Windows C++ / Hiding Mechanisms
| Author | Thomas Roccia (fr0gger) |
| Platform | Windows |
| Language | C++ |
| Technique | Hiding Mechanisms |
Description:
The code uses the Windows API to open a registry key and create a new value within that key. The value is set to a binary data type, which could be used to store the malware itself. This code would need to be compiled and executed on a system to hide the malware in the registry.
Code
#include <Windows.h>
int main()
{
// Open the registry key where the malware will be hidden
HKEY hKey;
RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\MyMalware", 0, KEY_WRITE, &hKey);
// Create a new value in the registry key to store the malware
DWORD dwValue = 1;
RegSetValueEx(hKey, "HiddenValue", 0, REG_DWORD, (LPBYTE)&dwValue, sizeof(dwValue));
// Close the registry key
RegCloseKey(hKey);
// Return success
return 0;
}Created
December 13, 2022
Last Revised
April 22, 2024