Reverse Engineering & Analysis
Open Source

Ferivonica (Malware Research Suite)

CC++ (C++17)Windows APIWin32 HookingLodePNG

A comprehensive, low-level malware research suite demonstrating global input hooking, credential scraping, automated screen capturing, and disk space manipulation.

Tech Stack

CC++ (C++17)Windows APIWin32 HookingLodePNG

System Metrics

Direct Kernel-level hardware stream hooking
In-memory keystroke mapping and serialization

Why Did I Build This?

"To deeply understand how malicious payloads interact with the Windows Kernel. Rather than building purely destructive software, I engineered a highly visible, 'gamified' malware suite that intercepts hardware streams while testing the boundaries of OS security."

Architecture & Decisions

Developed in C++17 leveraging raw Win32 APIs. The core utilizes `SetWindowsHookEx` to establish global WH_KEYBOARD_LL and WH_MOUSE_LL hooks, intercepting inputs before user-space processing. It parses these inputs into readable CSV logs. Secondary modules actively scan the file system for standard browser cookie directories and utilize LodePNG for localized, dependency-free screen captures. (Experimental DLL injection capabilities are present but disabled to ensure system stability).

Key Features

  • 01.Global hardware interrupt interception (Keylogging)
  • 02.Automated file system scraping for browser cookies
  • 03.Dependency-free PNG screen capture (LodePNG)
  • 04.Experimental self-injecting DLL architecture
  • 05.Autonomous disk-fill (I/O exhaustion) payload