I've begun the process of going through literally every single line of code to fully understand everything. This is what the solution explorer looks like for the crypter:
So far I've only fully summarized the Form1.vb: http://pastebin.com/xSTSmt1V
In doing so I've gotten a pretty good idea of what each file is good for:
- Form1.vb - holds the encrypt and random string functions, filepaths, encryption keys, replacements that are made to the stub code and compilation of the crypted file as well as the addition of a resource that holds the encrypted code.
- Stub.txt - holds the stub source for a runPE type crypt.
- Stub 2.txt - holds the stub source for a drop type crypt.
- clsCodeDom.vb - holds the Compile function where the codedom import is used. I think this is done to avoid detections but I'm not sure.
- IconChanger.vb - holds the InjectIcon function where the selected icon (if there is one) is implemented to the crypted file.
- Controls folder - contains .vb files used for creating custom controls (not important).
- Stub 1 & 2 Edit.vb - same as Stub.txt and Stub 2.txt juts in .vb files so you can see and edit things a little bit easier.
In the end, I hope to comment out the stub files and codedom and iconchanger classes as well. This topic interests me quite a bit and it feel nice to take a break from wordpress and web development.
No comments:
Post a Comment