[ Curiosity,Experimentation ]

Random stuff from the parallel universe of Ones and Zeroes

An Encrpyting/Blackmailing Malware with code [Visual Basic]

Posted by appusajeev on October 29, 2009


All right fellas,this post deals with creating a malware that encrypts the files on a computer which can only be decrypted upon  your command which well,is another form of blackmailing ! 🙂 . The stuff is fairly simple conceptually but does churn some line of code when implemented .

When the thing is run for the first time,it scans the entire file system(entire drives in the computer excluding A: and C: drives) of  and creates a list of files (i have used an Access database to store the list of files) matching a certain criteria,say file extension.I chose to attack doc,rtf,xls,jpg,txt files. That done,the encryption process is started and each file from the list of files in the database is encrypted sequentially.An ‘e‘  flag is stored against the file name of each file so that the encrypted files can be later identified for decryption.The stuff is also resume capable,ie if the list creation/encryption/decryption process is interrupted by a shut down or something,the process will resume the activity next time its executed. And relax,i have incorporated a mechanism to avoid file corruption during shutdown or other interruptive events.

Download Source

The encryption /decryption process is determined by the presence of the string “action” in the path
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\cryp\action\action
If this key is non-existent or a value other that “d”  is present,encryption process starts and if a “d” has been specified,decryption process is invoked.
The encryption algorithm is have used way too simple. I replace each character in the file with a character whose ASCII code is obtained by subtracting the ASCII code of the original character from 255(ensuring that the result lies between 0 and 255).Repeat the same and you get  back the original character ! I know this is a pretty lame method which can be easily cracked since this is an algorithm based encryption method. You may implement your own method (like RSA or something)

I have used an Acces database integrated using ADO to store the list of files against its status(whether encrypted or not) cuz the process involves a lot of search,update routines which,i think is better dealt with a DBMS.Since this is not a mash up program,knowing the status of  a file is crucial to the decryption process.

Once the user/victim thinks enough is enough,you can initiate the decryption process by setting “d” as the value of the registry string under the key HKEY_CURRENT_USER\Software\VB and VBA Program Settings\cryp\action\action.The decryption method uses the same encryption algorithm to restore the original contents of the file and a ‘d’ flag is stored against the name of the decrypted file

Download Source
Note:Be Careful while testing,encryption process is automatically invoked when run in a new environment(reason explained above)

Advertisements

One Response to “An Encrpyting/Blackmailing Malware with code [Visual Basic]”

  1. Nikhil George said

    Oh thanks buddy
    its working

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: