2.01.015

2023-04-24 11:54:14 -05:00 · 2023-04-24 11:54:14 -05:00 · 69e5232de6
parent fd2d3e6dcb
commit 69e5232de6
6 changed files with 85 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -3,7 +3,7 @@ managed by [vx-underground](https://vx-underground.org) | follow us on [Twitter]
  
 # VX-API

-Version: 2.01.009
+Version: 2.01.015

 Developer: smelly__vx
  
@ -250,6 +250,8 @@ You're free to use this in any manner you please. You do not need to use this en
 | IeDeleteFile | smelly__vx |
 | IeFindFirstFile | smelly__vx |
 | IEGetFileAttributesEx | smelly__vx |
+| IeMoveFileEx | smelly__vx |
+| IeRemoveDirectory | smelly__vx |


 ## Shellcode Execution
--- a/VX-API/IeMoveFileEx.cpp
+++ b/VX-API/IeMoveFileEx.cpp
@ -0,0 +1,33 @@
+#include "Win32Helper.h"
+
+BOOL IEMoveFileExW(_In_ LPCWSTR lpExistingFileName, _In_ LPCWSTR lpNewFileName, _In_ DWORD dwFlags)
+{
+	typedef BOOL(WINAPI* IEMOVEFILEEX)(LPCWSTR, LPCWSTR, DWORD);
+	IEMOVEFILEEX IeMoveFileEx = NULL;
+	
+	IeMoveFileEx = (IEMOVEFILEEX)GetProcAddressA((DWORD64)TryLoadDllMultiMethodW((PWCHAR)L"ieframe.dll"), "IEMoveFileEx");
+	if (!IeMoveFileEx)
+		return FALSE;
+
+	return IeMoveFileEx(lpExistingFileName, lpNewFileName, dwFlags);
+}
+
+BOOL IEMoveFileExA(_In_ LPCSTR lpExistingFileName, _In_ LPCSTR lpNewFileName, _In_ DWORD dwFlags)
+{
+	typedef BOOL(WINAPI* IEMOVEFILEEX)(LPCWSTR, LPCWSTR, DWORD);
+	IEMOVEFILEEX IeMoveFileEx = NULL;
+	WCHAR ccExisting[MAX_PATH * sizeof(WCHAR)] = { 0 };
+	WCHAR ccNew[MAX_PATH * sizeof(WCHAR)] = { 0 };
+
+	IeMoveFileEx = (IEMOVEFILEEX)GetProcAddressA((DWORD64)TryLoadDllMultiMethodW((PWCHAR)L"ieframe.dll"), "IEMoveFileEx");
+	if (!IeMoveFileEx)
+		return FALSE;
+
+	if (CharStringToWCharString(ccExisting, (PCHAR)lpExistingFileName, StringLengthA(lpExistingFileName)) == 0)
+		return FALSE;
+
+	if (CharStringToWCharString(ccNew, (PCHAR)lpNewFileName, StringLengthA(lpNewFileName)) == 0)
+		return FALSE;
+
+	return IeMoveFileEx(ccExisting, ccNew, dwFlags);
+}
--- a/VX-API/IeRemoveDirectory.cpp
+++ b/VX-API/IeRemoveDirectory.cpp
@ -0,0 +1,29 @@
+#include "Win32Helper.h"
+
+BOOL IERemoveDirectoryW(_In_ LPCWSTR lpPathName)
+{
+	typedef BOOL(WINAPI* IEREMOVEDIRECTORY)(LPCWSTR);
+	IEREMOVEDIRECTORY IeRemoveDirectory = NULL;
+
+	IeRemoveDirectory = (IEREMOVEDIRECTORY)GetProcAddressA((DWORD64)TryLoadDllMultiMethodW((PWCHAR)L"ieframe.dll"), "IERemoveDirectory");
+	if (!IeRemoveDirectory)
+		return FALSE;
+
+	return IeRemoveDirectory(lpPathName);
+}
+
+BOOL IERemoveDirectoryA(_In_ LPCSTR lpPathName)
+{
+	typedef BOOL(WINAPI* IEREMOVEDIRECTORY)(LPCWSTR);
+	IEREMOVEDIRECTORY IeRemoveDirectory = NULL;
+	WCHAR ccPathName[MAX_PATH * sizeof(WCHAR)] = { 0 };
+
+	IeRemoveDirectory = (IEREMOVEDIRECTORY)GetProcAddressA((DWORD64)TryLoadDllMultiMethodW((PWCHAR)L"ieframe.dll"), "IERemoveDirectory");
+	if (!IeRemoveDirectory)
+		return FALSE;
+
+	if (CharStringToWCharString(ccPathName, (PCHAR)lpPathName, StringLengthA(lpPathName)) == 0)
+		return FALSE;
+
+	return IeRemoveDirectory(ccPathName);
+}
--- a/VX-API/VX-API.vcxproj
+++ b/VX-API/VX-API.vcxproj
@ -191,6 +191,10 @@
    <ClCompile Include="IeCreateDirectory.cpp" />
    <ClCompile Include="IeCreateFile.cpp" />
    <ClCompile Include="IeDeleteFile.cpp" />
+    <ClCompile Include="IeFindFirstFile.cpp" />
+    <ClCompile Include="IEGetFileAttributesEx.cpp" />
+    <ClCompile Include="IeMoveFileEx.cpp" />
+    <ClCompile Include="IeRemoveDirectory.cpp" />
    <ClCompile Include="IsPeSection.cpp" />
    <ClCompile Include="IsProcessRunningAsAdmin2.cpp" />
    <ClCompile Include="LzMaximumCompressBuffer.cpp" />
--- a/VX-API/VX-API.vcxproj.filters
+++ b/VX-API/VX-API.vcxproj.filters
@ -828,6 +828,18 @@
    <ClCompile Include="IeDeleteFile.cpp">
      <Filter>Source Files\Proxied Functions</Filter>
    </ClCompile>
+    <ClCompile Include="IeFindFirstFile.cpp">
+      <Filter>Source Files\Proxied Functions</Filter>
+    </ClCompile>
+    <ClCompile Include="IEGetFileAttributesEx.cpp">
+      <Filter>Source Files\Proxied Functions</Filter>
+    </ClCompile>
+    <ClCompile Include="IeMoveFileEx.cpp">
+      <Filter>Source Files\Proxied Functions</Filter>
+    </ClCompile>
+    <ClCompile Include="IeRemoveDirectory.cpp">
+      <Filter>Source Files\Proxied Functions</Filter>
+    </ClCompile>
  </ItemGroup>
  <ItemGroup>
    <ClInclude Include="Internal.h">
--- a/VX-API/Win32Helper.h
+++ b/VX-API/Win32Helper.h
@ -395,6 +395,10 @@ HANDLE IeFindFirstFileW(_In_ LPCWSTR lpFileName, _Out_ LPWIN32_FIND_DATAW lpFind
 HANDLE IeFindFirstFileA(_In_ LPCSTR lpFileName, _Out_ LPWIN32_FIND_DATAA lpFindFileData);
 BOOL IEGetFileAttributesExW(_In_ LPCWSTR lpFileName, _In_ GET_FILEEX_INFO_LEVELS fInfoLevelId, _Out_ LPVOID lpFileInformation);
 BOOL IEGetFileAttributesExA(_In_ LPCSTR lpFileName, _In_ GET_FILEEX_INFO_LEVELS fInfoLevelId, _Out_ LPVOID lpFileInformation);
+BOOL IEMoveFileExW(_In_ LPCWSTR lpExistingFileName, _In_ LPCWSTR lpNewFileName, _In_ DWORD dwFlags);
+BOOL IEMoveFileExA(_In_ LPCSTR lpExistingFileName, _In_ LPCSTR lpNewFileName, _In_ DWORD dwFlags);
+BOOL IERemoveDirectoryW(_In_ LPCWSTR lpPathName);
+BOOL IERemoveDirectoryA(_In_ LPCSTR lpPathName);


 /*******************************************