🌳 Snippets Tree

General

Visit Official Malware Gallery Website

• Delphi
  • Search For Registry Keys / Values
  • Dump Process Memory Via MiniDumpWriteDump
  • Dump Process Memory Via ReadProcessMemory
  • Enumerate Files Via FindFirstFile / FindNextFile
  • Search For Files Via FindFirstFile / FindNextFile
  • Enumerate Process Modules Via CreateToolhelp32Snapshot
  • Enumerate Remote Process Modules Via PEB
  • Enumerate Local Process Modules Via PEB
  • Enumerate Remote Shares via WNetEnumResource
  • Change Window State
  • Check Process Elevation
  • Close Process via SendMessage
  • Close Process via TerminateProcess
  • Close Window via PostMessage
  • Copy ANSI Text to Clipboard via SetClipboardData
  • Copy Files to Clipboard via SetClipboardData
  • Copy Unicode Text to Clipboard via SetClipboardData
  • Desktop Window Screenshot via BitBlt
  • Enumerate Network Share via NetShareEnum
  • Enumerate Process via CreateToolhelp32Snapshot
  • Enumerate Process via Error Exception
  • Enumerate Process via NtQuerySystemInformation
  • Enumerate Window via EnumWindows
  • Enumerate Windows Registry WinAPI
  • Enumerate Windows Services via EnumServicesStatus
  • Enumerate Windows Usernames
  • Execute Application via CreateProcess
  • Execute Application via ShellExecute
  • Execute Application via WinExec
  • Get Active Window Title
  • Get Computer Name
  • Get Current Windows User
  • Get Main Hard Drive Serial
  • Get Process Name via QueryFullProcessImageName
  • Get User Idle Time
  • Get User SID
  • Get Window Caption Title
  • Message Hijacking via SetWindowLongPtr
  • Open/Close CD/DVD Tray
  • Show/Hide Window
  • Update Window Caption
  • Update Window Opacity Level

---

Unprotect

Visit Official Unprotect Website

• Delphi

  • APCRun
  • APCInjector
  • RunPE
  • ProcEnvInjection_DLLInjection
  • DLLInjection_CreateRemoteThread_LoadLibrary
  • DetectMouseMove
  • NtQueryProcessInformation
  • Melt
  • AntiSandboxScanService
  • UntDataStreamObject
  • NtQueryObject
  • ADB_NtSetInformationThread
  • IsDebuggerPresent
  • NtSetDebugFilterState
  • OutputDebugString
  • SuspendThread
  • FindWindowAPI
  • UntPEBDebug
  • FtpC2
  • SMB / Named Pipes
  • ReflectiveDLL

• C#

  • Timestomp
  • Melt
  • DetectMacAddress
  • NtQueryInformationProcess
  • FtpC2
  • SMB / Named Pipes

• Python

  • CodeCaveHelper
  • FindWindow

• FASM32

  • APC Injection

---

Visit Official Phrozen Website

• Delphi

  • SelectFilesOnExplorer
  • UntEnumDLLExport.pas
  • GetProcAddress_ALT_Example
  • GetProcessName_Method1
  • GetProcessName_Method2
  • GetProcessName_Method2_Remote
  • GetProcessName_Method3
  • GetProcessName_Method4

• Python

  • cave-explorer.py
  • ExtractStrings.py
  • malinx.py

• CSharp (C#)

  • CheckExplorerExeExtensions.cs