Simple Windows malware that I made to learn more about the win32 API. It does not do bad stuff apart from the specified. It's written in C++20.
The program jokes with the next actions, frequently and randomly:
- Shuffles the desktop icons (but saves current state before).
- Reverts the desktop icons shuffle.
- Modifies system date (OS's, not RTC). Works only if run as admin.
- Displays a cmd window for a few seconds and then hides it
- Creates files with strange names on desktop (empty files).
- Deletes the strange-named files previously created.
- Heats the CPU by executing some heavy processes for a few seconds.
The first time it runs, it creates a copy of itself and stores it in %HOMEPATH% and also creates a registry entry to run that copy on boot.
From there on, it will run everytime the system boots.
Also notice:
- WD labels it as trojan.
- It lacks of obfuscation.
- Joking interval and other parameters (e.g. number of created files, CPU heat duration) should be adjusted to own preferences.