Simple infector (with UAC bypass + silent autostart)

[TheLord]

I made this code for education purpose.
What does it do?
-Disable UAC via regkey
-Adding prepared regkey to ActiveSetup branch (undetectable autostart)
-Copying itselfs onto %CommonProgramFiles%

I know there is better way to disable UAC but i dont publish it here. Why? I suggest to dig around on your own, its better than ctrl+c ctrl+v
This code may alarm AV scanners. Trust me, if you gain some experience, you will find out why e.g. malloc 100M returning NULL on dynamic AV emulation

Ofc, you can write own crypter (better do not release it, will work longer) e.g. changing CALL xxxxx onto spaghetti JMP over the sections. It changing whole structure, but dont break the code.
With this code you can write anything you want to. Bot, keylogger, backdoor, adware shit. You can write some funny shit to, e.q. change ModuleHandle of explorer.exe via PEB and TEB rewrite, or starts any process with Critical process flag.

Hidden Content
You'll be able to see the hidden content once you reply to this topic or

Please Login or Register to see this Hidden Content

.

[hackercroll]

Thank you theLord really appreciated

[Zoinexion]

The auto start method seems quite interesting.

[TheLord]

It uses ActiveSetup. This function of Windows is uses only when e.g. new user was created and default apps are need to install. But with every startup of infector, it generates new GUID so it "bypassing" one-shoot of ActiveSetup

[pruned_14736011]

big fan of your work thanks.

[hardrive]

Thx!!!

[kthx]

thx I take a look at it too

 

edit: what is the callme() function and why is it never called? lol... Just curious

Edited by kthx, 20 February 2015 - 03:25 AM.

[olen111]

nice post bro i hope you have another code

[morgana]

^^

[daYMAN007]

ty