VeraCryptThief by itself is a standalone DLL that when injected in the VeraCrypt.exe process, will perform API hooking via Detours, extract the clear-text credentials and save them to a file.

An injector program makes use of sRDI technique to generate a reflective DLL shellcode and inject it into the target process with the help of D/Invoke API.

DISCLAIMER. All information contained in this repository is provided for educational and research purposes only. The author is not responsible for any illegal use of this tool.




  • SEKTOR7 Institute (@SEKTOR7net) for the RED TEAM Operator: Malware Development Intermediate Course.
  • @0x09AL for RdpThief.
  • @monoxgas for sRDI.
  • @TheWover and @FuzzySecurity for DInvoke.


View Github