Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
M
Malware_Mecirdi_Rachidi
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
MECIRDI Ibrahim
Malware_Mecirdi_Rachidi
Commits
96a46e5a
Commit
96a46e5a
authored
2 years ago
by
MECIRDI Ibrahim
Browse files
Options
Downloads
Patches
Plain Diff
Upload New File
parent
b28222fb
No related branches found
No related tags found
No related merge requests found
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
malware.cpp
+211
-0
211 additions, 0 deletions
malware.cpp
with
211 additions
and
0 deletions
malware.cpp
0 → 100644
+
211
−
0
View file @
96a46e5a
// Projet.cpp : dfinit le point d'entre pour l'application console.
#include
"stdafx.h"
#include
"string.h"
#include
<Windows.h>
#include
<winternl.h>
#include
<errno.h>
#include
<bcrypt.h>
#include
<stdio.h>
#include
<stdlib.h>
#define MAX_INPUT_LEN 64
#define SHIFT 5
typedef
int
(
*
type_strcmp
)
(
const
char
*
,
const
char
*
,...);
typedef
int
(
*
type_printf
)
(
const
char
*
,...);
typedef
int
(
*
type_debug
)();
typedef
BOOL
(
*
type_check
)(
HANDLE
,
PBOOL
,...);
typedef
HANDLE
(
*
type_process
)();
typedef
int
(
*
type_int
)();
char
*
encrypt
(
char
*
plaintext
,
int
shift
)
{
char
*
ciphertext
=
(
char
*
)
malloc
(
sizeof
(
char
)
*
(
strlen
(
plaintext
)
+
1
));
int
i
;
for
(
i
=
0
;
plaintext
[
i
]
!=
'\0'
;
i
++
)
{
if
(
plaintext
[
i
]
>=
'A'
&&
plaintext
[
i
]
<=
'Z'
)
ciphertext
[
i
]
=
((
plaintext
[
i
]
-
'A'
)
+
shift
+
i
)
%
26
+
'A'
;
else
if
(
plaintext
[
i
]
>=
'a'
&&
plaintext
[
i
]
<=
'z'
)
ciphertext
[
i
]
=
((
plaintext
[
i
]
-
'a'
)
+
shift
+
i
)
%
26
+
'a'
;
else
if
(
plaintext
[
i
]
>=
'0'
&&
plaintext
[
i
]
<=
'9'
)
ciphertext
[
i
]
=
((
plaintext
[
i
]
-
'0'
)
+
shift
+
i
)
%
10
+
'0'
;
else
ciphertext
[
i
]
=
plaintext
[
i
];
}
ciphertext
[
i
]
=
'\0'
;
return
ciphertext
;
}
void
vigenereEnc
(
const
char
*
text
,
const
char
*
key
,
char
*
ciphertext
){
unsigned
int
i
,
size
=
strlen
(
key
);
for
(
i
=
0
;
text
[
i
]
!=
'\0'
;
i
++
){
if
(
(
text
[
i
]
>=
'a'
)
&&
(
text
[
i
]
<=
'z'
)
){
int
rang
=
(
text
[
i
]
+
key
[
i
%
size
]
-
2
*
'a'
)
%
26
;
ciphertext
[
i
]
=
'a'
+
rang
;
}
else
if
(
(
text
[
i
]
>=
'A'
)
&&
(
text
[
i
]
<=
'Z'
)
){
int
rang
=
(
text
[
i
]
+
key
[
i
%
size
]
-
'a'
-
'A'
)
%
26
;
ciphertext
[
i
]
=
'A'
+
rang
;
}
else
{
ciphertext
[
i
]
=
text
[
i
];
}
}
ciphertext
[
i
]
=
'\0'
;
}
void
vigenereDec
(
const
char
*
ciphertext
,
const
char
*
key
,
char
*
text
){
unsigned
int
i
,
size
=
strlen
(
key
);
char
keytemp
[
64
];
for
(
i
=
0
;
key
[
i
]
!=
0
;
i
++
){
int
rang
=
(
26
-
(
key
[
i
]
-
'a'
))
%
26
;
keytemp
[
i
]
=
rang
+
'a'
;
}
keytemp
[
i
]
=
'\0'
;
vigenereEnc
(
ciphertext
,
keytemp
,
text
);
}
int
is_valid_input
(
char
*
input
)
{
int
input_len
=
strlen
(
input
);
if
(
input_len
>
MAX_INPUT_LEN
)
{
return
0
;
}
for
(
int
i
=
0
;
i
<
input_len
;
i
++
)
{
char
c
=
input
[
i
];
if
((
c
<
'0'
||
c
>
'9'
)
&&
(
c
<
'a'
||
c
>
'f'
))
{
return
0
;
}
}
return
1
;
}
int
main
(
int
argc
,
char
*
argv
[])
{
char
nb_debug
[]
=
{
'\xb8'
,
'\x5c'
,
'\x86'
,
'\xd7'
,
'\x03'
,
'\xc3'
};
type_int
o
=
(
type_int
)
&
nb_debug
;
int
decal_debug
=
o
();
char
nb_check
[]
=
{
'\xb8'
,
'\xfd'
,
'\x45'
,
'\xda'
,
'\x03'
,
'\xc3'
};
type_int
o1
=
(
type_int
)
&
nb_check
;
int
decal_check
=
o1
();
char
nb_process
[]
=
{
'\xb8'
,
'\x31'
,
'\x83'
,
'\xd0'
,
'\x03'
,
'\xc3'
};
type_int
o2
=
(
type_int
)
&
nb_process
;
int
decal_process
=
o2
();
unsigned
int
pos_memcmp
=
(
unsigned
int
)
memcmp
;
unsigned
int
pos_scanf
=
(
unsigned
int
)
scanf
;
type_debug
h
;
h
=
(
type_debug
)
(
pos_memcmp
+
decal_debug
);
if
(
h
()){
return
0
;}
type_check
e
;
e
=
(
type_check
)
(
pos_memcmp
+
decal_check
);
type_process
d
;
d
=
(
type_process
)
(
pos_scanf
+
decal_process
);
BOOL
res
;
e
(
d
(),
&
res
);
if
(
res
){
return
0
;}
PEB
*
ppeb
;
__asm
{
;
mov
eax
,
a
;
add
eax
,
33
;
mov
a
,
eax
mov
ebx
,
0x20
mov
ecx
,
0X10
mov
edx
,
fs
:
[
ebx
+
ecx
]
mov
ppeb
,
edx
}
if
(
ppeb
->
BeingDebugged
==
1
){
return
0
;}
char
affichage
[]
=
{
'\x25'
,
'\x73'
,
'\x0a'
,
'\0'
};
char
nb_cmp
[]
=
{
'\xb8'
,
'\x93'
,
'\x48'
,
'\x01'
,
'\x00'
,
'\xc3'
};
type_int
o3
=
(
type_int
)
&
nb_cmp
;
int
decal_cmp
=
o3
();
char
nb_pr
[]
=
{
'\xb8'
,
'\x21'
,
'\xe6'
,
'\x04'
,
'\x00'
,
'\xc3'
};
type_int
o4
=
(
type_int
)
&
nb_pr
;
int
decal_pr
=
o4
();
type_strcmp
f
;
f
=
(
type_strcmp
)
(
pos_memcmp
-
decal_cmp
);
type_printf
g
;
g
=
(
type_printf
)
(
pos_memcmp
+
decal_pr
);
char
me
[]
=
{
'\x43'
,
'\x65'
,
'\x44'
,
'\x62'
,
'\x6c'
,
'\x72'
,
'\x71'
,
'\x68'
,
'\x78'
,
'\x6f'
,
'\x67'
,
'\x6b'
,
'\x4c'
,
'\x75'
,
'\x61'
,
'\x55'
,
'\x67'
,
'\x7a'
,
'\x61'
,
'\x62'
,
'\x79'
,
'\x78'
,
'\x59'
,
'\x62'
,
'\x52'
,
'\x65'
,
'\x6e'
,
'\x77'
,
'\x56'
,
'\x6f'
,
'\x71'
,
'\x4d'
,
'\x76'
,
'\x6c'
,
'\x65'
,
'\x6d'
,
'\x67'
,
'\0'
};
char
cc
[]
=
{
'\x75'
,
'\x74'
,
'\x6c'
,
'\x78'
,
'\x7a'
,
'\x71'
,
'\x66'
,
'\x64'
,
'\x67'
,
'\x6f'
,
'\x79'
,
'\x72'
,
'\x76'
,
'\x61'
,
'\x77'
,
'\x6a'
,
'\x63'
,
'\x6d'
,
'\x68'
,
'\x6b'
,
'\0'
};
char
ey
[
64
];
if
(
argc
<
2
)
{
vigenereDec
(
me
,
cc
,
ey
);
g
(
affichage
,
ey
);
return
1
;
}
char
*
input
=
argv
[
1
];
if
(
!
is_valid_input
(
input
))
{
vigenereDec
(
me
,
cc
,
ey
);
g
(
affichage
,
ey
);
return
1
;
}
char
z
[
64
];
char
j
[
64
]
=
{
'\x6e'
,
'\x68'
,
'\x75'
,
'\x67'
,
'\x77'
,
'\x6c'
,
'\x79'
,
'\x72'
,
'\x73'
,
'\x61'
,
'\x71'
,
'\x78'
,
'\x6a'
,
'\x76'
,
'\x62'
,
'\x6d'
,
'\x66'
,
'\x63'
,
'\x6f'
,
'\x70'
,
'\x7a'
,
'\x74'
,
'\x69'
,
'\x65'
,
'\x64'
,
'\x6b'
,
'\x61'
,
'\x62'
,
'\x69'
,
'\x66'
,
'\x72'
,
'\x6f'
,
'\x73'
,
'\x63'
,
'\x64'
,
'\x7a'
,
'\x6a'
,
'\x78'
,
'\x71'
,
'\x65'
,
'\x6c'
,
'\0'
};
char
*
cipher
;
cipher
=
encrypt
(
input
,
SHIFT
);
vigenereEnc
(
cipher
,
j
,
z
);
char
y
[
64
];
char
u
[
64
]
=
{
'\x66'
,
'\x62'
,
'\x73'
,
'\x6a'
,
'\x62'
,
'\x66'
,
'\x71'
,
'\x6a'
,
'\x6b'
,
'\x62'
,
'\x66'
,
'\x71'
,
'\x6c'
,
'\x66'
,
'\x66'
,
'\x61'
,
'\x7a'
,
'\x66'
,
'\0'
};
char
m
[]
=
{
'\x4e'
,
'\x6d'
,
'\x4b'
,
'\x6e'
,
'\x6e'
,
'\x67'
,
'\x62'
,
'\x6e'
,
'\x62'
,
'\x62'
,
'\x6e'
,
'\x6a'
,
'\x42'
,
'\x7a'
,
'\x6a'
,
'\x56'
,
'\x6e'
,
'\x7a'
,
'\x78'
,
'\x42'
,
'\x71'
,
'\x6e'
,
'\x61'
,
'\x59'
,
'\x68'
,
'\x78'
,
'\x65'
,
'\x77'
,
'\x6a'
,
'\x42'
,
'\x6c'
,
'\x48'
,
'\x71'
,
'\x65'
,
'\x41'
,
'\x57'
,
'\x46'
,
'\x57'
,
'\x47'
,
'\0'
};
char
x
[]
=
{
'\x32'
,
'\x70'
,
'\x30'
,
'\x6f'
,
'\x30'
,
'\x61'
,
'\x33'
,
'\x68'
,
'\x33'
,
'\x72'
,
'\x34'
,
'\x6f'
,
'\x32'
,
'\x6e'
,
'\x37'
,
'\x69'
,
'\x38'
,
'\x64'
,
'\x39'
,
'\x72'
,
'\x34'
,
'\x75'
,
'\x37'
,
'\x69'
,
'\x31'
,
'\x72'
,
'\x35'
,
'\x68'
,
'\x36'
,
'\x6f'
,
'\x36'
,
'\x63'
,
'\x35'
,
'\x72'
,
'\x35'
,
'\x73'
,
'\x31'
,
'\x6e'
,
'\x35'
,
'\0'
};
char
ar
[]
=
{
'\x37'
,
'\x65'
,
'\x30'
,
'\x62'
,
'\x38'
,
'\x63'
,
'\x33'
,
'\x61'
,
'\x66'
,
'\x32'
,
'\x34'
,
'\x64'
,
'\x32'
,
'\x61'
,
'\x31'
,
'\x65'
,
'\x39'
,
'\x64'
,
'\x36'
,
'\x62'
,
'\x35'
,
'\x33'
,
'\x61'
,
'\x39'
,
'\x66'
,
'\x30'
,
'\x61'
,
'\x32'
,
'\x33'
,
'\x66'
,
'\0'
};
char
ar2
[]
=
"c6b731e8f92d5a74eab9c9e1d0d26673f69d4"
;
if
(
f
(
x
,
z
)
==
0
){
vigenereDec
(
m
,
u
,
y
);
g
(
affichage
,
y
);
}
else
{
if
(
strcmp
(
ar
,
input
)
==
0
){
g
(
affichage
,
input
);
}
else
if
(
strcmp
(
ar2
,
input
)
==
0
){
g
(
affichage
,
input
);
}
else
{
g
(
affichage
,
input
);
}
}
return
0
;;
}
\ No newline at end of file
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment