VX API
1.0.0
Gerenciado por VX-Underground | Siga -nos no Twitter | Baixe amostras de malware na página VXUG/Amostras
Versão: 2.01.015
Desenvolvedor: Smelly__vx
O VX-API é uma coleção de funcionalidade maliciosa para ajudar no desenvolvimento de malware. Recomenda -se que você clone e/ou faça o download de todo o repositório inteiro e abra o arquivo de solução do Visual Studio para explorar facilmente a funcionalidade e os conceitos.
Algumas funções podem depender de outras funções presentes no arquivo de solução. O uso do arquivo de solução fornecido aqui facilitará a identificação de quais outras funcionalidades e/ou dados do cabeçalho são necessários.
Você é livre para usar isso da maneira que quiser. Você não precisa usar toda essa solução para seus conceitos de prova de malware ou compromissos da equipe vermelha. Despir, copie, cole, exclua ou edite este projeta o conteúdo do quanto quiser.
| Nome da função | Autor original |
|---|---|
| AdfcloseHandleonInValidDress | Pesquisa do ponto de verificação |
| AdfiscreateProcessDebUgeventCodeset | Pesquisa do ponto de verificação |
| Adfopenprocesconcsrss | Pesquisa do ponto de verificação |
| CheckRemoTedeBuggerPresent2 | Reactos |
| ISDEBUGGERSTEMEX | Smelly__vx |
| IsintelHardwarebreakpointpresent | Pesquisa do ponto de verificação |
| Nome da função | Autor original |
|---|---|
| Hashstringdjb2 | Dan Bernstein |
| HashstringfowlnOllVovariant1a | Glenn Fowler, Landon Curt Noll e Kiem-Phong |
| Hashstringjenkinsoneatatime32bit | Bob Jenkins |
| HashstringloseLose | Brian Kernighan e Dennis Ritchie |
| Hashstringrotr32 | T. Oshiba (1972) |
| Hashstringsdbm | Ozan Yigit |
| Hashstringsuperfasthash | Paul Hsieh |
| Hashstringunknowngenerichash1a | Desconhecido |
| Hashstringsiphash | Ristbs |
| HashstringMurmur | Ristbs |
| CreateMd5hashFromFilePath | Microsoft |
| CreatePseudorandominteger | Apple (C) 1999 |
| CreatePseudorandomstring | Smelly__vx |
| HashfileBymsifileHashTable | Smelly__vx |
| CreatePseudorandomintegerFromntdll | Smelly__vx |
| LzmaximumcompressBuffer | Smelly__vx |
| LzmaximumdecompressBuffer | Smelly__vx |
| LzstandardCompressBuffer | Smelly__vx |
| LzstandarddDecompressBuffer | Smelly__vx |
| XPressHuffMaximumCompressBuffer | Smelly__vx |
| XPressHuffMaximumDecompressBuffer | Smelly__vx |
| XPressHuffStandardCompressBuffer | Smelly__vx |
| XPressHuffStandarddDecompressBuffer | Smelly__vx |
| XPressMaximumCompressBuffer | Smelly__vx |
| XpressMaximumDecomPressBuffer | Smelly__vx |
| XPressStandardCompressBuffer | Smelly__vx |
| XPressStandarddDecompressBuffer | Smelly__vx |
| ExtractfilesFromCabintoTarget | Smelly__vx |
| Nome da função | Autor original |
|---|---|
| GetLasterRorFromTeB | Smelly__vx |
| GetLastntStatusFromTeB | Smelly__vx |
| RtlntStatustodoserrorViaimport | Reactos |
| GetLasterRorFromTeB | Smelly__vx |
| SetlasterRorInteb | Smelly__vx |
| SetLastntStatusInteb | Smelly__vx |
| Win32FromHresult | Raymond Chen |
| Nome da função | Autor original |
|---|---|
| Amsibypassviapatternscan | ZeromemoryEx |
| TouchedExecutionExecUtendisplayoff | AM0NSEC e Smelly__vx |
| HookengineRestoreHeapFree | RAD9800 |
| MasqueradeepeBasexPlorer | Smelly__vx |
| Removedllfrompeb | RAD9800 |
| Removeregisterdllnotification | Rad98, Peter Winter-Smith |
| SleepObfuscationViavirtualProtect | 5pider |
| RtlSetBaseunicodECommandline | A owover |
| Nome da função | Autor original |
|---|---|
| GetCurrentLocale deMteb | 3xp0rt |
| GetNumberOflinkedDlls | Smelly__vx |
| GetosbuildNumberFrompeB | Smelly__vx |
| Getosmajorversionfropheb | Smelly__vx |
| GetosMinorversionFropheB | Smelly__vx |
| GetosplatformidFroMpeB | Smelly__vx |
| IsnvidiagraphicscardPresent | Smelly__vx |
| Isprocessrunning | Smelly__vx |
| Isprocessrunningasadmin | Vimal Shekar |
| GetpidFromntQuerySystemInformation | Smelly__vx |
| GetpidFromWindowsTerMinalService | MODEXP |
| GetpidFromwmicomInterface | Aalimian e ModExp |
| GetpidFromenumprocessos | Smelly__vx |
| GetpidFropidBrutesting | MODEXP |
| GetpidFromntQueryFileInformation | MODEXP, LLOYD DAVIES, JONAS LYK |
| GetpidFropidBruteForcingExw | Smelly__vx, Lloyd Davies, Jonas Lyk, ModExp |
| Nome da função | Autor original |
|---|---|
| CreateLocalAppDataObjectPath | Smelly__vx |
| CreateWindowsObjectPath | Smelly__vx |
| GetCurrentDirectoryFromUserProcesParameters | Smelly__vx |
| GetCurrentProcessIdFromTeB | Reactos |
| GetCurrentUsersid | Giovanni Dicanio |
| GetCurrentWindowTextFromUserProcessParameter | Smelly__vx |
| GetFilesizefrompath | Smelly__vx |
| GetProcessHeapFromTeB | Smelly__vx |
| GetProcessPathFromloadLoadModule | Smelly__vx |
| GetProcessPathFromUserProcessParameters | Smelly__vx |
| GetSystemWindowsDirectory | Geoff Chappell |
| IsPathvalid | Smelly__vx |
| RecursiveFindFile | Luke |
| SetProcessPrivilegeGenoken | Microsoft |
| ISDLLLOUNDED | Smelly__vx |
| Tryloaddllmultimethod | Smelly__vx |
| CreateTheReadAndWaitForCompletion | Smelly__vx |
| GetProcessBinaryNameFromhwndw | Smelly__vx |
| GetByteArrayFromFile | Smelly__vx |
| Ex_gethandleondeviceHttpCommunication | x86Matthew |
| IsregistryKeyValid | Smelly__vx |
| FastCallexECUteBinaryShellexExteex | Smelly__vx |
| GetCurrentProcessIdFromOffset | Ristbs |
| GetPeBaseAddress | Smelly__vx |
| LdrloadGetProcedUreaddress | c5pider |
| Ispesecção | Smelly__vx |
| AddSectionTopeFile | Smelly__vx |
| Writedatatopesecção | Smelly__vx |
| GetpeSectionSizeinByte | Smelly__vx |
| ReadDataFroSection | Smelly__vx |
| GetCurrentprocessnoforward | Reactos |
| GetCurrentThreadnoforward | Reactos |
| Nome da função | Autor original |
|---|---|
| Getkusershareddata | Geoff Chappell |
| GetModuleHandleEx2 | Smelly__vx |
| Getpeb | 29a |
| Getpebfromteb | Reactos |
| GetProcaddress | 29a Volume 2, C5pider |
| GetProcadDressDJB2 | Smelly__vx |
| GetProcaddressfowlnollVovariant1a | Smelly__vx |
| GetProcaddressjenkinsoneatatime32bit | Smelly__vx |
| GetProcaddressloseLose | Smelly__vx |
| GetProcAddressRotr32 | Smelly__vx |
| GetProcaddresssdbm | Smelly__vx |
| GetProcaddressSuperfasthash | Smelly__vx |
| GetProcaddressunknownGenerichash1 | Smelly__vx |
| GetProcaddressSiphash | Ristbs |
| GetProcaddressmurmur | Ristbs |
| GetrtLUserProcessParameters | Reactos |
| Getteb | Reactos |
| RtllOadpeHeaders | Smelly__vx |
| ProxyworkItemloadlibrary | Rad98, Peter Winter-Smith |
| ProxyRegisterWaitLoadLibrary | Rad98, Peter Winter-Smith |
| Nome da função | Autor original |
|---|---|
| MpfgetlSapidFromServicemanager | MODEXP |
| MPFGETLSAPIDFROGistry | MODEXP |
| MpfgetlSapidFromNamedPipe | MODEXP |
| Nome da função | Autor original |
|---|---|
| URLDOWNLOADTOFILESSÍNICO | Hans Passant |
| Convertipv4ipaddressStructureToString | Smelly__vx |
| Convertipv4StringTounsignedlong | Smelly__vx |
| SendicMPechomessageTOIPV4Host | Smelly__vx |
| Convertipv4ipaddressUnsignedlongToString | Smelly__vx |
| DnsgetDomainNameipv4Addressasstring | Smelly__vx |
| DnsgetDomainNameipv4AddressUnSignedlong | Smelly__vx |
| GetDomainNameFROMUNSIGNEDLONGIPV4Address | Smelly__vx |
| GetDomainNameFromipv4Addressasstring | Smelly__vx |
| Nome da função | Autor original |
|---|---|
| OlegetClipboardData | Microsoft |
| MPFCOMVSSDELETESHADOWVOLumeBackups | AM0NSEC |
| MpfCommodifyShortCutTarget | Desconhecido |
| MPFCommonitorChromesessionOnce | Smelly__vx |
| MpfextractMaliciousPayLoadFromzipFileNoPassword | CODU |
| Nome da função | Autor original |
|---|---|
| CreateProcessFromiHxHelpPaneServer | James Forshaw |
| CreateProcessFromiHXInteractiveUser | James Forshaw |
| CreateProcessFromishellDispatchInVoke | Mohamed Fakroud |
| CREATEPROCESSFROMSHELLEXECUTEINEXPLORERPROCESS | Microsoft |
| CreateProcessViantCreateUserProcess | CAPTMEELO |
| CreateProcessWithCfGuard | Smelly__vx e Adam Chester |
| CreateProcessByWindowsrhotKey | Smelly__vx |
| CreateProcessByWindowsrhotKeyEx | Smelly__vx |
| CreateProcessFROMInfSectionInstallstringNocab | Smelly__vx |
| CreateProcessFrominfsetupCommand | Smelly__vx |
| CreateProcessFrominfSectionInstallSTringNocab2 | Smelly__vx |
| CreateProcessFromiefRameopenurl | Smelly__vx |
| CreateProcessFrumcwutil | Smelly__vx |
| CreateProcessFromShDocvwopenurl | Smelly__vx |
| CREATEPROCESSFROMSHELL32SHELLEXECRUN | Smelly__vx |
| Mpfexecute64bitpeBinaryInMemoryFRombyteArrayNoreloc | aaaddress1 |
| CREATEPROCESSFROMWMIWIN32_PROCESSW | CIA |
| CreateProcessFromzipfldrRoutecall | Smelly__vx |
| CREATEPROCESSFROMURLFILEPROTOCOLHANDLER | Smelly__vx |
| CreateProcessFromurLopenurl | Smelly__vx |
| CreateProcessFrommshtmlw | Smelly__vx |
| Nome da função | Autor original |
|---|---|
| MPFPICONTROLINCINÇÃO | Laboratórios SafeBreach |
| MpfpiqueueUserapcviaAtombomb | Laboratórios SafeBreach |
| MpfpiWriteProcessMemoryCreamOteThread | Laboratórios SafeBreach |
| MPFProcessInjectionViaProcessReflection | Instinto profundo |
| Nome da função | Autor original |
|---|---|
| Iecreatefile | Smelly__vx |
| CopyFileViaSetupCopyFile | Smelly__vx |
| CreatefileFromdsCopyFromSharedFile | Jonas Lyk |
| DeleteDirectoryandSubdatAdelNode | Smelly__vx |
| DeleteFileWithCreateFileFlag | Smelly__vx |
| Isprocessrunningasadmin2 | Smelly__vx |
| ICREATEDIRECTORY | Smelly__vx |
| IEDELETEFILE | Smelly__vx |
| Iefindfirstfile | Smelly__vx |
| IEgetFileAttributerEx | Smelly__vx |
| IEmoveFileEx | Smelly__vx |
| IEREMOVEDIRECORY | Smelly__vx |
| Nome da função | Autor original |
|---|---|
| MPFSCEVIAIMENUMPTUTCONTEXT | Alfarom256, AAHMAD097 |
| MpfsceviacertfindchainInstore | Alfarom256, AAHMAD097 |
| Mpfsceviaenumpropsexw | Alfarom256, AAHMAD097 |
| MPFSCEVIACREATETHREADPOOLWAIT | Alfarom256, AAHMAD097 |
| Mpfsceviacryptenumoidinfo | Alfarom256, AAHMAD097 |
| MPFSCEVIADSA_ENUMCALLBACK | Alfarom256, AAHMAD097 |
| MPFSCEVIAcreateTimerQueuetimer | Alfarom256, AAHMAD097 |
| MPFSCEVIAEVTSubscribe | Alfarom256, AAHMAD097 |
| MpfsceviaflsAlloc | Alfarom256, AAHMAD097 |
| MpfsceviainitonceExecuteOnce | Alfarom256, AAHMAD097 |
| Mpfsceviaenumchildwindows | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIACDEFFOLDERMENU_CREATE2 | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIACERTENUMSYSTERSTORE | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIACERTENUMSYSTEMSTORELOCATION | Alfarom256, AAHMAD097, WRA7H |
| MpfsceviaenumdateFormatsw | Alfarom256, AAHMAD097, WRA7H |
| Mpfsceviaenumdesktopwindows | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIAENUMDESKTOPSW | Alfarom256, AAHMAD097, WRA7H |
| Mpfsceviaenumdirtreew | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIAENUMDISPLAYMONITORS | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIAENUMFONTFAMILIESEXW | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIAENUMFONTSW | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIAENUMLANGUAGEGROULOCALESW | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIAENumObjects | Alfarom256, AAHMAD097, WRA7H |
| MpfsceviaenumResourceTypesexw | Alfarom256, AAHMAD097, WRA7H |
| MpfsceviaenumsystemCodePagesw | Alfarom256, AAHMAD097, WRA7H |
| Mpfsceviaenumsystemgeoid | Alfarom256, AAHMAD097, WRA7H |
| MpfsceviaenumsystemLanguageGroupSw | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIAENUMSYSTEMLOCALESEX | Alfarom256, AAHMAD097, WRA7H |
| MpfsceviaenumthreadWindows | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIAENUMTIMEFORMATSEX | Alfarom256, AAHMAD097, WRA7H |
| Mpfsceviaenumuilanguagesw | Alfarom256, AAHMAD097, WRA7H |
| Mpfsceviaenumwindowstationsw | Alfarom256, AAHMAD097, WRA7H |
| Mpfsceviaenumwindows | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIAENUMERATELOADEDMODULES64 | Alfarom256, AAHMAD097, WRA7H |
| Mpfsceviak32enumpagefilesw | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIAENUPTWRSCHEMES | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIAMESAGEBOXINDIRECTW | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIOCHOOSECOLORW | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEViachusWorkerCreate | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIASYMENUMUSCESSES | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIAIMAGEGETDIGESTSTREAM | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIAVERIFIERENUMERATERESOURCE | Alfarom256, AAHMAD097, WRA7H |
| MPFSCEVIASyMenumsourceFiles | Alfarom256, AAHMAD097, WRA7H |
| Nome da função | Autor original |
|---|---|
| BytearraytoCharArray | Smelly__vx |
| CharArrayTobyteArray | Smelly__vx |
| ShlwapicharStringTowString | Smelly__vx |
| ShlwapiwcharstringToCharString | Smelly__vx |
| Charstringtowcharstring | Smelly__vx |
| WcharstringtoCharString | Smelly__vx |
| RtlinitEmptyunicodestring | Reactos |
| Rtlinitunicodestring | Reactos |
| Caplockstring | Simonc |
| CopymemoryEx | Reactos |
| SecurestringCopy | Apple (C) 1999 |
| StringCompare | Apple (C) 1999 |
| StringConcat | Apple (C) 1999 |
| StringCopy | Apple (C) 1999 |
| Stringfindsubstring | Apple (C) 1999 |
| StringLength | Apple (C) 1999 |
| StringLocateChar | Apple (C) 1999 |
| StringRemoveSubstring | Smelly__vx |
| StringTermInatestringatchar | Smelly__vx |
| StringToken | Apple (C) 1999 |
| ZeromemoryEx | Reactos |
| ConvertCharacterStringTointEgerSingntdll | Smelly__vx |
| MemoryFindMemory | Kamilcuk |
| Nome da função | Autor original |
|---|---|
| Uacbypassfodhelpermethod | winscripting.blog |
| Nome da função | Autor original |
|---|---|
| InithardWareBreakPointEngine | Rad98 |
| ShutdownHardWareBreakPointEngine | Rad98 |
| ExceptionHandlerCallbackRoutine | Rad98 |
| SethardwareBreakpoint | Rad98 |
| InsertDescriptorEntry | Rad98 |
| RemovedescriptorEntry | Rad98 |
| SnapshotinserThardWareBreakPoThookIntoTargetThread | Rad98 |
| Nome da função | Autor original |
|---|---|
| GenericShellCodeHelloworldMessageBoxa | Laboratórios SafeBreach |
| GenéricohellcodehelloworldMessageBoxeBfBloop | Laboratórios SafeBreach |
| GenéricohellcodeopencalcexitThread | Msfvenom |
