{"id":14976592,"url":"https://github.com/rozensoftware/thug","last_synced_at":"2026-01-26T04:01:33.419Z","repository":{"id":248395332,"uuid":"828553414","full_name":"rozensoftware/thug","owner":"rozensoftware","description":"Fake malware-jpg creator.","archived":false,"fork":false,"pushed_at":"2024-08-06T09:30:10.000Z","size":68,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-05-15T11:50:35.890Z","etag":null,"topics":["console-application","cpp20","hacking","malware","windows-10","windows-11"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rozensoftware.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-07-14T13:53:41.000Z","updated_at":"2024-08-06T09:30:14.000Z","dependencies_parsed_at":null,"dependency_job_id":"c620cfdf-3d4d-4554-ac43-4043e535f971","html_url":"https://github.com/rozensoftware/thug","commit_stats":null,"previous_names":["rozensoftware/thug"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/rozensoftware/thug","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rozensoftware%2Fthug","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rozensoftware%2Fthug/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rozensoftware%2Fthug/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rozensoftware%2Fthug/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rozensoftware","download_url":"https://codeload.github.com/rozensoftware/thug/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rozensoftware%2Fthug/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28766354,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-26T03:54:34.369Z","status":"ssl_error","status_checked_at":"2026-01-26T03:54:33.031Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["console-application","cpp20","hacking","malware","windows-10","windows-11"],"created_at":"2024-09-24T13:54:06.743Z","updated_at":"2026-01-26T04:01:33.403Z","avatar_url":"https://github.com/rozensoftware.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Thug\n\nVersion: 1.0\n\nThe solution presented consists of two projects: Thug Creator and Thug (a viewer).\n\nThug Creator - allows you to save the selected image, change the icon and create the \nresulting file with the correspondingly changed name.\n\nThug - is an executable file that is displayed in Windows Explorer as an image, which can fool \nthe victim into viewing it.\n\n## Description\n\nThe technique shown can be used to infect the target system, such as by sending the resulting \nexecutable file as an email attachment or by other means. \nIt is designed to deceive the victim into viewing the image, resulting in the running of code, \nsuch as creating a backdoor or other.\n\n## Thug Creator\n\nTo create a thug file with your image, you need to run the Thug Creator program and specify the arguments as follows:\n\n```powershell\n./thugcreator thug.exe my_nasty_backdoor.exe test.jpg image.ico\n```\n\nwhere:\n\n- thug.exe - the name of the base thug.exe\n- my_nasty_backdoor.exe - the name of the resulting file\n- test.jpg - the name of the image that will be displayed after running the resulting file\n- image.ico - the name of the icon that will be displayed in the Windows Explorer, which should be the same as the image\n\nAll files must be in the same directory as the Thug Creator program.\n\n## Operating principle\n\nCreator loads a jpg file into a special section in the header of the exe file. \nThe maximum size of the image is 1MB. The file's icon is also changed so that Windows Explorer shows \nthe file as a regular photo. \nThe resulting file name is also changed so that the extension jpg is displayed, instead of exe.\n\nWhen the user runs the target file, the saved photo will be displayed using the Windows photo viewer or \nanother default app registered on the system. \nThen the actual photo will be saved to the location of the file, \nrunning the malicious code and deleting the executable file. \nOnly the correct jpg image file will remain in the directory.\n\n## Antivirus detection\n\nThe trick of inserting code (read right to left) into the file name is well known to the \ncurrent version of Windows Defender, which blocks the program. \nNo less, there are many versions of Windows that could still be a potential target for attack. \nBe that as it may, the example shown may serve as one of many possible attacks by the security \nexpert in his attempts to check the vulnerability of computer systems running under Windows OS.\n\n## Disclaimer\n\nThe author of this code is not responsible for the incorrect operation of the presented code and/or for its incorrect use. The code presented in this project is intended to serve only to learn programming.\n\n## License\n\nThis project is licensed under MIT license (LICENSE-MIT or \u003chttp://opensource.org/licenses/MIT\u003e).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frozensoftware%2Fthug","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frozensoftware%2Fthug","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frozensoftware%2Fthug/lists"}