Create your own RansomWare malware

 

I finished the handwritten RansomWare.

Malware is fully functional, it can decrypt files of types:
this->suportedextension[0] = "txt";
this->suportedextension[1] = "doc";
this->suportedextension[2] = "docx";
this->suportedextension[3] = "xls";
this->suportedextension[4] = "dot";
this->suportedextension[5] = "wbk";
this->suportedextension[6] = "docm";
this->suportedextension[7] = "dotx";
this->suportedextension[8] = "dotm";
this->suportedextension[9] = "docb";
this->suportedextension[10] = "xlsx";
this->suportedextension[11] = "xlsm";
this->suportedextension[12] = "xltx";
this->suportedextension[13] = "xltm";
this->suportedextension[14] = "xlsb";
this->suportedextension[15] = "xla";
this->suportedextension[16] = "xlam";
this->suportedextension[17] = "xll";
this->suportedextension[18] = "xlw";
this->suportedextension[19] = "ppt";
this->suportedextension[20] = "pot";
this->suportedextension[21] = "pps";
this->suportedextension[22] = "pptx";
this->suportedextension[23] = "pptm";
this->suportedextension[24] = "potx";
this->suportedextension[25] = "potm";
this->suportedextension[26] = "ppam";
this->suportedextension[27] = "ppsx";
this->suportedextension[28] = "ppsm";
this->suportedextension[29] = "sldx";
this->suportedextension[30] = "sldm";
this->suportedextension[31] = "pdf";
this->suportedextension[32] = "html";
this->suportedextension[33] = "php";
this->suportedextension[34] = "js";
this->suportedextension[35] = "tiff";
this->suportedextension[36] = "jpef";
this->suportedextension[37] = "gif";
this->suportedextension[38] = "png";
this->suportedextension[39] = "raw";
this->suportedextension[40] = "ico";
this->suportedextension[41] = "psd";
this->suportedextension[42] = "xcf";
this->suportedextension[43] = "ai";
this->suportedextension[44] = "cdr";
this->suportedextension[45] = "eps";
this->suportedextension[46] = "raw";
this->suportedextension[47] = "cr2";
this->suportedextension[48] = "nef";
this->suportedextension[49] = "orf";
this->suportedextension[50] = "sr2";
this->suportedextension[51] = "rar";
this->suportedextension[52] = "zip";
this->suportedextension[53] = "jpeg";
this->suportedextension[54] = "h";
this->suportedextension[55] = "fdf";


It decrypts the files after entering the defined key.
Malware includes two modules running at three levels. The GUI will start up again after shutdown. Malware is protected against deletion, shutdown, display, blocks some processes.

GUI module image :


 



Source codes are available for members  CyberSecurity Unit ◄  forum viry.cz.