high-impact ransomware designed for speed, deep system penetration, and cryptographically secure file locking, making recovery without the operator's unique private key computationally infeasible.

It initializes by importing a master RSA-4096 public key. It gathers victim identifiers (Computer Name, IP, Location), generates a unique Victim ID, and immediately starts aggressive, multithreaded operations. Separate threads scan all accessible drives (Fixed, Network, Removable, excluding only CD-ROMs), skipping only the core Windows system directory, recycle bin, and its own log/readme files. It queues every other file type it finds. Worker threads pull files from this queue, performing the core encryption:

A unique AES-256 key is generated for the target file.

The file's content is encrypted using this unique AES key.

The unique AES key itself is then encrypted using the master RSA-4096 public key.

The encrypted file is saved with the .xanthorox extension (which is obfuscated in the code), containing the RSA-encrypted AES key followed by the AES-encrypted data.

The original file is deleted. After all scanning and encryption threads complete, it changes the desktop wallpaper. Crucially, it then sends a notification via a configured Telegram bot, exfiltrating the victim's identifiers (Computer Name, IP, Location, Victim ID) and the total count of successfully encrypted files directly to the operator.

Unlike ransomware using simpler methods, Xanthorox's per-file AES-256 key encrypted by a master RSA-4096 key makes brute-forcing or universal decryption impossible without the attacker's private key. Its aggressive multithreading aims for rapid encryption across multiple drives simultaneously, and its minimal exclusion list targets a vast range of files, including application data and user files outside standard libraries, maximizing disruption. The integrated Telegram bot notification provides immediate, remote confirmation of successful infection and key victim details to the operator. The extension obfuscation adds a layer against trivial modification.

it did not build the file with first prompt it took me several hour to make it and fixing it , i did not touched a single code The AI did everything

Note = Full Prompt not showed for privacy

First place all the files in a one directory on a linux enviromnent

Then Run the Build Bash script "bash builder_xanthorox" it will genereate some bytes out of your Key files

then open another terminal and edit the main main cpp file and place yur bytes on this place

Then hit enter and it will build your exe

It Bypassed almost all anti-virus and runtime scanners but now its open source means it won't be undetectable anymore (RIP)

I made this to prove one point what AI can DO