VX API
1.0.0
由vx-underground管理|在Twitter上關注我們|在VXUG/樣本頁面上下載惡意軟件樣本
版本:2.01.015
開發人員:Smelly__Vx
VX-API是一系列惡意功能,可幫助惡意軟件開發。建議您克隆和/或下載整個存儲庫,然後打開Visual Studio解決方案文件,以輕鬆探索功能和概念。
某些功能可能取決於解決方案文件中存在的其他功能。使用此處提供的解決方案文件將使您更容易確定需要哪些其他功能和/或標頭數據。
您可以隨意以任何方式使用它。您無需將整個解決方案用於惡意軟件證明或紅色團隊參與。盡可能多地將,複製,粘貼,刪除或編輯此項目內容。
| 功能名稱 | 原始作者 |
|---|---|
| adfcloseHandleonIniNvalidAddress | 檢查點研究 |
| Adfiscreateprocessdebugeventcodeset | 檢查點研究 |
| Adfopenprocessoncsrss | 檢查點研究 |
| CheckRemotedeBuggerPresent2 | 反應 |
| isdebuggerPresentex | Smelly__vx |
| Isintelhardwarebreakpointpresent | 檢查點研究 |
| 功能名稱 | 原始作者 |
|---|---|
| hashstringdjb2 | 丹·伯恩斯坦 |
| hashstringfowlernollvovariant1a | Glenn Fowler,Landon Curt Noll和Kiem-Phong vo |
| HashStringJenkinSoneatAtime32bit | 鮑勃·詹金斯 |
| hashstringloselose | Brian Kernighan和Dennis Ritchie |
| HashStringRotr32 | T. Oshiba(1972) |
| hashstringsdbm | Ozan Yigit |
| Hashstringsuperfasthash | 保羅·赫西(Paul Hsieh) |
| hashstringunknowngenerichash1a | 未知 |
| Hashstringsiphash | ristbs |
| hashstringmurmur | ristbs |
| createmd5hashfromfilepath | 微軟 |
| createpseudorandominteger | 蘋果(C)1999 |
| createpseudorandomstring | Smelly__vx |
| HashFileByMsifileHashtable | Smelly__vx |
| createPseudorandomintegerfromntdll | Smelly__vx |
| lzmaximumcompressbuffer | Smelly__vx |
| lzmaximumdecompressbuffer | Smelly__vx |
| lzstandardcompressbuffer | Smelly__vx |
| lzstandarddecompressbuffer | Smelly__vx |
| XpressHuffMaximumCompressbuffer | Smelly__vx |
| Xpresshuffmaximumdecompressbuffer | Smelly__vx |
| XpresshuffstandardCompressbuffer | Smelly__vx |
| XpresshuffstandardDecompressBuffer | Smelly__vx |
| xpressmaximumcompressbuffer | Smelly__vx |
| xpressmaximumdecompressbuffer | Smelly__vx |
| XPRESSSTANDARDCOMPRESSBUFFER | Smelly__vx |
| XPRESSSTANDARDDECOMPRESSBUFFER | Smelly__vx |
| fromcabintotarget的提取物 | Smelly__vx |
| 功能名稱 | 原始作者 |
|---|---|
| getlasterrorfromteb | Smelly__vx |
| getLastNttStatusfromteb | Smelly__vx |
| rtlntStatatustodosErrorviaimport | 反應 |
| getlasterrorfromteb | Smelly__vx |
| setlasterrorinteb | Smelly__vx |
| setLastNttStatusInteb | Smelly__vx |
| win32 fromhresult | 雷蒙德·陳 |
| 功能名稱 | 原始作者 |
|---|---|
| Amsibypassviapatternscan | Zeromemoryex |
| 延遲ExecutionExecuteDisplayoff | AM0NSEC和SMELLY__VX |
| HookenginereStoreheapfree | RAD9800 |
| 化妝舞會 | Smelly__vx |
| 刪除了弗洛姆布姆 | RAD9800 |
| RemovereGisterDllnotification | Rad98,Peter Winter-Smith |
| SleepobfuscationViaviartualProtect | 5PIDER |
| rtlsetBaseunicodecommandline | The Wover |
| 功能名稱 | 原始作者 |
|---|---|
| getCurrentlocalefromteb | 3xp0rt |
| getnumberoflinkeddlls | Smelly__vx |
| getosbuildnumberfrompeb | Smelly__vx |
| getosmajorversionFrompeb | Smelly__vx |
| getosminorversionFrompeb | Smelly__vx |
| getOsplatFormidFrompeb | Smelly__vx |
| IsnvidiagraphicscardCresent | Smelly__vx |
| Isprocessrund | Smelly__vx |
| Isprocessrunningasadmin | Vimal Shekar |
| getpidfromntquerysysteminformation | Smelly__vx |
| getpidfromwindowsterminalService | modexp |
| getPidFromwMicomInterface | Aalimian和ModExp |
| getpidFromenumProcesses | Smelly__vx |
| getPidFropdRompidBruteForcing | modexp |
| fromntqueryFileInformation | Modexp,Lloyd Davies,Jonas Lyk |
| getPidFropdRompidBruteForcingExw | Smelly__VX,Lloyd Davies,Jonas Lyk,Modexp |
| 功能名稱 | 原始作者 |
|---|---|
| CreateLocalAppDataObjectPath | Smelly__vx |
| CreateWindowsObjectPath | Smelly__vx |
| getCurrentDirectoryFromuserProcessParameters | Smelly__vx |
| getCurrentProcessidfromteb | 反應 |
| getCurrentUsersid | 喬瓦尼·迪卡尼奧(Giovanni Dicanio) |
| getCurrentWindowTextFromuserProcesparameter | Smelly__vx |
| getfilesizeFrompath | Smelly__vx |
| GetProcessheapfromteb | Smelly__vx |
| getProcessPathfromLoaderLoadModule | Smelly__vx |
| GetProcessPathFromuserProcessParameters | Smelly__vx |
| getSystemwindowsDirectory | 傑夫·查佩爾(Geoff Chappell) |
| ispathvalid | Smelly__vx |
| 遞歸findfile | 盧克 |
| setProcessprivilegetoken | 微軟 |
| ISDLLLOAD | Smelly__vx |
| TryloadDllMultimEthod | Smelly__vx |
| CreateThreadandWaitForCompletion | Smelly__vx |
| fromhwndw | Smelly__vx |
| getByTearrayFromFile | Smelly__vx |
| ex_gethandleondevicehttpCommunication | x86matthew |
| IsregistryKeyvalid | Smelly__vx |
| FastCallexecuteBinaryshellexecuteex | Smelly__vx |
| getCurrentProcessIdFromOffset | ristbs |
| getpebaseaddress | Smelly__vx |
| ldrloadgetProcedureaddress | C5PIDER |
| ISPESECTION | Smelly__vx |
| AddsectionTopeFile | Smelly__vx |
| 寫作 | Smelly__vx |
| getPesectionsizeInbyte | Smelly__vx |
| ReadDataFrompesection | Smelly__vx |
| getCurrentProcessNoforward | 反應 |
| getCurrentThreadNoforward | 反應 |
| 功能名稱 | 原始作者 |
|---|---|
| GetKusersharedData | 傑夫·查佩爾(Geoff Chappell) |
| GetModuleHandleex2 | Smelly__vx |
| getpeb | 29a |
| getpebfromteb | 反應 |
| getProcaddress | 29A第2卷,C5PIDER |
| getProcadDressDJB2 | Smelly__vx |
| getProcaddressfowlernollvovariant1a | Smelly__vx |
| getProcadDressJenkinSoneatAtime32bit | Smelly__vx |
| getProcadDressloselose | Smelly__vx |
| getProcadDressRotr32 | Smelly__vx |
| getProcaddresssdbm | Smelly__vx |
| getProcaddresssuperfasthash | Smelly__vx |
| getProcadDressunknownGenerichash1 | Smelly__vx |
| getProcaddresssiphash | ristbs |
| getProcAddressmurmur | ristbs |
| GetRtluserProcessparameters | 反應 |
| getteb | 反應 |
| rtlloadpeheaders | Smelly__vx |
| proxyworkitemloadlibrary | Rad98,Peter Winter-Smith |
| 臨界列lithibrary | Rad98,Peter Winter-Smith |
| 功能名稱 | 原始作者 |
|---|---|
| mpfgetlsapidfromservicemanager | modexp |
| mpfgetlsapidFromRegistry | modexp |
| mpfgetlsapidFromnamedPipe | modexp |
| 功能名稱 | 原始作者 |
|---|---|
| uroldownloadtofilessynchronous | 漢斯傳教士 |
| Convertipv4IpAddressstructureTostring | Smelly__vx |
| TOCRTIPV4STRINGTOUNSIGNEDLONG | Smelly__vx |
| sendicmpechomessagetoipv4 -host | Smelly__vx |
| CrowtIPV4IPADDRESSUNSIGNEDLONGTOSTRING | Smelly__vx |
| dnsgetDomainNameIpv4AddressAsstring | Smelly__vx |
| dnsgetDomainNameIpv4AddressunSignedLong | Smelly__vx |
| getDomainNameFromunSignedLongipv4Address | Smelly__vx |
| getDomainNameFromipv4AddressAsstring | Smelly__vx |
| 功能名稱 | 原始作者 |
|---|---|
| OlegetClipboardData | 微軟 |
| mpfcomvssdeleteshadowvolumebackups | AM0NSEC |
| mpfcombombospifyshortcuttarget | 未知 |
| mpfcommonitorchromesessiononce | Smelly__vx |
| mpfextractmaliciouspayloadfromzipfilenopassword | codu |
| 功能名稱 | 原始作者 |
|---|---|
| Fromihxhelppaneserver的createProcess | 詹姆斯·福肖(James Forshaw) |
| createProcessfromihxInteractiveuser | 詹姆斯·福肖(James Forshaw) |
| FromishelldisPatchInvoke的createProcess | 穆罕默德·法克魯德(Mohamed Fakroud) |
| FromshellexecuteinexplorerProcess的createProcess | 微軟 |
| CreateProcessviantCreateuserProcess | 上尉 |
| CreateProcessWithCfGuard | Smelly__VX和Adam Chester |
| CreateProcessbyWindowSrhotKey | Smelly__vx |
| CreateProcessbyWindowSrHotKeyex | Smelly__vx |
| FrominfsectionInstallStringNocab | Smelly__vx |
| FromInfsetUpCommand的createProcess | Smelly__vx |
| FrominfsectionInstallStalstringNocab2 | Smelly__vx |
| createProcessfromieframeOpenurl | Smelly__vx |
| CreateProcessFrompcWutil | Smelly__vx |
| Fromshdocvwopenurl的createProcess | Smelly__vx |
| Fromshell32shellexecrun的createProcess | Smelly__vx |
| mpfexecute64bitpebinaryinmemoryfrombytearraynoreloc | aaaddress1 |
| createProcessfromwmiwin32_processw | 中央情報局 |
| createProcessfromzipfldRrouteCall | Smelly__vx |
| createProcessfromurlfileprotocolhandler | Smelly__vx |
| createProcessfromurlopenurl | Smelly__vx |
| createProcessfromshtmlw | Smelly__vx |
| 功能名稱 | 原始作者 |
|---|---|
| MPFPICONTROLINED | Safebreach Labs |
| mpfpiqueueuserapcviaatombomb | Safebreach Labs |
| mpfpiwriteProcessMemoryCreateMotEthread | Safebreach Labs |
| mpfprocessindoctionviaprocessrectrection | 深深的本能 |
| 功能名稱 | 原始作者 |
|---|---|
| Iecreatefile | Smelly__vx |
| copyfileviaSetupcopyfile | Smelly__vx |
| fromdscopyfromsharedfile | 喬納斯·萊克(Jonas Lyk) |
| deletedirectoryandsubdataviadelnode | Smelly__vx |
| DeleteFileWithCreateFileFlag | Smelly__vx |
| Isprocessrunningasadmin2 | Smelly__vx |
| iecreateDirectory | Smelly__vx |
| iedeletefile | Smelly__vx |
| iefindfirstfile | Smelly__vx |
| IegetFileAttributesex | Smelly__vx |
| iemovefileex | Smelly__vx |
| IEREMEDIRECTORY | Smelly__vx |
| 功能名稱 | 原始作者 |
|---|---|
| mpfsceviaimmenuminputcontext | Alfarom256,Aahmad097 |
| MPFSCEVIACERTFINDCHAININSTORE | Alfarom256,Aahmad097 |
| mpfsceviaenumpropsexw | Alfarom256,Aahmad097 |
| MPFSCEVIACREATETHREADPOOLWAIT | Alfarom256,Aahmad097 |
| mpfsceviacryptenumoidinfo | Alfarom256,Aahmad097 |
| MPFSCEVIADA_ENUMCALLBACK | Alfarom256,Aahmad097 |
| MPFSCEVIACREATETIMERQUETIMER | Alfarom256,Aahmad097 |
| mpfsceviaevtsubscribe | Alfarom256,Aahmad097 |
| MPFSCEVIAFLSALLOC | Alfarom256,Aahmad097 |
| mpfsceviainitonceexecuteonce | Alfarom256,Aahmad097 |
| MPFSCEVIAENUMCHILDWINDOWS | Alfarom256,AAHMAD097,WRA7H |
| mpfsceviacdeffoldermenu_create2 | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIACERENUMSYSTORESTORE | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIACERENUMSYSTOMSTORERATION | Alfarom256,AAHMAD097,WRA7H |
| mpfsceviaenumdateformatsw | Alfarom256,AAHMAD097,WRA7H |
| mpfsceviaenumdesktopwindows | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIAENUMDESKTOPSW | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIAENUMDIRTREEW | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIAENUMDISPLAYMONITORS | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIAENUMFONTFAMILIESEXW | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIAENUMFONTSW | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIAENUMLANAUMEGROUPLOCALESW | Alfarom256,AAHMAD097,WRA7H |
| mpfsceviaenumobjects | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIAENUMRESOURCETYPESEXW | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIAENUMSYSTEMCODEPAGESW | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIAENUMSYSTEMGEOID | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIAENUMSYSTEMLANGUAGEGROUPSW | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIAENUMSYSTEMSLOCALESEX | Alfarom256,AAHMAD097,WRA7H |
| mpfsceviaenumthreadwindows | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIAENUMTIMEFORMATSEX | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIAENUMUILANGUAGESW | Alfarom256,AAHMAD097,WRA7H |
| mpfsceviaenumwindowstationsw | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIAENUMWINDOWS | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIAENUMERATELOADEDEDMODULES64 | Alfarom256,AAHMAD097,WRA7H |
| mpfsceviak32enumpagefilesw | Alfarom256,AAHMAD097,WRA7H |
| mpfsceviaenumpwrschemes | Alfarom256,AAHMAD097,WRA7H |
| mpfsceviamessageBoxIndirectw | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIACHOOSECOLORW | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIACLUSWORKERCREATE | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIASYMENUMPROCESSES | Alfarom256,AAHMAD097,WRA7H |
| mpfsceviaimagegetDigestStream | Alfarom256,AAHMAD097,WRA7H |
| MPFSCEVIAVERIFIERENUMERETERESOURCE | Alfarom256,AAHMAD097,WRA7H |
| mpfsceviasymenumsourcefiles | Alfarom256,AAHMAD097,WRA7H |
| 功能名稱 | 原始作者 |
|---|---|
| bytearraytochararray | Smelly__vx |
| chararraytobytearray | Smelly__vx |
| shlwapicharstringtowcharsstring | Smelly__vx |
| shlwapiwcharstringtocharsstring | Smelly__vx |
| charstringtowcharsstring | Smelly__vx |
| WCHARSTRINGTOCHARSTRING | Smelly__vx |
| rtlinitemptyunicodestring | 反應 |
| rtlinitunicodestring | 反應 |
| Caplockstring | simonc |
| copyMemoryex | 反應 |
| Securestringcopy | 蘋果(C)1999 |
| StringCompare | 蘋果(C)1999 |
| StringConcat | 蘋果(C)1999 |
| 弦樂拷貝 | 蘋果(C)1999 |
| StringFindSubstring | 蘋果(C)1999 |
| StringLength | 蘋果(C)1999 |
| StringLocatechar | 蘋果(C)1999 |
| StringRemovesubstring | Smelly__vx |
| StringTerminateStringAtchar | Smelly__vx |
| 弦樂 | 蘋果(C)1999 |
| Zeromemoryex | 反應 |
| ConvertCharacterStringTointEgerusingNTDLL | Smelly__vx |
| MemoryFindMemory | kamilcuk |
| 功能名稱 | 原始作者 |
|---|---|
| UACBYPASSFODHELPERMETHOD | winscripting.blog |
| 功能名稱 | 原始作者 |
|---|---|
| InithardwarebreakpointEngine | RAD98 |
| ShutDownHardwarebreakpointEngine | RAD98 |
| exceptionhandlerCallbackRoutine | RAD98 |
| Sethardwarebreakpoint | RAD98 |
| InsertDescriptorentry | RAD98 |
| 刪除了sestriptorentry | RAD98 |
| snapshotinserthardwarebreakpointhookintotargetthread | RAD98 |
| 功能名稱 | 原始作者 |
|---|---|
| grendicshellCodeHellowLldMessageBoxa | Safebreach Labs |
| grendicshellCodeHellowlldMessageBoxaebfbloop | Safebreach Labs |
| grendicshellCodeopalCalcexitThread | msfvenom |
