Skip to content

Instantly share code, notes, and snippets.

@coderodde

coderodde/SampleMalware.txt

Created June 12, 2025 10:46
Show Gist options
  • Save coderodde/c5c6c80b1e3acf8b13e3f20359b7c1e3 to your computer and use it in GitHub Desktop.
Save coderodde/c5c6c80b1e3acf8b13e3f20359b7c1e3 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
SampleMalware.txt
#include <Windows.h>
#include <sstream>
int WINAPI WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
PSTR lpCmdLine,
int nCmdShow) {
UNREFERENCED_PARAMETER(hInstance);
UNREFERENCED_PARAMETER(hPrevInstance);
UNREFERENCED_PARAMETER(lpCmdLine);
UNREFERENCED_PARAMETER(nCmdShow);
std::stringstream ss;
for (int i = 0; i < 3; i++) {
ss << "This is the iteration "
<< (i + 1)
<< " out of 3 for SampleMalware.exe!";
MessageBoxA(GetDesktopWindow(),
ss.str().c_str(),
"",
MB_OK);
ss.clear();
ss.str(std::string());
}
return 0;
}
////
#include "../SampleMalwareShared/RegistryUtils.h"
#include "../SampleMalwareShared/FileSystemUtils.h"
#include "../SampleMalwareShared/MiscUtils.h"
#include <Windows.h>
#include <cstdlib>
#include <filesystem>
#include <iostream>
#include <system_error>
int WINAPI WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow)
{
UNREFERENCED_PARAMETER(hInstance);
UNREFERENCED_PARAMETER(hPrevInstance);
UNREFERENCED_PARAMETER(lpCmdLine);
UNREFERENCED_PARAMETER(nCmdShow);
SetSampleMalwareRegistryKey();
DWORD dwErrorCode = GetLastError();
if (dwErrorCode != ERROR_SUCCESS) {
ReportError(GetErrorMessage(dwErrorCode));
return EXIT_FAILURE;
}
std::error_code errorCode = CopySampleMalwareFileToSystemFolder();
if (errorCode.value() != 0) {
DeleteSampleMalwareRegistryKey();
dwErrorCode = GetLastError();
if (dwErrorCode != ERROR_SUCCESS) {
ReportError(GetErrorMessage(dwErrorCode));
}
return EXIT_FAILURE;
}
return EXIT_SUCCESS;
}
////
#include "../SampleMalwareShared/RegistryUtils.h"
#include "../SampleMalwareShared/FileSystemUtils.h"
#include "../SampleMalwareShared/MiscUtils.h"
#include <Windows.h>
#include <iostream>
#include <string>
int WINAPI WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
PSTR lpCmdLine,
int nCmdShow) {
UNREFERENCED_PARAMETER(hInstance);
UNREFERENCED_PARAMETER(hPrevInstance);
UNREFERENCED_PARAMETER(lpCmdLine);
UNREFERENCED_PARAMETER(nCmdShow);
DeletionStatus deletionStatus = DeleteSampleMalwareFileFromSystemFolder();
if (deletionStatus.succeeded == false) {
std::string errorMessage =
"Could not delete SampleMalware.exe! Error code: ";
errorMessage += deletionStatus.error_code.value();
errorMessage += ".";
ReportError(errorMessage);
return EXIT_FAILURE;
}
DeleteSampleMalwareRegistryKey();
DWORD dwErrorCode = GetLastError();
if (dwErrorCode != ERROR_SUCCESS) {
ReportError(GetErrorMessage(dwErrorCode));
return EXIT_FAILURE;
}
return EXIT_SUCCESS;
}
////
#ifndef COM_GITHUB_CODERODDE_SAMPLE_MALWARE_FS_UTILS_HPP
#define COM_GITHUB_CODERODDE_SAMPLE_MALWARE_FS_UTILS_HPP
#include <Windows.h>
#include <cstdlib>
#include <filesystem>
#include <string>
#include <system_error>
namespace fs = std::filesystem;
static const std::string SAMPLE_MALWARE_NAME = "SampleMalware.exe";
static const fs::path SAMPLE_MALWARE_PATH = SAMPLE_MALWARE_NAME;
static fs::path GetTargetPath() {
CHAR pathBuffer[MAX_PATH];
UINT ret = GetSystemDirectoryA(pathBuffer, sizeof(pathBuffer));
if (ret != ERROR_SUCCESS) {
std::exit(EXIT_FAILURE);
}
std::string pathString =
std::string(pathBuffer) + "\\System32\\SampleMalware.exe";
return fs::path(pathString);
}
const std::error_code CopySampleMalwareFileToSystemFolder() {
fs::path sourcePath = "SampleMalware.exe";
fs::path targetPath = GetTargetPath();
fs::copy_options copyOptions = fs::copy_options::overwrite_existing;
std::error_code errorCode;
fs::copy(sourcePath,
targetPath,
copyOptions,
errorCode);
return std::error_code(errorCode);
}
typedef struct DeletionStatus {
bool succeeded = false;
std::error_code error_code;
} DeletionStatus;
const DeletionStatus DeleteSampleMalwareFileFromSystemFolder() {
fs::path targetPath = GetTargetPath();
std::error_code errorCode;
DeletionStatus status;
status.succeeded = fs::remove(targetPath, errorCode);
status.error_code = errorCode;
return status;
}
#endif
////
#ifndef COM_GITHUB_CODERODDE_SAMPLE_MALWARE_MISC_UTILS_HPP
#define COM_GITHUB_CODERODDE_SAMPLE_MALWARE_MISC_UTILS_HPP
#include <Windows.h>
#include <string>
std::string GetErrorMessage(DWORD dwErrorCode) {
LPSTR psz { nullptr };
FormatMessageA(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
0,
dwErrorCode,
MAKELANGID(LANG_NEUTRAL,
SUBLANG_DEFAULT),
reinterpret_cast<LPSTR>(&psz),
0,
NULL);
return std::string(static_cast<char*>(psz));
}
void ReportError(const std::string& errorMessage) {
MessageBoxA(GetDesktopWindow(),
errorMessage.c_str(),
"",
MB_OK | MB_ICONEXCLAMATION);
}
#endif
////
#ifndef COM_GITHUB_CODERODDE_SAMPLE_MALWARE_REGISTRY_UTILS_HPP
#define COM_GITHUB_CODERODDE_SAMPLE_MALWARE_REGISTRY_UTILS_HPP
#include <Windows.h>
#include <string>
static const std::string REGISTRY_KEY_PATH =
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\SampleMalware";
static const std::string REGISTRY_KEY_VALUE =
"%windir%\\System32\\SampleMalware.exe";
void SetSampleMalwareRegistryKey() {
RegSetValueExA(HKEY_LOCAL_MACHINE,
REGISTRY_KEY_PATH.c_str(),
0,
REG_EXPAND_SZ,
(BYTE*) REGISTRY_KEY_VALUE.c_str(),
(DWORD) REGISTRY_KEY_VALUE.length());
}
void DeleteSampleMalwareRegistryKey() {
RegDeleteKeyExA(
HKEY_LOCAL_MACHINE,
REGISTRY_KEY_PATH.c_str(),
KEY_WOW64_32KEY | KEY_WOW64_64KEY,
0);
}
#endif
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment