Untitled

███╗   ███╗ ██████╗ ██████╗ ██╗     ███████╗ █████╗ ██╗  ██╗███████╗
████╗ ████║██╔═══██╗██╔══██╗██║     ██╔════╝██╔══██╗██║ ██╔╝██╔════╝
██╔████╔██║██║   ██║██████╔╝██║     █████╗  ███████║█████╔╝ ███████╗
██║╚██╔╝██║██║   ██║██╔══██╗██║     ██╔══╝  ██╔══██║██╔═██╗ ╚════██║
██║ ╚═╝ ██║╚██████╔╝██████╔╝███████╗███████╗██║  ██║██║  ██╗███████║
╚═╝     ╚═╝ ╚═════╝ ╚═════╝ ╚══════╝╚══════╝╚═╝  ╚═╝╚═╝  ╚═╝╚══════╝

.Credits MobLeaks. [11/12/19]
Demon's Shitty String Remover Method


void __fastcall clear_strings(void *process_handle)
{
  const void *v1; // rax
  unsigned __int8 k; // [rsp+30h] [rbp-98h]
  _QWORD *v3; // [rsp+38h] [rbp-90h]
  SIZE_T i; // [rsp+40h] [rbp-88h]
  SIZE_T j; // [rsp+48h] [rbp-80h]
  char *lpAddress; // [rsp+50h] [rbp-78h]
  SIZE_T v7; // [rsp+60h] [rbp-68h]
  unsigned __int8 *lpBuffer; // [rsp+68h] [rbp-60h]
  __int64 v9; // [rsp+78h] [rbp-50h]
  unsigned __int8 new_mods_buffer; // [rsp+80h] [rbp-48h]
  struct _MEMORY_BASIC_INFORMATION Buffer; // [rsp+88h] [rbp-40h]
  HANDLE hProcess; // [rsp+D0h] [rbp+8h]

  hProcess = a1;
  if ( (unsigned int)allocate_memory(&v9, &new_mods_buffer) ) //107.191.99.63/clear.php POST request
  {
    if ( new_mods_buffer )
    {
      lpAddress = 0i64;
      lpBuffer = (unsigned __int8 *)j__malloc_base(0x4000000i64);
      while ( VirtualQueryEx(hProcess, lpAddress, &Buffer, 0x30ui64) )
      {
        if ( Buffer.State == MEM_COMMIT
          && Buffer.Type != MEM_IMAGE
          && Buffer.Protect != 1
          && !(Buffer.Protect & PAGE_GUARD) )
        {
          for ( i = 0i64; i < Buffer.RegionSize; i += v7 )
          {
            if ( Buffer.RegionSize - i <= 0x4000000 )
              v7 = Buffer.RegionSize - i;
            else
              v7 = 0x4000000i64;
            if ( ReadProcessMemory(hProcess, &lpAddress[i], lpBuffer, v7, 0i64) )
            {
              for ( j = 0i64; j < v7; ++j )
              {
                for ( k = 0; k < (signed int)new_mods_buffer; ++k )
                {
                  v3 = (_QWORD *)(32i64 * k + v9);
                  if ( *(unsigned __int8 *)(*v3 + v3[3]) == lpBuffer[j] )
                  {
                    if ( ++v3[3] == v3[2] )
                    {
                      v3[3] = 0i64;
                      v1 = (const void *)j__calloc_base(v3[2], 1i64);
                      WriteProcessMemory(hProcess, &lpAddress[i + j - v3[2]], v1, v3[2], 0i64);
                    }
                  }
                  else
                  {
                    v3[3] = 0i64;
                  }
                }
              }
            }
          }
        }
        lpAddress += Buffer.RegionSize;
      }
    }
  }
  else
  {
    Sleep(0xFFFFFFFF);
  }
}