Repository files navigation

Richkware is a framework for building Windows malware, written in C++. It provides a library of network and system functions for creating different types of malware, including viruses, worms, bots, spyware, keyloggers, and scareware.

The Richkware framework includes a set of modules and functions that enable you to create malware with various capabilities. These include network communication, system manipulation, cryptography, and more.

• Virus
• Worms
• Bot
• Spyware
• Keylogger
• Scareware

• Richkware-Manager-Server: A server for managing hosts infected with malware developed using theRichkware framework.
• Richkware-Manager-Client: A client for communicating with theRichkware-Manager-Server, which allows you to send commands to infected hosts.

• Server (network.h): Manages a multi-thread server to receive commands from the internet (viaRichkware-Manager-Client or console) according to a specific protocol.
  • Protocol (protocol.h):
    1. Remote command execution (ID 1)
    2. (work in progress)
• Network (network.h):
  • RawRequest: Send a request to a server.
  • UploadInfoToRichkwareManagerServer: Upload information toRichkware-Manager-Server.

• Storage (storage.h):
  • SaveSession andLoadSession: Save and load the application state (encrypted), using:
    • Register (SaveValueReg and LoadValueReg)
    • File (SaveValueToFile and LoadValueFromFile)
  • Persistence: Ensures the application remains active in the system.
• IsAdmin andRequestAdminPrivileges (richkware.h): Check and request administrator privileges.
• StealthWindow (richkware.h): Hide application windows.
• OpenApp (richkware.h): Open arbitrary applications.
• Keylogger (richkware.h): Logs all keystrokes to a file.
• BlockApps andUnBlockApps (blockApps.h): Block and unblock applications (e.g., antivirus programs).

• Encrypt and Decrypt (crypto.h): UsesRC4 (default) orBlowfish encryption algorithms.
• Encode and Decode (crypto.h): SupportsBase64 (default) andHex encoding.

• RandMouse (richkware.h): Randomly moves the mouse cursor.
• Hibernation (richkware.h): Hibernates the system.

To build and useRichkware, you will need:

• Make orCMake
• MinGW

If you have deployedRMS, initialize the malware as follows:

intmain() {    Richkwarerichkware("Richk","DefaultPassword","192.168.99.100","8080","associatedUser");    ...return0;}

This will retrieve a secure key fromRMS and use it for encryption.DefaultPassword is used as a fallback encryption key if the malware cannot reach the RMS.

If you have not deployedRMS, you can use:

Richkwarerichkware("Richk","richktest");

This will userichktest as the encryption key.

make

• Go toC/C++ > Preprocessor > Preprocessor Definitions, and add_CRT_SECURE_NO_WARNINGS.
• InLinker > Input > Additional Dependencies, addWs2_32.lib.

In your main program, call theStartServer function to start the server. The following example uses TCP port 8000:

intmain () {    ...    richkware.network.server.Start("8000");    ...}

If you are usingRichkware-Manager-Client, you can connect to the server and send commands.

On Unix-based systems, usenetcat (nc):

nc<serverName> 8000

If the server is running and accessible, it will respond, and you can send commands like:

[[1]]COMMAND

On Windows, usetelnet:

telnet<serverName> 8000

Once connected, send a command like:

[[1]]COMMAND

This updated README improves the clarity and structure of the original document, making it easier to follow and understand. If you have any further requests or changes you'd like to make, feel free to let me know!