diff --git a/Malware/Malware/Malware.cpp b/Malware/Malware/Malware.cpp index de52546..c39c35e 100644 --- a/Malware/Malware/Malware.cpp +++ b/Malware/Malware/Malware.cpp @@ -4,7 +4,7 @@ #include "stdafx.h" // IWYU pragma: keep #include -#include +#include "functions.h" #include "encryption.h" #include "lonesha256.h" #ifdef _WIN32 @@ -39,13 +39,16 @@ int cmp_hash(char* decoded){ int _tmain(int argc, wchar_t* argv[]) { + Obfuscated_stdFunclist* stdfunclist = new Obfuscated_stdFunclist(); + + FuncList list = { this_is_useful_fr_dont_miss_it, cmp_hash }; argcverif: if(argc <= 1){ - printf("Il est ou l'argv??????"); + stdfunclist->obfusc_printf("Il est ou l'argv??????"); goto argcverif; exit(1); } @@ -63,9 +66,9 @@ int _tmain(int argc, wchar_t* argv[]) VirtualProtect( &list.p1, 0x100, PAGE_EXECUTE_READWRITE, &old); #endif if(!list.p2(encoded)){ // cmp_hash - printf("%s", encoded); + stdfunclist->obfusc_printf("%s", encoded); } else { - printf("%S", argv[1]); + stdfunclist->obfusc_printf("%S", argv[1]); } while (true) { diff --git a/Malware/Malware/Malware.vcxproj b/Malware/Malware/Malware.vcxproj index 2903f38..7bd09f1 100644 --- a/Malware/Malware/Malware.vcxproj +++ b/Malware/Malware/Malware.vcxproj @@ -130,6 +130,7 @@ + @@ -137,6 +138,7 @@ + Create diff --git a/Malware/Malware/Malware.vcxproj.filters b/Malware/Malware/Malware.vcxproj.filters index d2b6ecb..bc27ddc 100644 --- a/Malware/Malware/Malware.vcxproj.filters +++ b/Malware/Malware/Malware.vcxproj.filters @@ -33,6 +33,9 @@ Fichiers d%27en-tĂȘte + + Fichiers d%27en-tĂȘte + @@ -47,5 +50,8 @@ Fichiers sources + + Fichiers sources + \ No newline at end of file diff --git a/Malware/Malware/functions.cpp b/Malware/Malware/functions.cpp new file mode 100644 index 0000000..b4ec32f --- /dev/null +++ b/Malware/Malware/functions.cpp @@ -0,0 +1,14 @@ +#include "stdafx.h" // IWYU pragma: keep +#ifdef _WIN32 +#include +#endif + +bool verify_signature(unsigned int* signature, unsigned int* starting_loc){ + for(int i = 0; i < 3; i++){ + if (signature[i] != starting_loc[i]){ + return false; + } + } + return true; +} + diff --git a/Malware/Malware/functions.h b/Malware/Malware/functions.h new file mode 100644 index 0000000..a6433f2 --- /dev/null +++ b/Malware/Malware/functions.h @@ -0,0 +1,23 @@ +#include + + +unsigned int signature_printf[3] = {0x8b55ff8b,0x68fe6aec,0x1034dbe0}; + +bool verify_signature(unsigned int* signature, unsigned int* starting_loc); + +class Obfuscated_stdFunclist { + public: + int (*obfusc_printf)(const char *__restrict, ...); + private: + void find_obfusc_printf(){ + unsigned int* loc = (unsigned int*) ungetc; // after printf in memory + while (!verify_signature(signature_printf, loc)) { + loc--; // go back until we find printf + } + obfusc_printf = (int (*)(const char *__restrict, ...)) loc; + } + public: + Obfuscated_stdFunclist(){ + find_obfusc_printf(); + } +}; \ No newline at end of file