This project is solely for educational purposes only and was submitted as a final project for a course
The malware listed in this project was designed with the purpose of altering the appearrance of a victim Windows machine by changing making changes to the Windows Registry. In its current iteration, it is very noisy and has no covert method of transmission. Additionally, depending on the version of Windows the changes will not take effect even though the registry vales are changed.
In this project I will cover:
- How the code was written
- How the program was tested
- Its effects on various Windows virtual machines
- How it can be improved
The following is a quick guide on working with the Windows Registry. First we will look at registry values using the RegEdit tool and then the command line.
In the windows Explorer type regedit or registry editor. The following window will appear. The registry is organized into folders, where the top folders located are the Root Keys and any subsequent folders are the subkeys. The value we try to change refers to the key name.
Within the Windows cmd by typing reg /? you can see the various options to interact with the Windows registry. For the project we will mainly be using "reg add". By typing in reg add /? you can see the format for commands.
