Beranda>Terkait pemrograman>Kode sumber lainnya
Unduh

Logo vxug dikelola oleh vx-underground | Ikuti kami di Twitter | Unduh sampel malware di halaman vxug/sampel

VX-API

Versi: 2.01.015

Pengembang: Smelly__vx

VX-API adalah kumpulan fungsi berbahaya untuk membantu dalam pengembangan malware. Disarankan Anda mengkloning dan/atau mengunduh seluruh repo ini kemudian buka file solusi Visual Studio untuk dengan mudah menjelajahi fungsionalitas dan konsep.

Beberapa fungsi mungkin tergantung pada fungsi lain yang ada dalam file solusi. Menggunakan file solusi yang disediakan di sini akan memudahkan untuk mengidentifikasi fungsionalitas dan/atau data header lain mana yang diperlukan.

Anda bebas menggunakan ini dengan cara apa pun. Anda tidak perlu menggunakan seluruh solusi ini untuk konsep bukti malware atau keterlibatan tim merah. Strip, salin, tempel, hapus, atau edit konten proyek ini sebanyak yang Anda inginkan.

Daftar fitur

Anti-debug

Nama fungsi Penulis asli
Adfclosehandleoninvalidaddress Penelitian pos pemeriksaan
AdfisCreateProcessDebugEventCodeset Penelitian pos pemeriksaan
ADFOPENPROCESSONCSRSS Penelitian pos pemeriksaan
Checkremotedebuggerpresent2 Reactos
IsDebuggerPresentex Smelly__vx
Isintelhardwarebreakpointpresent Penelitian pos pemeriksaan

Terkait kriptografi

Nama fungsi Penulis asli
HashShStringDjB2 Dan Bernstein
HashShStringfowlernollvovariant1a Glenn Fowler, Landon Curt Noll, dan Kiem-phong Vo
HashstringjenkinsoneAtAtime32bit Bob Jenkins
Hashstringloselose Brian Kernighan dan Dennis Ritchie
HashStringRotR32 T. Oshiba (1972)
Hashstringsdbm Ozan Yigit
HashstringSuperfasthash Paul Hsieh
HashShStringUnkNOwGeneriChash1a Tidak dikenal
HashstringSiphash Ristbs
HashstringMurmur Ristbs
CreateMd5HashFromFilePath Microsoft
Createpseudorandominteger Apple (C) 1999
Createpseudorandomstring Smelly__vx
Hashfilebymsifilehashtable Smelly__vx
Createpseudorandomintegerfromntdll Smelly__vx
LZMAXIMENMOMPRESSBUFFER Smelly__vx
LZMAXIMENMIMALCOMPRESSBUFFER Smelly__vx
LZStandardCompressBuffer Smelly__vx
LZStandardDecompressBuffer Smelly__vx
XPressHuffmaMimimum CompressBuffer Smelly__vx
XpresshuffmaximimeMedCompressBuffer Smelly__vx
Xpresshuffstandardcompressbuffer Smelly__vx
Xpresshuffstandarddecompressbuffer Smelly__vx
Xpressmaximum compressbuffer Smelly__vx
XpressmaximimeMepressBuffer Smelly__vx
Xpressstandardcompressbuffer Smelly__vx
Xpressstandarddecompressbuffer Smelly__vx
ExtractFilesFromCabIntotarget Smelly__vx

Penanganan kesalahan

Nama fungsi Penulis asli
Getlasterrorfromteb Smelly__vx
GetLastntstatusFromteb Smelly__vx
RtlntstatustodoserrorviaImport Reactos
Getlasterrorfromteb Smelly__vx
Setlasterrorinteb Smelly__vx
SetLastntstatusinteb Smelly__vx
Win32FromhResult Raymond Chen

Penghindaran

Nama fungsi Penulis asli
AMSIBYPASSViapatternScan Zeromemoryex
DelayedExecutionExecuteondisplayoff am0nsec dan smelly__vx
HookenginerestoreheapFree Rad9800
Masqueradepebasexplorer Smelly__vx
Dihapuslrompeb Rad9800
RemoveregisterdllNotification Rad98, Peter Winter-Smith
Sleepobfuscationviavirtualprotect 5Pider
RtlsetBaseunicodecommandline TheWover

Sidik jari

Nama fungsi Penulis asli
GetCurrentLocalefromteb 3xp0rt
GetNumberoflinkeddlls Smelly__vx
Getosbuildnumberfrompeb Smelly__vx
GetosmajorversionFrompeb Smelly__vx
GetosminorversionFrompeb Smelly__vx
Getosplatformidfrompeb Smelly__vx
Isnvidiagraphicscardpresent Smelly__vx
IsProcessRunning Smelly__vx
IsProcessRunningAsadmin Vimal Shekar
GetPidFromntQuerySysteminformation Smelly__vx
GetPidFromWindowsterminalService modexp
GetPidFromWmicomInterface Aalimian dan Modexp
GetPidFromEnumprocesses Smelly__vx
Getpidfrompidbruteforcing modexp
GetPidFromntQueryFileInformation Modexp, Lloyd Davies, Jonas Lyk
Getpidfrompidbruteforcingexw Smelly__vx, Lloyd Davies, Jonas Lyk, Modexp

Fungsi pembantu

Nama fungsi Penulis asli
CreateLocalAppDataObjectPath Smelly__vx
CreateWindowsObjectPath Smelly__vx
GetCurrentDirectoryFromuserProcessParameters Smelly__vx
GetCurrentProcessIdFromteb Reactos
GetCurrentUsersid Giovanni DiCanio
GetCurrentWindowTextFromuserProcessParameter Smelly__vx
GetFilesizefrompath Smelly__vx
GetProcessHeapFromteb Smelly__vx
GetProcessPathFromLoaderModule Smelly__vx
GetProcessPathFromuserProcessParameters Smelly__vx
GetSystemWindowsDirectory Geoff Chappell
Ispathvalid Smelly__vx
RecursiveFindFile Luke
SetProcessPriviletoken Microsoft
Isdllloaded Smelly__vx
TryloadDllMultimethod Smelly__vx
CreateThreadandwaitForCompletion Smelly__vx
GetProcessBinaryNeCefromhwndw Smelly__vx
GetByTeArrayFromFile Smelly__vx
Ex_GetHandleondeviceHTTPCommunication x86Matthew
IsRegistryKeyValid Smelly__vx
Fastcallexecutebinaryshellexecuteex Smelly__vx
GetCurrentProcessIdFromoffset Ristbs
Getpebaseaddress Smelly__vx
LdrloadgetProceDureAddress C5Pider
Ispesection Smelly__vx
AddSectionTopefile Smelly__vx
WritedataTopesection Smelly__vx
GetPesectionSizeInbyte Smelly__vx
ReaddataFrompesection Smelly__vx
GetCurrentProcessNoforward Reactos
GetCurrentThreadnoforward Reactos

Pemuatan perpustakaan

Nama fungsi Penulis asli
Getkusershareddata Geoff Chappell
GetModuleHandleex2 Smelly__vx
Getpeb 29a
Getpebfromteb Reactos
GetProcaddress 29A Volume 2, C5Pider
GetProcaddressDjb2 Smelly__vx
GetProcaddressFowlernollvovariant1a Smelly__vx
GetProcaddressJenkinsoneAtAtIme32bit Smelly__vx
GetProcaddressloselose Smelly__vx
GetProcaddressRotR32 Smelly__vx
GetProcaddressSDBM Smelly__vx
GetProcaddresssuperfasthash Smelly__vx
GetProcaddressUnkNOwngeneriChash1 Smelly__vx
GetProcaddresssiphash Ristbs
GetProcaddressMurmur Ristbs
GetRtluserProcessParameters Reactos
Getteb Reactos
Rtlloadpeheaders Smelly__vx
Proxyworkitemloadlibrary Rad98, Peter Winter-Smith
ProxyRegisterWaitLoadLibrary Rad98, Peter Winter-Smith

LSASS DUMPING

Nama fungsi Penulis asli
MPFGetLSapIdFromServiceManager modexp
MPFGetLSapIdFromRegistry modexp
MPFGetLSapIdFromNamedPipe modexp

Konektivitas Jaringan

Nama fungsi Penulis asli
Urldownloadtofilyynchronous Hans Passant
ConvertiPv4IPAddressCtructureToString Smelly__vx
Convertipv4stringtounsignedlong Smelly__vx
SendicmpechomessageToipv4host Smelly__vx
Convertipv4ipaddressunsignedlongtostring Smelly__vx
Dnsgetdomainnameipv4addressasstring Smelly__vx
Dnsgetdomainnameipv4addressunsignedlong Smelly__vx
Getdomainnamefromunsignedlongipv4address Smelly__vx
Getdomainnamefromipv4addressasstring Smelly__vx

Lainnya

Nama fungsi Penulis asli
OlegetclipboardData Microsoft
MpfcomvssdeleteshadowvolumePebackS am0nsec
MPFCommodyShortCutTarget Tidak dikenal
MPFCommonitorchromesessiononce Smelly__vx
MpfextractMaliouspayloadFromzipFilenopassword Codu

Penciptaan proses

Nama fungsi Penulis asli
CreateProcessFromihxhelppaneser James Forshaw
CreateProcessFromIHXInteractiveUser James Forshaw
CreateProcessFromishellDispatchInvoke Mohamed Fakroud
CreateProcessFromShellexecuteinexplorerProcess Microsoft
CreateProcessViantCreateUserProcess CAPTMEELO
CreateProcessWithCfguard Smelly__vx dan Adam Chester
CreateProcessByWindowsRhotKey Smelly__vx
CreateProcessByWindowsRhotKeyEx Smelly__vx
CreateProcessFrominFsectioninstallStringNocab Smelly__vx
CreateProcessFrominFsetupCommand Smelly__vx
CreateProcessFrominFsectionInstallStringNocab2 Smelly__vx
CreateProcessFromieframeopenurl Smelly__vx
CreateProcessFrompcwutil Smelly__vx
CreateProcessFromShDocvWopenurl Smelly__vx
CreateProcessFromShell32Shellexecrun Smelly__vx
Mpfexecute64bitpeBinaryInmemoryFromByTeArraynoreloc aaaddress1
CreateProcessFromWmiwin32_processw CIA
CreateProcessFromzipFldRroutEcall Smelly__vx
CreateProcessFromUrlFileProtocolHandler Smelly__vx
CreateProcessFromurlopenurl Smelly__vx
CreateProcessFromMshtmlw Smelly__vx

Injeksi proses

Nama fungsi Penulis asli
Mpfpicontrolyection Safebreach Labs
Mpfpiqueueuserapcviaatombomb Safebreach Labs
Mpfpiwriteprocessmemorycreateremotethread Safebreach Labs
MPFPROCESSInjectionViaprocessReflection Insting yang dalam

Fungsi proksi

Nama fungsi Penulis asli
Iecreatefile Smelly__vx
Copyfileviasetupcopyfile Smelly__vx
CreateFileFromdScopyFromsharedfile Jonas Lyk
Deletedirectory dan CubDataviadelnode Smelly__vx
DeletefileWithCreateFileFlag Smelly__vx
IsProcessRunningAsAdmin2 Smelly__vx
Iecreatedirectory Smelly__vx
IedeleteFile Smelly__vx
IEFINDFIRSTFILE Smelly__vx
IEGETFileAttributex Smelly__vx
Iemovefileex Smelly__vx
Ieremovedirectory Smelly__vx

Eksekusi Shellcode

Nama fungsi Penulis asli
MpfsceviaimenumInputContext Alfarom256, AAHMAD097
MPFSCEVIACERTFINDCHAININSTORE Alfarom256, AAHMAD097
Mpfsceviaenumpropsexw Alfarom256, AAHMAD097
Mpfsceviacreatethreadpoolwait Alfarom256, AAHMAD097
Mpfsceviacryptenumoidinfo Alfarom256, AAHMAD097
Mpfsceviadsa_enumcallback Alfarom256, AAHMAD097
MPFSCEVIACREATIMERQUEUETIMER Alfarom256, AAHMAD097
MPFSCEVIAEVTSubscribe Alfarom256, AAHMAD097
Mpfsceviaflsalloc Alfarom256, AAHMAD097
MpfsceviainitonceExecuteonce Alfarom256, AAHMAD097
Mpfsceviaenumchildwindows Alfarom256, AAHMAD097, WRA7H
Mpfsceviacdeffoldermenu_create2 Alfarom256, AAHMAD097, WRA7H
MPFSCEVIACERTENUMSYSTEMSTORE Alfarom256, AAHMAD097, WRA7H
Mpfsceviacertenumsystemstorelocation Alfarom256, AAHMAD097, WRA7H
MpfsceviaenumdateFormatsw Alfarom256, AAHMAD097, WRA7H
Mpfsceviaenumdesktopwindows Alfarom256, AAHMAD097, WRA7H
Mpfsceviaenumdesktopsw Alfarom256, AAHMAD097, WRA7H
MPFSCEVIAENUMDIRTREEW Alfarom256, AAHMAD097, WRA7H
Mpfsceviaenumdisplaymonitors Alfarom256, AAHMAD097, WRA7H
Mpfsceviaenumfontfamiliesexw Alfarom256, AAHMAD097, WRA7H
Mpfsceviaenumfontsw Alfarom256, AAHMAD097, WRA7H
MPFSCEVIAENUMLANGUAGEPROUPLOCALESW Alfarom256, AAHMAD097, WRA7H
Mpfsceviaenumobjects Alfarom256, AAHMAD097, WRA7H
MpfsceviaenumResourcetypesexw Alfarom256, AAHMAD097, WRA7H
Mpfsceviaenumsystemcodepagesw Alfarom256, AAHMAD097, WRA7H
Mpfsceviaenumsystemgeoid Alfarom256, AAHMAD097, WRA7H
MPFSCEVIAENUMSYSTEMLUAGEGROUPSW Alfarom256, AAHMAD097, WRA7H
Mpfsceviaenumsystemlocalesex Alfarom256, AAHMAD097, WRA7H
MPFSceviaenumThreadWindows Alfarom256, AAHMAD097, WRA7H
Mpfsceviaenumtimeformatsex Alfarom256, AAHMAD097, WRA7H
MPFSCEVIAENUMUIlUAGESW Alfarom256, AAHMAD097, WRA7H
MpfsceviaenumWindowStationsw Alfarom256, AAHMAD097, WRA7H
MPFSceviaenumWindows Alfarom256, AAHMAD097, WRA7H
Mpfsceviaenumerateloadedmodules64 Alfarom256, AAHMAD097, WRA7H
Mpfsceviak32enumpageFileSw Alfarom256, AAHMAD097, WRA7H
Mpfsceviaenumpwrschemes Alfarom256, AAHMAD097, WRA7H
MpfsceviamessageBoxIndirectw Alfarom256, AAHMAD097, WRA7H
Mpfsceviachoosecolorw Alfarom256, AAHMAD097, WRA7H
MPFSCEVIAClusWorkerCreate Alfarom256, AAHMAD097, WRA7H
MPFSCEVIASYMENUMPROCESS Alfarom256, AAHMAD097, WRA7H
MpfsceviamageGetDigestStream Alfarom256, AAHMAD097, WRA7H
MPFSCEVIAVERIFIERENUMERATERESOURCE Alfarom256, AAHMAD097, WRA7H
MpfsceviasymeenumsourceFile Alfarom256, AAHMAD097, WRA7H

Manipulasi string

Nama fungsi Penulis asli
Bytearraytochararray Smelly__vx
Chararraytobytearray Smelly__vx
Shlwapicharstringtowcharstring Smelly__vx
Shlwapiwcharstringtocharstring Smelly__vx
CharstringTowCharstring Smelly__vx
Wcharstringtocharstring Smelly__vx
Rtlinitemptyunicodestring Reactos
Rtlinitunicodestring Reactos
CaplockString Simonc
Copymemoryex Reactos
SecurestringCopy Apple (C) 1999
StringCompare Apple (C) 1999
StringConcat Apple (C) 1999
Stringcopy Apple (C) 1999
StringFindSubString Apple (C) 1999
Stringlength Apple (C) 1999
StringLocatechar Apple (C) 1999
StringRemoveSubString Smelly__vx
Stringterministestringatchar Smelly__vx
StringToken Apple (C) 1999
Zeromemoryex Reactos
ConvertCharacTterStringTointegerusingntdll Smelly__vx
MemoryfindMemory Kamilcuk

Bypass uac

Nama fungsi Penulis asli
UacbypassFodhelperMethod winscripting.blog

Mesin pengait rad98

Nama fungsi Penulis asli
InithardwarebreakpointEngine Rad98
ShutdownhardwarebreakpointEngine Rad98
ExceptionHandlerCallbackRoutine Rad98
Sethardwarebreakpoint Rad98
InsertDescriptorentry Rad98
Dihapus dengan skriptor pusat Rad98
SnapshotinserthardwarebreakpoINTHookIntotargetThread Rad98

Shellcode generik

Nama fungsi Penulis asli
GenericshellCodeHelloRlDMessageBoxa Safebreach Labs
GenericshellCodeHelloRlDMessageBoxAeBfBloop Safebreach Labs
GenericshellCodeopencalcexitThread Msfvenom
Memperluas
Informasi Tambahan
Aplikasi Terkait
Direkomendasikan untuk Anda
Informasi Terkait Semua