First, I tried to convince the target that I would give him the photo of a kid. The target was extremely obsessed by the look of the kid. So I thought his photos would be very attractive for the target. I decided to make an application that acted as a photo viewer. The photo viewer was designed to only show the photos of the kid. I compiled the program into a USB flash drive. I handed him the flash drive and asked him to run the program. My program doesn’t require any administrator rights, so it drew less attention from the target as it slips into the computer. This would also prevent the program from prompting administrative credentials at startup.

As soon as the target launched the program, it checked if the file existed and if the settings directory existed. The two directories that were checked are C:\Users\<username>\AppData\Local\Security_Project (to prevent multiple settings being saved) and C:\SomeFolders\. Then, it duplicated itself to C:\SomeFolders\ and set the folder attribute to hidden. The program seemed to run normally and when the target closed the program it deleted itself or self-destructed itself.

After the target restarted his computer, the program launched at startup. The target was first asked to play Sudoku (Sudoku was one of the target’s favorite games). After several clicks, a horror image of a broken animatronic appeared. There was a sequence of images of the dead animatronics. A part of the sequence was repeated to create an animated effect. But unfortunately, after the images appeared, the target’s antivirus (TrendMicro) intercepted the process of the virus and caused the computer to freeze for a while. Then I managed to help and shut down the laptop. I had already prepared for the ending, but unfortunately it did not run as expected.

I had prepared for the ending. The ending part would have shown my name in a sequence series D,DA,DAN,DANI,DANIE,DANIEL,DANIEL ,DANIEL G,DANIEL GO… with delays in the while loop. I also used exceptions to prevent the program from crashing when it detected an error.

Tags: , ,