VX API
1.0.0
由vx-underground管理|在Twitter上关注我们|在VXUG/样本页面上下载恶意软件样本
版本:2.01.015
开发人员:Smelly__Vx
VX-API是一系列恶意功能,可帮助恶意软件开发。建议您克隆和/或下载整个存储库,然后打开Visual Studio解决方案文件,以轻松探索功能和概念。
某些功能可能取决于解决方案文件中存在的其他功能。使用此处提供的解决方案文件将使您更容易确定需要哪些其他功能和/或标头数据。
您可以随意以任何方式使用它。您无需将整个解决方案用于恶意软件证明或红色团队参与。尽可能多地将,复制,粘贴,删除或编辑此项目内容。
| 功能名称 | 原始作者 |
|---|---|
| adfcloseHandleonIniNvalidAddress | 检查点研究 |
| Adfiscreateprocessdebugeventcodeset | 检查点研究 |
| Adfopenprocessoncsrss | 检查点研究 |
| CheckRemotedeBuggerPresent2 | 反应 |
| isdebuggerPresentex | Smelly__vx |
| Isintelhardwarebreakpointpresent | 检查点研究 |
| 功能名称 | 原始作者 |
|---|---|
| hashstringdjb2 | 丹·伯恩斯坦 |
| hashstringfowlernollvovariant1a | Glenn Fowler,Landon Curt Noll和Kiem-Phong vo |
| HashStringJenkinSoneatAtime32bit | 鲍勃·詹金斯 |
| hashstringloselose | Brian Kernighan和Dennis Ritchie |
| HashStringRotr32 | T. Oshiba(1972) |
| hashstringsdbm | Ozan Yigit |
| Hashstringsuperfasthash | 保罗·赫西(Paul Hsieh) |
| hashstringunknowngenerichash1a | 未知 |
| Hashstringsiphash | ristbs |
| hashstringmurmur | ristbs |
| createmd5hashfromfilepath | 微软 |
| createpseudorandominteger | 苹果(C)1999 |
| createpseudorandomstring | Smelly__vx |
| HashFileByMsifileHashtable | Smelly__vx |
| createPseudorandomintegerfromntdll | Smelly__vx |
| lzmaximumcompressbuffer | Smelly__vx |
| lzmaximumdecompressbuffer | Smelly__vx |
| lzstandardcompressbuffer | Smelly__vx |
| lzstandarddecompressbuffer | Smelly__vx |
| XpressHuffMaximumCompressbuffer | Smelly__vx |
| Xpresshuffmaximumdecompressbuffer | Smelly__vx |
| XpresshuffstandardCompressbuffer | Smelly__vx |
| XpresshuffstandardDecompressBuffer | Smelly__vx |
| xpressmaximumcompressbuffer | Smelly__vx |
| xpressmaximumdecompressbuffer | Smelly__vx |
| XPRESSSTANDARDCOMPRESSBUFFER | Smelly__vx |
| XPRESSSTANDARDDECOMPRESSBUFFER | Smelly__vx |
| fromcabintotarget的提取物 | Smelly__vx |
| 功能名称 | 原始作者 |
|---|---|
| getlasterrorfromteb | Smelly__vx |
| getLastNttStatusfromteb | Smelly__vx |
| rtlntStatatustodosErrorviaimport | 反应 |
| getlasterrorfromteb | Smelly__vx |
| setlasterrorinteb | Smelly__vx |
| setLastNttStatusInteb | Smelly__vx |
| win32 fromhresult | 雷蒙德·陈 |
| 功能名称 | 原始作者 |
|---|---|
| Amsibypassviapatternscan | Zeromemoryex |
| 延迟ExecutionExecuteDisplayoff | AM0NSEC和SMELLY__VX |
| HookenginereStoreheapfree | RAD9800 |
| 化妆舞会 | Smelly__vx |
| 删除了弗洛姆布姆 | RAD9800 |
| RemovereGisterDllnotification | Rad98,Peter Winter-Smith |
| SleepobfuscationViaviartualProtect | 5PIDER |
| rtlsetBaseunicodecommandline | The Wover |
| 功能名称 | 原始作者 |
|---|---|
| getCurrentlocalefromteb | 3xp0rt |
| getnumberoflinkeddlls | Smelly__vx |
| getosbuildnumberfrompeb | Smelly__vx |
| getosmajorversionFrompeb | Smelly__vx |
| getosminorversionFrompeb | Smelly__vx |
| getOsplatFormidFrompeb | Smelly__vx |
| IsnvidiagraphicscardCresent | Smelly__vx |
| Isprocessrund | Smelly__vx |
| Isprocessrunningasadmin | Vimal Shekar |
| getpidfromntquerysysteminformation | Smelly__vx |
| getpidfromwindowsterminalService | modexp |
| getPidFromwMicomInterface | Aalimian和ModExp |
| getpidFromenumProcesses | Smelly__vx |
| getPidFropdRompidBruteForcing | modexp |
| fromntqueryFileInformation | Modexp,Lloyd Davies,Jonas Lyk |
| getPidFropdRompidBruteForcingExw | Smelly__VX,Lloyd Davies,Jonas Lyk,Modexp |
| 功能名称 | 原始作者 |
|---|---|
| CreateLocalAppDataObjectPath | Smelly__vx |
| CreateWindowsObjectPath | Smelly__vx |
| getCurrentDirectoryFromuserProcessParameters | Smelly__vx |
| getCurrentProcessidfromteb | 反应 |
| getCurrentUsersid | 乔瓦尼·迪卡尼奥(Giovanni Dicanio) |
| getCurrentWindowTextFromuserProcesparameter | Smelly__vx |
| getfilesizeFrompath | Smelly__vx |
| GetProcessheapfromteb | Smelly__vx |
| getProcessPathfromLoaderLoadModule | Smelly__vx |
| GetProcessPathFromuserProcessParameters | Smelly__vx |
| getSystemwindowsDirectory | 杰夫·查佩尔(Geoff Chappell) |
| ispathvalid | Smelly__vx |
| 递归findfile | 卢克 |
| setProcessprivilegetoken | 微软 |
| ISDLLLOAD | Smelly__vx |
| TryloadDllMultimEthod | Smelly__vx |
| CreateThreadandWaitForCompletion | Smelly__vx |
| fromhwndw | Smelly__vx |
| getByTearrayFromFile | Smelly__vx |
| ex_gethandleondevicehttpCommunication | x86matthew |
| IsregistryKeyvalid | Smelly__vx |
| FastCallexecuteBinaryshellexecuteex | Smelly__vx |
| getCurrentProcessIdFromOffset | ristbs |
| getpebaseaddress | Smelly__vx |
| ldrloadgetProcedureaddress | C5PIDER |
| ISPESECTION | Smelly__vx |
| AddsectionTopeFile | Smelly__vx |
| 写作 | Smelly__vx |
| getPesectionsizeInbyte | Smelly__vx |
| ReadDataFrompesection | Smelly__vx |
| getCurrentProcessNoforward | 反应 |
| getCurrentThreadNoforward | 反应 |
| 功能名称 | 原始作者 |
|---|---|
| GetKusersharedData | 杰夫·查佩尔(Geoff Chappell) |
| GetModuleHandleex2 | Smelly__vx |
| getpeb | 29a |
| getpebfromteb | 反应 |
| getProcaddress | 29A第2卷,C5PIDER |
| getProcadDressDJB2 | Smelly__vx |
| getProcaddressfowlernollvovariant1a | Smelly__vx |
| getProcadDressJenkinSoneatAtime32bit | Smelly__vx |
| getProcadDressloselose | Smelly__vx |
| getProcadDressRotr32 | Smelly__vx |
| getProcaddresssdbm | Smelly__vx |
| getProcaddresssuperfasthash | Smelly__vx |
| getProcadDressunknownGenerichash1 | Smelly__vx |
| getProcaddresssiphash | ristbs |
| getProcAddressmurmur | ristbs |
| GetRtluserProcessparameters | 反应 |
| getteb | 反应 |
| rtlloadpeheaders | Smelly__vx |
| proxyworkitemloadlibrary | Rad98,Peter Winter-Smith |
| 临界列lithibrary | Rad98,Peter Winter-Smith |
| 功能名称 | 原始作者 |
|---|---|
| mpfgetlsapidfromservicemanager | modexp |
| mpfgetlsapidFromRegistry | modexp |
| mpfgetlsapidFromnamedPipe | modexp |
| 功能名称 | 原始作者 |
|---|---|
| uroldownloadtofilessynchronous | 汉斯传教士 |
| Convertipv4IpAddressstructureTostring | Smelly__vx |
| TOCRTIPV4STRINGTOUNSIGNEDLONG | Smelly__vx |
| sendicmpechomessagetoipv4 -host | Smelly__vx |
| CrowtIPV4IPADDRESSUNSIGNEDLONGTOSTRING | Smelly__vx |
| dnsgetDomainNameIpv4AddressAsstring | Smelly__vx |
| dnsgetDomainNameIpv4AddressunSignedLong | Smelly__vx |
| getDomainNameFromunSignedLongipv4Address | Smelly__vx |
| getDomainNameFromipv4AddressAsstring | Smelly__vx |
| 功能名称 | 原始作者 |
|---|---|
| OlegetClipboardData | 微软 |
| mpfcomvssdeleteshadowvolumebackups | AM0NSEC |
| mpfcombombospifyshortcuttarget | 未知 |
| mpfcommonitorchromesessiononce | Smelly__vx |
| mpfextractmaliciouspayloadfromzipfilenopassword | codu |
| 功能名称 | 原始作者 |
|---|---|
| Fromihxhelppaneserver的createProcess | 詹姆斯·福肖(James Forshaw) |
| createProcessfromihxInteractiveuser | 詹姆斯·福肖(James Forshaw) |
| FromishelldisPatchInvoke的createProcess | 穆罕默德·法克鲁德(Mohamed Fakroud) |
| FromshellexecuteinexplorerProcess的createProcess | 微软 |
| CreateProcessviantCreateuserProcess | 上尉 |
| CreateProcessWithCfGuard | Smelly__VX和Adam Chester |
| CreateProcessbyWindowSrhotKey | Smelly__vx |
| CreateProcessbyWindowSrHotKeyex | Smelly__vx |
| FrominfsectionInstallStringNocab | Smelly__vx |
| FromInfsetUpCommand的createProcess | Smelly__vx |
| FrominfsectionInstallStalstringNocab2 | Smelly__vx |
| createProcessfromieframeOpenurl | Smelly__vx |
| CreateProcessFrompcWutil | Smelly__vx |
| Fromshdocvwopenurl的createProcess | Smelly__vx |
| Fromshell32shellexecrun的createProcess | Smelly__vx |
| mpfexecute64bitpebinaryinmemoryfrombytearraynoreloc | aaaddress1 |
| createProcessfromwmiwin32_processw | 中央情报局 |
| createProcessfromzipfldRrouteCall | Smelly__vx |
| createProcessfromurlfileprotocolhandler | Smelly__vx |
| createProcessfromurlopenurl | Smelly__vx |
| createProcessfromshtmlw | Smelly__vx |
| 功能名称 | 原始作者 |
|---|---|
| MPFPICONTROLINED | Safebreach Labs |
| mpfpiqueueuserapcviaatombomb | Safebreach Labs |
| mpfpiwriteProcessMemoryCreateMotEthread | Safebreach Labs |
| mpfprocessindoctionviaprocessrectrection | 深深的本能 |
| 功能名称 | 原始作者 |
|---|---|
| Iecreatefile | Smelly__vx |
| copyfileviaSetupcopyfile | Smelly__vx |
| fromdscopyfromsharedfile | 乔纳斯·莱克(Jonas Lyk) |
| deletedirectoryandsubdataviadelnode | Smelly__vx |
| DeleteFileWithCreateFileFlag | Smelly__vx |
| Isprocessrunningasadmin2 | Smelly__vx |
| iecreateDirectory | Smelly__vx |
| iedeletefile | Smelly__vx |
| iefindfirstfile | Smelly__vx |
| IegetFileAttributesex | Smelly__vx |
| iemovefileex | Smelly__vx |
| IEREMEDIRECTORY | Smelly__vx |
| 功能名称 | 原始作者 |
|---|---|
| mpfsceviaimmenuminputcontext | Alfarom256,Aahmad097 |
| MPFSCEVIACERTFINDCHAININSTORE | Alfarom256,Aahmad097 |
| mpfsceviaenumpropsexw | Alfarom256,Aahmad097 |
| MPFSCEVIACREATETHREADPOOLWAIT | Alfarom256,Aahmad097 |
| mpfsceviacryptenumoidinfo | Alfarom256,Aahmad097 |
| MPFSCEVIADA_ENUMCALLBACK | Alfarom256,Aahmad097 |
| MPFSCEVIACREATETIMERQUETIMER | Alfarom256,Aahmad097 |
| mpfsceviaevtsubscribe | Alfarom256,Aahmad097 |
| MPFSCEVIAFLSALLOC | Alfarom256,Aahmad097 |
| mpfsceviainitonceexecuteonce | Alfarom256,Aahmad097 |
| MPFSCEVIAENUMCHILDWINDOWS | Alfarom256,AAHMAD097,WRA7H |
| mpfsceviacdeffoldermenu_create2 | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIACERENUMSYSTORESTORE | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIACERENUMSYSTOMSTORERATION | Alfarom256,AAHMAD097,WRA7H |
| mpfsceviaenumdateformatsw | Alfarom256,AAHMAD097,WRA7H |
| mpfsceviaenumdesktopwindows | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIAENUMDESKTOPSW | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIAENUMDIRTREEW | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIAENUMDISPLAYMONITORS | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIAENUMFONTFAMILIESEXW | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIAENUMFONTSW | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIAENUMLANAUMEGROUPLOCALESW | Alfarom256,AAHMAD097,WRA7H |
| mpfsceviaenumobjects | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIAENUMRESOURCETYPESEXW | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIAENUMSYSTEMCODEPAGESW | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIAENUMSYSTEMGEOID | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIAENUMSYSTEMLANGUAGEGROUPSW | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIAENUMSYSTEMSLOCALESEX | Alfarom256,AAHMAD097,WRA7H |
| mpfsceviaenumthreadwindows | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIAENUMTIMEFORMATSEX | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIAENUMUILANGUAGESW | Alfarom256,AAHMAD097,WRA7H |
| mpfsceviaenumwindowstationsw | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIAENUMWINDOWS | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIAENUMERATELOADEDEDMODULES64 | Alfarom256,AAHMAD097,WRA7H |
| mpfsceviak32enumpagefilesw | Alfarom256,AAHMAD097,WRA7H |
| mpfsceviaenumpwrschemes | Alfarom256,AAHMAD097,WRA7H |
| mpfsceviamessageBoxIndirectw | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIACHOOSECOLORW | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIACLUSWORKERCREATE | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIASYMENUMPROCESSES | Alfarom256,AAHMAD097,WRA7H |
| mpfsceviaimagegetDigestStream | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIAVERIFIERENUMERETERESOURCE | Alfarom256,AAHMAD097,WRA7H |
| mpfsceviasymenumsourcefiles | Alfarom256,AAHMAD097,WRA7H |
| 功能名称 | 原始作者 |
|---|---|
| bytearraytochararray | Smelly__vx |
| chararraytobytearray | Smelly__vx |
| shlwapicharstringtowcharsstring | Smelly__vx |
| shlwapiwcharstringtocharsstring | Smelly__vx |
| charstringtowcharsstring | Smelly__vx |
| WCHARSTRINGTOCHARSTRING | Smelly__vx |
| rtlinitemptyunicodestring | 反应 |
| rtlinitunicodestring | 反应 |
| Caplockstring | simonc |
| copyMemoryex | 反应 |
| Securestringcopy | 苹果(C)1999 |
| StringCompare | 苹果(C)1999 |
| StringConcat | 苹果(C)1999 |
| 弦乐拷贝 | 苹果(C)1999 |
| StringFindSubstring | 苹果(C)1999 |
| StringLength | 苹果(C)1999 |
| StringLocatechar | 苹果(C)1999 |
| StringRemovesubstring | Smelly__vx |
| StringTerminateStringAtchar | Smelly__vx |
| 弦乐 | 苹果(C)1999 |
| Zeromemoryex | 反应 |
| ConvertCharacterStringTointEgerusingNTDLL | Smelly__vx |
| MemoryFindMemory | kamilcuk |
| 功能名称 | 原始作者 |
|---|---|
| UACBYPASSFODHELPERMETHOD | winscripting.blog |
| 功能名称 | 原始作者 |
|---|---|
| InithardwarebreakpointEngine | RAD98 |
| ShutDownHardwarebreakpointEngine | RAD98 |
| exceptionhandlerCallbackRoutine | RAD98 |
| Sethardwarebreakpoint | RAD98 |
| InsertDescriptorentry | RAD98 |
| 删除了sestriptorentry | RAD98 |
| snapshotinserthardwarebreakpointhookintotargetthread | RAD98 |
| 功能名称 | 原始作者 |
|---|---|
| grendicshellCodeHellowLldMessageBoxa | Safebreach Labs |
| grendicshellCodeHellowlldMessageBoxaebfbloop | Safebreach Labs |
| grendicshellCodeopalCalcexitThread | msfvenom |
