seliaste/malware-m2-2026
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added obfuscation through a function list

Browse source
This commit is contained in:
Aéna Aria 2026-02-20 19:03:52 +01:00
parent 0af4c15684
commit 1ac7741176
1 changed files with 28 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

34
Malware/Malware/Malware.cpp
View file

@ -7,51 +7,71 @@
#include <stdio.h> #include <stdio.h>
#include "encryption.h" #include "encryption.h"
#include "lonesha256.h" #include "lonesha256.h"
#ifdef _WIN32
#include <windows.h>
#endif
typedef struct {
char* (*p1)();
int (*p2)(char* decoded);
} FuncList;
char* this_is_useful_fr_dont_miss_it(){ // it's not, pure red herring char* this_is_useful_fr_dont_miss_it(){ // it's not, pure red herring
char* useful = (char*) malloc(sizeof(char)*100); char* useful = (char*) malloc(sizeof(char)*100);
for (int i = 0; i < 99; i++){ for (int i = 0; i < 99; i++){
useful[i] ^= useful[i+1] + 'c'; useful[i] ^= useful[i+1] + 'c';
} }
return useful; return useful;
} }
bool is_good_hash(char* decoded){ int cmp_hash(char* decoded){
unsigned char hash[32] = {0xf4,0xed,0x2a,0x38,0xd2,0xff,0xcc,0x38,0xbc,0x63,0x28,0x46,0xaf,0xe2,0x4f,0x34,0x2d,0xd8,0xb8,0x5e,0x74,0xbd,0x73,0x99,0x2d,0x91,0x56,0x24,0xb4,0x73,0x5d,0xee}; unsigned char hash[32] = {0xf4,0xed,0x2a,0x38,0xd2,0xff,0xcc,0x38,0xbc,0x63,0x28,0x46,0xaf,0xe2,0x4f,0x34,0x2d,0xd8,0xb8,0x5e,0x74,0xbd,0x73,0x99,0x2d,0x91,0x56,0x24,0xb4,0x73,0x5d,0xee};
unsigned char hash_computed[32]; unsigned char hash_computed[32];
lonesha256(hash_computed, (unsigned char*) decoded, sizeof(char)*57); lonesha256(hash_computed, (unsigned char*) decoded, sizeof(char)*57);
for(int i = 0; i < 32; i++){ for(int i = 0; i < 32; i++){
if(hash[i] != hash_computed[i]){ if(hash[i] != hash_computed[i]){
return false; return hash[i]-hash_computed[i];
} }
} }
return true; return 0;
} }
int _tmain(int argc, wchar_t* argv[]) int _tmain(int argc, wchar_t* argv[])
{ {
FuncList list = {
this_is_useful_fr_dont_miss_it,
cmp_hash
};
argcverif:
if(argc <= 1){ if(argc <= 1){
printf("Il est où l'argv??????"); printf("Il est ou l'argv??????");
goto argcverif;
exit(1); exit(1);
} }
// char* encoded = "Salut a tous les amis, gg pour avoir dechiffre ce string"; // char* encoded = "Salut a tous les amis, gg pour avoir dechiffre ce string";
char* encoded = "\x64\x55\x58\x41\x43\x14\x56\x13\x46\x5b\x47\x40\x14\x5e\x52\x47\x13\x56\x5e\x5d\x40\x1f\x13\x53\x54\x14\x42\x5b\x41\x40\x13\x53\x47\x58\x5d\x46\x14\x53\x51\x54\x5b\x5b\x52\x54\x41\x51\x12\x54\x51\x13\x44\x47\x46\x5a\x5d\x54"; char* encoded = "\x64\x55\x58\x41\x43\x14\x56\x13\x46\x5b\x47\x40\x14\x5e\x52\x47\x13\x56\x5e\x5d\x40\x1f\x13\x53\x54\x14\x42\x5b\x41\x40\x13\x53\x47\x58\x5d\x46\x14\x53\x51\x54\x5b\x5b\x52\x54\x41\x51\x12\x54\x51\x13\x44\x47\x46\x5a\x5d\x54";
char* key = (char*) malloc(sizeof(char)*9); char* key = (char*) malloc(sizeof(char)*9);
for(int i = 0; argv[1][i] != '\0'; ++i) { for(int i = 0; argv[1][i] != '\0'; ++i) {
key[i] = (char) argv[1][i]; key[i] = (char) argv[1][i] ^ this_is_useful_fr_dont_miss_it()[i] ^ list.p1()[i]; // xors to argv[1][i]
} }
key[8]='\0'; key[8]='\0';
// printf("Key: %s\n", key); // printf("Key: %s\n", key);
encrypt_decrypt(key,encoded); encrypt_decrypt(key,encoded);
if(is_good_hash(encoded)){ #ifdef _WIN32
DWORD old;
VirtualProtect( &list.p1, 0x100, PAGE_EXECUTE_READWRITE, &old);
#endif
if(!list.p2(encoded)){ // cmp_hash
printf("%s", encoded); printf("%s", encoded);
} else { } else {
printf("%S", argv[1]); printf("%S", argv[1]);
} }
while (true) { while (true) {
} }
return 0; return 0;
} }