Homemade RANSOMWARE

Podrobnosti

Vytvorenie vlastného malwaru RansomWare

 

Dokončil som vlastnoručne písaný RansomWare.

Malware je plne funkčný, dokáže encryptovať súbory typov:
this->suportedextension[0] = "txt";
this->suportedextension[1] = "doc";
this->suportedextension[2] = "docx";
this->suportedextension[3] = "xls";
this->suportedextension[4] = "dot";
this->suportedextension[5] = "wbk";
this->suportedextension[6] = "docm";
this->suportedextension[7] = "dotx";
this->suportedextension[8] = "dotm";
this->suportedextension[9] = "docb";
this->suportedextension[10] = "xlsx";
this->suportedextension[11] = "xlsm";
this->suportedextension[12] = "xltx";
this->suportedextension[13] = "xltm";
this->suportedextension[14] = "xlsb";
this->suportedextension[15] = "xla";
this->suportedextension[16] = "xlam";
this->suportedextension[17] = "xll";
this->suportedextension[18] = "xlw";
this->suportedextension[19] = "ppt";
this->suportedextension[20] = "pot";
this->suportedextension[21] = "pps";
this->suportedextension[22] = "pptx";
this->suportedextension[23] = "pptm";
this->suportedextension[24] = "potx";
this->suportedextension[25] = "potm";
this->suportedextension[26] = "ppam";
this->suportedextension[27] = "ppsx";
this->suportedextension[28] = "ppsm";
this->suportedextension[29] = "sldx";
this->suportedextension[30] = "sldm";
this->suportedextension[31] = "pdf";
this->suportedextension[32] = "html";
this->suportedextension[33] = "php";
this->suportedextension[34] = "js";
this->suportedextension[35] = "tiff";
this->suportedextension[36] = "jpef";
this->suportedextension[37] = "gif";
this->suportedextension[38] = "png";
this->suportedextension[39] = "raw";
this->suportedextension[40] = "ico";
this->suportedextension[41] = "psd";
this->suportedextension[42] = "xcf";
this->suportedextension[43] = "ai";
this->suportedextension[44] = "cdr";
this->suportedextension[45] = "eps";
this->suportedextension[46] = "raw";
this->suportedextension[47] = "cr2";
this->suportedextension[48] = "nef";
this->suportedextension[49] = "orf";
this->suportedextension[50] = "sr2";
this->suportedextension[51] = "rar";
this->suportedextension[52] = "zip";
this->suportedextension[53] = "jpeg";
this->suportedextension[54] = "h";
this->suportedextension[55] = "fdf";


Po vložení definovaného kľúča súbory decryptuje.
Malware obsahuje dva moduly spúšťane v troch úrovniach. GUI znovu a znovu nabehne po vypnutí. Malware je chránene proti zmazaniu, vypnutiu, zobrazeniu, blokuje niektoré procesy.

Obrazok modulu s GUI :


 



Zdrojové kódy sú k dispozícií pre členov  CyberSecurity Unit ◄  fóra viry.cz.