VX API
1.0.0
VX-underground에 의해 관리 | 트위터에서 우리를 따르십시오 | vxug/샘플 페이지에서 맬웨어 샘플을 다운로드하십시오
버전 : 2.01.015
개발자 : Smelly__vx
VX-API는 악성 코드 개발을 돕기위한 악의적 인 기능 모음입니다. 이 레포 전체를 복제하고 다운로드 한 다음 Visual Studio 솔루션 파일을 열어 기능과 개념을 쉽게 탐색하는 것이 좋습니다.
일부 기능은 솔루션 파일 내에 존재하는 다른 기능에 따라 다를 수 있습니다. 여기에 제공된 솔루션 파일을 사용하면 어떤 다른 기능 및/또는 헤더 데이터가 필요한지보다 쉽게 식별 할 수 있습니다.
당신은 어떤 방식 으로든 자유롭게 사용할 수 있습니다. 이 전체 솔루션을 맬웨어 개념 증명 또는 빨간색 팀 참여에 사용할 필요는 없습니다. 이 프로젝트 내용을 원하는만큼 스트립, 복사, 붙여 넣기, 삭제 또는 편집하십시오.
| 기능 이름 | 오리지널 저자 |
|---|---|
| adfclosehandleoninvalidaddress | 체크 포인트 연구 |
| adfiscreateprocessdebugentcodeset | 체크 포인트 연구 |
| adfopenprocessoncsrss | 체크 포인트 연구 |
| CheckRemotedeBuggerPresent2 | 원자로 |
| ISDEBUGGERPRESENTEX | smelly__vx |
| ISINTELHARDWAREBREAKPOINGPORESENT | 체크 포인트 연구 |
| 기능 이름 | 오리지널 저자 |
|---|---|
| Hashstringdjb2 | 댄 번스타인 |
| Hashstringfowlernollvovariant1a | Glenn Fowler, Landon Curt Noll 및 Kiem-Phong Vo |
| HashstringJenkinsoneAtatime32bit | 밥 젠킨스 |
| Hashstringloselose | 브라이언 kernighan과 데니스 리치 |
| Hashstringrotr32 | T. 오시바 (1972) |
| Hashstringsdbm | 오잔 이이트 |
| 해시 스트링 슈퍼 파스 타시 | Paul Hsieh |
| Hashstringunknowngenerichash1a | 알려지지 않은 |
| Hashstringsiphash | ristbs |
| Hashstringmurmur | ristbs |
| createmd5hashfromfilepath | 마이크로 소프트 |
| CreatePseudorandominteger | 애플 (C) 1999 |
| CreatePseudorandomString | smelly__vx |
| 해시 파일 송재 호시 | smelly__vx |
| createpseudorandomintegerfromntdll | smelly__vx |
| lzmaxumucperperbuffer | smelly__vx |
| lzmaxumdecompressbuffer | smelly__vx |
| LZSTASTARDCOPPRESSBUFFER | smelly__vx |
| lzstandarddecompressbuffer | smelly__vx |
| xpresshuffmaxumumppressbuffer | smelly__vx |
| xpresshuffmaxumdecompressbuffer | smelly__vx |
| xpresshuffStandardArclessbuffer | smelly__vx |
| xpresshuffstandardDecompressbuffer | smelly__vx |
| xpressmaxumuctompressbuffer | smelly__vx |
| xpressmaxumdecompressbuffer | smelly__vx |
| XpressStandardERCOPPRESSBUFFER | smelly__vx |
| Xpress StandardDecompressbuffer | smelly__vx |
| extractfilesfromcabintotarget | smelly__vx |
| 기능 이름 | 오리지널 저자 |
|---|---|
| GetLasterrorfromteb | smelly__vx |
| GetLastntStatusfromteb | smelly__vx |
| rtlntstatustodoSerrorviaimport | 원자로 |
| GetLasterrorfromteb | smelly__vx |
| setlasterrorinteb | smelly__vx |
| setlastntstatusinteb | smelly__vx |
| Win32fromhresult | 레이몬드 첸 |
| 기능 이름 | 오리지널 저자 |
|---|---|
| amsibypassviapatternscan | ZeromemoryEx |
| 지연 외환 excuteOndisplayoff | am0nsec 및 smelly__vx |
| HookenginerestoreHeapFree | RAD9800 |
| Masqueradepebasexplorer | smelly__vx |
| 삭제되었습니다 | RAD9800 |
| RemovereGisterDllllOntification | Rad98, Peter Winter-Smith |
| SleepObfuscationViaVirtualProtect | 5pider |
| RTLSETBASEUNICODECOMMANDLINE | thewover |
| 기능 이름 | 오리지널 저자 |
|---|---|
| GetCurrentLocalefromTeb | 3xp0rt |
| getNumberOflinkeddlls | smelly__vx |
| getosbuildnumberfrompeb | smelly__vx |
| getosmajorversionfrompeb | smelly__vx |
| getosminorversionfrompeb | smelly__vx |
| getosplatformidfrompeb | smelly__vx |
| isnvidiagraphicscardpresent | smelly__vx |
| isprocessrunning | smelly__vx |
| isprocessRunningAsadmin | Vimal Shekar |
| getPidfromntQuerySystemInformation | smelly__vx |
| getpidfromwindowserminalservice | modexp |
| getpidfromwmicominterface | Aalimian 및 Modexp |
| GetPidfromenumprocesses | smelly__vx |
| getPidffidBruteforcing | modexp |
| getPidfromntQueryFileInformation | Modexp, Lloyd Davies, Jonas Lyk |
| getPidffidBruteforcingexw | Smelly__vx, Lloyd Davies, Jonas Lyk, Modexp |
| 기능 이름 | 오리지널 저자 |
|---|---|
| CreateLocalAppDataObjectPath | smelly__vx |
| CreateWindowsObjectPath | smelly__vx |
| GetCurrentDirectoryFromuserProcessParameters | smelly__vx |
| GetCurrentProcessIdfromTeb | 원자로 |
| GetCurrentUsersid | Giovanni Dicanio |
| GetCurrentWindowTextFromUserProcessParameter | smelly__vx |
| getfilesize | smelly__vx |
| getProcessHeapFromTeb | smelly__vx |
| getProcessPathfromloaderloadModule | smelly__vx |
| getProcessPathFromUserProcessParameters | smelly__vx |
| getsystemwindowsdirectory | Geoff Chappell |
| ispathvalid | smelly__vx |
| 재귀 findfile | 루크 |
| SetProcessPrivileGetoken | 마이크로 소프트 |
| isdllloaded | smelly__vx |
| tryloaddllmultimethod | smelly__vx |
| CreateThreadwaitforcompletion | smelly__vx |
| getProcessBinaryNamefromhwndw | smelly__vx |
| getbytearrayfromfile | smelly__vx |
| ex_gethandleOndevicehttpcommunication | x86matthew |
| isregistryKeyValid | smelly__vx |
| FastCallexeCutebinaryshellexecuteex | smelly__vx |
| GetCurrentProcessIdfromoffset | ristbs |
| getpebaseaddress | smelly__vx |
| ldrloadgetProcedUreadDress | C5Pider |
| ispesection | smelly__vx |
| AddsectionTopeFile | smelly__vx |
| writedatatopesection | smelly__vx |
| getPesectionsizeinByte | smelly__vx |
| readdatafrompesection | smelly__vx |
| GetCurrentProcessnoforward | 원자로 |
| GetCurrentthreadnoforward | 원자로 |
| 기능 이름 | 오리지널 저자 |
|---|---|
| getKusersharedData | Geoff Chappell |
| getModule HandleEx2 | smelly__vx |
| getpeb | 29a |
| getpebfromteb | 원자로 |
| GetProcaddress | 29A 볼륨 2, C5Pider |
| getProcadDressdjb2 | smelly__vx |
| getProcaddressfowlernollvovariant1a | smelly__vx |
| getProcAddressJenkinsoneatatime32bit | smelly__vx |
| GetProcaddressloselose | smelly__vx |
| getProcadDressRotr32 | smelly__vx |
| getProcaddresssdbm | smelly__vx |
| getProcaddresssuperfasthash | smelly__vx |
| getProcadDressunkNowngenerichash1 | smelly__vx |
| GetProcaddresssiphash | ristbs |
| GetProcaddressmurmur | ristbs |
| getrtluserprocessparameters | 원자로 |
| getteb | 원자로 |
| rtlloadpeheaders | smelly__vx |
| proxyworkitemloadLibrary | Rad98, Peter Winter-Smith |
| proxyregisterwaitloadlibrary | Rad98, Peter Winter-Smith |
| 기능 이름 | 오리지널 저자 |
|---|---|
| mpfgetlsapidfromservicemanager | modexp |
| mpfgetlsapidfromregistry | modexp |
| mpfgetlsapidfromnamedpipe | modexp |
| 기능 이름 | 오리지널 저자 |
|---|---|
| Urldownloadtofilesynchronous | Hans Passant |
| ConvertIPv4ipAddressStructureToString | smelly__vx |
| convertipv4stringtounsignedlong | smelly__vx |
| sendicmpechomessagetoipv4host | smelly__vx |
| ConvertIPv4ipadDressunsignedLongtoString | smelly__vx |
| dnsgetDomainnameipv4addressastring | smelly__vx |
| dnsgetDomainnameipv4addressunsignedlong | smelly__vx |
| getDomainnamefromunsignedlongipv4address | smelly__vx |
| getDomainnamefromipv4addressastring | smelly__vx |
| 기능 이름 | 오리지널 저자 |
|---|---|
| OlegetClipboardData | 마이크로 소프트 |
| mpfcomvssdeleteshadowvolumebackups | am0nsec |
| MPFCMODYIFYSHORTCUTTARGET | 알려지지 않은 |
| mpfcommonitorchromessessionOnce | smelly__vx |
| mpfextractmaliciouspayloadfromzipfilenopassword | 코두 |
| 기능 이름 | 오리지널 저자 |
|---|---|
| CreateProcessfromihxhelppaneserver | 제임스 포쇼 |
| CreateProcessfromihxinteractiveUser | 제임스 포쇼 |
| CreateProcessfromishelldispatchinvoke | 모하메드 Fakroud |
| CreateProcessfromshellexecuteinexplorerProcess | 마이크로 소프트 |
| CreateProcessViantCreateUserProcess | Captmeelo |
| CreateProcesswithcfguard | Smelly__vx와 Adam Chester |
| CreateProcessbywindowsrhotkey | smelly__vx |
| CreateProcessbywindowsrhotkeyEx | smelly__vx |
| CreateProcessfrominfsectioninstallstringnocab | smelly__vx |
| CreateProcessfrominfsetupcommand | smelly__vx |
| CreateProcessfrominfsectioninstallstringnocab2 | smelly__vx |
| CreateProcessfromieframeopenurl | smelly__vx |
| CreateProcessfrompcwutil | smelly__vx |
| CreateProcessfromshdocvwopenurl | smelly__vx |
| CreateProcessfromshell32shellexecrun | smelly__vx |
| MPFEXECUTE64BITPEBINGINMORYFROMBYTERRAYNORELOC | AAADDRESS1 |
| CreateProcessfromwmiwin32_processw | CIA |
| CreateProcessfromzipfldroutecall | smelly__vx |
| CreateProcessfromurlFileProtocolhandler | smelly__vx |
| CreateProcessfromurlopenurl | smelly__vx |
| CreateProcessfrommshtmlw | smelly__vx |
| 기능 이름 | 오리지널 저자 |
|---|---|
| mpficontrolinjection | Safebreach Labs |
| mpfpiqueueuserapcviaatombomb | Safebreach Labs |
| mpfpiwriteprocessmemorycreateTemoteThread | Safebreach Labs |
| mpfprocessinjectionviaprocessrefrection | 깊은 본능 |
| 기능 이름 | 오리지널 저자 |
|---|---|
| IECREATEFILE | smelly__vx |
| CopyFileViaSetUpCopyFile | smelly__vx |
| CreateFileFromdscopyfromsharedFile | 조나스 리크 |
| DeletEdirectoryandsubdataviadelnode | smelly__vx |
| deletefilewithcreatefileflag | smelly__vx |
| isprocessRunningAsadmin2 | smelly__vx |
| IECREATEDIRECTORY | smelly__vx |
| iedeletefile | smelly__vx |
| IEFINDFIRSTFILE | smelly__vx |
| iegetFileAttripitesex | smelly__vx |
| IemoveFileEx | smelly__vx |
| ieremovedirectory | smelly__vx |
| 기능 이름 | 오리지널 저자 |
|---|---|
| MPFSCEVIAIMMENUMINPUTCONTEXT | ALFAROM256, AAHMAD097 |
| MPFSCEVIACERTFINDCHAININSTORE | ALFAROM256, AAHMAD097 |
| MPFSCEVIAENUMPROPSEXW | ALFAROM256, AAHMAD097 |
| MPFSCEVIACREATETHREADPOOLWAIT | ALFAROM256, AAHMAD097 |
| mpfsceviacryptenumoidinfo | ALFAROM256, AAHMAD097 |
| MPFSCEVIADSA_ENUMCALLBACK | ALFAROM256, AAHMAD097 |
| MPFSCEVIACREATETIMERQUEUETIMER | ALFAROM256, AAHMAD097 |
| mpfsceviaevtsubscribe | ALFAROM256, AAHMAD097 |
| mpfsceviaflsalloc | ALFAROM256, AAHMAD097 |
| mpfsceviainitonceexecuteOnce | ALFAROM256, AAHMAD097 |
| mpfsceviaenumchildwindows | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIACDEFFOLDERMENU_CREATE2 | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIACERTENUMSYSTEMSTORE | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIACERTENUMSYSTEMSTORELOCATION | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIAENUMDATEFORMATSW | Alfarom256, AAHMAD097, WRA7H |
| mpfsceviaenumdesktopwindows | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIAENUMDESKTOPSW | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIAENUMDIRTREEW | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIAENUMDISPLAYMONITORS | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIAENUMFONTFAMILIESEXW | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIAENUMFONTSW | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIAENUMLUNGUAGEGROUPLOCALESW | Alfarom256, AAHMAD097, WRA7H |
| mpfsceviaenumobjects | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIAENUMRESOURCETYPESEXW | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIAENUMSYSTEMCODEPAGESW | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIAENUMSYSTEMGEOID | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIAENUMSYSTEMLANGUAGEGROUPSW | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIAENUMSYSTEMLOCALESEX | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIAENUMTHREADWINDOWS | Alfarom256, AAHMAD097, WRA7H |
| mpfsceviaenumtimeformatsex | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIAENUMUILANGUAGESW | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIAENUMWINDOWSTATIONSW | Alfarom256, AAHMAD097, WRA7H |
| mpfsceviaenumwindows | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIAENUMERATELODEDMODULES64 | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIAK32ENUMPAGEFILESW | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIAENUMPWRSCHEMES | Alfarom256, AAHMAD097, WRA7H |
| mpfsceviamessage boxindirectw | Alfarom256, AAHMAD097, WRA7H |
| mpfsceviachoosecolorw | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIACLUSWORKERCREATE | Alfarom256, AAHMAD097, WRA7H |
| mpfsceviasymenumprocesses | Alfarom256, AAHMAD097, WRA7H |
| mpfsceviaimagegetDigestStream | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIAVIERIFIERENUMERATERESOURCE | Alfarom256, AAHMAD097, WRA7H |
| mpfsceviasymenumsourcefiles | Alfarom256, AAHMAD097, WRA7H |
| 기능 이름 | 오리지널 저자 |
|---|---|
| BytearraytoChararray | smelly__vx |
| chararraytobytearray | smelly__vx |
| Shlwapicharstringtowchcharstring | smelly__vx |
| ShlwapiwCharStringtoCharstring | smelly__vx |
| Charstringtowcharstring | smelly__vx |
| WCHARLIGSTRINGTOTOSTRING | smelly__vx |
| rtlinitemptyUnicodestring | 원자로 |
| rtlinitunicodestring | 원자로 |
| Caplockstring | Simonc |
| copymemoryex | 원자로 |
| SecurestringCopy | 애플 (C) 1999 |
| String -Compare | 애플 (C) 1999 |
| StringConcat | 애플 (C) 1999 |
| StringCopy | 애플 (C) 1999 |
| StringFindSubstring | 애플 (C) 1999 |
| StringLength | 애플 (C) 1999 |
| StringLocateChar | 애플 (C) 1999 |
| StringRemovesUbstring | smelly__vx |
| StringTerminatestringatchar | smelly__vx |
| StringToken | 애플 (C) 1999 |
| ZeromemoryEx | 원자로 |
| ConvertCharacterStringTointEgerusingntdll | smelly__vx |
| MemoryFindMemory | 카밀 쿠크 |
| 기능 이름 | 오리지널 저자 |
|---|---|
| uacbypassfodhelpermethod | winscripting.blog |
| 기능 이름 | 오리지널 저자 |
|---|---|
| inithardwarebreakpointEngine | RAD98 |
| ShutdownHardwarebreakPointEngine | RAD98 |
| ExceptionHandlerCallbackroutine | RAD98 |
| 세드웨어 브레이크 포인트 | RAD98 |
| INSERTDESCRICTORENTRY | RAD98 |
| 제거 된 스크립트터링 | RAD98 |
| SnapShotInserThardWarebreakPoinThookIntOtArgetThread | RAD98 |
| 기능 이름 | 오리지널 저자 |
|---|---|
| GenericShellCodeHellowlDmessageBoxa | Safebreach Labs |
| GenericShellCodeHellowlDmessage BoxaeBFBloop | Safebreach Labs |
| genericshellcodeopencalcexitthread | msfvenom |
