❯ A Python-based tool for creating and managing malware for educational purposes.
- 📍 Overview
- 👾 Features
- 📁 Project Structure
- 🚀 Getting Started
- 📌 Project Roadmap
- 🔰 Contributing
- 🎗 License
- 🙌 Acknowledgments
❯ MalwareBuilder is a Python-based tool designed for educational purposes to demonstrate various malware functionalities. It includes features to disable system components, create spam accounts, and more.
Important
Use responsibly and for educational purposes only.
LEGAL DISCLAIMER: This tool is intended for educational and research purposes only. Misuse of this tool may violate computer crime laws. Users are solely responsible for how they use this software.
SYSTEM IMPACT: This tool can make significant changes to system settings that may require manual recovery or system reinstallation if the cure functionality fails.
This tool is still in BETA and may contain bugs or not work as intended. PLEASE TEST IN A VIRTUAL MACHINE.
❯ The tool includes the following features:
- Disable Registry
- Disable MsConfig
- Disable TaskManager
- Disable Time
- Disable Group Policy
- Disable Windows Explorer
- Disable NotePad
- Create Multiple Spam Windows Accounts
- Disable Windows Firewall
- Create Multiple Spam Error Windows messages
- Disable Windows Update
- Disable Windows Defender (Not possible, but attempted)
- Create Multiple Files/Folders in Desktop
- Disable DHCP Client
- Disable Taskbar
- Disable Start Menu
- Disable CMD
- Disable Powershell (Not possible, but attempted)
- Disable Run
- Disable Control Panel
- Disable System Restore
- Destroy Desktop Icons
- Hide Windows Clock (Untested)
- Swap Mouse Buttons
- Remove Folder Options
- Disable HID Devices completely (Untested)
- Turn Off Monitor (Temporary)
- Crazy Mouse
- Crazy Taskbar
- Disable Audio Service
- Corrupt Clipboard
- Destroy Windows (Untested)
- Lock Cursor
- Auto Startup
- Move File to New location
- Crash Windows
- Bug out Windows GUI
- Teleport all windows
- Close all applications
Note
Even when testing all features simultaneously, the native windows antivirus did not flag the exe's as malicious.
└── MalwareBuilder/
├── MalwareBuilder.py
├── MalwareCode.py
├── config.ini
└── requirements.txt
MALWARE BUILDER/
__root__
MalwareBuilder.py ❯ Main script to build and manage malware features.
config.ini ❯ Configuration file for selecting features.
MalwareCode.py ❯ Contains the implementation of malware features.
requirements.txt ❯ List of dependencies required for the project.
Before getting started with MalwareBuilder, ensure your runtime environment meets the following requirements:
- Programming Language: Python
- Package Manager: Pip
- Operating System: Windows
Tip
MalwareBuilder uses PyInstaller
to create an executable file.
PyInstaller
may produce a VERY LARGE executable file, if run from the public version of Python.
It is recommended to use PyInstaller
with a virtual environment to reduce the size of the executable file.
This happens because PyInstaller
includes every library you have, which is not necessary for most applications.
In experience, Without a virtual environment, the executable file was 2.4GB each. With a venv
, the executable file was 37MB each.
Install MalwareBuilder using the following method:
Build from source:
- Clone the MalwareBuilder repository:
git clone https://github.com/DefinetlyNotAI/MalwareBuilder
- Navigate to the project directory:
cd MalwareBuilder
- Install the project dependencies:
pip install -r requirements.txt
Run MalwareBuilder using the following command:
python MalwareBuilder.py
The script will dynamically generate the .py
files for the selected features and compile them into an executable file.
After which you will get 2 executable files, one for the malware and one for the cure.
Warning
The cure file is not guaranteed to work, and may not work at all.
The cure file is a file that is supposed to reverse the effects of the malware file.
Not enough tests were made, and some features don't have a functionality to reverse the effects. (Noted by a None in the config.ini)
Running Infect.exe
for the first time:
- The executable will read the target location from
config.ini
- It will copy itself and the
config.ini
file to that location - The malware will be configured to run at system startup
Subsequent behavior:
- On system startup, the malware runs silently (no visible windows)
- It verifies its location matches the
config.ini
specification - If locations match: executes configured malware features
- If locations don't match: repeats first-time setup process
Warning
This process modifies system startup configuration and may persist across reboots unless properly removed using the cure file.
- 🐛 Report Issues: Submit bugs found or requests for the
MalwareBuilder
project. - 💡 Submit Pull Requests: Review open PRs, and submit your own PRs.
Contributing Guidelines
- Fork the Repository: Start by forking the project repository to your GitHub account.
- Clone Locally: Clone the forked repository to your local machine using a git client.
git clone https://github.com/DefinetlyNotAI/MalwareBuilder
- Create a New Branch: Always work on a new branch, giving it a descriptive name.
git checkout -b new-feature-x
- Make Your Changes: Develop and test your changes locally.
- Commit Your Changes: Commit with a clear message describing your updates.
git commit -m 'Implemented new feature x.'
- Push to GitHub: Push the changes to your forked repository.
git push origin new-feature-x
- Submit a Pull Request: Create a PR against the original project repository. Clearly describe the changes and their motivations.
- Review: Once your PR is reviewed and approved, it will be merged into the main branch. Congratulations on your contribution!
This project is protected under the MIT License. For more details, refer to the LICENSE file.