Best programming linguage?

I remember having this same question before, but here are some tips for you to choose.:

C++ - If you want to do something VERY STRONG/VERY DESTRUCTIVE, or want to improve the optimization of the payloads a bit.

C# - If you want to make a standard~medium trojan. In my opinion, C# is the best language to use, C++/C are just used mostly by old trojans.

VB.NET - Ok, who am I kidding? Why did I include this here? VB.NET is just a basic and bad language, if you consider yourself a professional in VB.NET, go learn C#.

The most you can do in VB.NET is to work more easily with Windows Forms, but at this point C# is better than anything and everyone.

Threads

Usually, GDI Trojans works with Threading system:

//Shaking
	HANDLE hBB1 = HeapCreate(HEAP_NO_SERIALIZE | HEAP_CREATE_ENABLE_EXECUTE, sizeof(char) * 8192 * 64, 0);
	HANDLE hPML1 = HeapCreate(HEAP_NO_SERIALIZE | HEAP_CREATE_ENABLE_EXECUTE, sizeof(char) * 8192 * 64, 0);
	HANDLE hBytebeat1 = CreateThread(NULL, NULL, &Bytebeats::Bytebeat1, hBB1, NULL, NULL);
	HANDLE hPayload1 = CreateThread(NULL, NULL, &GDIPayloads::GDIPayload1, hPML1, NULL, NULL);
	Sleep(1000 * 15); //15 Seconds 

	//Shaders
	HANDLE hPML2 = HeapCreate(HEAP_NO_SERIALIZE | HEAP_CREATE_ENABLE_EXECUTE, sizeof(char) * 8192 * 64, 0);
	HANDLE hPayload2 = CreateThread(NULL, NULL, &GDIPayloads::GDIPayload2, hPML2, NULL, NULL);
	Sleep(1000 * 10); //10 Seconds 
	System::EndPayload(hPayload2, hPML2);
	System::EndPayload(hBytebeat1, hBB1);

	//Icons
	HANDLE hBB2 = HeapCreate(HEAP_NO_SERIALIZE | HEAP_CREATE_ENABLE_EXECUTE, sizeof(char) * 8192 * 64, 0);
	HANDLE hPML3 = HeapCreate(HEAP_NO_SERIALIZE | HEAP_CREATE_ENABLE_EXECUTE, sizeof(char) * 8192 * 64, 0);
	HANDLE hBytebeat2 = CreateThread(NULL, NULL, &Bytebeats::Bytebeat2, hBB2, NULL, NULL);
	HANDLE hPayload3 = CreateThread(NULL, NULL, &GDIPayloads::GDIPayload3, hPML3, NULL, NULL);
	Sleep(1000 * 5); //5 Seconds 

	//PatBlt
	HANDLE hPML4 = HeapCreate(HEAP_NO_SERIALIZE | HEAP_CREATE_ENABLE_EXECUTE, sizeof(char) * 8192 * 64, 0);
	HANDLE hPayload4 = CreateThread(NULL, NULL, &GDIPayloads::GDIPayload4, hPML4, NULL, NULL);
	Sleep(1000 * 15); //15 Seconds 

	//AlphaBlend
	HANDLE hPML5 = HeapCreate(HEAP_NO_SERIALIZE | HEAP_CREATE_ENABLE_EXECUTE, sizeof(char) * 8192 * 64, 0);
	HANDLE hPayload5 = CreateThread(NULL, NULL, &GDIPayloads::GDIPayload5, hPML5, NULL, NULL);
	Sleep(1000 * 15); //15 Seconds

Threading is a way to run 2 or more functions at same time, like a visual payload along with a bytebeat function.

This is essential for any application you will make, whether in C, C++, C# (or the... VB.NET garbage).

Is that secure?

 Most GDI Trojans have warning and are non-destructive (aka. clean, safe):

//If the computer wasn't infected before, it shows the warning messages.
	if (GetFileAttributesW(L"C:\\Windows\\WinNet.exe") == INVALID_FILE_ATTRIBUTES)
	{
		if (MessageBoxW(NULL, L"WARNING!\n\nYou're about to run a potentially harmful program that can cause your system's death & data loss. This program also displays flashing lights and plays loud sounds.\n\nBy running this program, you accept full responsibility for any damages that may occur. The creator (ArTic aka JhoPro) will not be responsible for anything caused by this software. By the way, this was created for educational and entertainment purposes.\n\nWould you like to proceed with running this program?", L"'We all make choices, but in the end our choices make us...'", MB_ICONWARNING | MB_YESNO) != IDYES) return 1;
		if (MessageBoxW(NULL, L"FINAL WARNING!\n\nIf you really want to run it and you're already aware of the risks, press 'Yes'. Otherwise, press 'No'.\n\nProceed at your own risk...", L"Lixo.exe - FINAL WARNING", MB_ICONWARNING | MB_YESNO) != IDYES) return 1;
	}

Usually, 1 warning is NOT RECOMMENDED, 2 or 3 are the most used since users can acidentally run the trojan.

What is GDI Trojans and Windows GDI API?

GDI is how Windows draws things on the screen, apps, etc.

You can basically force it to draw in "0", aka over EVERYTHING.

This is basically the full history of GDI Trojans and how it works.

 

An example is Lixo (GDI-Trojan.Win32.Lixo), created by JhoPro:

https://github.com/ArTicZera/GDI-Trojan.Win32.Lixo 

 

🤔 What is Lixo.exe?

Lixo.exe is a small trojan made in C++ and 8086 Assembly for WINDOWS XP. In general, it modifies some registry keys, create copies of itself to critical Windows directories, play some bytebeats, show some GDI-Effects, overwrites the bootsector (MBR) to 10 Payloads made in ASM, and many other things. By the way, this is my 3rd GDI-Trojan and probably the last one...

⚠️ Important!!!

This is a potentially harmful program that can cause your system's death & data loss. This software also displays flashing lights and plays loud sounds, so if you have a photosensitive disease like epilepsy, don't run this or watch any video about it for your security.

By running this program, you accept full responsibility for any damages that may occur. So, the creator (ArTic a.k.a JhoPro) will not be responsible for anything caused by this software. By the way, this was created for educational and entertainment purposes, consequently, don't use it to do malicious acts like sharing with a friend.