VeraCryptThief by itself is a standalone DLL that when injected in the VeraCrypt.exe process, will perform API hooking via Detours, extract the clear-text credentials and save them to a file.
An injector program makes use of sRDI technique to generate a reflective DLL shellcode and inject it into the target process with the help of DInvoke API.
DISCLAIMER. All information contained in this repository is provided for educational and research purposes only. The author is not responsible for any illegal use of this tool.
- SEKTOR7 Institute (@SEKTOR7net) for the RED TEAM Operator: Malware Development Intermediate Course.
- @0x09AL for his RdpThief.
- @monoxgas for his sRDI.
- @TheWover and @FuzzySecurity for their DInvoke.