I NEED THIS IN 48 HOURS.
Create a tool to scan and detect malicious executables in Windows persistence mechanisms.
Some of these locations may not exist on certain systems.... the program should check if key exists before trying to read from it, and handle failures gracefully.
Some of these paths are Registry "folders" and some are Keys for "Key/Value" pairs
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\*\ImagePath
So each Key under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\, if that key has a Key named key/value named ImagePath, then hash that target
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler (XP, NT, W2k only)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
-------------------------------------------------------------------------------------------------
The goal is to scan and find the target .exe, .dll & .sys files and hash the files.
Then, we want to compare the the hashes from a source of malicious file hashes and alert if any match.
--- I think it makes sense on some of these, like "Shell" where it may be set to "[login to view URL]" with no path, to just check c:\windows\[login to view URL] and c:\windows\system32\[login to view URL] for the file, and otherwise report that file could not be found.
For testing, make sure to actually put a hash in your hash dataset that matches something to make sure it actually catches things.
hello Mr I can help you with this project. I have big experience with windows api and Python I also have experience search virus. let me help you with this project contact me by chat to get more information. best regards
Hey, I have prior experience in this type of program, can deliver in a day without any errors. I am just starting out here on freelancer but have more than 4 years of experience in coding using python.