Mirrors
/
vxug-VXAPI
mirror of https://github.com/vxunderground/VX-API
6
0
Fork 0
Code Issues Projects Releases Wiki Activity

2.0.521 

2.0.521
This commit is contained in:
vxunderground 2022-12-21 09:50:27 -06:00
parent e47dccad19
commit 0f0f9aab4c
7 changed files with 188 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -23,3 +23,5 @@ x64/Debug/VX-API.exe
*.iobj
*.ipdb
*.exe
VX-API/x64/Debug/.NETFramework,Version=v4.7.2.AssemblyAttributes.cpp
VX-API/x64/Debug/VX-API.vcxproj.AssemblyReference.cache

1
README.md
View File

@ -161,6 +161,7 @@ You're free to use this in any manner you please. You do not need to use this en
| MpfComMonitorChromeSessionOnce | smelly__vx | Malcode |
| MpfExecute64bitPeBinaryInMemoryFromByteArrayNoReloc | aaaddress1 | Malcode |
| MpfLolExecuteRemoteBinaryByAppInstaller | Wade Hickey | Malcode |
| MpfExtractMaliciousPayloadFromZipFileNoPassword | Codu | Malcode |
| UrlDownloadToFileSynchronous | Hans Passant | Networking |
| ConvertIPv4IpAddressStructureToString | smelly__vx | Networking |
| ConvertIPv4StringToUnsignedLong | smelly__vx | Networking |

4
VX-API/Main.cpp
View File

@ -20,7 +20,9 @@ INT main(VOID)
Pii.MethodEnum = E_QUEUE_USER_APC;
//ShellcodeExecutionViaFunctionCallbackMain(&Sei);
ProcessInjectionMain(&Pii);
//ProcessInjectionMain(&Pii);
MpfExtractMaliciousPayloadFromZipFileW((PWCHAR)L"C:\\Users\\dwThr\\Desktop\\Test.zip", (PWCHAR)L"C:\\Users\\dwThr\\Desktop\\");
return dwError;
}

174
VX-API/MpfExtractMaliciousPayloadFromZipFileNoPassword.cpp Normal file
View File

@ -0,0 +1,174 @@
#include "Win32Helper.h"
//Microsoft doesn't natively support password protected ZIP files. Hahahaha
BOOL MpfExtractMaliciousPayloadFromZipFileNoPasswordW(_In_ PWCHAR FullPathToZip, _In_ PWCHAR FullPathToExtractionDirectory)
{
IDispatch* Items = 0;
IShellDispatch* Dispatch = 0L;
Folder* ZippedFile = 0L;
Folder* Destination = 0L;
FolderItems* FilesInside = 0L;
LONG NumberOfFiles = ERROR_SUCCESS;
HRESULT Result = S_OK;
VARIANT Options, OutFolder, InZipFile, Item;
BOOL bFlag = FALSE;
if (!SUCCEEDED(Result = CoInitialize(NULL)))
goto EXIT_ROUTINE;
Result = CoCreateInstance(CLSID_Shell, NULL, CLSCTX_INPROC_SERVER, IID_IShellDispatch, (PVOID*)&Dispatch);
if (!SUCCEEDED(Result))
goto EXIT_ROUTINE;
InZipFile.vt = VT_BSTR;
InZipFile.bstrVal = FullPathToZip;
Result = Dispatch->NameSpace(InZipFile, &ZippedFile);
if (!SUCCEEDED(Result))
goto EXIT_ROUTINE;
OutFolder.vt = VT_BSTR;
OutFolder.bstrVal = FullPathToExtractionDirectory;
Result = Dispatch->NameSpace(OutFolder, &Destination);
if (!SUCCEEDED(Result))
goto EXIT_ROUTINE;
Result = ZippedFile->Items(&FilesInside);
if (!SUCCEEDED(Result))
goto EXIT_ROUTINE;
Result = FilesInside->get_Count(&NumberOfFiles);
if (!SUCCEEDED(Result))
goto EXIT_ROUTINE;
if (NumberOfFiles < 1)
goto EXIT_ROUTINE;
Result = FilesInside->QueryInterface(IID_IDispatch, (PVOID*)&Items);
if (!SUCCEEDED(Result))
goto EXIT_ROUTINE;
Item.vt = VT_DISPATCH;
Item.pdispVal = Items;
Options.vt = VT_I4;
Options.lVal = 1024 | 512 | 16 | 4;
Result = Destination->CopyHere(Item, Options);
if (!SUCCEEDED(Result))
goto EXIT_ROUTINE;
bFlag = TRUE;
EXIT_ROUTINE:
if(Items)
Items->Release();
if(FilesInside)
FilesInside->Release();
if(Destination)
Destination->Release();
if(ZippedFile)
ZippedFile->Release();
if (Dispatch)
Dispatch->Release();
CoUninitialize();
return bFlag;
}
BOOL MpfExtractMaliciousPayloadFromZipFileNoPasswordA(_In_ PCHAR FullPathToZip, _In_ PCHAR FullPathToExtractionDirectory)
{
IDispatch* Items = 0;
IShellDispatch* Dispatch = 0L;
Folder* ZippedFile = 0L;
Folder* Destination = 0L;
FolderItems* FilesInside = 0L;
LONG NumberOfFiles = ERROR_SUCCESS;
HRESULT Result = S_OK;
VARIANT Options, OutFolder, InZipFile, Item;
BOOL bFlag = FALSE;
WCHAR Source[MAX_PATH * sizeof(WCHAR)] = { 0 };
WCHAR CopyDestination[MAX_PATH * sizeof(WCHAR)] = { 0 };
if (CharStringToWCharString(Source, FullPathToZip, MAX_PATH * sizeof(WCHAR)) == 0)
goto EXIT_ROUTINE;
if (CharStringToWCharString(CopyDestination, FullPathToExtractionDirectory, MAX_PATH * sizeof(WCHAR)) == 0)
goto EXIT_ROUTINE;
if (!SUCCEEDED(Result = CoInitialize(NULL)))
goto EXIT_ROUTINE;
Result = CoCreateInstance(CLSID_Shell, NULL, CLSCTX_INPROC_SERVER, IID_IShellDispatch, (PVOID*)&Dispatch);
if (!SUCCEEDED(Result))
goto EXIT_ROUTINE;
InZipFile.vt = VT_BSTR;
InZipFile.bstrVal = Source;
Result = Dispatch->NameSpace(InZipFile, &ZippedFile);
if (!SUCCEEDED(Result))
goto EXIT_ROUTINE;
OutFolder.vt = VT_BSTR;
OutFolder.bstrVal = CopyDestination;
Result = Dispatch->NameSpace(OutFolder, &Destination);
if (!SUCCEEDED(Result))
goto EXIT_ROUTINE;
Result = ZippedFile->Items(&FilesInside);
if (!SUCCEEDED(Result))
goto EXIT_ROUTINE;
Result = FilesInside->get_Count(&NumberOfFiles);
if (!SUCCEEDED(Result))
goto EXIT_ROUTINE;
if (NumberOfFiles < 1)
goto EXIT_ROUTINE;
Result = FilesInside->QueryInterface(IID_IDispatch, (PVOID*)&Items);
if (!SUCCEEDED(Result))
goto EXIT_ROUTINE;
Item.vt = VT_DISPATCH;
Item.pdispVal = Items;
Options.vt = VT_I4;
Options.lVal = 1024 | 512 | 16 | 4;
Result = Destination->CopyHere(Item, Options);
if (!SUCCEEDED(Result))
goto EXIT_ROUTINE;
bFlag = TRUE;
EXIT_ROUTINE:
if (Items)
Items->Release();
if (FilesInside)
FilesInside->Release();
if (Destination)
Destination->Release();
if (ZippedFile)
ZippedFile->Release();
if (Dispatch)
Dispatch->Release();
CoUninitialize();
return bFlag;
}

3
VX-API/VX-API.vcxproj
View File

@ -44,6 +44,7 @@
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
<CLRSupport>false</CLRSupport>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
@ -105,6 +106,7 @@
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<LanguageStandard>stdcpp20</LanguageStandard>
<CompileAsManaged>false</CompileAsManaged>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -237,6 +239,7 @@
<ClCompile Include="IsRegistryKeyValid.cpp" />
<ClCompile Include="LdrLoadGetProcedureAddress.cpp" />
<ClCompile Include="MemoryFindMemory.cpp" />
<ClCompile Include="MpfExtractMaliciousPayloadFromZipFile.cpp" />
<ClCompile Include="MpfLolExecuteRemoteBinaryByAppInstaller.cpp" />
<ClCompile Include="Main.cpp" />
<ClCompile Include="ManualResourceDataFetching.cpp" />

3
VX-API/VX-API.vcxproj.filters
View File

@ -552,6 +552,9 @@
<ClCompile Include="MiscGenericShellcodePayloads.cpp">
<Filter>Source Files\Windows API Helper Functions\Malicious Capabilities</Filter>
</ClCompile>
<ClCompile Include="MpfExtractMaliciousPayloadFromZipFile.cpp">
<Filter>Source Files\Windows API Helper Functions\Malicious Capabilities</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="Internal.h">

3
VX-API/Win32Helper.h
View File

@ -363,7 +363,8 @@ BOOL MpfLolExecuteRemoteBinaryByAppInstallerW(_In_ PWCHAR RemoteUrlTextFile, _In
BOOL MpfLolExecuteRemoteBinaryByAppInstallerA(_In_ PCHAR RemoteUrlTextFile, _In_ DWORD RemoteUrlLengthInBytes);
DWORD ProcessInjectionMain(_In_ PPROCESS_INJECTION_INFORMATION Pii);
BOOL MpfProcessInjectionViaProcessReflection(_In_ PBYTE Shellcode, _In_ DWORD dwSizeOfShellcodeInBytes, _In_ DWORD TargetPid);
BOOL MpfProcessInjectionViaCreateRemoteThread(_In_ PBYTE Shellcode, _In_ DWORD dwSizeOfShellcodeInBytes, _In_ DWORD TargetPid);
BOOL MpfExtractMaliciousPayloadFromZipFileNoPasswordW(_In_ PWCHAR FullPathToZip, _In_ PWCHAR FullPathToExtractionDirectory);
BOOL MpfExtractMaliciousPayloadFromZipFileNoPasswordA(_In_ PCHAR FullPathToZip, _In_ PCHAR FullPathToExtractionDirectory);