https://github.com/sergilopez/flanders-trojan

Trojan written in C++ for Windows
https://github.com/sergilopez/flanders-trojan

c-plus-plus c2-server command-and-control ddos debugger-detection dll-injection keylogger malware persistence privilege-escalation ransomware screen-capture trojan uac-bypass vm-detection windows

Last synced: 11 months ago
JSON representation

Trojan written in C++ for Windows

• Host: GitHub
• URL: https://github.com/sergilopez/flanders-trojan
• Owner: sergiLopez
• Created: 2024-03-02T17:39:18.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2024-03-12T19:56:19.000Z (about 2 years ago)
• Last Synced: 2025-07-06T14:05:42.736Z (11 months ago)
• Topics: c-plus-plus, c2-server, command-and-control, ddos, debugger-detection, dll-injection, keylogger, malware, persistence, privilege-escalation, ransomware, screen-capture, trojan, uac-bypass, vm-detection, windows
• Language: C++
• Homepage:
• Size: 1.47 MB
• Stars: 18
• Watchers: 3
• Forks: 8
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          


  

# :warning: **WARNING** :warning:


## This project is for academic purposes only. 

The methods used within this project should not be utilized for illegal or unethical activities. Please use responsibly!



  





---



  

# The Origin




The Flanders trojan was developed for my computer engineering final thesis, driven by a curiosity for cybersecurity and a desire to delve deeper into operating system knowledge. It is developed specifically for Windows using C++, showcasing a blend of technical challenge and academic exploration.  

Flanders, a character from The Simpsons, is known for his peaceful and innocent nature. However, this character harbors something dark within him. This behavior perfectly defines how the developed trojan operates, hence the name.

---



  

# Components




The Flanders trojan is primarily composed of three components, each playing a pivotal role in its operation:

### LOADER

The Loader is the initial component, responsible for setting the stage for the trojan's activities. Its functionalities include:

- **VM Detection**: Identifying virtual machines through hypervisor signature.

- **Debugging Detection**: Utilizing `NtQueryInformationProcess` to detect debugging environments.

- **Privilege Escalation**: Bypassing User Account Control (UAC) to gain higher privileges.

- **Persistence**: Achieving persistence through Windows Registry modifications or Scheduled Tasks.

- **DLL Injection**: Injecting the payload, a DLL file, into `explorer.exe`.

### PAYLOAD

Following the Loader, the Payload component is responsible for executing a series of malicious actions:

- **File Encryption**: Utilizing AES encryption to lock files.

- **Keylogging**: Recording keystrokes to capture sensitive information.

- **Screen Capturing**: Taking screenshots to monitor user activity.

- **Command Execution**: Running malicious commands or scripts.

- **DDoS Attack**: Launching HTTP flood attacks to disrupt targeted services.

This payload communicates with a server to send victim information, further facilitating malicious operations.

### SERVER

The Server acts as the command and control (C2) center for the Flanders trojan:

- **Receiving Requests**: Handling incoming communications from victim machines.

- **Management**: Orchestrating the network of infected devices, effectively creating a botnet for coordinated attacks or information theft.