Mirrors
/
vxug-VXAPI
mirror of https://github.com/vxunderground/VX-API
6
0
Fork 0
Code Issues Projects Releases Wiki Activity

update 

++
This commit is contained in:
vxunderground 2022-10-21 13:17:42 -05:00
parent 08fb26bb51
commit 555fe22a12
5 changed files with 31 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
README.md
View File

@ -4,6 +4,7 @@ managed by [vx-underground](https://vx-underground.org) | follow us on [Twitter]
# VX-API
Version: 2022.210
Developer: smelly__vx
The VX-API is a collection of malicious functionality to aid in malware development. It is recommended you clone and/or download this entire repo then open the Visual Studio solution file to easily explore functionality and concepts.
@ -146,21 +147,20 @@ You're free to use this in any manner you please. You do not need to use this en
| More hashing algorithms | N/A | N/A |
# Notes
| Function Name | Original Author | Note |
| Function Name | Original Author | Note | Fixed |
| ------------- | --------------- | ------- |
| ~~RtlInitEmptyUnicodeString~~ | ~~N/A~~ | ~~Needs revision~~ |
| StringToken | N/A | Needs revision, buggy |
| CreateMd5HashFromFilePath | N/A | Import |
| HashFileByMsiFileHashTable | N/A | TryDllMultiMethod |
| CreateFileFromDsCopyFromSharedFileW | N/A | Never unloads dll |
| CreateProcessFromIShellDispatchInvoke | N/A | TryDllMultiMethod |
| UnusedSubroutineGetShellViewForDesktop | N/A | TryDllMultiMethod |
| DelayedExecutionExecuteOnDisplayOff | N/A | TryDllMultiMethod |
| GetPidFromEnumProcesses | N/A | TryDllMultiMethod |
| GetPidFromWindowsTerminalService | N/A | TryDllMultiMethod |
| IsProcessRunning | N/A | TryDllMultiMethod |
| GetCurrentUserSid | N/A | TryDllMultiMethod |
| RecursiveFindFile | N/A | TryDllMultiMethod |
| UrlDownloadToFileSynchronous | N/A | TryDllMultiMethod |
| CreateProcessByNotepadProxy | x86matthew | Removed, unstable |
| SystemFunction036 | MSDN | Removed, unstable |
| StringToken | N/A | Needs revision, buggy | N/A |
| CreateProcessFromIShellDispatchInvoke | N/A | TryDllMultiMethod | N/A |
| UnusedSubroutineGetShellViewForDesktop | N/A | TryDllMultiMethod | N/A |
| DelayedExecutionExecuteOnDisplayOff | N/A | TryDllMultiMethod | N/A |
| GetPidFromEnumProcesses | N/A | TryDllMultiMethod | N/A |
| GetPidFromWindowsTerminalService | N/A | TryDllMultiMethod | N/A |
| IsProcessRunning | N/A | TryDllMultiMethod | N/A |
| GetCurrentUserSid | N/A | TryDllMultiMethod | N/A |
| RecursiveFindFile | N/A | TryDllMultiMethod | N/A |
| UrlDownloadToFileSynchronous | N/A | TryDllMultiMethod | N/A |
| ~~CreateFileFromDsCopyFromSharedFileW~~ | ~~N/A~~ | ~~Never unloads dll~~ | October 21th, 2022 |
| ~~HashFileByMsiFileHashTable~~ | ~~N/A~~ | ~~TryDllMultiMethod~~ | October 21th, 2022 |
| ~~RtlInitEmptyUnicodeString~~ | ~~N/A~~ | ~~Needs revision~~ | October 21th, 2022 |
| ~~CreateProcessByNotepadProxy~~ | ~~x86matthew~~ | ~~Removed, unstable~~ | October 16th, 2022 |
| ~~SystemFunction036~~ | ~~MSDN~~ | ~~Removed, unstable~~ | October 16th, 2022 |

10
VX-API/CreateFileFromDsCopyFromSharedFile.cpp
View File

@ -11,7 +11,7 @@ BOOL CreateFileFromDsCopyFromSharedFileW(_In_ PWCHAR NewFileName, _In_ PWCHAR Fi
PWCHAR TokenData = NULL;
HMODULE hDsClient = NULL;
hDsClient = LoadLibraryW(L"DSCLIENT.DLL");
hDsClient = TryLoadDllMultiMethodW((PWCHAR)L"DSCLIENT.DLL");
if (hDsClient == NULL)
return FALSE;
@ -53,6 +53,9 @@ EXIT_ROUTINE:
DsCreateSharedFileToken = NULL;
DsCopyFromSharedFile = NULL;
if (hDsClient)
FreeLibrary(hDsClient);
return bFlag;
}
@ -76,7 +79,7 @@ BOOL CreateFileFromDsCopyFromSharedFileA(_In_ PCHAR NewFileName, _In_ PCHAR File
if (CharStringToWCharString((PWCHAR)NewFileNameWchar, NewFileName, (MAX_PATH * sizeof(WCHAR))) == 0)
goto EXIT_ROUTINE;
hDsClient = LoadLibraryW(L"DSCLIENT.DLL");
hDsClient = TryLoadDllMultiMethodW((PWCHAR)L"DSCLIENT.DLL");
if (hDsClient == NULL)
return FALSE;
@ -118,5 +121,8 @@ EXIT_ROUTINE:
DsCreateSharedFileToken = NULL;
DsCopyFromSharedFile = NULL;
if (hDsClient)
FreeLibrary(hDsClient);
return bFlag;
}

1
VX-API/FunctionDeclaration.h
View File

@ -82,4 +82,3 @@ typedef BOOL(WINAPI* CONVERTSIDTOSTRINGSIDA)(PSID, LPSTR*);
typedef SC_HANDLE(WINAPI* OPENSCMANAGERW)(LPCWSTR, LPCWSTR, DWORD);
typedef SC_HANDLE(WINAPI* OPENSERVICEW)(SC_HANDLE, LPCWSTR, DWORD);
typedef SC_HANDLE(WINAPI* QUERYSERVICESTATUSEX)(SC_HANDLE, SC_STATUS_TYPE, LPBYTE, DWORD, LPDWORD);
typedef BOOL(WINAPI* CLOSESERVICEHANDLE)(SC_HANDLE);

4
VX-API/HashFileByMsiFileHashTable.cpp
View File

@ -10,7 +10,7 @@ BOOL HashFileByMsiFileHashTableW(_In_ PWCHAR Path, _Inout_ PULONG FileHash)
Hash.dwFileHashInfoSize = sizeof(Hash);
hModule = LoadLibraryW(L"msi.dll");
hModule = TryLoadDllMultiMethodW((PWCHAR)L"msi.dll");
if (hModule == NULL)
return FALSE;
@ -55,7 +55,7 @@ BOOL HashFileByMsiFileHashTableA(_In_ PCHAR Path, _Inout_ PULONG FileHash)
Hash.dwFileHashInfoSize = sizeof(Hash);
hModule = LoadLibraryW(L"msi.dll");
hModule = TryLoadDllMultiMethodW((PWCHAR)L"msi.dll");
if (hModule == NULL)
return FALSE;

10
VX-API/StringToken.cpp
View File

@ -2,7 +2,7 @@
PCHAR StringTokenA(_In_ PCHAR String, _In_ CONST PCHAR Delim)
{
PCHAR Last;
/*PCHAR Last;
PCHAR SpanP, Token;
INT C, SC;
@ -40,15 +40,14 @@ CONTINUE:
return Token;
}
} while (SC != ERROR_SUCCESS);
}
}*/
return NULL;
}
PWCHAR StringTokenW(_In_ PWCHAR String, _In_ CONST PWCHAR Delim)
{
PWCHAR Last;
/*PWCHAR Last;
PWCHAR SpanP, Token;
INT C, SC;
@ -86,8 +85,7 @@ CONTINUE:
return Token;
}
} while (SC != ERROR_SUCCESS);
}
}*/
return NULL;
}