let's say for example i'm using python or C# for making a ransomware,
how fast would a single-threaded directory traversal be?

i'm thinking of having one thread to list all file paths and then multithread the encryption part. but i'm constantly bothered by this question, whether the total speed matters or not.
any tips on making a ransomware (like evasion technique) would be helpful; but please explain as if i'm a 5th grader, lol

I've never written one but I'd imagine you try to rate limit it to some extent or go multithread as much as you can. What I'd do instead, is to somehow check if I'm hitting an integrity check file.

An integrity check file I call a file that sits there waiting for a malware to modify it and an external tool checking very often if it has to alert the IT people.

I'd second integrity check files. You could probably multithread whatever you like, it might be better to multithread both one after the other or something. That's just my thought, but I don't really know a lot about multithreading. You might also want to look into sandbox evasion incase whatever you make is uploaded to VirusTotal or similar.

(November 15, 2022, 09:06 PM)tangsname Wrote: I've never written one but I'd imagine you try to rate limit it to some extent or go multithread as much as you can. What I'd do instead, is to somehow check if I'm hitting an integrity check file.

An integrity check file I call a file that sits there waiting for a malware to modify it and an external tool checking very often if it has to alert the IT people.

how do you detect if it is an integrity check file?

(November 15, 2022, 09:06 PM)tangsname Wrote: I've never written one but I'd imagine you try to rate limit it to some extent or go multithread as much as you can. What I'd do instead, is to somehow check if I'm hitting an integrity check file.

An integrity check file I call a file that sits there waiting for a malware to modify it and an external tool checking very often if it has to alert the IT people.

i was already thinking of just encrypting 1/10 of every file; and if it's too big, the program will just encrypt the first few hundred mb. does that sound good enough?

(November 16, 2022, 05:40 AM)pooragelol Wrote: You might also want to look into sandbox evasion incase whatever you make is uploaded to VirusTotal or similar.

thanks. i found some materialsat https://0xpat.github.io
i'm having a bit of hard time reading the C code. usually i use Go or Rust

[quote=RudyGiuliani]
how do you detect if it is an integrity check file?
[/quote]

You can either go by the filename if it's not creatively named or contents. It's a hit or miss type of game.