Code Monkey home page Code Monkey logo

ase-malware's Introduction

๐Ÿฆ  ase-malware ๐Ÿ’€

Version

Creation of a ransomware for education purposes.

๐Ÿ“– Project Description

This ransomware is designed for Windows systems. Here's how it works:

  1. It makes itself persistent by adding a key to the Windows registry.
  2. It scans for and encrypts all files from a specified starting directory.
  3. Upon completing the encryption process, it downloads a custom wallpaper and sets it as the computer's wallpaper to display a ransom message.
  4. Finally, it sends a DNS request to notify the attacker that a new victim has been found.

Note: This software is for educational purposes only and is not intended for malicious use.

๐Ÿงฉ Code Structure

The main.go file in the root of the project manages the execution of the ransomware.

Here's a brief overview of what each function does in main.go:

  • main(): Entry point for the program. Handles program flow depending on whether there are command-line arguments and whether the process has admin privileges.
  • CheckElevate(): Checks if the current process has admin privileges.
  • Escalate(): If current process lacks admin privileges, this function elevates them.
  • DiscoverDisk(): Discovers files starting from a specified path that have extensions listed in bad_extensions.
  • MakePersistent(): Makes the malware persistent on the system.
  • Encrypt(): Encrypts the discovered files.
  • Decrypt(): Decrypts the files if the --decrypt flag is used when running the program.
  • DownloadFile(): Downloads a custom wallpaper to display the ransom message.
  • SystemParametersInfoW(): Changes the system's wallpaper to the one downloaded.
  • LookupHost(): Sends a DNS request to inform the attacker about a new victim.

๐Ÿ› ๏ธ Compilation

This software is built in Go, so make sure you have Go installed and set up correctly on your system. Then, install the dependencies and compile the ransomware with the following commands:

cd src
go get
go build -ldflags "-s -w" .

๐Ÿš€ How to use it ?

You can run the ransomware by double-clicking on it or simply running the following command :

.\ase.exe

There is a killswitch in the code, if you want to decrypt the files, you can run the following command :

.\ase.exe --decrypt

๐Ÿ“œ Credits

ase-malware's People

Contributors

theolebever avatar

Stargazers

avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.