Skip to content

bryancalisto/goblin

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
Goblin
Goblin
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Goblin (El Duende)

Simple Windows malware that I made to learn more about the win32 API. It does not do bad stuff apart from the specified. It's written in C++20.

The program jokes with the next actions, frequently and randomly:

  • Shuffles the desktop icons (but saves current state before).
  • Reverts the desktop icons shuffle.
  • Modifies system date (OS's, not RTC). Works only if run as admin.
  • Displays a cmd window for a few seconds and then hides it
  • Creates files with strange names on desktop (empty files).
  • Deletes the strange-named files previously created.
  • Heats the CPU by executing some heavy processes for a few seconds.

The first time it runs, it creates a copy of itself and stores it in %HOMEPATH% and also creates a registry entry to run that copy on boot.

From there on, it will run everytime the system boots.


Also notice:

  • WD labels it as trojan.
  • It lacks of obfuscation.
  • Joking interval and other parameters (e.g. number of created files, CPU heat duration) should be adjusted to own preferences.

About

Windows not so bad malware.

Topics

windows malware win32

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages