Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ; CONFIG HERE
- $INIFILE="C:\\TEMP\uaf.ui3"
- $OUTFILE="C:\\TEMP\extracted.exe"
- ; ->
- Global Const $4063A0C69862A72A9 = 0x1
- Global Const $53675A741B726EAC88522D14B9F334E1 = 24
- Global Const $368080A29D90F5BA0B1D1E0DEAF11686 = 0xF0000000
- Global Const $2BADE2A6917E4FD3141FF478399B9C29 = 0x0004
- Global Const $D7B87DBC9EBFE9B98E86AC402AF30278 = 0x0002
- Global Const $A4E74B3D571DD28A4BD46AFED2FF9A21 = 0x00000001
- Global Const $B939F5E560A162C57C19FFD63367B64E = 1
- Global Const $72C3DED1B4617DC9E36E9F0FA1ECD04B = 0x00008001
- Global Const $B6D07C74BD5D1C5988597C22A366633F = 0x00008002
- Global Const $AC23469B485C91685E66323634795BB3 = 0x00008003
- Global Const $A2FCA4C08C8A3F1468D8E746E31AB5CB = 0x00008004
- Global Const $487AA7ED5C22C2DBED5BE8784863E3CA = 0x00006603
- Global Const $F23BABECD6E4A8BB507295A70C116B81 = 0x0000660e
- Global Const $893529605D2CC4E08C633862AF17D045 = 0x0000660f
- Global Const $D55A30AD6906FF18C3F0AD47673624E1 = 0x00006610
- Global Const $D9E2A9D97C7FFBAD9D504886A359FB4A = 0x00006601
- Global Const $4350DEA878C5E4A2BAB83C4406A8B26B = 0x00006602
- Global Const $75A2FB145F3605CA0DA3CA48D7B9C281 = 0x00006801
- Global Const $1295974546E6E9CA72B1205FD83C6F10 = 0
- Global $FDA831CE40AFAB1CCB2F146F9D71CF0F[3]
- Global $6D8EA853F0F9D4F4725A7B18BA8E68E5, $6C3C44D956C1D408BA305F8620833447, $D7D52CFFCBB6745185B9DB4AFA2C8C13, $FF9A003592FB5AC6C447DC74647093B4, $B9B82D98583A5C233FD445FABDD55983, $F39285179624EA59225A0BF28273C515, $79E6B6AD0E3929343C8227B45FDD4FFB
- Global $3C02906DBD82FAE9BEDF15FA83019CD3 = @MIN + 1, $10408E6F4EE9BCC475D45187F7A61581 = @MIN + 1, $576E7ACF370C475C1F7CFFC8287D4894, $D670D931AB625312A06C6E78CAF5F4FA, $5D33270AF08A87ABF453DC3CE78E09EC, $FD207A895B0E415C87F1962728B8263A, $EF334541C41BF1292618BD324F33ECFF, $38FB60076F054E3721B05607F1809456
- Global $C53E1AA287D0B74A8A796B2D3DB2DAE2, $C8E8F8600975B3E41D4C0AFA85BEDAB0, $3B3F342DCB843A363757E1DD2813D3FF, $8F5EBE1328FC2B2DC6016A70C366F083
- Func _S0xF3480212E0F51234A3E6D08DDB50D175()
- Return $FDA831CE40AFAB1CCB2F146F9D71CF0F[1]
- EndFunc ;==>_S0xF3480212E0F51234A3E6D08DDB50D175
- Func _S0xFEF25B33C8D60CC3EE98893C3D856F5E()
- Return $FDA831CE40AFAB1CCB2F146F9D71CF0F[0]
- EndFunc ;==>_S0xFEF25B33C8D60CC3EE98893C3D856F5E
- Func _S0x47756EC5C5FD73FD84CEA64B25829197($81D6022EF7D3BCE20A60C58E8584A9F6)
- $FDA831CE40AFAB1CCB2F146F9D71CF0F[2] = $81D6022EF7D3BCE20A60C58E8584A9F6
- EndFunc ;==>_S0x47756EC5C5FD73FD84CEA64B25829197
- Func _S0x37D8322BEC6A5294DB414339A4FCB2E2()
- Return $FDA831CE40AFAB1CCB2F146F9D71CF0F[2]
- EndFunc ;==>_S0x37D8322BEC6A5294DB414339A4FCB2E2
- Func _S0x5D1574E9146FA08D0703DB81C21510C2($AC907458A37E739C43AC302BC278DC56)
- $FDA831CE40AFAB1CCB2F146F9D71CF0F[1] = $AC907458A37E739C43AC302BC278DC56
- EndFunc ;==>_S0x5D1574E9146FA08D0703DB81C21510C2
- Func _S0x2EABB265E59944565B0DD219B9D60CB0()
- If $FDA831CE40AFAB1CCB2F146F9D71CF0F[0] > 0 Then $FDA831CE40AFAB1CCB2F146F9D71CF0F[0] -= 1
- EndFunc ;==>_S0x2EABB265E59944565B0DD219B9D60CB0
- Func _S0xA60577F031C8B499DA0DEFE5CE3A8003()
- $FDA831CE40AFAB1CCB2F146F9D71CF0F[0] += 1
- EndFunc ;==>_S0xA60577F031C8B499DA0DEFE5CE3A8003
- Func _S0xC4FD912398EE22E2D27771CBC8825110($9E20A0458DAA1298D365D27214FAAED2, $0D80EF9D3AB46B8CEAAD8908F022A4EB, $9BDC1F591B6EF9C92870FA376DF86B27 = $AC23469B485C91685E66323634795BB3)
- Local $7EA3F329EC056519C6B44D5B56C67BF4
- Local $E39FD4A997F64354F410AD2280DACE64
- Local $355B31994C3D5AF204FC3A39293C8ECF
- Local $D6F948BD77DF837704932DE0EFDF89C4
- Local $1FEB07F98C57EBB486E8D43A0EAA2B46
- _Crypt__S0xC8217D78780E72F524EC8E3C8A152959()
- Do
- $7EA3F329EC056519C6B44D5B56C67BF4 = DllCall(_S0xF3480212E0F51234A3E6D08DDB50D175(), "bool", "CryptCreateHash", "handle", _S0x37D8322BEC6A5294DB414339A4FCB2E2(), "uint", $9BDC1F591B6EF9C92870FA376DF86B27, "ptr", 0, "dword", 0, "handle*", 0)
- If @error Or Not $7EA3F329EC056519C6B44D5B56C67BF4[0] Then
- $D6F948BD77DF837704932DE0EFDF89C4 = 1
- $1FEB07F98C57EBB486E8D43A0EAA2B46 = -1
- ExitLoop
- EndIf
- $E39FD4A997F64354F410AD2280DACE64 = $7EA3F329EC056519C6B44D5B56C67BF4[5]
- $355B31994C3D5AF204FC3A39293C8ECF = DllStructCreate("byte[" & BinaryLen($9E20A0458DAA1298D365D27214FAAED2) & "]")
- DllStructSetData($355B31994C3D5AF204FC3A39293C8ECF, 1, $9E20A0458DAA1298D365D27214FAAED2)
- $7EA3F329EC056519C6B44D5B56C67BF4 = DllCall(_S0xF3480212E0F51234A3E6D08DDB50D175(), "bool", "CryptHashData", "handle", $E39FD4A997F64354F410AD2280DACE64, "struct*", $355B31994C3D5AF204FC3A39293C8ECF, "dword", DllStructGetSize($355B31994C3D5AF204FC3A39293C8ECF), "dword", $B939F5E560A162C57C19FFD63367B64E)
- If @error Or Not $7EA3F329EC056519C6B44D5B56C67BF4[0] Then
- $D6F948BD77DF837704932DE0EFDF89C4 = 2
- $1FEB07F98C57EBB486E8D43A0EAA2B46 = -1
- ExitLoop
- EndIf
- $7EA3F329EC056519C6B44D5B56C67BF4 = DllCall(_S0xF3480212E0F51234A3E6D08DDB50D175(), "bool", "CryptDeriveKey", "handle", _S0x37D8322BEC6A5294DB414339A4FCB2E2(), "uint", $0D80EF9D3AB46B8CEAAD8908F022A4EB, "handle", $E39FD4A997F64354F410AD2280DACE64, "dword", $A4E74B3D571DD28A4BD46AFED2FF9A21, "handle*", 0)
- If @error Or Not $7EA3F329EC056519C6B44D5B56C67BF4[0] Then
- $D6F948BD77DF837704932DE0EFDF89C4 = 3
- $1FEB07F98C57EBB486E8D43A0EAA2B46 = -1
- ExitLoop
- EndIf
- $D6F948BD77DF837704932DE0EFDF89C4 = 0
- $1FEB07F98C57EBB486E8D43A0EAA2B46 = $7EA3F329EC056519C6B44D5B56C67BF4[5]
- Until True
- If $E39FD4A997F64354F410AD2280DACE64 <> 0 Then DllCall(_S0xF3480212E0F51234A3E6D08DDB50D175(), "bool", "CryptDestroyHash", "handle", $E39FD4A997F64354F410AD2280DACE64)
- Return SetError($D6F948BD77DF837704932DE0EFDF89C4, 0, $1FEB07F98C57EBB486E8D43A0EAA2B46)
- EndFunc ;==>_S0xC4FD912398EE22E2D27771CBC8825110
- Func _Crypt__S0xC8217D78780E72F524EC8E3C8A152959()
- If _S0xFEF25B33C8D60CC3EE98893C3D856F5E() = 0 Then
- Local $AC907458A37E739C43AC302BC278DC56 = DllOpen("Advapi32.dll")
- If @error Then Return SetError(1, 0, False)
- _S0x5D1574E9146FA08D0703DB81C21510C2($AC907458A37E739C43AC302BC278DC56)
- Local $7EA3F329EC056519C6B44D5B56C67BF4
- Local $1283CADC840375F6321D7C638C5F87B9 = $53675A741B726EAC88522D14B9F334E1
- If @OSVersion = "WIN_2000" Then $1283CADC840375F6321D7C638C5F87B9 = $4063A0C69862A72A9 ; Provide backwards compatibility with win2000
- $7EA3F329EC056519C6B44D5B56C67BF4 = DllCall(_S0xF3480212E0F51234A3E6D08DDB50D175(), "bool", "CryptAcquireContext", "handle*", 0, "ptr", 0, "ptr", 0, "dword", $1283CADC840375F6321D7C638C5F87B9, "dword", $368080A29D90F5BA0B1D1E0DEAF11686)
- If @error Or Not $7EA3F329EC056519C6B44D5B56C67BF4[0] Then
- DllClose(_S0xF3480212E0F51234A3E6D08DDB50D175())
- Return SetError(2, 0, False)
- Else
- _S0x47756EC5C5FD73FD84CEA64B25829197($7EA3F329EC056519C6B44D5B56C67BF4[1])
- EndIf
- EndIf
- _S0xA60577F031C8B499DA0DEFE5CE3A8003()
- Return True
- EndFunc ;==>_Crypt__S0xC8217D78780E72F524EC8E3C8A152959
- Func _S0x9A130944BC5ED49CF25A0ABCA629E5FB($02B22F23B39C315A51A9C34E85169CF0, $36B1AD8489BDCDE71CAB1832D9D98905, $0D80EF9D3AB46B8CEAAD8908F022A4EB, $E98169F6C5800EBC810E454C14E4F93B = True)
- Local $355B31994C3D5AF204FC3A39293C8ECF
- Local $D6F948BD77DF837704932DE0EFDF89C4
- Local $1FEB07F98C57EBB486E8D43A0EAA2B46
- Local $F6BE7241B22CBE0FD8A6C00CC2D28253
- Local $5CD9EFE0DFB53DD11B0F6BC84F859B35
- Local $7EA3F329EC056519C6B44D5B56C67BF4
- _Crypt__S0xC8217D78780E72F524EC8E3C8A152959()
- Do
- If $0D80EF9D3AB46B8CEAAD8908F022A4EB <> $1295974546E6E9CA72B1205FD83C6F10 Then
- $36B1AD8489BDCDE71CAB1832D9D98905 = _S0xC4FD912398EE22E2D27771CBC8825110($36B1AD8489BDCDE71CAB1832D9D98905, $0D80EF9D3AB46B8CEAAD8908F022A4EB)
- If @error Then
- $D6F948BD77DF837704932DE0EFDF89C4 = 1
- $1FEB07F98C57EBB486E8D43A0EAA2B46 = -1
- ExitLoop
- EndIf
- EndIf
- $355B31994C3D5AF204FC3A39293C8ECF = DllStructCreate("byte[" & BinaryLen($02B22F23B39C315A51A9C34E85169CF0) + 1000 & "]")
- DllStructSetData($355B31994C3D5AF204FC3A39293C8ECF, 1, $02B22F23B39C315A51A9C34E85169CF0)
- $7EA3F329EC056519C6B44D5B56C67BF4 = DllCall(_S0xF3480212E0F51234A3E6D08DDB50D175(), "bool", "CryptDecrypt", "handle", $36B1AD8489BDCDE71CAB1832D9D98905, "handle", 0, "bool", $E98169F6C5800EBC810E454C14E4F93B, "dword", 0, "struct*", $355B31994C3D5AF204FC3A39293C8ECF, "dword*", BinaryLen($02B22F23B39C315A51A9C34E85169CF0))
- If @error Or Not $7EA3F329EC056519C6B44D5B56C67BF4[0] Then
- $D6F948BD77DF837704932DE0EFDF89C4 = 2
- $1FEB07F98C57EBB486E8D43A0EAA2B46 = -1
- ExitLoop
- EndIf
- $5CD9EFE0DFB53DD11B0F6BC84F859B35 = $7EA3F329EC056519C6B44D5B56C67BF4[6]
- $F6BE7241B22CBE0FD8A6C00CC2D28253 = DllStructCreate("byte[" & $5CD9EFE0DFB53DD11B0F6BC84F859B35 & "]", DllStructGetPtr($355B31994C3D5AF204FC3A39293C8ECF))
- $D6F948BD77DF837704932DE0EFDF89C4 = 0
- $1FEB07F98C57EBB486E8D43A0EAA2B46 = DllStructGetData($F6BE7241B22CBE0FD8A6C00CC2D28253, 1)
- Until True
- Return $1FEB07F98C57EBB486E8D43A0EAA2B46
- EndFunc ;==>_S0x9A130944BC5ED49CF25A0ABCA629E5FB
- Func _S0x6754396CF0678EFE96699CF2AAC9BD57($s_String, $s_Start, $s_End, $v_Case = -1)
- Local $s_case = ""
- If $v_Case = Default Or $v_Case = -1 Then $s_case = "(?i)"
- Local $s_pattern_escape = "(\.|\||\*|\?|\+|\(|\)|\{|\}|\[|\]|\^|\$|\\)"
- $s_Start = StringRegExpReplace($s_Start, $s_pattern_escape, "\\$1")
- $s_End = StringRegExpReplace($s_End, $s_pattern_escape, "\\$1")
- If $s_Start = "" Then $s_Start = "\A"
- If $s_End = "" Then $s_End = "\z"
- Local $a_ret = StringRegExp($s_String, "(?s)" & $s_case & $s_Start & "(.*?)" & $s_End, 3)
- If @error Then Return SetError(1, 0, 0)
- Return $a_ret
- EndFunc ;==>_S0x6754396CF0678EFE96699CF2AAC9BD57
- $79E6B6AD0E3929343C8227B45FDD4FFB = IniRead($INIFILE, "Setting", "Keys", '')
- ;MsgBox(0,"Keys are",$79E6B6AD0E3929343C8227B45FDD4FFB)
- $FA39CF41CED8EB2810F4476D567D84F0 = _S0x6754396CF0678EFE96699CF2AAC9BD57(FileRead($INIFILE), "[Data]", "[eData]")
- ;MsgBox(0,"eData is",$FA39CF41CED8EB2810F4476D567D84F0)
- $C53E1AA287D0B74A8A796B2D3DB2DAE2 = $FA39CF41CED8EB2810F4476D567D84F0[0]
- $C53E1AA287D0B74A8A796B2D3DB2DAE2 = _S0x9A130944BC5ED49CF25A0ABCA629E5FB($C53E1AA287D0B74A8A796B2D3DB2DAE2, $79E6B6AD0E3929343C8227B45FDD4FFB, 0x00006602)
- FileWrite($OUTFILE, $C53E1AA287D0B74A8A796B2D3DB2DAE2)
Add Comment
Please, Sign In to add comment