From 1ac77411761e365bab651a53ec93680ee4e3dc18 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?A=C3=A9na=20Aria?= <aena.aria@posteo.net>
Date: Fri, 20 Feb 2026 19:03:52 +0100
Subject: [PATCH] added obfuscation through a function list

---
 Malware/Malware/Malware.cpp | 36 ++++++++++++++++++++++++++++--------
 1 file changed, 28 insertions(+), 8 deletions(-)

diff --git a/Malware/Malware/Malware.cpp b/Malware/Malware/Malware.cpp
index 307829f..de52546 100644
--- a/Malware/Malware/Malware.cpp
+++ b/Malware/Malware/Malware.cpp
@@ -7,51 +7,71 @@
 #include <stdio.h>
 #include "encryption.h"
 #include "lonesha256.h"
+#ifdef _WIN32
+#include <windows.h>
+#endif
+
+
+typedef struct {
+    char* (*p1)();
+    int (*p2)(char* decoded);
+} FuncList;
 
 char* this_is_useful_fr_dont_miss_it(){ // it's not,  pure red herring
-	char* useful = (char*) malloc(sizeof(char)*100);
-
+    char* useful = (char*) malloc(sizeof(char)*100);
 	for (int i = 0; i < 99; i++){
 		useful[i] ^= useful[i+1] + 'c';
 	}
 	return useful;
 }
 
-bool is_good_hash(char* decoded){
+int cmp_hash(char* decoded){
     unsigned char hash[32] = {0xf4,0xed,0x2a,0x38,0xd2,0xff,0xcc,0x38,0xbc,0x63,0x28,0x46,0xaf,0xe2,0x4f,0x34,0x2d,0xd8,0xb8,0x5e,0x74,0xbd,0x73,0x99,0x2d,0x91,0x56,0x24,0xb4,0x73,0x5d,0xee};
     unsigned char hash_computed[32];
     lonesha256(hash_computed, (unsigned char*) decoded, sizeof(char)*57);
     for(int i = 0; i < 32; i++){
         if(hash[i] != hash_computed[i]){
-            return false;
+            return hash[i]-hash_computed[i];
         }
     }
-    return true;
+    return 0;
 }
 
 int _tmain(int argc, wchar_t* argv[])
 {
+    FuncList list = {
+        this_is_useful_fr_dont_miss_it,
+        cmp_hash
+    };
+    argcverif:    
     if(argc <= 1){
-        printf("Il est où l'argv??????");
+        printf("Il est ou l'argv??????");
+        goto argcverif;
         exit(1);
     }
     // char* encoded = "Salut a tous les amis, gg pour avoir dechiffre ce string";
     char* encoded = "\x64\x55\x58\x41\x43\x14\x56\x13\x46\x5b\x47\x40\x14\x5e\x52\x47\x13\x56\x5e\x5d\x40\x1f\x13\x53\x54\x14\x42\x5b\x41\x40\x13\x53\x47\x58\x5d\x46\x14\x53\x51\x54\x5b\x5b\x52\x54\x41\x51\x12\x54\x51\x13\x44\x47\x46\x5a\x5d\x54";
     char* key = (char*) malloc(sizeof(char)*9);
     for(int i = 0; argv[1][i] != '\0'; ++i) {
-        key[i] = (char) argv[1][i];
+        key[i] = (char) argv[1][i] ^ this_is_useful_fr_dont_miss_it()[i] ^ list.p1()[i]; // xors to argv[1][i]
     }
     key[8]='\0';
     // printf("Key: %s\n", key);
     encrypt_decrypt(key,encoded);
-    if(is_good_hash(encoded)){
+    #ifdef _WIN32
+    DWORD old;
+    VirtualProtect( &list.p1, 0x100, PAGE_EXECUTE_READWRITE, &old);
+    #endif
+    if(!list.p2(encoded)){ // cmp_hash
         printf("%s", encoded);
     } else {
         printf("%S", argv[1]);
     }
+
     while (true) {
     
     }
 	return 0;
+
 }