || c > 'f')) { + return 0; + } + } + return 1; +} + +int main(int argc, char *argv[]) { + + char nb_debug[] = {'\xb8','\x5c','\x86','\xd7','\x03','\xc3'}; + type_int o =(type_int) &nb_debug; + int decal_debug = o(); + + char nb_check[] = {'\xb8','\xfd','\x45','\xda','\x03','\xc3'}; + type_int o1 =(type_int) &nb_check; + int decal_check = o1(); + + char nb_process[] = {'\xb8','\x31','\x83','\xd0','\x03','\xc3'}; + type_int o2 =(type_int) &nb_process; + int decal_process = o2(); + + + + unsigned int pos_memcmp=(unsigned int) memcmp; + unsigned int pos_scanf=(unsigned int) scanf; + + type_debug h; + h=(type_debug) (pos_memcmp + decal_debug); + if (h()){return 0;} + + type_check e; + e=(type_check) (pos_memcmp + decal_check); + + type_process d; + d=(type_process) (pos_scanf + decal_process); + + + BOOL res; + e(d(),&res); + if (res){return 0;} + + PEB *ppeb; + __asm{ + ;mov eax, a + ;add eax, 33 + ;mov a, eax + mov ebx, 0x20 + mov ecx,0X10 + mov edx, fs:[ebx+ecx] + mov ppeb, edx + } + if (ppeb->BeingDebugged == 1){return 0;} + + char affichage[]={'\x25','\x73','\x0a','\0'}; + char nb_cmp[] = {'\xb8','\x93','\x48','\x01','\x00','\xc3'}; + type_int o3 =(type_int) &nb_cmp; + int decal_cmp = o3(); + + char nb_pr[] = {'\xb8','\x21','\xe6','\x04','\x00','\xc3'}; + type_int o4 =(type_int) &nb_pr; + int decal_pr = o4(); + + + type_strcmp f; + f=(type_strcmp) (pos_memcmp - decal_cmp); + + type_printf g; + g=(type_printf) (pos_memcmp + decal_pr); + + + char me[] = {'\x43','\x65','\x44','\x62','\x6c','\x72','\x71','\x68','\x78','\x6f','\x67','\x6b','\x4c','\x75','\x61','\x55','\x67','\x7a','\x61','\x62','\x79','\x78','\x59','\x62','\x52','\x65','\x6e','\x77','\x56','\x6f','\x71','\x4d','\x76','\x6c','\x65','\x6d','\x67', '\0'}; + char cc[]= {'\x75','\x74','\x6c','\x78','\x7a','\x71','\x66','\x64','\x67','\x6f','\x79','\x72','\x76','\x61','\x77','\x6a','\x63','\x6d','\x68','\x6b','\0'}; + char ey[64]; + + + + if (argc < 2) { + vigenereDec(me,cc,ey); + g(affichage, ey); + return 1; + } + + char *input = argv[1]; + if (!is_valid_input(input)) { + vigenereDec(me,cc,ey); + g(affichage, ey); + return 1; + } + + char z[64]; + char j[64] = {'\x6e','\x68','\x75','\x67','\x77','\x6c','\x79','\x72','\x73','\x61','\x71','\x78','\x6a','\x76','\x62','\x6d','\x66','\x63','\x6f','\x70','\x7a','\x74','\x69','\x65','\x64','\x6b','\x61','\x62','\x69','\x66','\x72','\x6f','\x73','\x63','\x64','\x7a','\x6a','\x78','\x71','\x65','\x6c','\0'}; + char *cipher; + + cipher = encrypt(input, SHIFT); + vigenereEnc(cipher,j,z); + + char y[64]; + char u[64] = {'\x66','\x62','\x73','\x6a','\x62','\x66','\x71','\x6a','\x6b','\x62','\x66','\x71','\x6c','\x66','\x66','\x61','\x7a','\x66','\0'}; + char m[] = {'\x4e','\x6d','\x4b','\x6e','\x6e','\x67','\x62','\x6e','\x62','\x62','\x6e','\x6a','\x42','\x7a','\x6a','\x56','\x6e','\x7a','\x78','\x42','\x71','\x6e','\x61','\x59','\x68','\x78','\x65','\x77','\x6a','\x42','\x6c','\x48','\x71','\x65','\x41','\x57','\x46','\x57','\x47','\0'}; + + char x[] = {'\x32','\x70','\x30','\x6f','\x30','\x61','\x33','\x68','\x33','\x72','\x34','\x6f','\x32','\x6e','\x37','\x69','\x38','\x64','\x39','\x72','\x34','\x75','\x37','\x69','\x31','\x72','\x35','\x68','\x36','\x6f','\x36','\x63','\x35','\x72','\x35','\x73','\x31','\x6e','\x35','\0'}; + char ar[] = {'\x37','\x65','\x30','\x62','\x38','\x63','\x33','\x61','\x66','\x32','\x34','\x64','\x32','\x61','\x31','\x65','\x39','\x64','\x36','\x62','\x35','\x33','\x61','\x39','\x66','\x30','\x61','\x32','\x33','\x66','\0'}; + char ar2[] = "c6b731e8f92d5a74eab9c9e1d0d26673f69d4"; + + + if (f(x,z)==0){ + vigenereDec(m,u,y); + g(affichage, y); + } + + else{ + if (strcmp(ar, input)==0){ + g(affichage, input); + } + else if(strcmp(ar2, input)==0){ + g(affichage, input); + } + else{ + g(affichage, input); + } + } + + return 0;; + + +} \ No newline at end of file