i would like to know what the best programming language to code malware in is, for example a botnet loader which is best for the clientside and why
-
XSS.stack #1 – первый литературный журнал от юзеров форума
best language to code malware in
- Автор темы DM7
- Дата начала
I would say C and C++ , Go is pretty cool too
- Автор темы
- Добавить закладку
- #3
do you have any reasoning for it?
зачем вам это?
смотрите на чем идут разработки уже готовый продукт.
смотрите на чем идут разработки уже готовый продукт.
- Автор темы
- Добавить закладку
- #5
just curious what the reasoning is obviously i know what is being used but i dont know why
Anything statically compiled.
If you have lib requirements for example websockets++ etc, you would have to use C++ instead of C. Of course, you don't have to use most of the crap C++ offers you anyway.
There is no such thing as the best programming language for malware, only those that suits well. Consider C, C++, D, Nim, Rust, C# (for Windows malware). Go can be used, though it is hard to obfuscate, as you can't turn off RTTI. The same pretty much goes for Python. JVM based language most of the time can't be used as you need Java Runtime to be installed to run it.
3 Billion Devices Run Java
There is no "best" language when it comes to malware (or anything, for that fact), it all comes down to your use case. Here are some considerations you should keep in mind:
Availability
While a language like Python is very easy to write, if the target device does not have the python interpreter installed your malware will simply not run. To circumvent this you can embed the interpreter in a PE using a tool like pyexec, but that is signatured even by Defender, so you would have to tweak the tool first.
Ease of reverse engineering
Some languages are simply easier to RE than others. Java and .NET are very powerful, but they are trivial to reverse engineer if they lack obfuscation. Make a simple .NET Framework program and open it up in DnSpyEx, everything will be there.
On the other hand, a language like C is harder to reverse engineer but has been around for decades, so people are used to it. In this regard, Rust or Go might be a good idea. I particularly like Go for the huge binaries it creates, gives it a sense of realism (a legit exe is rarely 1MB).
Control
Languages with garbage collectors rarely let the user control memory management, alongside other aspects of its runtime. This can be detrimental to your OPSEC. A language like C++ provides cost-free abstraction and control.
I hope this helped, keep in mind that the best programming language is the one you are most comfortable with!
Availability
While a language like Python is very easy to write, if the target device does not have the python interpreter installed your malware will simply not run. To circumvent this you can embed the interpreter in a PE using a tool like pyexec, but that is signatured even by Defender, so you would have to tweak the tool first.
Ease of reverse engineering
Some languages are simply easier to RE than others. Java and .NET are very powerful, but they are trivial to reverse engineer if they lack obfuscation. Make a simple .NET Framework program and open it up in DnSpyEx, everything will be there.
On the other hand, a language like C is harder to reverse engineer but has been around for decades, so people are used to it. In this regard, Rust or Go might be a good idea. I particularly like Go for the huge binaries it creates, gives it a sense of realism (a legit exe is rarely 1MB).
Control
Languages with garbage collectors rarely let the user control memory management, alongside other aspects of its runtime. This can be detrimental to your OPSEC. A language like C++ provides cost-free abstraction and control.
I hope this helped, keep in mind that the best programming language is the one you are most comfortable with!
- Автор темы
- Добавить закладку
- #11
Thanks for your answer, why can i mostly find x32 based malware like botnet etc what is the reasoning for that, is it for evasion, to reach out to largest amount of computers or what is the reasoning. Since x64 is latest and updated and most malware is x32 it seems to me that x64 a good thing but idk, Apperciate answerd
Thanks to the WoW64 technology Microsoft implemented, x86 binaries can run on x64 Windows. Ergo, a 32-bit program will run on x86 and x64
For windows I recommend C
you got good advices already, but I'll add one thing, you should consider easy obfuscation, because the software you are writing for days and weeks can be detected by virustotal in one day and the next day it will be in all av databases, default windows defender is really good with it actually
it depends on the malware functions , sometimes i use .net if the target assumed to have .net installed by default and the malware has few functions not complex , but when i code complex code and maybe target has no .net installed or required newer version i use c++ without crt to make sure works for all windows versions
С приблизительно 20 ярдами во всей сети это дает нам как минимум 85% вероятности того, что его там не будет
They're all the same.
no, low-level languages better, because malware often uses techniques that require more close to "machine code" things