Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/rozensoftware/thug
Fake malware-jpg creator.
https://github.com/rozensoftware/thug
console-application cpp20 hacking malware windows-10 windows-11
Last synced: about 1 month ago
JSON representation
Fake malware-jpg creator.
- Host: GitHub
- URL: https://github.com/rozensoftware/thug
- Owner: rozensoftware
- License: mit
- Created: 2024-07-14T13:53:41.000Z (4 months ago)
- Default Branch: master
- Last Pushed: 2024-08-06T09:30:10.000Z (3 months ago)
- Last Synced: 2024-09-28T22:21:42.808Z (about 2 months ago)
- Topics: console-application, cpp20, hacking, malware, windows-10, windows-11
- Language: C++
- Homepage:
- Size: 66.4 KB
- Stars: 2
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Thug
Version: 1.0
The solution presented consists of two projects: Thug Creator and Thug (a viewer).
Thug Creator - allows you to save the selected image, change the icon and create the
resulting file with the correspondingly changed name.Thug - is an executable file that is displayed in Windows Explorer as an image, which can fool
the victim into viewing it.## Description
The technique shown can be used to infect the target system, such as by sending the resulting
executable file as an email attachment or by other means.
It is designed to deceive the victim into viewing the image, resulting in the running of code,
such as creating a backdoor or other.## Thug Creator
To create a thug file with your image, you need to run the Thug Creator program and specify the arguments as follows:
```powershell
./thugcreator thug.exe my_nasty_backdoor.exe test.jpg image.ico
```where:
- thug.exe - the name of the base thug.exe
- my_nasty_backdoor.exe - the name of the resulting file
- test.jpg - the name of the image that will be displayed after running the resulting file
- image.ico - the name of the icon that will be displayed in the Windows Explorer, which should be the same as the imageAll files must be in the same directory as the Thug Creator program.
## Operating principle
Creator loads a jpg file into a special section in the header of the exe file.
The maximum size of the image is 1MB. The file's icon is also changed so that Windows Explorer shows
the file as a regular photo.
The resulting file name is also changed so that the extension jpg is displayed, instead of exe.When the user runs the target file, the saved photo will be displayed using the Windows photo viewer or
another default app registered on the system.
Then the actual photo will be saved to the location of the file,
running the malicious code and deleting the executable file.
Only the correct jpg image file will remain in the directory.## Antivirus detection
The trick of inserting code (read right to left) into the file name is well known to the
current version of Windows Defender, which blocks the program.
No less, there are many versions of Windows that could still be a potential target for attack.
Be that as it may, the example shown may serve as one of many possible attacks by the security
expert in his attempts to check the vulnerability of computer systems running under Windows OS.## Disclaimer
The author of this code is not responsible for the incorrect operation of the presented code and/or for its incorrect use. The code presented in this project is intended to serve only to learn programming.
## License
This project is licensed under MIT license (LICENSE-MIT or ).